Bitcoin Forum
August 24, 2019, 07:39:28 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 »  All
  Print  
Author Topic: Hardware wallets still aren't secure, and they never will be. Use paper wallets  (Read 1303 times)
AverageGlabella
Sr. Member
****
Offline Offline

Activity: 369
Merit: 572


Thinking with average intent


View Profile
July 30, 2019, 10:06:09 PM
Merited by Welsh (6), redsn0w (2), o_e_l_e_o (2), vapourminer (1), ETFbitcoin (1)
 #41

Good practice is to have your passphrase physically backed up on paper (as you would do with your mnemonic phrase), but obviously on a different piece of paper and stored separately from your mnemonic seed and from your hardware wallet.
I'm talking about hypothetical here and I know that this is all far fetched and very very unlikely to happen. However I don't like mnemonic seeds just because its easy to identify what these words are for on a piece of paper. A quick search and there is a lot of information on restoring funds with these mnemonic phrases. I will say that they are convenient and another way to restore your data however I still think having this done as plain text on a piece of paper is a flaw in the security plan. If you were a burglar that got into your safe and found this piece of paper with whatever many words a hardware wallet uses for its mnemonic phrase you would be very interested in what they meant. They would probably jump to this being related to banking but if they were to gain access to your computer or wherever you store your wallet files then they could put two and two together. This is assuming that they don't already know about Bitcoin. If they know about Bitcoin then they will probably be able to identify a mnemonic seed. Hiding this in plain sight might be even better option because at least then it looks like true gibberish but again not something I would be willing to risk. If you were to incorporate a mnemonic seed into a childrens book then the burglar would probably think its sentimental value and thats why its in the safe rather than something that opens up a Bitcoin wallet.

It's true of all wallets, from forgetting your log in to a web wallet to forgetting where you have hidden your paper wallet. The only ways to completely safeguard against it are the same ways you would use to ensure your crypto passes on to others if you were to suddenly die. Leaving instructions on how to access your crypto, potentially linked to a dead-man's switch, or telling someone else you trust how to access the crypto in the event of your memory loss or death.
I have a sophisticated way of going about this. I haven't told anyone and if I were to suddenly die the Bitcoin community can consider it as a donation to the network that those coins have now been lost forever. In all seriousness this is something which is down to the persons discretion and could potentially become the biggest threat if they make a mistake in trusting others with this very sensitive information. I'm very paranoid by nature and haven't actually revealed to anyone close to me that I use Bitcoin.


There have been examples of malware using the flashing LEDs on the side of your computer casing to transmit morse code or binary, or some altering fan speed to produce different pitches of noise to encode data. There was even one I read about of malware using a connected scanner to display flashes of light which were picked up by attackers, and attackers directing flashes of a laser at the scanner to send instructions to the malware (https://www.bleepingcomputer.com/news/security/flatbed-scanners-used-as-relay-point-for-controlling-malware-in-air-gapped-systems/). Utterly ridiculous. It is impossible to protect against every vector of attack, but when you get as far as thinking about this, the commonly posted XKCD comic about the $5 wrench attack comes in to play.

We are coming to a bit of a stalemate here I will agree where I'm arguing that I can't safeguard about the brain failing and loss of memory considering dementia is incurable currently and we can only prevent to onset of the disease but even then any accident could lead to memory loss if the brain is damaged. I don't like introducing another thing which could go wrong and that is a airgapped computer. I think its ok to assume that the average Bitcoin user is slightly more technical than the average user of a computer and the elite of Bitcoin are some gifted people. IF and I will admit its a big if. IF the burglar had the technical capabilities of using the methods you have mentioned then that would be your coins gone. I guess what I'm trying to say is there are already known risks to air gapped computers but with my basic idea of creating a story that doesn't have any major risks other than the person catching on that this is an encrypted piece of text which could be made difficult depending on how much effort you put into it. I have given a very basis version of encrypting the private key in the story but you could make it a lot more sophisticated and I would encourage anyone using that method to do so.  
1566675568
Hero Member
*
Offline Offline

Posts: 1566675568

View Profile Personal Message (Offline)

Ignore
1566675568
Reply with quote  #2

1566675568
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1566675568
Hero Member
*
Offline Offline

Posts: 1566675568

View Profile Personal Message (Offline)

Ignore
1566675568
Reply with quote  #2

1566675568
Report to moderator
pereira4
Legendary
*
Offline Offline

Activity: 1498
Merit: 1111



View Profile
July 31, 2019, 12:07:22 AM
Merited by Welsh (2), vapourminer (1), o_e_l_e_o (1)
 #42



Airgapped computers can be compromised and there are methods to getting into the coins. There was a interesting article a number of years ago where someone used radio waves on a raspberry pi to get into the wallet. However for that to happen the device has to be physically compromised but again if someone looks onto your computer and sees you have a wallet they will be very interested in that device. I understand that I'm talking about very technical stuff and the majority of people don't possess these skills but I like being paranoid when it comes to security.

Hardware wallets wipe themself after 3 attempts? That isn't a security feature at all. What if an attacker fails 3 times is your Bitcoin then wiped?

It is literally impossible to crack Truecrypt's (or currently, Veracrypt's) encryption, which you could use you for your airgap setup. If you were to be faced by a $5 wrench situation, you can even have a hidden OS and deliver an alternative password. You can use cascaded configurations for the encryption algo such as SHA256(Twofish(Serpent)) which means attacker would need to crack not only a SHA256 but the two other as well. In other words a waste of time. You could also use dm-crypt or LUKS if you know what you are doing.

The only realistic attack is an evil maid type, which you can mitigate by due diligence and generally not being an idiot.

The good old airgapped laptop remains the #1 proponent, coupled with the QR reader to broadcast your tx's. The only thing you need is to not be an idiot like me (I forgot the password to all of my encrypted HDDs) then you should be good. Certainly better than having an obvious device to be filled with coins.




.




  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄████████▀▀▀▀███▄
███████▀     ████
███████   ███████
█████        ████
███████   ███████
▀██████   ██████▀
  ▀▀▀▀▀   ▀▀▀▀▀

  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄██▀▀▀▀▀▀▀▀▀▀▀██▄
██    ▄▄▄▄▄ ▀  ██
██   █▀   ▀█   ██
██   █▄   ▄█   ██
██    ▀▀▀▀▀    ██
▀██▄▄▄▄▄▄▄▄▄▄▄██▀
  ▀▀▀▀▀▀▀▀▀▀▀▀▀

            ▄▄▄
█▄▄      ████████▄
 █████▄▄████████▌
▀██████████████▌
  █████████████
  ▀██████████▀
   ▄▄██████▀
    ▀▀▀▀▀

    ██  ██
  ███████████▄
    ██      ▀█
    ██▄▄▄▄▄▄█▀
    ██▀▀▀▀▀▀█▄
    ██      ▄█
  ███████████▀
    ██  ██




               ▄
       ▄  ▄█▄ ▀█▀      ▄
      ▀█▀  ▀   ▄  ▄█▄ ▀█▀
███▄▄▄        ▀█▀  ▀     ▄▄▄███       ▐█▄    ▄█▌   ▐█▌   █▄    ▐█▌   ████████   █████▄     ██    ▄█████▄▄   ▐█████▌
████████▄▄           ▄▄████████       ▐███▄▄███▌   ▐█▌   ███▄  ▐█▌      ██      █▌  ▀██    ██   ▄██▀   ▀▀   ▐█
███████████▄       ▄███████████       ▐█▌▀██▀▐█▌   ▐█▌   ██▀██▄▐█▌      ██      █▌   ▐█▌   ██   ██          ▐█████▌
 ████████████     ████████████        ▐█▌    ▐█▌   ▐█▌   ██  ▀███▌      ██      █▌  ▄██    ██   ▀██▄   ▄▄   ▐█
  ████████████   ████████████         ▐█▌    ▐█▌   ▐█▌   ██    ▀█▌      ██      █████▀     ██    ▀█████▀▀   ▐█████▌
   ▀███████████ ███████████▀
     ▀███████████████████▀
        ▀▀▀█████████▀▀▀
FIND OUT MORE AT MINTDICE.COM
o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 658
Merit: 2555



View Profile
July 31, 2019, 05:19:29 AM
 #43

However I don't like mnemonic seeds just because its easy to identify what these words are for on a piece of paper.
There are also many places you can hide a mnemonic phrase that are just as us likely to be found as someone "cracking" a story or similar. You could take a door off its hinges and write it along the bottom before replacing it. You could hide a piece of paper inside an electrical socket or a light fighting. You could flip over your sofa, cut a small hall in the fabric on the underside, and hide the paper in there. There are endless places a burglar would never look.

IF the burglar had the technical capabilities of using the methods you have mentioned then that would be your coins gone.
You could pair a hardware wallet with an airgapped computer, and then airgapped computer doesn't know your seed/keys, and so couldn't leak them.

I guess what I'm trying to say is there are already known risks to air gapped computers but with my basic idea of creating a story that doesn't have any major risks other than the person catching on that this is an encrypted piece of text which could be made difficult depending on how much effort you put into it.
Sure, I appreciate that, but I would argue that the chance of someone figuring out what your story means is higher than the chance of a focused, targeted, and highly technical malware attack on an airgapped machine.

PrimeNumber7
Full Member
***
Offline Offline

Activity: 182
Merit: 213



View Profile
August 03, 2019, 07:10:26 PM
 #44


You can use a QR code reader (which im shocked so few people use) in order to completely bypass any printer exploits. You can use Coreboot or Libreboot in order to not use a propietary BIOS. You can have more control over RNG than in a hardware wallet. You can have FDE with a couple of passwords for plausible deniability and so on.


A QR reader would not keep you safe from printer attacks because you still need to print the QR code/image. I don’t think it is reasonable to expect to be able to not print a QR code, while you could hand write a private key/seed.

The advantage of using a QR code is it reduces the time your key is exposed to any potential cameras. Scanning a QR code will only take a few seconds, while the next best thing, a written seed will take probably close to a minute to enter and a private key will arguably take several minutes to type from a paper.

Whenever you are copying information on a paper wallet onto a computer to spend, you must expose it in a way that potentially someone will capture the information via a camera you are unaware of. The longer it takes to copy the information on your paper wallet, the longer it will be exposed.

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 658
Merit: 2555



View Profile
August 03, 2019, 07:35:01 PM
 #45

A QR reader would not keep you safe from printer attacks because you still need to print the QR code/image.
Not at all. You can generate a QR code on your internet connected watch only wallet, display it on screen, scan it in to your airgapped device, sign the transaction, generate the QR code, display it on the screen of your airgapped device, and scan it in to your live device. No printers required.

Whenever you are copying information on a paper wallet onto a computer to spend, you must expose it in a way that potentially someone will capture the information via a camera you are unaware of. The longer it takes to copy the information on your paper wallet, the longer it will be exposed.
True, but you should never be copying information from a paper wallet in a public place. It should be done behind closed doors in your own house, where you should be able to be certain there are no cameras you are unaware of. The only risk then is a from a camera you are aware of, but you are unaware it has been compromised, probably a laptop webcam or your phone camera. The length of time you expose the information to the camera is irrelevant.

PrimeNumber7
Full Member
***
Offline Offline

Activity: 182
Merit: 213



View Profile
August 04, 2019, 09:03:01 PM
 #46

A QR reader would not keep you safe from printer attacks because you still need to print the QR code/image.
Not at all. You can generate a QR code on your internet connected watch only wallet, display it on screen, scan it in to your airgapped device, sign the transaction, generate the QR code, display it on the screen of your airgapped device, and scan it in to your live device. No printers required.
Fair enough. Although I believe the possible attacks on what you describe would include the same attacks possible on a HW wallet such as trezor or ledger, and include additional attacks above that.
Whenever you are copying information on a paper wallet onto a computer to spend, you must expose it in a way that potentially someone will capture the information via a camera you are unaware of. The longer it takes to copy the information on your paper wallet, the longer it will be exposed.
True, but you should never be copying information from a paper wallet in a public place. It should be done behind closed doors in your own house, where you should be able to be certain there are no cameras you are unaware of. The only risk then is a from a camera you are aware of, but you are unaware it has been compromised, probably a laptop webcam or your phone camera. The length of time you expose the information to the camera is irrelevant.
Yes, ideally you will have a house that allows you to be certain there are no cameras watching, but this is not always possible. You might live in an apartment that doesn't have any rooms without windows, or you might have roommates that live with you. If you have your blinds closed, the wind or a fan may cause your blinds to sway enough for someone with a camera to see your paper wallet. Or someone may not fully understand how to best secure their coins, and use a paper wallet in a library or coffee shop.

DaveF
Hero Member
*****
Online Online

Activity: 1341
Merit: 743



View Profile WWW
August 04, 2019, 10:45:48 PM
 #47

I did not see it in the thread but, "X" of "N" paper keys are very useful
And then you can use misdirection.
You can make a 4 of 6 wallet
Label each piece 1 of 2 or 2 of 2
Someone gets 2 of them they then generate a private key for an address that has....nothing in it. Only you know that you really need 4 out of 6 pieces of paper that all say 1 of 2 or 2 of 2.

Or get a cold card  https://coldcardwallet.com/

-Dave




.




  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄████████▀▀▀▀███▄
███████▀     ████
███████   ███████
█████        ████
███████   ███████
▀██████   ██████▀
  ▀▀▀▀▀   ▀▀▀▀▀

  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄██▀▀▀▀▀▀▀▀▀▀▀██▄
██    ▄▄▄▄▄ ▀  ██
██   █▀   ▀█   ██
██   █▄   ▄█   ██
██    ▀▀▀▀▀    ██
▀██▄▄▄▄▄▄▄▄▄▄▄██▀
  ▀▀▀▀▀▀▀▀▀▀▀▀▀

            ▄▄▄
█▄▄      ████████▄
 █████▄▄████████▌
▀██████████████▌
  █████████████
  ▀██████████▀
   ▄▄██████▀
    ▀▀▀▀▀

    ██  ██
  ███████████▄
    ██      ▀█
    ██▄▄▄▄▄▄█▀
    ██▀▀▀▀▀▀█▄
    ██      ▄█
  ███████████▀
    ██  ██




               ▄
       ▄  ▄█▄ ▀█▀      ▄
      ▀█▀  ▀   ▄  ▄█▄ ▀█▀
███▄▄▄        ▀█▀  ▀     ▄▄▄███       ▐█▄    ▄█▌   ▐█▌   █▄    ▐█▌   ████████   █████▄     ██    ▄█████▄▄   ▐█████▌
████████▄▄           ▄▄████████       ▐███▄▄███▌   ▐█▌   ███▄  ▐█▌      ██      █▌  ▀██    ██   ▄██▀   ▀▀   ▐█
███████████▄       ▄███████████       ▐█▌▀██▀▐█▌   ▐█▌   ██▀██▄▐█▌      ██      █▌   ▐█▌   ██   ██          ▐█████▌
 ████████████     ████████████        ▐█▌    ▐█▌   ▐█▌   ██  ▀███▌      ██      █▌  ▄██    ██   ▀██▄   ▄▄   ▐█
  ████████████   ████████████         ▐█▌    ▐█▌   ▐█▌   ██    ▀█▌      ██      █████▀     ██    ▀█████▀▀   ▐█████▌
   ▀███████████ ███████████▀
     ▀███████████████████▀
        ▀▀▀█████████▀▀▀
FIND OUT MORE AT MINTDICE.COM
ETFbitcoin
Legendary
*
Offline Offline

Activity: 1736
Merit: 1990

Use SegWit and enjoy lower fees.


View Profile WWW
August 05, 2019, 07:55:36 AM
 #48

I did not see it in the thread but, "X" of "N" paper keys are very useful
And then you can use misdirection.
You can make a 4 of 6 wallet
Label each piece 1 of 2 or 2 of 2
Someone gets 2 of them they then generate a private key for an address that has....nothing in it. Only you know that you really need 4 out of 6 pieces of paper that all say 1 of 2 or 2 of 2.

Combination of multi-sig & obfuscation is good idea, but it sounds overkill IMO unless you're targeted or people who know you IRL know you have lots of bitcoin.

Or get a cold card  https://coldcardwallet.com/

The cost is similar with HW wallet these days, you might as well as buy HW wallet IMO unless you really need multi-sig feature

NeuroticFish
Legendary
*
Offline Offline

Activity: 1946
Merit: 1279


There are no mistakes. Only opportunities wasted.


View Profile
August 05, 2019, 09:02:02 AM
 #49

I did not see it in the thread but, "X" of "N" paper keys are very useful
And then you can use misdirection.
You can make a 4 of 6 wallet
Label each piece 1 of 2 or 2 of 2
Someone gets 2 of them they then generate a private key for an address that has....nothing in it. Only you know that you really need 4 out of 6 pieces of paper that all say 1 of 2 or 2 of 2.

Combination of multi-sig & obfuscation is good idea, but it sounds overkill IMO unless you're targeted or people who know you IRL know you have lots of bitcoin.

And if somebody knows IRL that you have big amounts of Bitcoin and could come after you, the combination of multi-sig & obfuscation will not help, since there's a good chance he's do the 5$ wrench attack.


Edit: I think that the easiest combo is BIP39 seed hidden in plain sight and keeping your mouth shut.

DaveF
Hero Member
*****
Online Online

Activity: 1341
Merit: 743



View Profile WWW
August 05, 2019, 02:35:07 PM
 #50


And if somebody knows IRL that you have big amounts of Bitcoin and could come after you, the combination of multi-sig & obfuscation will not help, since there's a good chance he's do the 5$ wrench attack.

Edit: I think that the easiest combo is BIP39 seed hidden in plain sight and keeping your mouth shut.

There is nothing you can do about the wrench attack. ( Unless you are Chuck Norris http://www.icndb.com/the-jokes-2/ )
However, the more difficult you make it for other forms of theft the better.

Remember, we are talking about edge cases here. You can beat somone with a wrench all you want, if their keys are in a vault in a bank, walking in covered in blood asking to get into the vault might raise a few alarms.

-Dave




.




  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄████████▀▀▀▀███▄
███████▀     ████
███████   ███████
█████        ████
███████   ███████
▀██████   ██████▀
  ▀▀▀▀▀   ▀▀▀▀▀

  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄██▀▀▀▀▀▀▀▀▀▀▀██▄
██    ▄▄▄▄▄ ▀  ██
██   █▀   ▀█   ██
██   █▄   ▄█   ██
██    ▀▀▀▀▀    ██
▀██▄▄▄▄▄▄▄▄▄▄▄██▀
  ▀▀▀▀▀▀▀▀▀▀▀▀▀

            ▄▄▄
█▄▄      ████████▄
 █████▄▄████████▌
▀██████████████▌
  █████████████
  ▀██████████▀
   ▄▄██████▀
    ▀▀▀▀▀

    ██  ██
  ███████████▄
    ██      ▀█
    ██▄▄▄▄▄▄█▀
    ██▀▀▀▀▀▀█▄
    ██      ▄█
  ███████████▀
    ██  ██




               ▄
       ▄  ▄█▄ ▀█▀      ▄
      ▀█▀  ▀   ▄  ▄█▄ ▀█▀
███▄▄▄        ▀█▀  ▀     ▄▄▄███       ▐█▄    ▄█▌   ▐█▌   █▄    ▐█▌   ████████   █████▄     ██    ▄█████▄▄   ▐█████▌
████████▄▄           ▄▄████████       ▐███▄▄███▌   ▐█▌   ███▄  ▐█▌      ██      █▌  ▀██    ██   ▄██▀   ▀▀   ▐█
███████████▄       ▄███████████       ▐█▌▀██▀▐█▌   ▐█▌   ██▀██▄▐█▌      ██      █▌   ▐█▌   ██   ██          ▐█████▌
 ████████████     ████████████        ▐█▌    ▐█▌   ▐█▌   ██  ▀███▌      ██      █▌  ▄██    ██   ▀██▄   ▄▄   ▐█
  ████████████   ████████████         ▐█▌    ▐█▌   ▐█▌   ██    ▀█▌      ██      █████▀     ██    ▀█████▀▀   ▐█████▌
   ▀███████████ ███████████▀
     ▀███████████████████▀
        ▀▀▀█████████▀▀▀
FIND OUT MORE AT MINTDICE.COM
hd49728
Full Member
***
Offline Offline

Activity: 364
Merit: 226


★Bitvest.io★ Play Plinko or Invest!


View Profile
August 06, 2019, 01:11:11 AM
 #51

Let's come back to ultimate steps to secure our wallets. Which ones do we have to secure? Private keys, that's all we need to secure. So, it is definitely true that if someone can keep their private keys in secret, and safely, and away from potential damaging threats, like water, fire, etc. There is no need to use hardware wallets to secure your funds. Backing up private keys on paper (writing them down, or printing them with high quality ink); for bunches of paper (to get more safety from potential damages); then put them in your vault. I do think that it is safe enough, and don't need hardware wallets.

PrimeNumber7
Full Member
***
Offline Offline

Activity: 182
Merit: 213



View Profile
August 06, 2019, 03:35:54 AM
Merited by redsn0w (2), vapourminer (1)
 #52


There is nothing you can do about the wrench attack.
What you can do is avoid the "wrench attack" by avoiding being the target of a wrench attack. You can do this by obscuring how much coin you have via things like coin control,  not reusing addresses, and minimizing the number of transactions that can be publicly attributed to you.


HCP
Legendary
*
Offline Offline

Activity: 1064
Merit: 1769

<insert witty quote here>


View Profile
August 06, 2019, 04:04:24 AM
Merited by o_e_l_e_o (1)
 #53

What you can do is avoid the "wrench attack" by avoiding being the target of a wrench attack. You can do this by obscuring how much coin you have via things like coin control,  not reusing addresses, and minimizing the number of transactions that can be publicly attributed to you.
And not actively participating on online, public forums related to cryptocurrency... oh... wait. Tongue

Seriously tho, a lot of these arguments always descend into what I like to call the "What if? Game"™... where the participants start inventing more and more unlikely scenarios to attempt to justify their position and/or denigrate the oppositions position.

The truth is that there really is no "one size fits all" approach to cryptocurrency, how it should be "stored" or how it should be "used"... for some people, web wallets are perfect... for others they need cryptosteel, locked in a fire proof safe, in a drybag, buried in the woods... and then everything else inbetween.

As long as your solution fits your requirements and satisfies your personal level of risk... then you are "Being your own bank" Wink

Kakmakr
Legendary
*
Offline Offline

Activity: 1750
Merit: 1340

★ ChipMixer | Bitcoin mixing service ★


View Profile
August 08, 2019, 06:59:53 AM
Merited by redsn0w (2)
 #54

My strategy with Paper wallets has been very effective over the last couple of years. I bought a small second hand computer and printer and I printed 1000's of paper wallets and then I destroyed it. I picked a few "good" looking ones with familiar numbers and the rest are stored all over the place. Some are loaded with very small amounts of Satoshi to serve as a "honey trap" - I check these once in a while to see if they were accessed, as a early warning system to see if someone is looking for Bitcoin at my house.  Roll Eyes <The computer and printer was chopped into small pieces>

The Paper wallets with more coins are laminated and also duplicated and stored at different geographical locations. Some of the private keys are stored in plain sight, but nobody would know, because I used a method that would only be recognized by myself. <I also shared this method with a family member, if something happens with me>

I must admit that I use hardware wallets too, because it is more convenient when you want to use coins more frequently. The seed is never stored on site and I protect it with a passphrase.

So the strategy is to use more than one method, because each method have Pro's and Con's and also to split the coins.  Wink

 

fillippone
Sr. Member
****
Offline Offline

Activity: 434
Merit: 970


Hero Member Wannabe


View Profile
August 08, 2019, 07:33:27 AM
Merited by redsn0w (2), Zedpastin (2)
 #55

Speaking about Vulnerabilities found in hardware wallets:

Trezor found this one:
Details of the OLED Vulnerability and its Mitigation

Quote
This article describes an information leak discovered in the OLED display used by hardware wallets, including Trezor One. We want to explain how this side-channel attack works and what measurements we took to mitigate the threat. This attack affects only the Trezor One; Trezor Model T is immune to this attack thanks to its entirely different display.

Quote
The attack requires device owners to use USB equipment that has been physically manipulated by an attacker. In other situations, users are not impacted.
There is no evidence that any malicious actors ever exploited this vulnerability.
The latest firmware v1.8.2, now available for Trezor One, mitigates the issue.

What we learnt from this story?
  • Hardware wallets aren't magical items granting eternal security
  • (Gullible)Users are the weakest links in the security mechanism
  • You can patch (some) hardware defect or weak spots with software
  • White hats are here to help

Chris!
Legendary
*
Offline Offline

Activity: 1274
Merit: 1071


Signature for rent


View Profile
August 08, 2019, 02:51:24 PM
Merited by ETFbitcoin (1), fillippone (1)
 #56

Everyone should definitely have a listen through Michael Flaxman's podcast at https://stephanlivera.com/episode/97/

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1736
Merit: 1990

Use SegWit and enjoy lower fees.


View Profile WWW
August 08, 2019, 04:00:09 PM
Merited by Zedpastin (2), vapourminer (1), JayJuanGee (1), fillippone (1)
 #57

Everyone should definitely have a listen through Michael Flaxman's podcast at https://stephanlivera.com/episode/97/

Thanks for sharing the podcast & i agree everyone should listen to the podcast/read the transcript, but which parts do you want to emphasize?

1. The fact hardware wallet is recommended for non-expert?

Michael Flaxman: Yeah, yeah. Before we get into this whole episode bashing hardware wallets, which I enthusiastically stand behind, for most people, they are the best choice. If you’re owning Bitcoin, I strongly advocate holding your own keys, and unless you’re an expert, you should use a hardware wallet. If you are an expert, you should build your own hardware wallet with open-source software that’s free and equipment that you source yourself, but that’s way outside the scope of this. For most people, hardware wallets still are the best choice as far as usability and security, and they’re reasonably priced.

2. The importance of good RNG for both HW wallet & software to make paper wallet?

Michael Flaxman: In terms of the things that you have to get right, because that was really your question, is this code doing what I think it’s doing, and am I running the code that I think I’m running? Both of those are incredibly hard things to verify. There are just so many famous examples of hacks and bugs, that it’s hard to point to all of them. There’s lots of other talks that’ll give examples of those, the idea is just that you should be cautious and paranoid, because it is really hard. One of my favorite examples is, there was a bug in 2013 in Android’s implementation of SecureRandom in Java. SecureRandom, as the name suggests, is a function that securely gets you some random bits of data. In a Bitcoin signature, you need a random component.

Michael Flaxman: It’s part of the proof in the ECDSA signature. If that bit is random, then it doesn’t matter. It’s not something that you ever would look at again. You can think of it as like nonce, a number used only once. It just is used to prove your ownership of that private key, but if that secure random data is actually not random, then somebody could intuit your private key instantly. This is not a difficult attack to do by any measure. There’s plenty of open source code that will do it from your signature. As soon as they see a signature broadcast, they know your private key, and that is terrifying. A lot of people lost money in wallets that were Android wallets in 2013. That’s the type of thing that nobody could possibly have been aware of.

Michael Flaxman: Yeah. That’s terrifying, because there’s a lot of copy-paste of code. Crypto is just really, really hard. If you have a library that does something in your language, you’re likely to borrow from it heavily. Unfortunately, almost all the hardware wallets are written in Python and MicroPython. That is not ideal, but I think that’s a more minor thing. Again, we’re talking like, you can chase the perfect secure system that was written in three different languages.

3. The risks of supply chain of HW wallet?

Michael Flaxman: The supply chain risk is absolutely terrifying, because it’s completely outside your control. You could do things to minimize it. You say, “Well, I’m only going to buy my hardware wallet direct from the company at an event where they’re there.” If I get my device from a person who works at the company, then that’s probably better odds than, absolutely, do not buy it secondhand on eBay. That’s one way to minimize the supply chain risk, but you can’t know about upstream supply chain risk.

4. Difficulty of full transaction verification on HW wallet?

Michael Flaxman: The point being that, hardware wallets, you want them to verify everything they can, and the screen helps you with some of that, but a lot of it’s buried in implementation details. It doesn’t matter how big your screen is, if you don’t verify what change address is yours versus an attacker’s, then you really don’t know what’s going on. If you don’t verify the inputs and the outputs, then you don’t know the fee. This is where there’s just so much devil in the details that, honestly, no one wallet does perfectly. Two wallets is your answer, because then you got to trick both of them. Even if one doesn’t do it perfectly, the other, hopefully, won’t have that exact same vulnerability.

On a side note, the idea of using testnet to test HW wallet and check whether your system is compromised is clever idea.

drawingthesun
Legendary
*
Offline Offline

Activity: 1148
Merit: 1002


View Profile
August 08, 2019, 05:38:53 PM
 #58

Stop trusting hardware wallet manufactures to protect your money.

We do need them for mass adoption however. Paper wallets can't take us the whole way.
Chris!
Legendary
*
Offline Offline

Activity: 1274
Merit: 1071


Signature for rent


View Profile
August 08, 2019, 10:24:09 PM
 #59

It looks like the $5 wrench attack came up a few times as well. Easiest way to avoid that would be multisig. Spread those keys across the land. If someone holds you up until you give up your private keys, you can't.


We do need them for mass adoption however. Paper wallets can't take us the whole way.

100% disagree. Unless they're 100% open source you're trusting them, which means you are potentially leaking keys, meaning you're not the only one holding your private keys, meaning you might as well have stuck with legacy banking since you obviously can't be your own bank.

PrimeNumber7
Full Member
***
Offline Offline

Activity: 182
Merit: 213



View Profile
August 09, 2019, 07:05:33 AM
 #60

What you can do is avoid the "wrench attack" by avoiding being the target of a wrench attack. You can do this by obscuring how much coin you have via things like coin control,  not reusing addresses, and minimizing the number of transactions that can be publicly attributed to you.
And not actively participating on online, public forums related to cryptocurrency... oh... wait. Tongue
Not everyone participating in these forums has substantial amounts of coin, or any coin at all. You can also keep your forum identity separate from your IRL identity to mitigate your risk that you will be targeted by a wrench attack.

Speaking about Vulnerabilities found in hardware wallets:

Trezor found this one:
Details of the OLED Vulnerability and its Mitigation

I think this is an edge case. For this attack to be successful, an attacker will need to compromise the computer you use with your trezor one ahead of time in a very specific way involving having physical access to your computer.

Someone who is able to execute this attack on a (non-upgraded) trezor one would also be able to learn of the private key associated with a paper wallet by compromising other computer components that would most probably be easier to compromise.

Pages: « 1 2 [3] 4 5 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!