Air-gapping 2 devices vs. Trezor/Ledger?

[skyroamjanetismine]

When I say air gap, I mean using 2 devices only to be used for crypto transactions. One of them is always offline. The other only
goes online to broadcast a transaction. Signing the transaction is done on the offline computer using a USB flash, which is then
put into the online device to broadcast.

I have both Trezor and Ledger, and I have always been skeptical about keeping my funds in a device where a company has the potential (not saying they do it, probably not, but I feel uneasy due to the potential) to have control of them whether through firmware exploit, hardware exploit (bugging 1 out of every 100 devices, when only 1  out of 100 people whine, the other 99 will be quick to assume they did some kind of goof up themselves), or some other method.   

I've read some bad stories about people losing funds during the updates and I believe most of them. Recently was bummed to read that Trezor has a hardware exploit, so if someone gets their hands on my device they can take my funds. And then Ledger is closed-source.

So I'm thinking about just moving my funds to my own devices as described above....I do you think I would like to hear some opinions?

[1714100558]

1714100558

[1714100558]

1714100558

[Charles-Tim]

So I'm thinking about just moving my funds to my own devices as described above....I do you think I would like to hear some opinions?

There is nothing bad to move your bitcoin or other funds to airgapped wallet that you described above. Electrum is open source and completely open source, you can make use of electrum wallet as both cold wallet for signing transactions and the other as watch-only wallet.

But, if you have been using trezor for long, I do not think there will be anything bad about using it but to be careful of malware, especially the malware that can change address which is possible on hardware wallets including ledger nano. About ledger, it is close source like you commented and also the recent phishing attack would discourage many people from using it. And, in my opinion, I prefer airgapped wallet, especially if using QR code to sign transactions which I believe is free from attack.

[LoyceV]

When I say air gap, I mean using 2 devices only to be used for crypto transactions. One of them is always offline. The other only goes online to broadcast a transaction. Signing the transaction is done on the offline computer using a USB flash, which is then put into the online device to broadcast.

This works, as long as you know what you're doing and don't make mistakes. Why not hook a dumb laser printer to the offline computer, so you can create offline paper wallets? I trust they last longer than any hardware, and can be encrypted.

[o_e_l_e_o]

So I'm thinking about just moving my funds to my own devices as described above....I do you think I would like to hear some opinions?

I think it's a great idea. I stopped using my Trezor devices completely after the revelation of their unpatchable critical vulnerability. I have now also stopped using my Ledger devices after their recent security breach, even though I was unaffected, as I simply have zero trust left in the company. I always used airgapped storage for my long term cold storage, but I am now using it for the majority of my coins, with only a small amount of day-to-day spending money being held in hot software wallets.

You clearly understand the basics, but I'll mention a few additional things that people often overlook which are important for such a set up.

• The airgapped computer must be clean and free from malware. The best way to achieve this is to format it and then install a fresh copy of an open source Linux distro.
• The airgapped computer must be permanently airgapped. Remove all connectivity hardware if you can. Install your Linux distro from a USB drive, and then install your bitcoin wallet from a USB drive as well. Do not connect to the internet with your airgapped computer to download your wallet software.
• Verify both your OS and wallet prior to installing them.
• Ideally, use full disk encryption to protect your airgapped computer from physical access. LUKS is good for Linux. VeraCrypt is also good.
• If you can use webcams to transfer transactions back and forth via QR codes, then this removes the possibility of accidentally and unknowingly transferring malware via a USB drive. The webcams should be unplugged when not being actively used for your own privacy.

[ranochigo]

Thanks for the topic. I've had quite a few discussions with the community here regarding this and I've maintain my stand that hardware wallets are better than airgapped wallets (at least perhaps till this thread).

Don't get me wrong, airgapped wallets are probably secure, enough for normal use anyways. I don't think there is a major risk of anyone getting their funds stolen through this and I've personally been using a Raspberry Pi airgapped till now, well if my ColdCard arrives and it wasn't lost in the mail.

I think the main argument that I've seen so far is that they don't trust the hardware and the internals of the hardware wallets. Well, to be fair I don't think you would specifically open up your computer to inspect the internals as well, given that most of it is proprietary and some of them are hard to decipher. Most hardware wallets are fairly open about what they use and the reason why I chose ColdCard is because I wanted to see the internals for myself and the fact that it's open sourced does give me extra assurance and the ability for me to inspect it further.

If you want to seriously compare the security of airgapped vs hardware wallets, then the sidechannel attacks are impossible to defend though I think secp256k1 is less susceptible to some of it than others. Hardware wallets are usually hardened against those. When I use cold storage, I always compare my Electrum implementation to an actual hardware wallet. Truth is, it is very hard to bruteforce the hardware wallets, given that the secure chip will almost definitely brick your device after X attempts. I can probably clone my SD card for my RPI wallet and spend some time trying to crack it. Well, it's hypothetical because I do take extra steps to secure it but I think bricking a device would make it impenetrable. Of course, plausible deniability is a huge plus for HW wallet as well.

Now, I can definitely see some points for airgapped wallet given it's more traditional approach as well as the fact that you won't tell the whole world that you have Bitcoins (erm Ledger) and that it is much cheaper. I think there are arguments to be made for both sides but I think in terms of both it's absolute security and it's balance between both, hardware wallets are still a compelling option.

As for the exploits that you see, I think Trezor got unlucky but they tried to mitigate it still. I don't think anything is inpenetrable but given how their business is centered around the security of their wallets, I would still trust that they can try to detect and mitigate most vulnerabilities that would appear, more than a cold storage definitely.

The database leak for Ledger was a giant facepalm and I was quite disappointed as well. Using a reshipper or a PO box could be useful when buying things online.

[decodx]

When I say air gap, I mean using 2 devices only to be used for crypto transactions. One of them is always offline. The other only goes online to broadcast a transaction. Signing the transaction is done on the offline computer using a USB flash, which is then put into the online device to broadcast.

This works, as long as you know what you're doing and don't make mistakes. Why not hook a dumb laser printer to the offline computer, so you can create offline paper wallets? I trust they last longer than any hardware, and can be encrypted.

I don't think he's looking for a cold storage solution, but an alternative to a hardware wallet. A paper wallet is good for keeping coins safe, but it's impractical for spending, imho.

[HeRetiK]

I personally still recommend hardware wallets over airgapped cold storage set ups to newcomers since they're much easier to use which makes them more reliable and secure for most people. As long as you know what you're doing using an airgapped PC is a good alternative though. o_e_l_e_o has pretty much summed up the most important things to keep in mind. Other than that what you describe is pretty solid standard cold storage.

I've read some bad stories about people losing funds during the updates and I believe most of them. Recently was bummed to read that Trezor has a hardware exploit, so if someone gets their hands on my device they can take my funds.

Remember that this is also true for your airgapped device though. Also given a strong enough passphrase merely extracting the seed from the hardware wallet won't be enough.

[o_e_l_e_o]

Of course, plausible deniability is a huge plus for HW wallet as well.

You can use plausible deniability with cold storage as well, and arguably it can be even better than a hardware wallet.

If you set up some hidden volumes on your devices, then you can have your bitcoin wallets completely hidden. You can decrypt their containers to reveal other non-crypto related "sensitive" data, while keeping your wallets not only encrypted and safe, but not even revealing that they exist at all. The very existence of a hardware wallet in your possession reveals that you own at least some crypto.

If, like using passphrases with a hardware wallet, you want some "dummy" wallets you can hand over to an attacker, then again, this is possible by simply leaving them unencrypted, or decrypting them first and handing them over, or putting them in the non-hidden side of the hidden volume.

[NeuroticFish]

My advice is to use airgapped cold storage setup for bigger funds, or all if you simply HODL. And for smaller funds you may want to spend now and then the hardware wallets are just fine.
This way you benefit the convenience you paid for when you bought hardware wallets and your big funds are also 99.999999% safe and untouchable.

Electrum has proper docs for setting up such a cold storage: https://electrum.readthedocs.io/en/latest/coldstorage.html
And whatever you do, make sure your seed is backed up onto something physical (paper, steel, name it).

[20kevin20]

I think the main argument that I've seen so far is that they don't trust the hardware and the internals of the hardware wallets. Well, to be fair I don't think you would specifically open up your computer to inspect the internals as well, given that most of it is proprietary and some of them are hard to decipher. Most hardware wallets are fairly open about what they use and the reason why I chose ColdCard is because I wanted to see the internals for myself and the fact that it's open sourced does give me extra assurance and the ability for me to inspect it further.

The main difference between a hardware wallet with proprietary firmware/hardware (such as Ledger's Secure Element) and a PC that has proprietary firmware/hardware is to me that the latter can be purchased from batches that have been produced before Bitcoin's inception. It makes me paranoid that a hardware wallet, which has been specifically created to hold cryptocurrencies on it, has closed-source components in it.

I think there are arguments to be made for both sides but I think in terms of both it's absolute security and it's balance between both, hardware wallets are still a compelling option.

What keeps me in between cold wallets and hardware ones is that HWs come with a preinstalled, verified OS compared to cold wallets for which you download and verify everything on your own, which means you make your own security. Makes me a bit anxious that I might be creating a cold wallet and not verifying everything the right way, making all my funds poof in a matter of milliseconds. I could be sending 0.05BTC as a test and leave it there for a month, just to test whether it's a malicious version or not - only to send everything else there after a month's passed, without knowing I have a malicious version that steals funds from BTC wallets once the balance goes past 0.1BTC.

On the other hand, the fact that HWs come with preinstalled OS is also bad, especially in extreme cases such as Snowden's. You could easily be a target and have a malicious OS installed on it.

(possibly off-topic) To be honest, the safest way I think we could ever have to be able to create cold wallets is if we could create a seed and derive addresses from it solely using a paper and a pen, to then use the seed completely offline on an airgapped PC to sign txs. If we could do that and verify things using our own hand & brain (which aren't perfect, but are easier to trust than a software's code), that would eliminate most risks such as those posed by proprietary software/hardware or by not verifying a software the right way.

[ranochigo]

The main difference between a hardware wallet with proprietary firmware/hardware (such as Ledger's Secure Element) and a PC that has proprietary firmware/hardware is to me that the latter can be purchased from batches that have been produced before Bitcoin's inception. It makes me paranoid that a hardware wallet, which has been specifically created to hold cryptocurrencies on it, has closed-source components in it.

There's no guarantees that there are possible backdoors or vulnerabilities that could be intentionally or inadvertently inserted as well. If it's of any assurance, some hardware wallets are actually audited regularly and/or has their schematics and firmware open source online. That's the reason why I bought a ColdCard.

To be fair, NSA did try to backdoor Linux quite a few times. Doesn't make it any more safer than an opensource firmware which certain HW wallet manufacturers provide.

What keeps me in between cold wallets and hardware ones is that HWs come with a preinstalled, verified OS compared to cold wallets for which you download and verify everything on your own, which means you make your own security. Makes me a bit anxious that I might be creating a cold wallet and not verifying everything the right way, making all my funds poof in a matter of milliseconds. I could be sending 0.05BTC as a test and leave it there for a month, just to test whether it's a malicious version or not - only to send everything else there after a month's passed, without knowing I have a malicious version that steals funds from BTC wallets once the balance goes past 0.1BTC.

On the other hand, the fact that HWs come with preinstalled OS is also bad, especially in extreme cases such as Snowden's. You could easily be a target and have a malicious OS installed on it.

You can build and compile the firmware yourself. You can also build your own ColdCard[1].

IMO, verifying something is often referred to comparing the hashes and/or using the PGP signature file to authenticate authenticity. When such an argument about security (with a high degree of paranoia) is put forth, the rational thinking is to assume that everything is compromised, not being able to trust the OS and thus reading through the entire source code and understanding how everything works. In this scenario, I would prefer to scour through the firmware of HW wallets since they're relatively light weight and more transparent than most.


[1] https://github.com/Coldcard/firmware/tree/master/hardware

[HeRetiK]

I personally still recommend hardware wallets over airgapped cold storage set ups to newcomers since they're much easier to use which makes them more reliable and secure

It depends on newcomer.  My first wallet was Armory on an airgapped computer, although almost everyone around me has been  afraid to have such setup. Cold Armory still serves me loyally, with most of my bitcoins. For routine daily work I would prefer hardware wallet because it takes less time to use.

Of course! But usually the kind of person that learns to set up airgapped cold storage by themselves is not the one to ask how to store their crypto long term or what wallet to use

[hatshepsut93]

I think on practice there's not much difference between a DIY cold storage setup and a hardware wallet - both protect you from the common malware, and situations where thieves get physical access to your storage are quite rare. Most times in situations with physical access a $5 wrench attack happens, rather than some high-tech hacking with abusing hardware bugs and such. If you trust hardware wallet manufacturers and distrust computer component vendors, that's fine, and vice versa.

[skyroamjanetismine]

The main difference between a hardware wallet with proprietary firmware/hardware (such as Ledger's Secure Element) and a PC that has proprietary firmware/hardware is to me that the latter can be purchased from batches that have been produced before Bitcoin's inception. It makes me paranoid that a hardware wallet, which has been specifically created to hold cryptocurrencies on it, has closed-source components in it.

There's no guarantees that there are possible backdoors or vulnerabilities that could be intentionally or inadvertently inserted as well. If it's of any assurance, some hardware wallets are actually audited regularly and/or has their schematics and firmware open source online. That's the reason why I bought a ColdCard.

To be fair, NSA did try to backdoor Linux quite a few times. Doesn't make it any more safer than an opensource firmware which certain HW wallet manufacturers provide.

What keeps me in between cold wallets and hardware ones is that HWs come with a preinstalled, verified OS compared to cold wallets for which you download and verify everything on your own, which means you make your own security. Makes me a bit anxious that I might be creating a cold wallet and not verifying everything the right way, making all my funds poof in a matter of milliseconds. I could be sending 0.05BTC as a test and leave it there for a month, just to test whether it's a malicious version or not - only to send everything else there after a month's passed, without knowing I have a malicious version that steals funds from BTC wallets once the balance goes past 0.1BTC.

On the other hand, the fact that HWs come with preinstalled OS is also bad, especially in extreme cases such as Snowden's. You could easily be a target and have a malicious OS installed on it.

You can build and compile the firmware yourself. You can also build your own ColdCard[1].

IMO, verifying something is often referred to comparing the hashes and/or using the PGP signature file to authenticate authenticity. When such an argument about security (with a high degree of paranoia) is put forth, the rational thinking is to assume that everything is compromised, not being able to trust the OS and thus reading through the entire source code and understanding how everything works. In this scenario, I would prefer to scour through the firmware of HW wallets since they're relatively light weight and more transparent than most.


[1] https://github.com/Coldcard/firmware/tree/master/hardware

I really do want to believe that the HW wallet audits of source code and firmware...as well as hardware are being done thoroughly. And that a number of people with as much expertise as the security team members at these big crypto companies --at least in the context of the HW audit--are doing them.

One reason I have skepticism lies in the fact that Gerald Cotton's (QuadricaCX) business partner supposedly had a sketchy past from what I read online--such that if Quadrica clients knew about his past then I'd doubt they'd feel safe having their funds in custody of the company. BUT why didn't people search the background of the Quadrica top dawgs BEFORE SHTF?

If I was the average user of QuadricaCX before SHTF I would probably have just passively assumed that everyone had audited the background of the those involved in the company. Similar to how I assume people have done this background with all the big exchanges right now ( do they?).

I find the line of reasoning very similar to how people on reddit say "don't worry the source code is open and firmware is open" [and just assume it's audited by experts].

Also just wanted to throw in there that if there was perfect time for Ledger to do an exit (or not even necessarily exit) scam it would be now given the high price of BTC and probably the lowest ever approval rating for the company. Even if 1 or 2 out of every 100 wallets lose funds it would be hard to prove fraud. They could probably get away with it. I doubt they will do something like that, but I'm just saying.

[skyroamjanetismine]

So I'm thinking about just moving my funds to my own devices as described above....I do you think I would like to hear some opinions?

I think it's a great idea. I stopped using my Trezor devices completely after the revelation of their unpatchable critical vulnerability. I have now also stopped using my Ledger devices after their recent security breach, even though I was unaffected, as I simply have zero trust left in the company. I always used airgapped storage for my long term cold storage, but I am now using it for the majority of my coins, with only a small amount of day-to-day spending money being held in hot software wallets.

You clearly understand the basics, but I'll mention a few additional things that people often overlook which are important for such a set up.

• The airgapped computer must be clean and free from malware. The best way to achieve this is to format it and then install a fresh copy of an open source Linux distro.
• The airgapped computer must be permanently airgapped. Remove all connectivity hardware if you can. Install your Linux distro from a USB drive, and then install your bitcoin wallet from a USB drive as well. Do not connect to the internet with your airgapped computer to download your wallet software.
• Verify both your OS and wallet prior to installing them.
• Ideally, use full disk encryption to protect your airgapped computer from physical access. LUKS is good for Linux. VeraCrypt is also good.
• If you can use webcams to transfer transactions back and forth via QR codes, then this removes the possibility of accidentally and unknowingly transferring malware via a USB drive. The webcams should be unplugged when not being actively used for your own privacy.

Let me make sure I interpreting this correctly.

So, if I went to best buy I bought 2 HP laptops with Windows 10, I should be concerned that there may be malware in them even if they don't go online--perhaps by some of the pre-installed software?

Also, what do you suggest to be a lightweight option. I travel a lot and if I took this route I'd like to not have to carry around 2 laptops with me all the time. This weight issue might be the only reason I stick with Trezor.

I was hoping I can just use 2 phones (remove wifi card and antenna of the offline one)?

[ranochigo]

I find the line of reasoning very similar to how people on reddit say "don't worry the source code is open and firmware is open" [and just assume it's audited by experts].

Also just wanted to throw in there that if there was perfect time for Ledger to do an exit (or not even necessarily exit) scam it would be now given the high price of BTC and probably the lowest ever approval rating for the company. Even if 1 or 2 out of every 100 wallets lose funds it would be hard to prove fraud. They could probably get away with it. I doubt they will do something like that, but I'm just saying.

Well, then I guess you're better off with airgapped storage. It really boils down to if you trust the HW wallet manufacturer in this case, if you don't want to trust anyone else. At the same time, you have to make the same assumption about your cold storage wallet as well as the OS.

I wouldn't say that it's hard to prove. I'll be able to see the various commits to the github page if I were watching it and it makes inspecting the code before updates much easier.

Let me make sure I interpreting this correctly.

So, if I went to best buy I bought 2 HP laptops with Windows 10, I should be concerned that there may be malware in them even if they don't go online--perhaps by some of the pre-installed software?

Might have some spyware, after all they tend to include a ton of spyware. I'll wipe them and just install Linux. The popularity and the design behind Linux based OS makes the chances for persistent malware infection harder.

Also, what do you suggest to be a lightweight option. I travel a lot and if I took this route I'd like to not have to carry around 2 laptops with me all the time. This weight issue might be the only reason I stick with Trezor.

I was hoping I can just use 2 phones (remove wifi card and antenna of the offline one)?

Your use case would probably make hardware wallets more attractive.

If you'd like, you can just purchase 2 Raspberry Pis and use them as cold wallets. My personal preference would just be to put some funds in a hot wallet and bring it around. Even if I were to lose them, I wouldn't lose all my funds.

[o_e_l_e_o]

So, if I went to best buy I bought 2 HP laptops with Windows 10, I should be concerned that there may be malware in them even if they don't go online--perhaps by some of the pre-installed software?

As far as I am concerned, Windows 10 is malware, but that's another discussion.

But yes, I would not use a brand new store bought laptop as cold storage without formatting it first. You have no idea if that laptop has gone online before you bought it, what has been installed on it, what prepackaged software it comes with, what that prepackaged software has lurking in it, and so on. Physically airgap (i.e. remove relevant hardware), format, install Linux, set up full disk encryption, install wallet.

Also, what do you suggest to be a lightweight option. I travel a lot and if I took this route I'd like to not have to carry around 2 laptops with me all the time. This weight issue might be the only reason I stick with Trezor.

Raspberry Pi as suggested, provided you also have the necessary peripherals to plug in. If not then you can have a slightly less secure but still pretty good solution using a single laptop, and carrying a USB with Linux and your encrypted wallet on it. Use your laptop as you normally would with a watch only wallet on it. When you want to sign a transaction, shut down the laptop, disconnect your WiFi card (plus any other connectivity hardware and ideally also your hard drive), live boot to Linux, sign your transaction, shut down, reconnect your hardware, and boot back up to your normal OS.

Two mobile phones is another good solution, provided you make sure the cold storage one is securely encrypted and really airgapped (I wouldn't trust simply turning on airplane mode, and would want to physically remove or disable the relevant hardware).

[figmentofmyass]

If you want to seriously compare the security of airgapped vs hardware wallets, then the sidechannel attacks are impossible to defend though I think secp256k1 is less susceptible to some of it than others. Hardware wallets are usually hardened against those.

can you elaborate on this? what is the theoretical threat to an airgapped wallet setup?

Most times in situations with physical access a $5 wrench attack happens, rather than some high-tech hacking with abusing hardware bugs and such. If you trust hardware wallet manufacturers and distrust computer component vendors, that's fine, and vice versa.

the wrench attack angle is why i strongly prefer general purpose hardware. hardware wallets just scream "rob me!"

the only hardware wallet that appeals to me is bitbox---nice and discreet. anyone tried it?

[ranochigo]

can you elaborate on this? what is the theoretical threat to an airgapped wallet setup?

Side channel attacks. Most of your devices are not specifically hardened to withstand side-channel attacks by reducing the potential attack vectors associated with the sidechannel, (eg. EM wave leakage, timing attacks). There has been a study conducted on this[1] but, interpret it as you want, it isn't that recent or conducted on major wallets. I wouldn't consider it to be THAT big of a threat but if we were to compare the specifics, might as well mention it.

I understand that Trezor and some of the secure chip used were vulnerable to such attacks as well. They've fixed the problem and most of them requires tearing entire device apart and the victim's participation while it's hooked up to an oscilloscope.

** I'm not sure if someone conducted similar experiments on Electrum but I'd like to see if there is one.


[1] https://eprint.iacr.org/2016/230.pdf

[LoyceV]

the wrench attack angle is why i strongly prefer general purpose hardware. hardware wallets just scream "rob me!"

The wrench attack can also happen to your bank account in a home robbery: having a verified account at any exchange is enough to be forced to deposit your life savings, after which the attacker buys Bitcoin with your money.