_act_ (OP)
Legendary
Offline
Activity: 1064
Merit: 1308
Lightning network is good with small amount of BTC
|
|
September 21, 2023, 12:43:51 PM |
|
One of the safest method of having a secure wallet is the use of airgapped devices. If an airgapped device has camera, all needed is the use of QR code and the camera for the transfer of PSBT and signed transactions and nothing more than that. Which means after the device OS has been installed again and the wallet has been created on the airgapped device, the device does not need to connect to the internet or other devices again. If the Bluetooth and WiFi card have be removed, what about the USB port? I found out online that USB port locker can be used. I saw these two videos on YouTube: https://youtu.be/q1L3lCDVZUg?si=mLgi0uYnk6MHdI-shttps://youtu.be/BEtOV7RVK6s?si=vEUt2D9GbDbBOnGfIf this USB port locker is bought and used to lock the USB ports, is it like the house door keys that if another locker is used with the locked USB Port, the port will not be unlocked until the right one used to lock it will be the only one that can unlock it? Or are there ways attack can be able to remove the locker in a way the USB port will not be damaged? Or is it just a waste of time in a way that the locked USB port can be removed and replaced by new one? Is it worth buying?
|
|
|
|
DaveF
Legendary
Offline
Activity: 3654
Merit: 6666
Crypto Swap Exchange
|
Waste of money.
1) For a desktop PC all you have to do is pop the top and add in a USB card. 2) They are still plastic, with time and effort you can pull one out. 3) For the determined person it's get laptop, take off cover, un-solder the port (only 4 wires on USB 2) and solder in a new one. But at that point you might as well just pull the drive out
Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.
-Dave
|
|
|
|
philipma1957
Legendary
Online
Activity: 4298
Merit: 8832
'The right to privacy matters'
|
|
September 21, 2023, 01:59:18 PM |
|
Waste of money.
1) For a desktop PC all you have to do is pop the top and add in a USB card. 2) They are still plastic, with time and effort you can pull one out. 3) For the determined person it's get laptop, take off cover, un-solder the port (only 4 wires on USB 2) and solder in a new one. But at that point you might as well just pull the drive out
Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.
-Dave
yeah bios and password lock would be best way and cost is zero.
|
|
|
|
hugeblack
Legendary
Offline
Activity: 2688
Merit: 3971
|
|
September 21, 2023, 02:14:46 PM |
|
Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.
This is the best method, but I prefer to have a port for an SD card or even a USB. Sometimes, there is a need to transfer PSBT files, or there are large signatures for which a QR code cannot be created due to the lack of enough space. Hardware wallets feature a secure element, so instead of spending money on a locked USB port, purchasing a hardware wallet with a secure element and creating a multi-signature wallet will greatly enhance the security of your coins.
|
|
|
|
virasog
Legendary
Offline
Activity: 3150
Merit: 1172
Leading Crypto Sports Betting & Casino Platform
|
|
September 21, 2023, 03:41:05 PM |
|
Is it worth buying?
Not really, it will just add an extra cost while the same can be protected through free methods. First of all, your airgapped device should be password protected. Since no one can access that device without the password, no one can use the USB on that device and you yourself won't use it too. Spending money on buying the USB port blocker is not worth it. Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.
Apart from this, the USB ports can be disabled in the computer too through "Device Manager" if you are using the Windows Version.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
_act_ (OP)
Legendary
Offline
Activity: 1064
Merit: 1308
Lightning network is good with small amount of BTC
|
|
September 21, 2023, 04:15:20 PM |
|
This is the best method, but I prefer to have a port for an SD card or even a USB. Sometimes, there is a need to transfer PSBT files, or there are large signatures for which a QR code cannot be created due to the lack of enough space.
This is the first time I am hearing about this because QR code has not failed me before. What do you mean by large signature? Hardware wallets feature a secure element, so instead of spending money on a locked USB port, purchasing a hardware wallet with a secure element and creating a multi-signature wallet will greatly enhance the security of your coins.
I did not know that I can be able to lock and unlock the USB board using password on the laptop, it would be best for what I am looking for. When I have old laptop, I do not see a reason I should get a laptop. I may buy hardware wallet. Apart from this, the USB ports can be disabled in the computer too through "Device Manager" if you are using the Windows Version.
I saw it under universal serial bus controller which can be found under device manager.
|
|
|
|
_act_ (OP)
Legendary
Offline
Activity: 1064
Merit: 1308
Lightning network is good with small amount of BTC
|
|
September 22, 2023, 10:17:14 AM |
|
I think he refer to either, 1. Transaction with many inputs.
If a transaction is containing many inputs, the transaction virtual size can be high but the signature is just one. Or is that wrong? Or is the high size of the transaction that result to the issue? 2. Transaction which spend input which require to reveal long script or contain many signatures.
Did you mean transactions that are broadcasted using a multisig wallet? If it is multisig, I do not use it as a multisig but as a single signature wallet.
|
|
|
|
LoyceMobile
|
If you're worried about physical access to your hardware: use glue! Second hand laptops are cheap enough to be expendable. Fill the ports, glue the memory, glue the lid, make it a lot of work to open it without turning it off.
As paranoid as I am, even I haven't done this. Yet.
|
|
|
|
ABCbits
Legendary
Offline
Activity: 3052
Merit: 8074
Crypto Swap Exchange
|
|
September 22, 2023, 10:57:00 AM Merited by vapourminer (1) |
|
I think he refer to either, 1. Transaction with many inputs.
If a transaction is containing many inputs, the transaction virtual size can be high but the signature is just one. Or is that wrong? Or is the high size of the transaction that result to the issue? With P2PK, P2PKH, P2SH-P2WPKH and P2WPKH, 1 input always require 1 signature. But on P2TR and depending on spend condition, you could utilize signature aggregation where many inputs only require 1 (aggregated) signature. 2. Transaction which spend input which require to reveal long script or contain many signatures.
Did you mean transactions that are broadcasted using a multisig wallet? If it is multisig, I do not use it as a multisig but as a single signature wallet. Multisig is just one of the example. Anyway, since the original concern is about size of PSBT, you could just check example on BIP 174[1] to see how long PSBT data could be. [1] https://github.com/bitcoin/bips/blob/master/bip-0174.mediawiki#user-content-Test_Vectors
|
|
|
|
Kryptowerk
Legendary
Offline
Activity: 2114
Merit: 1403
Disobey.
|
|
September 22, 2023, 03:05:04 PM |
|
Waste of money.
1) For a desktop PC all you have to do is pop the top and add in a USB card. 2) They are still plastic, with time and effort you can pull one out. 3) For the determined person it's get laptop, take off cover, un-solder the port (only 4 wires on USB 2) and solder in a new one. But at that point you might as well just pull the drive out
Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.
-Dave
Correct me if I'm wrong, but isn't the easiest way to reset a BIOS password still to just remove the mainboard battery? Or was that only possible 20 years ago and things have changed? not up to date, but most likely BIOS pws are still quite easy to circumvent I would guess.
|
|
|
|
LoyceMobile
|
|
September 22, 2023, 03:29:56 PM |
|
]Correct me if I'm wrong, but isn't the easiest way to reset a BIOS password still to just remove the mainboard battery? Or was that only possible 20 years ago and things have changed? not up to date, but most likely BIOS pws are still quite easy to circumvent I would guess. Any half decent BIOS password can't be reset (anymore) by removing the battery.
|
|
|
|
DaveF
Legendary
Offline
Activity: 3654
Merit: 6666
Crypto Swap Exchange
|
|
September 22, 2023, 03:30:50 PM |
|
Waste of money.
1) For a desktop PC all you have to do is pop the top and add in a USB card. 2) They are still plastic, with time and effort you can pull one out. 3) For the determined person it's get laptop, take off cover, un-solder the port (only 4 wires on USB 2) and solder in a new one. But at that point you might as well just pull the drive out
Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.
-Dave
Correct me if I'm wrong, but isn't the easiest way to reset a BIOS password still to just remove the mainboard battery? Or was that only possible 20 years ago and things have changed? not up to date, but most likely BIOS pws are still quite easy to circumvent I would guess. Depends on the machine. Older ones yes, newer ones no. With the next being said, if you are doing that then you have to power down and reboot the machine. At which point when it reboots. If you had your drive encrypted then they can't get to it now anyway. And, if you didn't have it encrypted. Then they powered down your machine and got the battery....they can just take your drive. Any half decent BIOS password can't be reset (anymore) by removing the battery.
Keep in mind most of these are going to be on older machines so we are not taking 2023, but 2016.... -Dave
|
|
|
|
philipma1957
Legendary
Online
Activity: 4298
Merit: 8832
'The right to privacy matters'
|
|
September 22, 2023, 03:32:34 PM |
|
Waste of money.
1) For a desktop PC all you have to do is pop the top and add in a USB card. 2) They are still plastic, with time and effort you can pull one out. 3) For the determined person it's get laptop, take off cover, un-solder the port (only 4 wires on USB 2) and solder in a new one. But at that point you might as well just pull the drive out
Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.
-Dave
Correct me if I'm wrong, but isn't the easiest way to reset a BIOS password still to just remove the mainboard battery? Or was that only possible 20 years ago and things have changed? not up to date, but most likely BIOS pws are still quite easy to circumvent I would guess. A lot depends on the pc case and how well it is secured. A usb lock you paid for and stuck in a case can pretty much be pulled out with a pliers in about 1 minute. It is visible and easy to attack it with this https://www.amazon.com/Wiha-32623-Bent-Pliers-Cutters/dp/B000T9XU8Q/ref=sr_1_23?
|
|
|
|
DubemIfedigbo001
|
|
September 22, 2023, 04:11:06 PM |
|
Waste of money.
1) For a desktop PC all you have to do is pop the top and add in a USB card. 2) They are still plastic, with time and effort you can pull one out. 3) For the determined person it's get laptop, take off cover, un-solder the port (only 4 wires on USB 2) and solder in a new one. But at that point you might as well just pull the drive out
Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.
-Dave
well said, an experienced engineer will just loose the computer system, remove the hard drive, use original operating system if its windows10 and attempt repairing the OS, then using command prompt to bypass the password and gain access to the information on the hard drive and the rest is history. Even if you used an application to protect your wallet, it will just be uninstalled, and the rest is history. your computer and the airgap will be there for you unharmed, but your coins are gone. In conclusion, this approach suggested by OP is just a total waste of money. Most if not all PCs can disable the USB ports in BIOS and you can also set a BIOS password so that cannot be changed without the password.
BIOS settings can be reset by removing the CMOS battery, then plugging the PC. A better way is even replacing the BIOS chip with a spare from a similar Board. it only takes few minutes to execute. you just pray and believe you're not a target cos there are many ways to breach the assumed security.
|
|
██ ██ ██████ | R |
▀▀▀▀▀▀▀██████▄▄ ████████████████ ▀▀▀▀█████▀▀▀█████ ████████▌███▐████ ▄▄▄▄█████▄▄▄█████ ████████████████ ▄▄▄▄▄▄▄██████▀▀ | LLBIT | ██████ ██ ██ | ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ | ██████████████ THE #1 SOLANA CASINO
██████████████ | ██████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██████ | ████████████▄ ▀▀██████▀▀███ ██▄▄▀▀▄▄█████ █████████████ █████████████ ███▀█████████ ▀▄▄██████████ █████████████ █████████████ █████████████ █████████████ █████████████ ████████████▀ | ████████████▄ ▀▀▀▀▀▀▀██████ █████████████ ▄████████████ ██▄██████████ ████▄████████ █████████████ █░▀▀█████████ ▀▀███████████ █████▄███████ ████▀▄▀██████ ▄▄▄▄▄▄▄██████ ████████████▀ | [ [ | 5,000+ GAMES INSTANT WITHDRAWALS | ][ ][ | HUGE REWARDS VIP PROGRAM | ] ] | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ | ████████████████████████████████████████████████ PLAY NOW ████████████████████████████████████████████████ | ████ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ████ |
|
|
|
m2017
Legendary
Offline
Activity: 1988
Merit: 1402
Playbet.io - Crypto Casino and Sportsbook
|
|
September 22, 2023, 04:47:02 PM |
|
~snip BIOS settings can be reset by removing the CMOS battery, then plugging the PC. A better way is even replacing the BIOS chip with a spare from a similar Board. it only takes few minutes to execute. you just pray and believe you're not a target cos there are many ways to breach the assumed security.
Trick with removing the CMOS battery doesn't always work. You are not proposing the simplest solution to replacing the BIOS chip. This process will probably take more than 5 minutes, because you will need to gain access to the board with the chip. For example, on laptops. Sometimes may need to go through nine circles of hell to get to the motherboard without damaging anything. Here you can add a solution with flashing the BIOS using a programmer, instead of replacing a BIOS chip of an identical model from the exact same motherboard (which still needs to be found). In general, your message is correct - you should not rely entirely on a password-protected BIOS to block the USB. You can always find a solution to get around this (any) obstacle. It's just a matter of resources spent.
|
|
|
|
DaveF
Legendary
Offline
Activity: 3654
Merit: 6666
Crypto Swap Exchange
|
And this also brings home the point of why you should be using VeraCrypt or something similar https://www.veracrypt.fr/en/Home.htmlTake my PC, remove the drive, you are still not getting anything out of it. Use whatever metaphor you want be belt and suspenders, screw and glue, whatever. BIOS boot password, drive encryption password, OS encryption password. But, once again only if its really worth it. Don't spend $200 of time to protect $50 of crypto. -Dave
|
|
|
|
philipma1957
Legendary
Online
Activity: 4298
Merit: 8832
'The right to privacy matters'
|
|
September 23, 2023, 02:01:49 PM |
|
And this also brings home the point of why you should be using VeraCrypt or something similar https://www.veracrypt.fr/en/Home.htmlTake my PC, remove the drive, you are still not getting anything out of it. Use whatever metaphor you want be belt and suspenders, screw and glue, whatever. BIOS boot password, drive encryption password, OS encryption password. But, once again only if its really worth it. Don't spend $200 of time to protect $50 of crypto. -Dave Yeah if you have value say 2 btc it is worth being on its own pc backed up with seeds yada yada yada. and you only use that pc for 1 thing your btc wallet. and have say 0.1 btc and some shit coins on a less secure setup of pc+phone+exchange. Back in the day in New York City the 1970's. I used to carry: a wallet with some cash say 20-35 bucks a money clip with more cash say 80-120 bucks a hidden pocket with more cash say 300 to 400 bucks
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3850
Merit: 6585
Looking for campaign manager? Contact icopress!
|
I like a lot the simple solutions proposed here, from gluing to VeraCrypt. However, there's one more option people tend to underestimate. And imho it's cheap and very easy, especially nowadays when computers tend to no longer be connected to UTP cables (if you use permanent connection via cable, just skip this post).
Boot from an USB stick with Tails OS. Electrum is there and persistence is off. Yes, one will have to enter the 12-24 words every time, not such a big hassle imho (of course, as said, this is not for safeguarding 10$). It doesn't know what's your WiFi so it cannot connect online. The seed can be stored easily and safely in so many ways it just depends on each and everyone's imagination.
One can steal your computer and will find only the watch only wallet. One can steal the live OS stick and also find nothing. And it's also cheap, since one doesn't necessarily need another computer for this.
Of course, if one wants and can use a separate computer as cold storage, probably VeraCrypt beats this.
|
|
|
|
LoyceMobile
|
|
September 24, 2023, 09:59:01 AM |
|
One can steal your computer and will find only the watch only wallet. One can steal the live OS stick and also find nothing. And it's also cheap, since one doesn't necessarily need another computer for this. The back and forth copying of unsigned and signed transactions is cumbersome though, especially if you make a mistake (for instance with fees, or use an incompatible version of Electrum), and have to reboot a few times. I'm speaking from experience.
|
|
|
|
ABCbits
Legendary
Offline
Activity: 3052
Merit: 8074
Crypto Swap Exchange
|
|
September 24, 2023, 11:24:44 AM |
|
And this also brings home the point of why you should be using VeraCrypt or something similar https://www.veracrypt.fr/en/Home.htmlTake my PC, remove the drive, you are still not getting anything out of it. Some Linux distro even let you encrypt the disk during installation process which is far more simple than configuring VeraCrypt or LUKS post installation. Boot from an USB stick with Tails OS. Electrum is there and persistence is off. Yes, one will have to enter the 12-24 words every time, not such a big hassle imho (of course, as said, this is not for safeguarding 10$). It doesn't know what's your WiFi so it cannot connect online. The seed can be stored easily and safely in so many ways it just depends on each and everyone's imagination.
That's valid option. Although depending on your device, you may face known issue ( https://tails.net/support/known_issues/index.en.html) which is tricky to deal with. And as @LoyceMobile said, outdated Electrum could be problematic on few cases. Although these days we have PSBT which cut-off many incompatibility problem.
|
|
|
|
|