airgap wallet not totally safe?

[ChineseSavior]

i read somewhere airgap can still be compromised? is this even thru. i would imagine if you removed all netqork cards and ir ports on old computermto create true airgap you would be safe? then anything you wanted to put on there would have to be usb then smelt the usb and never let it touch the network again...

seems secure to me outside of smelting the laptop itself after you make 1000's of btc addresses....

[CIYAM]

The CIYAM Safe (https://susestudio.com/a/kp8B3G/ciyam-safe) is designed to work with QR codes and cameras to provide 100% air-gapped safety.

Bear in mind this doesn't have the ease of an offline *wallet* or a device like a Trezor but assuming you have disabled all network connectivity in the offline computer it is arguably more secure.

I wouldn't go as far as saying it is "totally safe" though as you would next need to start thinking about things like Faraday cages to protect your offline computer from being spied upon through signal detection as well as any cameras you are unaware of being able to see over your shoulder, etc.

[hhanh00]

A modified signing code can leak all your data onto the blockchain - airgap wallet or not. I can do it in 2 signatures but it could be lower. So check that your download hasn't been tampered with.

[CIYAM]

Very true - as we have seen recently from the blockchain.info fiasco ECDSA that relies upon *random values* is not such a great idea.

[ChineseSavior]

i have no idea what you people are even saying its like diff lang

I guess i'm not sure I see how the qr code makes you safe?

i went to the website but it doesn't add up to me at least but then again i know nothing

[CIYAM]

i have no idea what you people are even saying

If the software you are running offline has been compromised it doesn't matter whether you use air-gapped comms or not.

[ChineseSavior]

i have no idea what you people are even saying

If the software you are running offline has been compromised it doesn't matter whether you use air-gapped comms or not.

please see above so how is this solution different?

[CIYAM]

please see above so how is this solution different?

The point you are not getting is that there is no software that you can be sure won't go wrong unless a) you wrote it from scratch (and have a very thorough understanding of ECDSA), or b) you can fully understand every line of source code that someone else wrote before then compiling it yourself on your offline computer.

As I doubt you are capable of either a) or b) then you are simply going to just have to trust someone (no offense intended as at least 99.9999% of people are not capable of this).

The idea of Bitcoin being really "trustless" is actually not a very accurate idea (it depends upon a non-flawed implementation of ECDSA for a start).

[ChineseSavior]

so what youre basically claiming is that you will never scam and that your system is totally foolproof?

[CIYAM]

so what youre basically claiming is that you will never scam and that your system is totally foolproof?

Sorry - you seem to be having some troubles understanding the conversation as I am not making any such claims whatsoever (and if I did you should assume my account has been hacked and that whoever is pretending to be me is in fact a scammer).

I have told you "no system is foolproof" - so that obviously would include my own system.

Hint - "trust no-one" (which kind of does make it impossible to safely secure your BTC when there is no way to do so without trust).

[hhanh00]

To Op, I was replying to your first message.
It's true. Air gap wallets can leak your keys by the way they sign. They can hide a message while forming a valid signature. When you spend some funds, a crafty signature can leak your master key and it can be done in a undetectable way.
A malicious attacker can later get all your funds. It's very powerful with deterministic wallets because even your future funds can be stolen.

[DannyHamilton]

so what youre basically claiming is that you will never scam and that your system is totally foolproof?

No.

He's claiming that you should ONLY use open source software, and that you should make sure that, at a minimum, it is very well reviewed by experts in the field.  Preferably, the code should be reviewed by an expert that you trust, and better yet you should be an expert and review the code yourself if that is possible.

[ChineseSavior]

so what youre basically claiming is that you will never scam and that your system is totally foolproof?

Sorry - you seem to be having some troubles understanding the conversation as I am not making any such claims whatsoever (and if I did you should assume my account has been hacked and that whoever is pretending to be me is in fact a scammer).

I have told you "no system is foolproof" - so that obviously would include my own system.

Hint - "trust no-one" (which kind of does make it impossible to safely secure your BTC when there is no way to do so without trust).

i'm going to need pictures of your children and pets even goldfish. if i get the gold fish pictures i will trust anyone!

ok but seriously now I understand a little better. You're def right nothing in the world is 100% foolproof. So let me ask this...

what is the best way to store bitcoin? Or is it better to spread everything you earn thin so if you get hit in any 1 place you only lose a controlled amount? Like eggs in one basket theory....

so say you make 10 bitcoin worth 3k. Take 1k dump into portfolio 1k cash and store 1k bitcoin etc...?  With all the scandals any everything i get headaches over security. Then come to find out I lost 0.36 mining funds on blockchain.info..... now blockchain tells me it wasn't them or the hack it was malware on my computer? Jesus so how the heck do I keep my bitcoins safe or should i just be dumpining into every single thing with minimum coin.....


Is litecoin or dogecoin storage systems safer? May sound like a dumb question but still should be covered.

[DannyHamilton]

- snip -
what is the best way to store bitcoin?

Cold storage.  Find software that you can trust and keep your private keys permanently offline. Generate the addresses/keys on a computer that never has been connected to the internet, is not currently connected to the internet, and never will be connected to the internet.

Some software to consider: Electrum Offline, Armory Offline, Bitcoin Core, bitaddress.org.

Or is it better to spread everything you earn thin so if you get hit in any 1 place you only lose a controlled amount? Like eggs in one basket theory....

If you are unable to determine which software to trust, then you are simply increasing the odds that you will make a bad decision and store some of your bitcoins somewhere unsafe.  If you are able to determine which software to trust, then there isn't much benefit to spreading it all thin.  That's a decision you'll have to make for yourself.

so say you make 10 bitcoin worth 3k. Take 1k dump into portfolio 1k cash and store 1k bitcoin etc...?

Me?  I'd put almost all of it on a paper wallet.  Not sure what you prefer.

With all the scandals any everything i get headaches over security. Then come to find out I lost 0.36 mining funds on blockchain.info..... now blockchain tells me it wasn't them or the hack it was malware on my computer? Jesus so how the heck do I keep my bitcoins safe

Education.  Learn how to properly take responsibility for securing what you own.

or should i just be dumpining into every single thing with minimum coin.....

That sounds like a disaster.

Is litecoin or dogecoin storage systems safer?

No.

[BookLover]

i read somewhere airgap can still be compromised?

No system is completely safe.  Even with an air-gapped system it is still possible to transmit data: http://www.bloomberg.com/news/2014-11-19/hackers-can-steal-data-wirelessly-from-pcs-that-aren-t-even-online.html.

[ChineseSavior]

i read somewhere airgap can still be compromised?

No system is completely safe.  Even with an air-gapped system it is still possible to transmit data: http://www.bloomberg.com/news/2014-11-19/hackers-can-steal-data-wirelessly-from-pcs-that-aren-t-even-online.html.

yea im pretty sure they can even go in thru existing wiring if they wanted to like a 120/220v jack ryan style.... The question is if you charge your offline computer off a pre-charged battery can the existing wiring virus exist in a battery cell too?

[bellicose]

Air Gap can be safe 100% with caution of RF Emanation, i'm talking about GSM and WI-FI.

See, TEMPEST Transient Electromagnetic Pulse Emanation Standard
* en.wikipedia.org Tempest_(codename)

Read this article en.wikipedia.org Air gap (networking)

[cbeast]

Air Gap can be safe 100% with caution of RF Emanation, i'm talking about GSM and WI-FI.

See, TEMPEST Transient Electromagnetic Pulse Emanation Standard
* en.wikipedia.org Tempest_(codename)

Read this article en.wikipedia.org Air gap (networking)

I would think isolated signature systems for multisig and 2fa would be ample security. Polarized lenses and laser scanners with mirrors might be useful for independently confirming signatures. There's lots of cheap real world tech to play with.

[keystroke]

The ground pins in that pic will leak data to the local grid.

[ChineseSavior]

so will we all be using that special box thingy in the future? lolzzzz(true the plug itself is a sec breach)

anyway whats the deal with security breach through existing wiring? If you charge a battery first and then charge the computer is it still possible for a virus/malware to be in the battery or is that a gap too. thank