[Arculus](https://www.getarculus.com/products/cold-storage-wallet/?gclid=Cj0KCQiA_bieBhDSARIsADU4zLdY0wZeNgi4clxmwSNfGqET9041GlErfYvei67UtxKd1Y7biHJPN0IaAsOIEALw_wcB&gclsrc=aw.ds) for convenience, ease, and day to day stuff. [Coldcard](https://coldcard.com/) for your hodl stash, used with [BlueWallet](https://bluewallet.io/) app. I use both of these with just an android phone. No computer necessary. **Arculus pros:** - 3FA. It needs biometrics, a 6 digit pin, & the physical arculus card which is basically a debit/credit card looking thing with NFC. You need all 3 to do a transaction. - No wires, no charging, no bulky hardware, just the card with the Arculus app. - Really convienent & easy to use vs other hardware wallets. **Arculus Cons:** - Can only currently do 12 word seed phrases and does not currently support passphrases. In the future they said they are planning to implement 24 word seed phrases but nothing said about passphrase implementation. - high spreads and fees if you're buying/selling in the app. Just stick to buying elsewhere and transferring in. ‐ Since there is no screen on the card, your seed phrase shows right on the device during set up. However, you can run your phone in airplane mode during set up and the Arculus app does not allow mirroring or screenshots during this, so according to Arculus, any potentional hackers/spyware can not mirror or capture your screen while your setting it up (or to record and send to hackers after you reconnect) if you are truly in airplane mode (wifi off, data off, etc). If you are paranoid your phone might have spyware then it's best to set it up on a new device that has not had apps transferred over from old. When going to confirm the words when creating a new wallet you do not have to type it in, you just tap the words on the screen to confirm you wrote down your seed words correctly. However, if you lose your phone or card and have to do a restore wallet, you currently do have to type in your seed words. I actually had to restore my wallet once. I felt uncomfortable about actually typing in the seed phrase even in airplane mode so I switched everything over to a new seed after using 2 devices. Basically I love Arculus for the ease/convenience and 3FA, but don't feel comfortable enough with that seed on screen portion part to have it as a HODL solution. But I think it's safe enough for day to day use with smaller amounts. **Coldcard pros:** - bitcoin only so less attack vectors - can be used completely air-gapped with a SD card - has a duress pin option & brick me pin option for extra security in case of wrench attack - has an option for multi-sig - comes in a tamper evident bag where you enter the bag number it's in on the Coldcard to verify it has not been taken out of the bag. - allows 12-24 word seed phrases - allows option for a passphrase - allows you to verify the transaction on the Coldcard to make sure it's correct and I heard it has some way of detecting if the "change" address gets changed to a different address other than the wallets. **Coldcard cons:** - steep learning curve - no specific app for it, you have to find the program that works for your setup. (I use Bluewallet on an android) - a lot of tutorials for watch only wallet programs are usually made by random people and not always super clear in instructions and can be outdated. So if you're not at least a little tech savvy you might run into some issues. - air gapped isn't as simple, .psbt made things more complicated - more time/effort to do send transactions - have to have Coldcard plugged into a power source of sort - SD card & USB c cable/charging port sold separately - if using a phone without an SD card slot you'll need to buy a SD card to USB-C adaptor (or whatever charging type your phone is). Also worth noting is some adaptors you have to take off your screen case at least some because it blocks the adaptor from plugging in otherwise. - have to learn about deveration paths to make sure you're sending to the correct address in certain instances. - there's always a chance that the wallet program you are using to create the .psbt files is compromised and has the possibility of showing you the correct address on the interface while inputting whatever it wants on the actual psbt file, but again you are verifying this info on the Coldcard it's self and also which has the change address check. - kind of expensive compared to some other hardware wallets, but this shouldn't matter as much if you're using this to HODL your stash. Keeping it safe is #1! TL;DR: Basically I bought Arculus to start, then bought Coldcard for peace of mind. I think both have their place and I'm glad I have both over just 1. Arculus wins in convienence and easiness, Coldcard wins in security.
> Can you elaborate on this? Why do you feel it's poor security? Sure. an "airgap" is supposed to be a physical separation of two computers. The fundamental idea is that there is limited communications between then, and its all hand-done, like a "sneaker net" where an operator puts on his shoes and walks between the two computers. This help make it so that even if the online computer is hacked, it cant do much to the cold computer. And if the cold computer is hacked it cant send much data out to the world. So even both computers are hacked/backdoored, the attacker might find it difficult and frustrating to exfiltrate anything or cause damage. Most of the failures of airgapping came down to the attackers finding a way to create a network. Stuxnet is a famous example. There have been many, and they can use any part of the computer to form a network. That means computer speakers, serial, USB and peripheral ports, power consumption, cameras, CPU fans, built in microphone's, etc... even EMF generated by the CPU doing certain operations. The further apart the two devices are, the harder it is for these techniques to work. So what makes a good airgap: * distance between the computers. Ideally in separate rooms at a minimum, but large physical separation is good. * not using or even having observation devices on the machines, like bluetooth cards, rados, sim cards, cameras, mics, etc. Obviously the online computer needs some kind of network, but that can be a wired ethernet with no bluetooth etc, but the cold storage machine could live in a faraday cage with sound absorbing foam on the walls. * using dead storage that has minimal features, and is easy to clean. USB has been the source of the majority of cold storage violation, so USB is right out. Printers and hand written notes are a hassle to clean up, and tend to be leaky, so those should be avoided. That leaves things like floppy disks, CD's and SD cards for the most part. * Separation of power supply is very important. batteries and such are the best way to go. * Statelessness: keeping the cold machine powered off and devoid of any private secrets is also important. for example, the jade could be kept powered off and need to be turned and and mnemoic restored each time. So, when you look at what makes an air gap strong, we see two crucial weaknesses in the jade design 1. computers must be in the same room, both powered on at the same time: a critical flaw 2. a camera network is formed, violating the fundamental principles of an airgap. In fact, this is a straight up direct network connection and not an airgap at all! Since cameras arent ideal networking devices, it might take some effort for even a well funded attacker to make a good camera based exfiltration net, or find another side channel based on device colocation. But the fundamental problems in the design should simple be avoided, to eliminate the possibility in the first place. Another weakness is that the jade actually stores the root mnemonic in flash. That means a physical invasion or sneak-theft could be used to get at the keys. Of course, using their oracle solution, low buget common theives will not be able to so anything with your jade. But government agency level players can either attack or just directly order the operator of the oracle server to collaborate, so its no guarantee. It would be much stronger if the jade just had an option to be stateless. Another weakness is bluetooth support, for obvious reasons. So, while the jade is great for casual low value, perhaps a few dozen BTC, i would not advise anyone to put 200 btc in a jade, for the above reasons. Its not a real airgap, and its not a hardened security design. I do appreciate what they are doing, and they are a strong and trustworthy team. But this design is far too usability oriented and not nearly airgap enough for my tastes.
This is true for many, ie. those who make up a cypher on the spot to use just for the key. If they don't write down the key they could easily forget it after a few years. However, I personally use a cipher that I use for passwords & I've used it for years. Whenever I have to re-check a password for an old log-in I have to decipher, so I've been practicing it for years. I use the cipher for some of the words in each recovery seed, so if a thief broke into my safe deposit box at the bank & found my recovery seed he wouldn't be able to sweep the funds. (& if there were a bank robbery that reached the SD Boxes I would have plenty of time, wherever I am in the world, to transfer my coins to a new wallet I control).
Seems like you are asking how to avoid catching malware so I would recommend use Bitdefender Free/Premium, do full system scans, enable auto scanning of any USB/SD drives being plugged in for system security. For network security a VPN like Nord that has Threat Protection to block ads,trackers,malware, for browser security use uBlock Origin in your browser and enable all ads/privacy/malware filters. Use Privacy Badger in your browser. Uninstall and don't use any other browser extensions unless absolutely needed. Uninstall any other programs you don't need. The less you have installed the less of the attack surface of something getting hacked/exploited. Check for updates and keep everything updated so you get the latest security patches.
Your definitely going to want a SSD. I myself tried yo use an old HDD to save some money too but realized the intial block download was going to take months since umbrel uses tor for the intial sync. There are some ways around this by using a more powerful computer for the IBD but it gets kind of technical. Worth a shot if you are really hard up for money and are willing to put in the work though. I found a faster and less resource hungry SSD than the one recommended by umbrel but it still cost me 100 USD. When looking for a storage drive you want a high data transfer rate. Your limiting factor for data transfer is going to be (most likely) the USB 3.0 on the raspberry pi which is 5 Gbits/s. Now that's the theoretical max so you'll probably never reach that. So find an SSD with a transfer rate of at least 5Gbits/s and you should be good. Just watch out for power consumption. Since you have the official power supply for the pi, you should be fine but I've see alot of new users have issues with their umbrel because the storage is pulling to much power and they either don't have the official power supply or the wrong storage or sometimes both. As for the micro SD to put the Umbrel OS that should be fine. I think the raspberry pi kit you're getting comes with one as well so you may not need to buy one. You can definitely cheap out on the SD card since it's somewhat trivial to replace if it fails but you want a good SSD for storage. If the storage drive fails you'll have to do the IBD all over again. However having a high grade SD card will only make your experience better.
Thanks for your pov. I’m learning slowly without much time available. Following your advice, are the info below OK? COMPLETE KIT: Raspberry Pi 4 Model B 8GB motherboard with ARM Cortex-A72 Quad-Core 1.5 GHz processor - 8GB RAM - micro HDMI - USB 3.0 - USB 2.0 - USB-C - Gigabit Ethernet - Wi-Fi - Bluetooth 5.0 Official Raspberry Pi 4B Case Official Raspberry Pi USB-C 5V 3A power adapter 32GB micro-SD card with Noobs Micro HDMI / HDMI cable - 4K @ 60 Hz compatible - 1 meter Set of 4 Heat Sink GENERAL INFORMATION Designation: Hutopi Desktop Kit Raspberry Pi 4 8 GB Brand: Hutopi Model: KITPI48GB Processor: ARM Cortex A72 Processor Type: Broadcom BCM2711, quad-core Cortex-A72 (ARM v8) 1.5 GHz
I suggest there are three issues when comparing purpose-built hardware wallet with DIY * many users consider unsafe things to be safe, such as airplane mode on a phone * many things are not absolute, but a matter of degree, especially the risk of malware from the factory on a USB thumb drive or a SD card * DIY is a time sink, requires time-consuming problem solving for relatively minor issues. The temptation to save time by just connecting to the network for 2 minutes creates a risk which doesn't exist if the user just pays the money for a purpose-built device At the extreme end, there's Glacier https://glacierprotocol.org/
Yeah! Funny! Even if I miss understood “cd”, I’ve got your main point of view, I guess. I'm using Ubuntu and to avoid keylogger I already have Tails (Electrum embedded by default) on a dedicated USB key but I didn't though about using an encrypted microSD card as an external wallet storage (aka hardware wallet). Is safer to do it that way rather than to activate the permanent storage option of Tails. In addition, it's a good way to set up a cheap multi-sig vault. As encrypted micro SD cards could have the role of expensive hardware wallets, correct?
> Is this the most secure method of storing your bitcoin/crypto, regardless of how difficult it may be to set up? Ah, the loaded question. Being more difficult that a purpose-built hardware wallet makes it less secure Also, the "more or less secure" question doesn't have a binary answer. It's more secure if done properly, less secure if done with shortcuts. A common shortcut you can read in similar threads in this sub is, "the cold wallet will be an old iPhone in airplane mode". An iPhone (and most Android phones) has no way to disable its wifi and bluetooth hardware. And the operating software can not be trusted to honor the user's choice of airplane mode Similarly, some suggest using a laptop with network disabled. But most laptops have wifi soldered to the motherboard, and operating systems might boot up with wifi enabled, contrary to the user's configuration If you spend a few dollars on a hardware wallet, these quirks aren't an issue. Your device simply doesn't have any network interface. But some do have bluetooth - to be easy to connect to an iPhone, because an Android phone can connect a hardware wallet via a OTG USB cable, but an iPhone is blind to everything except bluetooth and wifi > good resources https://electrum.readthedocs.io/en/latest/coldstorage.html Something older: https://web.archive.org/web/20160310191325/http://people.xiph.org/~greg/signdemo.txt Difficult, an example There's a $5 single-board computer which has no ethernet, no wifi, no bluetooth. It runs Linux. In a hardware sense, it's ideal for the cold part of a DIY cold wallet setup https://www.raspberrypi.com/products/raspberry-pi-zero/ Copy Raspberry Pi OS (Linux) to a microSD card. Plug a keyboard and monitor into the Pi Zero. You have a nice cheap Linux computer. But it's not a Bitcoin wallet. If you're following the Electrum instructions linked above, you need to add Electrum. But your Pi Zero has no network interface So there's a bootstrapping problem. It has a trivial solution. Use an on-line PC to add the software package to a USB thumb drive and transfer the software by plugging the thumb drive into the Pi Zero What if you're concerned about the thumb drive being corrupted with malware? You've read that QR codes are a good way to copy data from computer to computer, and you have the Pi camera installed on your Pi Zero Now you've made your bootstrapping problem hard. You need to add the Pi camera driver to the Pi's SD card, and a QR decoder Bootstrapping is a chicken-and-egg problem, not so much complicated as time-consuming in solving each "what comes first" problem. Planning ahead reduces the delays You might need a QR encoder to send signed transactions back the other way Or you might choose to use the thumb drive, because you know this malware issue is insignificant - those things were fixed at those factories years ago, and you can rewrite the thumb drive at hardware level anyway Note that even in cold wallet land, there is a device which transfers without a USB plug, uses a microSD instead. Is there a risk of malware installed at the factory for micro-SD? Probably not Also, at least one device has a screen and camera for transferring unsigned transactions in and signed transactions out using QR images If you have the time and patience, it will be very rewarding to build your own cold storage setup
For the software wallet interface do you need to type the seed phrase or pass phrase on the phone/pc in order for the device to know what transaction it's talking about to partially sign? Or like too with "watch only" wallets do you have to type in that info? If you do does everyone just have a completely cold desktop PC they run electrum on? Is it possible to have interface software on phone that can create partially signed transactions for the coldcard to sign? (Without typing precious phrases in) and can they be transfered to the micro SD card from a typical smart phone without additional hardware? Sorry if noob questions, new to this. Can't use a computer atm so phone is the only way.
Your phone can "talk to" cell towers and probably you have it set to use wifi as well. So, it's not "cold". I have a computer on my desk. It's connected to the Internet 24/7. It isn't "cold" either. I have a hardware wallet. It does not connect to the Internet. It sits in box, powered off almost all the time. When I want to generate a receive address, I plug my hardware wallet into 9V, generate an address, write it down, unplug the wallet. In the rare event I would want to send Bitcoin, I would power the wallet and insert an SD memory card. The wallet would write the signed transaction to the SD card, which I would physically move/insert into my desk computer, which would then send the transaction. I'm kind of sure, but not certain, that your phone cannot read/write SD memory cards. Still, there might be a way to get a signed transaction from a hardware wallet to a phone. I don't know. If there is, hopefully another helpful person can tell you specifically which hardware and software to use. Best wishes.
This is what makes Bitcoin trustless. Where shitcoins like Ethereum cost $3000 in specialized hardware to store the blockchain. That takes node opporators out of the realm of "users" and makes them "special opporators." you are literally trusting 3rd parties at the protocol level. With Bitcoin the SD card isn't even required. Most phones and computers can handle the space. Anyone who has the hardware to be a "user" for at no additional cost, can be a node and verify every aspect of Bitcoin for free, trustlessly.
Don't use any wallet which is hosted on a server As far as I know, this only means blockchain.com Use only open source wallet apps. A Bitcoin wallet app does not connect to a Web server. It is self-contained - a file on your phone's internal SD card
I’m keen to run my own node to benefit from LN payments. Do I just follow the tried-and-tested route of buying a Raspberry Pi 4 and an Umbrel OS SD card from the Umbrel website (https://umbrel.com/) because it seems accessible for beginners like me or do I try it your way because it’s superior? TIA!
You'll need a 1TB or 2TB USB3 external HDD If you're running it headless, you'll need to plug in a monitor and keyboard during the Linux install. If you're not running it headless, you'll need monitor, mouse and keyboard If NOOBS is still 32-bit Linux, you'll be limited to using 4GB RAM. There are 64-bit Pi Linux distributions elsewhere Point blocks at the HDD and datadir at the SD. This splits the I/O and makes the initialization faster For optimal UTXO caching during initialization, set dbcache to 6800. This makes initialization 20% to 30% faster Canakit says that product is sold out
Cold Card doesn't have a native app - you do the transaction on a Bitcoin app not controlled by Coinkite and then send the PSBT to Cold Card, which if you want you can do using an SD card without ever connecting the Cold Card online or to the computer or app. So it is unlikely that Cold Card will be able to steal your keys unless they copy the keys onto the SD card and somehow send the file when you connect online. But you never have to connect online until the you are ready to broadcast the transaction, and by then you could delete the file. But if you're still concerned, say that they'll put some secret malware file on your computer, you can create a multisig wallet using different manufacturers- say a Cold Card and a Trezor. Re: Cold Card factory reset. Correct they don't allow it but you can delete the seed, if you're worried about it getting stolen during the update. Or you could do what I do and not bother to update it.
A computer that you must plug your wallet in to is less of an inanimate object than an SD card. an SD card is a read only device. A usb could write something on to your computer, for example you could plug a usb keyboard in to you computer. that also means you could plug a usb in to a computer which pretends to be a keyboard, and begins pressing certain commands opening a command line window and who knows what it does from there. in theory it could do it quite fast too, maybe while you look over at the window, then you look back and its done without you ever knowing.
so a proper cold storage setup would be to export the pubkey to a different online pc, using that to see balances (and generate new receive addresses), construct the transaction, move the tx on an SD card to your offline setup with tails, sign it and move it back to an online pc to broadcast. however, without persistence, the attack vector is way smaller relative to a hot wallet.
I think the 2 most important features of a solid hardware wallet is the firmware/software of the device is open source and the wallet is bitcoin only. Open source can be verified as secure by anyone and you can be sure there's no back door. Bitcoin only ensures no unnecessary extra attack vectors. Air gapped is another feature to consider but that depends on your risk tolerance. Air gapped just means the device is never connected to an internet connected device in any way. You would partially sign a transaction in the software you use to interact with the wallet on an SD card for example, then insert the SD card into the hardware wallet and sign it with your private key. Reinsert back to software program to broadcast the completely signed transaction.
I had the same question for a lomng time. THe primary purpose of a cold wallet in terms of a coldcard is that this is a device which will generate its own seed. Then you can actually generate a transaction on the coldcard, and write it on to an SD card. You will then take the SD card and put it in to any computer and broadcat the trasnsaction. The benefit of this is you never have to enter your seed phrase in to any computer. But you can still send your bitcoin easily. ​ With your approach, you must enter your seed phrase in to a computer at some point to make a transaction, and you may have the concern that the computer could be somehow compromised and recording you when you type your seed phrase. the coldcard isolates you from certain problems in a way.
Hot wallet vs. cold wallet is what you need to do some research on. A hot wallet is a crypto wallet that is on a device connected to or that has access to the internet. Being connected to the internet increases the attack surface a hacker can use. A cold wallet is generally a dedicated device that doesn't connect directly to the internet. This, combined with other security features, helps protect your seed phrase and crypto. Some cold wallets connect directly to a computer in order to sign transactions. Other methods cold wallets may use to sign transactions include QR codes, SD cards, or NFC. There's pros and cons to different cold storage devices, but the most important thing is to use one and start learning. Finally, where most seem to go wrong is with the seed phrase. These 12, 24, or even 25 words (if you use a passphrase) allow anyone in the world access to your crypto. Treat these words like a Top Secret document in a movie. Write your words down on paper and eventually something more durable. Next, transfer a small amount to your cold wallet as a test. Then wipe your cold wallet and recover it. This confirms your seed phrase works and will teach you how to recover a wallet. Lastly, secure it away somewhere safe and your g2g. Social media loves to use the word hack! When I see stories and posts screaming, "I've had my crypto hacked," they are generally wrong. They may have had malware or viruses on their computer that compromised their seed phrase in some way. Social engineering is another common way to gain access as well. A cold wallet will protect against common attacks by isolating your seed phrase, allowing you to stop checking your wallet and worrying.
>you disconnect computer from internet, plug your hw, sign the transaction, unplug the hw, go online and vualia, There's no point unplugging the internet momentarily because any malware on the computer can record your actions and wait for the internet to come online. However the hardware wallet protects you from this because the private key is stored on the device, and not the computer. The private key NEVER leaves the hardware wallet so any malware you have on your computer won't be able to extract the key from the device. Even when you have it plugged in and using it. The only exception to this, is if there was some kind of vulnerability in the hardware device where you could extract the private key via the USB cable. This has never been demonstrated on a hardware wallet like Ledger, Trezor, Coldcard... Because the device is device so the private key can never be extracted. So it's not really an issue. However, some paranoid people may wish to use there hardware wallet airgapped, but remember, this type of hack HAS NEVER HAPPENED BEFORE. To do this people will use an offline computer with an online computer and a USB stick. Or a Coldcard with an SD card that slides in the device. ... So you don't really need to have both a hardware wallet and offline computer, because the hardware wallet is kind of like an offline computer itself (it has no internet), so you can do one or the other. But since you don't want to go that route, just using a hardware wallet normally and it should protect you very well. ... How it works in case you don't know (in very simple terms): You generate a public + private key pair from a seed. Public key is for receiving, private key is for spending funds (from the public key). The hardware device or offline computer generates this, never touches the internet, and shouldn't be stored on your online computer. Your wallet on your computer only has the public key for receiving and checking balance, it cannot send funds. Your hardware device or offline computer has the private key for sending transactions. - Your wallet on the computer generates a transaction (which is useless because it isn't signed). - Sends the transaction to the hardware wallet (or offline computer via USB) - You verify the details, address, amount you are sending on the hardware wallet after entering your PIN code and pressing confirm on the device. - The hardware wallet signs the transaction, making it a "signed" transaction. - Signed transaction goes back to your computer. - Your computer uses the internet to broadcast the signed transaction. So whether you use an offline computer or hardware wallet, your private key is never exposed to the internet or any hackers.
Yeah I agree, while a pi *can* be used as an ln node, I'm not sure that it *should* be. Especially if you have unreliable power, the SD card does not like the abuse. I used a pi for year but I did exactly the above and don't regret it. It's great to be fully in control of everything as well, even if it took a little learning
This is an unfair point. There can be legit discussions about whether A or B is more secure (whether QR codes are more secure than SD card or NFC or USB or whatever). The closed source debate is about something way more fundamental. With a closed source wallet you literally don't know what it is doing, so discussions about nuances are not possible because again, you have no idea what the wallet is doing. A closed source air gapped wallet might be the least secure one if it generates your seeds in a predictable manner - for example. And you don't know, because you don't know what it's doing: it's closed source. My point is: the close vs open source discussions are about something fundamental. The air gapped vs not discussions are something else.
the problem lies in the disability to audit the data over usb. you dont know what's being communicated at least not easily, which imo does not inspire confidence. something with an airgap, with communication via SD card to transfer a PBST would let you look at the file and see the data going through
> storage device for the wallet Storage device? Hardware wallets dont really need storage, and ideally wont have any. They should work more like a calculator - blank always. you power it on, restore your mnemonic from memory, use it for a bit, then power it off bank to blank. The only thing it should store it its own software. The reason for and SD card slot is so you can sneaketnet PSBT's to it for signing, or you can pull a list of deposit addresses or even an xpub out of it.
> SD cards ORRRR you can also use QR codes True; but im less positive about QR codes for 2 reason: * moving a networked device with a screen into the same room as your cold wallet violates the air-gap principle, forcing you to use a printer. * printers are not great security wise all around. they form a weak link
> Level 4: SeedSigner (hardware): This is the best option in my opinion. It is completely air-gapped and uses generic hardware which drastically reduces the probability of a backdoor. While it is technically "air-gapped" you normally keep your cold storage wallet physically separated from your hot machines, definitely not in the same room, and you do some sort of sneaker net between them. It seems like seedsigner is camera-only, meaning it has to be real close to your normal computer, and that technically makes it not meet a traditional definition of "air gapped" because optical networking is still networking. Directly communicating over a camera makes it networked and not airgapped. Its not just the lack of an electrical connection which makes a proper air-gap, its a physical space which helps dampen sound, power, EMF, magnetic induction, and all other types of side channels - including visual. The bare minimum is to keep the air-gapped machine in a separate room, and the only thing that should move from the hot room to the cold room is storage media, such as a DVD, printout, or SD card.
Few things here. First, I bet 99% of people don’t verify what goes on the SD card. You put your SD card to your PC you use (a potentially compromised) Sparrow to drop a file on the SD card and then you put that to your Coldcard. And that’s OK: your Coldcard meant to protect you from any input, it’s not your task to open that file and figure out whether a specific input would do a buffer overflow on the parser code in Coldcard or not. Same thing with QR codes: not a single person I know checks to verify what the QR code content is before scanning it and even if someone did it’s pretty much just a gibberish encoding. Two, even if you verify every single bit (as you are saying) you have no chance to figure out the more convoluted attacks. What if your device is tricked into using the same nonce in the ECDSA signature for two different transaction you make? Now you will have two transactions publicly on the blockchain which someone calculate your private key. If your xpub is known then all your private keys are exposed, but just the onces used in the two transactions above. I am my phone and don’t have the link but there is a long list of hw wallet exploits listed somewhere going back the last 4-5 years. Not a single one of them was an exploit that was due to the communication mechanism, all of them were due to tricky inputs, mishandled transaction data by he devices, etc.
Ok, let's just go ahead and assume you compromise my airgapped device. Now what? No data gets in or out without my say so. I can audit every single bit on that SD card. I can, and will, check the transaction on the way back out. For the paranoid among us (myself included), I can even use a third device; the flow is the same, but one device creates the transaction, one signs it, one broadcasts it. Congratulations. All you've achieved is making me aware *something* is wrong with my setup.
And I think you are overestimating the benefits of being air gapped. Having an image recognition software running on your device to scan a QR code (air gapped) is probably a much bigger attack surface than USB. SD card readers have microcontrollers with firmware on them. NFC is just another over the air protocol, etc. Ultimately your device needs to protect itself from inputs whatever the source of that input it. Air gap is highly overrated.
Well md5 is pretty broken, GPG signature would have been better. It also depends on how much money is actually at risk. A certain amount of money doesn't need as much security as a larger amount of money (or at least that's usually how most people feel about it). It would increase your security if you learned how to transfer PSBT files with a CD or SD card and had one device...hold on I'm just describing something I could just be linking in a video: [https://www.reddit.com/r/Bitcoin/comments/zedp20/air\_gapped\_cold\_storage\_without\_buying\_from\_a/?utm\_source=share&utm\_medium=web2x&context=3](https://www.reddit.com/r/Bitcoin/comments/zedp20/air_gapped_cold_storage_without_buying_from_a/?utm_source=share&utm_medium=web2x&context=3) Again though, this is just how you could have done it better given a certain amount of money. If you feel comfortable knowing the risk profile for the amount of money you're storing using that method, then more power to you!
It isn't sparrow or ledger its sparrow and an air gap. The wallet to broadcast and the wallet to sign are different and if you only have a spending amount of Bitcoin anyway, a lightning network wallet should be your go to. Everything has an Operating System. Its just that the OS can be more simple or more graphical. The user doesn't know if they got a ledger in the mail or something that looks like a ledger though with a similar UX. Yes, you can infect systems from an SD card, but you're disadvantaged because you don't have the recon to know what hardware you're targeting in order to know what exploit to even load onto it.
bitcoin core is useless on an airgapped machine. and the bitcoin node should probable be on a desktop or server that ou can keep up 24/7. For the airgapped laptop, electrum works well for newbies, and their official docs even have a guide. Remember, both the airgap machine and the watching wallet on the hot machine should be an up to date linux. Also, always use SD cards and not USB keys to move transactions around.
Yeah I mean, there are tablets that come with SD card readers: [https://www.amazon.com/Tablet-Android-Certified-Storage-Bluetooth/dp/B07SDM6VZG/ref=sr\_1\_3?keywords=tablet+with+sd+card+slot&qid=1670448979&sr=8-3](https://www.amazon.com/Tablet-Android-Certified-Storage-Bluetooth/dp/B07SDM6VZG/ref=sr_1_3?keywords=tablet+with+sd+card+slot&qid=1670448979&sr=8-3) Your phone has an SD card too. These devices are going to be broadcast only devices though (assuming a cold storage dragons hoard saving vault. Spending money can just be a lightning network app on your phone) You sign the tx on a noninternet connected device though. Bitbox, being a hardware manufacturer, would solder the SD slot onto their devices.
It has two parts: a network connected machine to check your balance and make transactions, and a cold storage machine with no network connections. You can move psbt's between them using an SD card. First build your watch-only machine: * Get a dedicated small linux laptop. Make sure it has an encrypted hard drive. Install your favorite wallet, I recommend electrum or wasabi wallets. This will be your hot machine, with a read only wallet. After your cold machine is set up, you will install a watch-only xpub here. Next, build your cold storage machine. Here are two options: Option one: Add a second linux laptop to use as cold storage, install electrum on it: * https://electrum.readthedocs.io/en/latest/coldstorage.html Option two: Use a cold card for cold storage: Here is a guide for using wasabi with an offline coldcard: * https://docs.wasabiwallet.io/using-wasabi/ColdWasabi.html#send-bitcoins-from-cold-wasabi
> Recommending that the only way to use and hold bitcoin is via an airgapped laptop or via a narrow spectrum of hardware wallets is counter productive. I believe this is a misreading of recent activity on this subject. You and others are free to hold your Bitcoin as you see fit. So to are others free to point out the trade offs and downsides you are choosing in utilizing bad options. There are many ways to hold Bitcoin. Good and bad. Pointing out the bad ways is a education PSA. Uou are free to choose bad options. Making that choice for others by suppressing accurate but uncomfortable information isn't fair to others who want to learn and improve. > I'm a bitcoin stacker and holder since 2019. No shitcoins. I'm a firm believer that bitcoin will usher in a new era of monetary stability in the medium to long-term future. I lurk on this sub everyday and never post or comment, but I dusted off this auto-made account just to create this one post and then I'm gone again. > There has been a recent outpouring of hate toward some of the most popular hardware wallets (eg ledger and trezor) . These seam to be perpetrated by a few very outspoken commenters, but I'm concerned their **narrow-minded views** could gain traction. Starting with a Red Herring/Ad hominem isn't a good look > Basically, they posit that the only way to hold bitcoin is via an airgapped laptop or IF YOU MUST, a coldcard. Anything less than this is akin to shilling shitcoins because HW wallets like trezor and ledger allow shitcoin storage. This is a mischaracterization of what is going on as it omits several concerns and context. The majority of posts are pointing out the downsides, flaws and drawbacks of some of these security solutions while pointing out the benefits of more secure Bitcoin only options. The argument or subtext here is not that this is the only way to hold Bitcoin, but that there are better ways to Bitcoin that should be encouraged. Encouraged over "convenient solutions" that effectively disempower end users and violate their permission-less Bitcoin birthright by trapping them in mouse traps where they don't know they are asking for permission to use Bitcoin. Trezor and ledger are the main offenders in this regard. Did you know that when you use the ledger and trezor defaults you are asking for permission to use Bitcoin? To transact? to send and receive? To verify that you even have Bitcoin itself? > We need to be realistic here. We need to be more critical. Not complacent for the sake of mass adoption or convenience that waters down, disempowers, and captures Bitcoiners is mouse traps. > If we are talking about resetting the financial system, then this means everyone will need to be able to use and store bitcoin safely. Are you really proposing that everyone who wants to store their bitcoin install open source linux, figure out something like glacier protocol, roll dice a thousand times, and only use micro SD cards to store PSBTs? We don't expect everyone to do this. But we do hope that everyone who can and has the ability to learn how, will. For their own sake, and for the people who come after them who learn how to Bitcoin. You do not have to go form 0 to 100. But you can incrementally improve your situation by going from 0 to 1, and from 1 to 2 etc. > Like, seriously? Not everyone is a cypherpunk. What about people in the third world trying to outrun hyperinflation? Coldcards only? Come on, y'all. seedsigner would be a more viable option. glacier protocol is free and useable on pretty much any hardware. coldcard is a good solution, but not the only one. Lots of better options than trezor and ledger for the third world. > The size of your stack and the duration of your time preference will dictate your security measures. If you are holding <5% of your wealth in bitcoin, I would think trezor or ledger would be fine. That's how I started out when my stack was small. As your stack grows and becomes a larger portion of your wealth, you likely should upgrade your security measures. I use a multi-vendor, geographically distributed multi-sig solution now that bitcoin is a more substantial portion of my wealth. It's interesting that you are practicing what is being preached! but not preaching what you are practising! > I won't compromise on shitcoins. It's bitcoin or bust. But we do need to aggressively fight against this narrow-minded point of view that coldcards or airgapped laptops are the only solution for storage. Cluttering up this sub with this viewpoint is going to freak out people new to the space. If that were true. why are you supporting the use of shitcoin wallets for the masses?
Oh yeah? So ledger and trezor can be used by grandmas? Hey if your grandma survived the great depression you could tell her all about how the government makes new money to give to the bad business practices of the banks and that Bitcoin is to fix that where gold failed because Bitcoin can be used to buy things on the internet. You know what, you can even get her on a mobile wallet because you're not gonna be an ass and get her to put the inheritance into Bitcoin. But wait, she doesn't use a smart phone. She uses a feature phone like a nokia. Manchakura is working on wallet software for this kind of phone but but the time being, a ledger is somehow easier? Grandma has moved SD cards from cameras onto computers before though believe it or not (back when cameras were dedicated devices rather than being built into a cell phone). She's not going to find it much different doing the same thing with signing device if she ended up with enough coin to justify getting a signing device.
> is counter productive. to thieves, malware authorsm hackers, and other dirty types, yes. Thats the point. People who have a small amount of money they dont worry about too much can use a phone wallet. But noone should ever use a windows, or a close sourced or shitcoin wallets. Those are a useless loss. > We need to be realistic here. If we are talking about resetting the financial system, then this means everyone will need to be able to use and store bitcoin safely. Are you really proposing that everyone who wants to store their bitcoin install open source linux, figure out something like glacier protocol, roll dice a thousand times, and only use micro SD cards to store PSBTs? Like, seriously? Not everyone is a cypherpunk. What about people in the third world trying to outrun hyperinflation? Coldcards only? Come on, y'all. No you silly. They can get a basic cheapo linux laptop to start for cheap. That is probably enough to secure a significant amount of funds. They are pretty trivial to set up and you can be from box to working laptop in minutes. If they really need higher security they can move to an airgap. That takes a bit more work, but the average person could do it with a good checklist. Hardware wallets dont really matter that much, at least not the current generations of them. If you are going to use one, it had better be an open source bitcoin only one though, like the cold card, or you are actually taking unnecessary risk.
> **Trusting trezor is not so smart**. Adding your own entropy is a classic mistake, humans are not good at it. **USB devices are full of backdoors, keyloggers, windows viruses and such**. always use SD cards to move data and avoid windows. > QR is the wrong tech bub. I just cross-read a few of your general post history. In general we should get along pretty well. Overall, there's not so much discrepancy between your views and mine. Too bad you're presumptuous, arrogant wanna-be-knowitall. Like what I quoted here. That's just pure bullshit combined with hubris.
USB bad: [https://youtu.be/p69ACzYQQys](https://youtu.be/p69ACzYQQys) QR codes, SD cards, and CDs transmit data in a verifiable way. They are air gap methods that allow for verification of what data is going from one device to another. It is not power being sent to your hardware, it is not unverifiable unknown amounts and contents of data. As someone who loves to research penetrating air gaps, the idea that a USB connection is just as good is absolutely ridiculous [https://cyber.bgu.ac.il/advanced-cyber/airgap](https://cyber.bgu.ac.il/advanced-cyber/airgap)
> Please explain why adding your own entropy is a classic mistake. Humans are entropy destroyers, not creators. No human should ever attempt to synthesize entropy. We use strong randomly generated entropy for a reason: its secure. Human generated entropy *looks* like it add a lot of bits, but it has a cryptographic value of zero. > Also, explain why general purpose SD cards are more secure for keeping malware from the device than special purpose USB-devices like the Trezor. because the SD interface is simple and doesnt provide nearly so much attack surface. > In this spirit, recommending sd cards instead of qr codes is just fucked up. instead of USB cuz. > Plugging in a multiple gigabyte storage device back and forth between some potentially infested hot machine into your cold storage device is just asking for it. and USB is the same plus a computer that can run secret software, a keyboard, and a potential host of other fake io peripherials. > Use qr codes, where every byte has to be crammed into. modern pbst's are often too large to practically move in a qr code. Not to mention the trail of printing you will leave behind. they also cannot be signed for verification the way a pbst can be on an SD card. QR is the wrong tech bub.
Keystone is completely air gapped minus an SD card slot for updates. It dosnt even allow you the ability to connect it to another device. You can also verify the qr code information before signing on the device. I use ledger, coldcard, trezor, and keystone with keystone being my favorite for multiple reasons.
Your post is literally the anti-glacier protocol. Please explain why adding your own entropy is a classic mistake, for example? Also, explain why general purpose SD cards are more secure for keeping malware from the device then special purpose USB-devices like the Trezor.
I see several good answers to your question in this thread, but you seem to have only responded to the one answer which is wrong pretty much on every point. Trusting trezor is not so smart. Adding your own entropy is a classic mistake, humans are not good at it. USB devices are full of backdoors, keyloggers, windows viruses and such. always use SD cards to move data and avoid windows. Multisig is nice.. but I dont see any benefit to using it in your case. Its really for when you have multiple people or parties involved, like you want to leave a key for your inheritors, do esrcow, or something complex. Did you already make up you mind an accept the only answer that met you your preconceived notions? Because thats what it looks like... and when it comes to security, listening to more cynical people is smarter, especially if the answer is not what you were expecting to hear.
>In general terms USB is considered an airgap. ... No. >There is very little difference between an SD card being plugged into a USB and a direct USB transfer. Except for exposed interfaces, infected device exposed interface connectivity awareness, and a lack of specific capacity for users to audit and identify malicious payloads. >Coldcard just like to hammer this point in their marketing as it's a USP. You mean Bitbox marketing which others have jumped on to has had a measurable harm in confusing the space and yourself.
> 2) Air gapping is the best level of security because the data that you're transferring (usually a PBST on an SD card or a flash drive) is super easy to audit. with USB it's a LOT harder to audit what's going on so you have no idea what data is being sent back and forth to/from the device. In general terms USB is considered an airgap.
Howdy! 1) It's up to you if you trust Trezor's methods or not. I personally trusted coldcard's methods for my keys, because I couldn't be assed to buy/roll dice. Take a look at their code and see if it is acceptable to you. If you do go the dice route, DO NOT USE board game/TTRPG dice, as they're really terribly balanced. Buy some honest to goodness certified casino dice. 2) Air gapping is the best level of security because the data that you're transferring (usually a PBST on an SD card or a flash drive) is super easy to audit. with USB it's a LOT harder to audit what's going on so you have no idea what data is being sent back and forth to/from the device. 3) Tbh multisig can be handy if you're super security cautious if someone robs you you can feign ignorance and give them one key (in a 2/3 + setup) and they'd be non the wiser. you're right that it will take a lot of due diligence to store those keys though. It's up to you whether the added security is worth it. IMO either way you decide how you back up your stuff, I recommend practicing restoring backups at least once a year, so if it's ever go time, you know what youre doing
I've never used a ledger but you just need a HW wallet (or repurposed mobile running say, Bluewallet) that can accept transactions for signing and then transmit it back to the hot device for sending. Normally it's done by QR code, SD card, USB or NFC. The simplest way is a hot mobile that has one key and a cold mobile/HW wallet that has another. You create the partially signed transaction on the hot mobile, pass it to the other device for the second signature, then pass it back for transmitting to the Bitcoin mempool. The cold device can also check that the "change" address of the transaction is legitimate in case the hot device has been compromised. Several HW wallets do this.
Okay that's cool. Its just you know like coldcard is cool because you put your data on the SD card and you have this physical separation between the computer and the signing device. The way I understand the Jade, you transfer the information via QR codes so no physical connection also very low data throughput, extremely easy to verify what information is passing from one medium to the other, but then it has to connect to blockstream servers and doesn't even have a secure element which anything that doesn't have a secure element is like why not just use a raspberry pi that isn't connected to the internet to sign at that point. Ugh its got problems too but I wanna focus on the physical connection aspect Seed signer is cool, because you can build your own and well...it is a raspberry pi lol. They seem to be educating their users to do things the right way. When it comes to Bitbox and Trezor though you have this physical connection where you can't verify what information is passing between the internet connected device and the signing device. This is also how you update the firmware! I for sure think Trezor is popular enough to be the target of hand written malware to go find if its a connected device. Well anyway, I just wanted to have a conversation about what we're suggesting to people to check ourselves if we're really doing new users justice you know?
Multi-signature with non-internet connected devices also works btw. Can't hack it if its not connected to the internet/you never put a USB in it. Only transfer information via SD card or CD or you know something very physically disconnected. A hardware wallet solution that just has that air gap (as I described) straight out the gate, is pretty good and has the extra bonus of that secure element.
Hi. >Would this be indicative of a damaged SSD, or could it potentially be the way I format the SSD before starting IBD? Well, it *could* be your SSD is damaged, but frankly I don't think so. Afaik data isn't written on to an empty drive always in the same order, linearly. So it had to be a big coincidence when it stops always around 80 gigs. What confuses me a bit is the log says some docker container/services are already running for 4 weeks? How is that possible if in between you had started from the scratch a few times? Did you really reflash the SD card the day you were following my step by step list? Another thing in your log is the tor section. It looks like every tor connection response ends up with "no success" or so... >I've posted the issue in both MyNode Premium and Umbrel community Telegram groups That's good. I am excited what their guess and recommendations will be. Keep me updated. Thank you.