pull down to refresh

non-internet connected

Meaning you don't get fixes for exploits?

keep it in a cabin in the woods

Isn't that security through obscurity? [1]

I like that thinking about a mobile phone as a signing device puts me in the mindset of "my device is compromised, how do I proceed?" while the mindset of a hardware signer is: "I need to keep my device from being compromised" -- I much prefer the former.

I think that that thought is deceptive. You still need to keep your device from being compromised. Even more so than with a proper for-purpose hardware signer, because how do you even know that your device isn't compromised when you kept it in a cabin in the woods, while you're not at said cabin in the woods?

  1. See NIST 800-123, pdf page 15: "System security should not depend on the secrecy of the implementation or its components."

This is helpful. And I hope I don't tax your patience too much with my ignorance.

don't get fixes or exploits?

If it's truly not connected to the internet, this seems like less of a concern. It just needs to be able to sign and import/export. I'm sure there are fixes to elaborate side channel attacks, but I don't see those as a problem for this threat model (if someone gets access to the device, game is over).

security through obscurity

It may be, but I think most normie Bitcoin security comes down to this: you have a seed/private key. Keeping this on a device alone is dangerous (devices do break), so you have a physical backup of some kind. This backup is likely finders keepers -- meaning, the only way to keep it safe is to keep it hidden.

I could encrypt my key, but then I've just transferred my security to the encryption password.

I could split the key up into shares or something, and this may be better, but if I'm going to do that, I'd rather do a multisig because then there never is a single key that can spend them all (however temporarily).

In the case of multisig, I gain security from having keys in different places and using different devices (also hopefully some redundancy from a threshold wallet), but each key itself is mostly secure because I hide it.

Yes I can lock it away in a safe or something, but that's like encrypting it -- I transfer the security to the key for the lock. Perhaps it makes sense to say that in that case attackers must compromise two pieces of information (key to lock/encryption and location of actual key to bitcoin) but this feels like the same as multisig: i'm spreading out the pieces, but each piece is ultimatley secured by being hidden.

I am willing to believe that all of this collapses in the face of a highly resourced and motivated state attacker, but if my threat model is thieves and petty state officials, I think security through obscurity may suffice.

How do you see this?

reply
125 sats \ 4 replies \ @optimism 23h
If it's truly not connected to the internet, this seems like less of a concern

Okay, so I have 2 offline devices that I never update:

Device 1: Commodity device, OTA updates with frequent release process, has a massive attack surface, now static because we never connect it.
Device 2: For-purpose device, air-gapped driven updates with less frequent release process, with small attack surface, also static because we forgot to install firmware updates.

I'd take device 2 over device 1. (and then update it, haha) Even the shitcoin hardware wallets have far less critical exploits than iPhone/iOS or Pixel/Android.

I can lock it away in a safe or something, but that's like encrypting it

Digital encrypted secrets can be copied and captured with little trace and decrypted elsewhere and later. Physical things like a safe are more obvious when compromised but easier to break. They're not equivalent at all. Treat them as additive.

if my threat model is thieves and petty state officials, I think security through obscurity may suffice.

There are current threats that come from opportunity. All it takes is the wrong data breach and you go from low to high threat, and often you'll not be alerted timely. Don't model your security on subjective, perceived threats only. The bulk should be defined by what's at risk: you don't secure 500k sats with a 300k sats hardware wallet, but you don't hold the keys to your retirement fund on an offline old iPhone in a cabin either.

How do you see this?

I think that it's all about process in the end because the #1 cause is loss. Coldcard does provide a great base for this, given that you have something at stake (whatever the replacement cost of your cold stored sats are for you, measured in years.)

reply

I had to look back at my post, because I do have a distaste for nvk, but the only thing close to an ad hominem in there is that I say he should stop shitting on seed signer (i believe I called it "whining" as well -- in another comment, I suggested that he felt Coinkite was challenged by Seedsigner, but again, I don't think that's an ad hominem).

In the land of bitcoin, the overwhelming message I hear is that "good bitcoiners use hardware signers." I think it's okay to point out that there are flaws in that approach -- just as it is helpful that you are pointing out the flaws in my approach.

I also think that my other criticisms of his article are fair. He doesn't acknowledge the supply chain, evil employee, honeypot, and man in the middle risks of hardware signers. I have tried to point out risks in Bitkey and other hardware signers as well in other posts.

reply
71 sats \ 2 replies \ @k00b 22h
PS: I think crapping on nvk is popular on SN, because of emotional reasons.

I've seen you say this a few times. Do you know where you got that impression?

People crap on many people here (as they do elsewhere), but it sounds like stackers may have a special hate-boner for NVK. The best I can recall is the thread where he was talking trash about SN and folks talked trash back.

reply

my buddy claims to have been defrauded by nvk. I tell him to take his licks and move on.

reply
205 sats \ 0 replies \ @optimism 20h

I do think that it started since the trash talking. Since then, I felt that there's a lot of negative sentiment towards the personality, and that that reflects on how what gets said, even when not only perfectly valid, but standard, gets pulled into doubt. The danger in it is that good security practices can get replaced with mediocre ones - like anti-education. It doesn't help that nvk isn't a broadly liked or easy to interact with figure, of course, but I feel we must take care to separate the merit of the message with the likability of the messenger.

Maybe I am confirming my own bias and I am seeing sentiment that isn't there, though? Always possible. I'll take some time this weekend to go over it and re-assess.

reply