Use of an air-gapped computer improves general operational security relative to the exposure other devices experience.
I get many questions about this so I’ve decided to write about why an air-gapped computer (AGC) for Bitcoin security might be desirable for some people.
The primary reason for an air-gapped computer (AGC) is to check the functioning of your hardware wallet (HWW). To begin with, when your HWW generates a private key, how do you know that private key is truly random? You are trusting it. If you use some method to make sure it’s random, like adding a passphrase or using (for example) ColdCard’s dice-roll function to add your own entropy (randomness), you are ensuring the seed is genuine, but you are not necessarily checking that the addresses that seed creates truly come from the seed.
Theoretically, any address can be implanted in the device if it is nefarious, even if you have a good seed. You’d need some way to put the seed into OTHER SOFTWARE, like Electrum desktop wallet, or Ian Coleman’s code converter (BIP39 online tool/calculator), and check the addresses created by these alternative software, then compare it with the addresses from the HWW.
This will confirm the HWW’s software is behaving correctly. Well, actually, it confirms it is behaving as other software behaves, so it’s less likely to be rogue.
If you understood what I just said, it sounds easy enough to do, but this involves typing the seed(s) into a computer – and that is dangerous!
The whole point of having a HWW in the first place is so your computer never has access to your seed, and you don’t have to worry about malware stealing it.
You might wonder, “isn’t the software open source, and therefore I’m not trusting it?” Well, two things to say about that:
- “Open source” is not enough to be secure, because we are not directly downloading the readable version of open-source software, we’re downloading a derivative, i.e., the executable file, which is created from the readable code and can only be interpreted by a machine. To actually eliminate trust, you must ensure that you are the one that put the software inside the device, AND, you compiled that software yourself from the open-source code. Most people don’t do that because it’s too hard. Many would download the compiled version, and even if they check the developer’s signature of an executable file (to eliminate the risk of tampering), they are still trusting the developer actually used the available open-source code to create the executable file that was downloaded. We are still “assuming” the developer won’t be stealing from us, so this won’t do actually, not for large amounts of bitcoin.
- What is to say that a potentially nefarious device has OTHER SOFTWARE embedded in it, in addition to the open-source software you installed? What if that software is interfering and tricking you? It’s highly paranoid, I know, but for security, you have to start with the assumption that clever people are out to steal your bitcoin.
- Air-gapped computer: This is a computer with no WiFi or Bluetooth devices (including mouse and keyboard). Simply using a regular computer and switching off the WiFi is not sufficient, because the WiFi components are RADIO devices and they can be accessed by software (malware) on your computer even if you THINK the WiFi is off. Also, malware might wait on your system for you to accidentally connect to the internet and then transmit private data out. It’s preferable that your AGC is new, and ideal that you build it yourself. With this device, you can confidently create seeds (see this guide), or type in the seed words into a software wallet (to check the addresses) without a realistic risk that the seed can be extracted. Yes, the National Security Agency might park a van outside your house and tap into your power cables and work out your keystrokes, but come on, we can be paranoid and realistic at the same time. A way to mitigate this type of “laboratory-condition risk,” if you are so inclined, is to: A) use a multisignature wallet B) use a different air-gapped computer for each key, and C) create the keys at different places on different days on each computer.
- Use another HWW to verify: This HWW must be a different brand from the one you are checking. With this device, you can “restore” the seed that the first HWW generated, and you can compare the addresses that were created; you must make sure they are identical.
What Are We Trusting?
With the proposed solution of using different products to compare resulting addresses (and xPubs and xPRVs) from the seed, we are “trusting” that the owners of different products are not colluding with each other to trick us. To go so far as to eliminate that as well, we can learn to code, and read the code ourselves, and make sure we are using code that we KNOW is honest to check the addresses — that’s a long-term project, and yes, I’ve embarked upon it, out of interest.
We’re also trusting that the generic computer equipment we buy is not somehow tampered with. It’s a good assumption because these devices are not only sold to Bitcoiners making private keys, but regular people as well, so there is little return in tampering with a generic device.
Another reason for an AGC is to create your own keys from true randomness that you generate yourself (e.g., a coin toss or dice). I’ve explained how to do this in a guide, and you can practice first with a regular computer, as long as you discard the key you create. Once you acquire an AGC, you can use your skills to produce a real key that you will use. You can use the AGC computer to create keys for friends and family as well.
Ideally, you should put the newly-created keys into a hardware wallet – the device electronically stores the key and locks access to it with a PIN. Then, you’d delete the private information off the AGC, as physical access to the computer, e.g., burglary, will leave your data vulnerable to clever hackers. Creating keys on different AGCs and making a multisignature wallet is an extreme way to defend against this risk. But there are much better reasons to use multisignature wallets; don’t worry about getting there right away, it’s something you can gradually work towards as you build your skills.
Inheritance is a tricky subject. Everyone will have a different strategy, and everyone (and their heirs) will tolerate different levels of complexity. Some people will need help, so I have created a service to assist.
Part of the inheritance plan may be to leave encrypted messages to heirs. The messages are encrypted because they are SENSITIVE. Anyone gaining access to the message may be able to steal the inheritance. Therefore, typing such a letter on any old computer is potentially hazardous.
An AGC comes in handy here. You can write the message and you can use Gnu Privacy Guard (GPG) to encrypt the data with a password, then copy it to one or more storage mediums – with explicit instructions not to read the file unless it is on an air-gapped computer.
Types Of AGCs
Air-Gapped Pi Zero V1.3 (no WiFi)
I’ve previously described how to build a Raspberry Pi Zero v1.3 (it’s not as straightforward to install software on this device as you might think, because it has no internet connection).
This device is slow, but it’s very cheap (almost discardable), and you can have several, which is particularly useful in a multisignature setup where each device can hold one of the keys (redundantly, i.e., have written backups of your seed) and they can all be stored in geographically separate locations to distribute the spending conditions.
You still need to attach a keyboard, mouse and monitor to each one. To make a Bitcoin transaction, create an unsigned transaction on your clean internet computer, save your transaction and make it portable (a file, or QR code), and take it to your first AGC. You would then import the transaction to that computer, sign it with the first key, save it and make it portable again (this time it has one signature), and take it to the second AGC, and so on. In this way, you are never at risk in one location with the ability to spend all your bitcoin, making your security much greater.
A laptop can be used as an AGC too, but you need some technical confidence to open up the device and remove the WiFi components (and Bluetooth) which always come with laptops these days. It’s also the most expensive option, but they’re more convenient than a Pi Zero, as you don’t have to fumble around with cables connecting the mouse/keyboard/monitor. Having multiple air-gapped laptops in multiple locations, each with one key in a multisignature setup, is going to be expensive. It’s probably better to just have one AGC and put keys generated with it into various hardware wallets and distribute the HWWs. Some people don’t want to create all the keys on one AG device, which may be a bit too paranoid, even for me.
Air-Gapped Desktop Computer
A desktop computer is not so practical for multisig key distribution, but it’s great for a key GENERATING computer, particularly if you want to be the Uncle Jim of Bitcoin keys for your friends and family. These computers are MUCH faster than the Pi Zeros. A one-hour session with a visitor to make a private key can be cut down to 10 minutes.
You may wish to buy all the parts yourself and build the computer at home, but I think it’s safe enough to get the computer store to build it for you with the parts you want – just don’t tell them the purpose of the computer (This is to eliminate the risk of tampering. A desktop computer’s components are easy to inspect, so you can see what’s been installed).
Make sure they use parts with no WiFi capabilities whatsoever; having Ethernet network ports are OK, just don’t use them.
Used Desktop Or Laptop
I don’t recommend this but it’s up to you to assess the trade-off, cost versus additional security.
An old desktop or laptop computer can technically be made air-gapped by removing the WiFi components, but I’d prefer you use a computer that has never previously connected to the internet, just for peace of mind.
The Operating System
The computer might come with original equipment manufacturer (OEM) software with Windows or Linux. Don’t buy Macs for this purpose, they’re not friendly to tinkerers.
Whatever operating system you choose to have, it’s best to install it yourself. My preference is Linux Mint, as it is very quick, not bloated, and easy to install.
You can even run the Linux operating system from a USB thumb drive, instead of the computer’s internal hard drive.
Air-gapped computers are a very handy tool. You can create your own Bitcoin private keys, check the honesty of a hardware wallet you bought, or write sensitive documents such as instructions to heirs on how to access your bitcoin.
Source: Bitcoin Magazine