We are still “assuming” the developer won’t be stealing from us, so this won’t do actually, not for large amounts of bitcoin.
#AIR GAPPED SYSTEM CODE#
Many would download the compiled version, and even if they check the developer’s signature of an executable file (to eliminate the risk of tampering), they are still trusting the developer actually used the available open-source code to create the executable file that was downloaded. Most people don’t do that because it’s too hard.
#AIR GAPPED SYSTEM SOFTWARE#
To actually eliminate trust, you must ensure that you are the one that put the software inside the device, AND, you compiled that software yourself from the open-source code. “Open source” is not enough to be secure, because we are not directly downloading the readable version of open-source software, we’re downloading a derivative – the executable file, which is created from the readable code and can only be interpreted by a machine.You might wonder, “Isn’t the software open source, and therefore I’m not trusting it?” Well, I have two things to say about that… If you understood what I just said, it should sound easy enough to do, but doing involves typing the seed(s) into a computer – and that is dangerous! The whole point of having a HWW in the first place is so your computer never has access to your seed, and you don’t have to worry about malware stealing it. This will confirm the HWW’s software is behaving correctly (well, actually, it confirms it is behaving as other software behaves, so it’s less likely to be rogue). You’d need some way to put the seed into OTHER SOFTWARE, like Electrum Desktop Wallet, or Ian Coleman’s Code Converter (BIP39 online tool/calculator), and check the addresses created by these alternative software (using the seed), then compare it with the addresses from the HWW.
Theoretically, any address can be implanted in a nefarious device – even if you have a good seed (12 or 24-words that regenerates your addresses and ability to spend). If you use some method to make sure it’s random, like adding a passphrase or using, for example, ColdCard’s dice-roll function to add your own entropy (randomness), you are ensuring the seed is genuine, but you are not necessarily checking that the addresses that seed creates truly come from the seed. To begin with, when your HWW generates a seed (from which an extended private key is mathematically derived), how do you know that the seed is truly random? You are trusting it. The primary reason for an AGC is to check the functioning of your hardware wallet (HWW).
I get many questions about this so I’ve decided to write about why an air-gapped computer (AGC) for Bitcoin security might be desirable for some people.
0 kommentar(er)
