/biz/ - Business & Finance

>>4985160
Your PC

>>4985160
bootable flash drive

>>4985160
nano s ledger is comfy

>>4985160
OFFLINE PC SIGN THE DAMN THJNG YOURSELF

DONT TRUST A FUCKING HARDWARE WALLET THEY ALREADY SAID THEY CAN GET YOUR PRIVATE KEY TO USE ON FORKED COINS

>which of these highly proprietary blackbox devices that are used by a couple hundred autismos should I trust my money with instead of software clients used by millions that are tested through and through
hmm

>biz tells me hardware wallet is a must
>now biz tells me not to use one

wtf?

>>4985454
2 computers
1 never connected to internet
1 connected to internet
Writable cd roms

Store coins in offline computer
Initiate transaction in online computer with public key
Sign transaction offline computer with private key
Send coins with online computer

All using cd roms to transfer the data.

>>4985489
how does the offline computer even accept the transaction if its not connected to anything? i know its a dumb question but i genuinely don't understand

>>4985489

stop scaring the normies anon

my dick

nice and hard and full of cum

>>4985546
transactions occur on the blockchain, it doesnt matter if your client is up to date or not

hardware wallets are a scam

>>4985489
I bet some poor bastard out there paranoid enough to actually do this.

>>4985247
>proprietary
>trezor
Pick one.

>>4985600
Says the kid with 100% of portfolio on coinbase

>>4985194
Where the fuck have they said this
>>4985600
And how the fuck are they a scam, get a fucking hardwallet anon, saves the bullshit these faggots want you to do, suck my dick getting two computers just to make a transfer

>>4985489
>tfw trojan gets snuck onto the CD

>>4985689
The only thing on the cd rom should be a txt file.

>>4985678
They dont "get" your private key to use forked coins, they just use the same seed for the new coin. It wouldn't make sense if you couldn't do that.

Put all your coins on MEW, then duplicate the keystore file and txt doc with keys and password over multiple flash drives and even deep in a fake folder in a camera sd card, then put a copy of the files into an old reformatted iPod Shuffle, they're cheap and inconspicuous and you can always have your crypto on you in case of your house gets burned down or robbed. Update files as necessary and live a comfy life knowing your money is safe and always on ou and no one will ever know.

>>4985816
Also if your iPod does get lost or stolen, it needs a headphone jack-to-USB cable to have its file accessed, which most don't have and would be too much of an inconvenience for people to find just to see your shitty playlist

>>4985247
Or just using paper

>>4985489
Couldn't you just use a usb instead of cd?

>>4986046
Don't you have to manually enter your private key into your computer when you want to send something though?

>>4985489
But by looking at your private key isn't it at risk of being stolen by necromancers and mind readers?

Bury one of these bad boys in the woods

>>4985816
Why not just copy the private keys to a shit load of encrypted SD Micros and just scatter them everywhere. Doesn't matter if anyone finds it because they can't get past the encryption without a password.

>He doesn't have unsigned transactions transfer to his air gapped computer via laser pulses in his room, where the laser pulses are converted back to data, signed by private key sitting on the air gapped computer, then has the signed transaction laser-pulsed back into the online computer to broadcast to the blockchain

>>4986074
Well its good for cold storage. If you use a hot wallet on your cell phone, most paper wallets have a qr code you can scan to spend from.

>>4986099
Heh, that's why I gouged out my eyes months ago.

>>4986145
>putting your private key onto your botnet phone
Or you could just connect a hardware wallet to your phone knowing that the private key will never leave it.

>>4986175
>caring about hot wallets

>>4986124
Solid idea, of course I can always through in a few encrypted iPods into the batch...

>>4985546
Basically there is something called cryptographic signing where data can be "signed" indicating that the person who created this data has access to the private key (which is what gives you access to your bitcoins on the blockchain)

You can sign your bitcoins offline on a computer completely disconnected from any networking, copy the signed transaction file to an insecure virus infested computer that's keylogged and people are watching everything you type, and safely broadcast the transaction to the bitcoin network with no security issues

>>4985689
>not copying the contents of the CD by hand.

>>4986428
>You can sign your bitcoins offline
Sorry retarded wording. You can make an offline bitcoin transaction on a secure air-gapped computer (no network connection) then copy the signed transaction file to the insecure machine and broadcast it

>>4985247
>software clients
But you gotta admit it's inconvinient, as soon as you go into shitcoins and you don't want to keep them on the exchanges.

BTC? Yeah, no problem, I'll just dnf install electrum. BCASH? Uhhh… some random github thingy, hasn't that been hacked already? ETH? Again, not in the repos. XRP? Do they even have a wallet yet? Waves? Oh, now I need a chrome plugin? And so on…

Still, gotta catch em all.
What software wallets do you anons use?

>>4986443
Also let me emphasize, the air-gapped computer on which you sign your transaction MUST be completely secure and preferably running from a clean install with zero viruses period, and never once connected to any network anywhere for any reason, even for half a second

Because theoretically there could be a bitcoin stealer virus on the air-gapped computer which, when you create your transaction, instead hooks your wallet and sends the bitcoin to another address, which you then sign, and the signed transaction file which you'd broadcast to the network is sending it to the attacker

>>4986466
Couldn't you just boot from Tails and save a lot of headache? You seem to know a lot about security, what do you think of >>4986124?

>>4986104

the fuck is this?

>>4986466
You can preview the transaction.

>>4985489
Can you in theory setup a cheap ass raspberry pi to do this?

>>4986551
I guess if both computers are compromised it wouldn’t matter.

>>4986574
I’m sure you could but you’d have to use usb sticks.

>>4985782
And how are you going to check what's on the CD rom? Any computer you put it in to read the files is compromised when you put your virus disk into it.
The only safe way to move transactions to and from an airgapped machine is by hand, with total knowledge of the bitcoin transaction format. Write it down then type it it, checking carefully for any changes or things that look suspicious. You keep the airgapped machine in a faraday cage of course, and never have any other electronic devices in the same room as it to defeat side channel attacks like TEMPEST or acoustic cryptoanalysis.

>>4986551
The malware could taint your preview my anon, always assume the worst case scenario. That's not even hard it's literally an injection of a few bytes into a text box before it's rendered. It just has to be aware of many wallets

>>4986539
Hey anon, that's actually exactly what I do, along with the airgapped laptop method. I'm really tempted to go for the full on Faraday Cage method but my parents would probably think I have schizophrenia

>>4986458
>ETH? Again, not in the repos.
It's called mist. It existed for a long time and works great. It's in AUR.

>>4986458
>>4986666
There's also etherwall if you want something simple.

>>4986615
And be sure to hand-write an assembly compiler to avoid the trusting trust attack, then compile from public sources every piece of software you install on the airgapped computer. And only use pre-2008 processors to avoid intel's backdoored "management engine" that they put in every processor since, with above-admin permissions. Don't forget to disassemble the keyboard every time you use it to check for bugs (the USSR once managed to bug all the typewriters in the US embassy). You'll have to check yourself for bugs as well of course, someone may have clipped a tiny camera to your clothes before you entered the sealed and isolated inner sanctum.
And this is just getting started. Ideally you wouldn't trust any one computer to hold your keys, so you should keep several of these setups, and keep your funds in an m-of-n multisig such that some large fraction m/n of the airgapped computers would need to be compromised to steal your coins.

>>4986615
>>4986721
>he thinks I won't do this

>>4986721
I wonder if they built in a modem in the intel chips.

>>4986822
They put a whole fucking operating system in there. With full networking stack, network access, full access to all ram, and shedloads of backdoors and vulnerabilities. AMD has something very similar. Any post-2008 CPU should be considered compromised.
https://libreboot.org/faq.html#intelme

>>4986721
>He trusts the pre-2008 hardware to not have backdoors physically embedded inside its individual parts
>He thinks there aren't spies pretending to be civilians driving through every household in the world to get within transmitting distance of every machine
>He thinks that even when unplugging your device and removing all batteries, there aren't batteries hidden inside abnormally large "heat sinks" and "capacitors" which can be externally activated to boot the CPU's backdoor microcode via a specific combination of low-power radio signals appearing in the vicinity
>He thinks BTC isn't a government plot to expose the security-paranoid and that every website in the world isn't being actively scanned for rants such as these which trigger secret agents to take them into custody them indefinitely without trial for being a security risk

>>4986721
thanks for the advice anon! I'm new to crypto so it's great to find out how to store my little nest egg properly :)

>>4986910
>He doesn't know what a faraday cage is
>He thinks I didn't build my own computer from discrete components ordered from china, in bulk, and randomly destructively tested for unexpected internal structure
>He thinks I'm posting on /biz/ about security paranoia without using a VPN, tor, a raspberry pi hidden in an an office building wired in to their network, free wifi accessed from a distance using a longrange antenna made from a pringles can, a twenty minute bike ride from my house.

>>4986988
>He thinks Faraday Cages block sonic data exfiltration
>He thinks the backdoors aren't decentralized and redundant so that nothing unusual can be detected in any individual part
>He thinks the NSA doesn't own the vast majority of all Tor nodes

>>4986466
thanks,i understand now

>>4987071
>He thinks the inner sanctum isn't soundproofed and isolated on a giant rubber vibration damper.
>He thinks a capacitor or heat sink is internally complex enough to hide even the most basic component of a surveillance system.
>He thinks using tor traffic analysis to link one vpn with another is significantly compromising.
>>4986666
>He got satanic quads and no-one checked them

Why not just make a relay computer at this point?

>>4985454
>biz tells me
here's where you went wrong

>>4985160
Trezors are good OP

Don't listen to the fags in here

>>4986615
>>4986721
>>4986910
>>4986988
>>4987071
>>4987147

holy fuck I'm howling

pls keep going you beautiful autists

>>4986649
where do i get a faraday cage for my laptop? or do i have to build it myself?

>not realizing all matter can be read to the smallest molecule using banach-tarski mathematics to infer the influence of any one thing on any other and then project it into an entire universe simulation to incriminate you infinitely with the bias that smallest molecule was influenced to have

>>4985489
>some autist actually does all this shit instead of just buying a hardware wallet

>>4986546
A BIP39 compatible mnemonic code system made from steel. Basically instead of writing down your wallet code on a piece of paper, you can use single letter steel plates to construct the words and then seal it. The thing is apparently fire proof and safe from corrosion. Pretty cool idea actually. What is off-putting though is the fact that this thing only supports 96 characters. In their own words it is enough to know the first 4 letters of a word to fully recover a wallet. Even though this is ok according to BIP39 specification, I wouldn't bet on it working 100%.

I don't know dude - you can always ask the whales on https://discord.gg/5DjF5Nd

>>4987702
Some of us actually have large quantities of BTC (6 or 7 figures) anon. You have to take security seriously because there are no refunds.

>>4987732
and they'll just give me legit secret advice for free? wow!

>>4987864
Literally this.

>>4987864
For that kind of money, you want glacierprotocol.org

Why dont you faggots just use a paper wallet

>>4986458
>waves chrome plugin
So fucking annoyed with their bait and switch. You could download the client just fine before.
Oh well, at least it still works.

>>4986466
This is the autist version of looking around for any possible attacker and physical confrontation when you're out on the street of a normal big city. Yes, these things can happen, but statistically you're so much more likely to get in a car accident, to have a divorce or to get cancer. Plan for disaster scenarios in accordance to their likelihood, there's an opportunity cost to being prepared for anything.

Granted, in both self-defense and crypto communities, the motivation is not so much safety as it is feeling important doing important things, and that's its own reward in itself. But forcing the delusion on others takes it too far.

>>4986721
Do you think this guy does all of this?