Post
Topic
Board Hardware wallets
Re: Hardware wallets vs. airgap machines; supply-chain attacks; forward/backward sec
by
Kogs
on 23/03/2018, 18:40:23 UTC
You indeed did forget the most important and still the most secure: Bitcoin Core and all the other open source software where you download the entire blockchain and where you can encrypt the wallet.

Just a few additions:

Paper Wallets can be encrypted, which makes it more secure than cash, but still is open to a regular robbing with weapon use (Tell the password or die), but the main problem I think is that it can be destroyed very easy.

An encrypted wallet.dat fie can be renamed into Michael_Jackson-Earthsong.mp3 and you carry it around (or send it around). Place another unchanged and unencrypted wallet.dat file with a low amount for plausible deniabiity. There are other plausible deniability solutions like hidden partitions etc. Multiple backups make a file pretty much undestroyable.



I consider the Bitcoin Core Client is a normal hot wallet. In terms of security it is not better or worse than any other hot wallet without the full blockchain. Of course there are clients which have better security than other. but from security perspective I throw all hot wallets into the same pot.

To have a full node instead of using a SPV client is indeed better but both wallets store the private keys in a similar way so they are the same for me in this regard.

You are right that paper wallets can be encrypted, but as you also say with force from an attacker none of the available wallets/key-stores would safe your coins.

The best security is when no one knows that you own any bitcoins. And you also don't have any traces on your PC/phone which might let anyone think you have some bitcoins (like installed bitcoin clients). This could be achieved in parts with an encrypted OS running inside a virtual machine which runs the bitcoin client.

The question is always, how paranoid you wanna be to secure the bitcoins. This also depends on how much you have to secure.

Your idea to encrypt and rename the wallet.dat (security by obscurity) might only work as long as you don't need it. If you want to create a transaction from this wallet.dat you need to encrypt it and load it with the bitcoin client. And when your PC is infected with malicious software it will not help you.