Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Project Development
Re: Would you be willing to flip coin / roll dice 256 times for security of funds?
by
ashfame
on 16/07/2020, 23:59:58 UTC
Quote from: BrewMaster on July 16, 2020, 04:57:46 PM
Quote from: ashfame on July 14, 2020, 06:48:55 PM
one runs on a Raspberry Pi Zero with a custom linux OS to act as an air-gapped device where its not possible to get any information out because it truly runs as an air-gap device with no networking hardware available.

this part sounds very interesting to me but also the OS part makes it hard to verify it and i think such project is going to be a huge one. it would also be outside of the range of my knowledge.

Well, as long as you use a Raspberry Pi Zero (non-W) or desolder the wifi and bluetooth module from the board if you are using any model that has wireless network options, you don't need to care about the OS at all.
I have specifically chosen this architecture based on different air-gap POC attacks as well.
The only bit you would need to verify in the application (as long as you generate mnemonic completely offline or already have one) would be just the QR codes that are passed between Wallet & Vault. Which can easily be done by a simple QR code reader Smiley

Quote from: BrewMaster on July 16, 2020, 04:57:46 PM
Quote from: ashfame on July 14, 2020, 06:57:33 PM
And lastly, I hope the community encourages the open source spirit of wanting to verify everything and hacking away to deploy their principles or give voice to their opinions. Criticise it to its last bit, but do participate Smiley
i have found that only certain types of projects attract bitcoiners, for good or bad. for example anything that remotely relates to trading and making profit will get a lot of attention.
security related stuff don't seem to get that many contributions though. specially the new ones.

I realize that. I couldn't buy a hardware wallet because of the lockdown, so I decided to build one myself and based on my months of research, I kept on refining the architecture. I am going to do it for myself anyway and support for decentralized exchanges & dapps support is on the roadmap as well. Contributions though welcome are not required. Peer reviews and some sort of audit is what I think would do some good. I am fully committed to see it through & maintain it in the long term.

P.S. - I actually have been coding the wallet and vault, completely on live stream. YouTube and Twitch links are on my homepage - ashfame.com