Air gapped computer for signing transactions


Keeping the private keys only on a computer without Internet connection (WiFi, modem, Ethernet hardware removed by hand) and without USB interfaces (USB is not a secure interface, there are known exploits) is better if you are worried about firmware malware inside the USB devices (flash drives) and inside the UEFI and the Intel processors.

You can transfer the signed transactions using the monitor/keyboard, floppy discs or DVD/CD (not USB!).

Using USB devices is dangerous because their firmware may contain malware.
If you use USB printer it would be dangerous to reuse it on other computers, because of the risk that the printer is infected with malware (with access to the god mode processor malware).

You should assume that the firmware of your devices contains malware:
  • CPU
  • Printer
  • USB drives
  • Hard drive (if any)
  • UEFI
  • Keyboard (key logger)
  • Other (?)
And verify that your monitor does not have a screen transmitter (like demonstrated in the Mr. Robot).

Comments

Popular posts from this blog

Do not use (only) flash memory (SSD drives, hardware wallets, USB flash drives) for your precious private keys!

Archiving private keys - TLDR version

[ad removed]