Air Gapping PC

themaster2016themaster2016 Member Posts: 20
Given the recent hack in which just over 7000 was taken now I'm starting to build up a few Ether I'm interested at looking at the best way to store my ether really and have looked at a few methods of doing this but still have a couple of questions which I've been looking for the answers for.

Paper Wallet - Is this just a case of creating an account address then storing the private/public keys and address somewhere offline or on a physical print off or USB stick? Then you can point your mining rig to this address? Then one day when you want to do something with the account you will have to use the credentials to access the account and transfer your ETH to an exchange address of your choosing? If so does this method rely on the website such as myetherwallet to still be live in the months to come? OR is it possible to migrate the account details to a PC by copying the data from the USB stick?

Air Gap - Simply using a PC which has no network connectivity to store account details?

I like the sound of the Air Gap method best and I do have a spare laptop I could use for this dedicated purpose. However, I'm not sure about the best approach to set this up?

Do I

- Set up PC from scratch and put GETH on it sync the block chain etc and then make a new account?
- Just point the mining address to the new one created on the air gap PC.
- Make the PC as secure as possible and offline it (after still probably taking a backup of the keys etc).

If the above is correct lets say 6 months down the line I wish to make a transaction do I then just turn on the Air Gap PC, run GETH and sync to the block chain and then in theory I should see the current balance and be able to make a transaction if desired using the GETH console.

Speaking of which I've read a fair bit on transactions but just a quick question about this given the nature of the recent big hack...

When i want to do a transaction should I simply just launch "geth console" then perform the appropriate transaction command OR does one have to run "geth -rpc" first? or should it be geth -rpcaddr "127.0.0.1" so that it only does my local pc?

I've read that you should only be doing the geth -rpc when mining solo? I've just tried this actually and my pool mining command still does work ok without running geth -rpc first. So from now on I won't be running the geth -rpc now.

I assume that when people refer to a HOT wallet does that mean an account that has been unlocked but the -RPC is also running?

What got me worried i guess was the 2 second window I read about of the account being unlocked when making a transaction?

I guess if the chap who got hacked sent all his intended ether in one go then he would have been ok as there would have been nothing for the hacker to take?

Comments

  • greenusergreenuser 50.8862°N 4.5537°WMember Posts: 439 ✭✭
    edited May 2016
    What about running Tails (https://tails.boum.org/) or Liberté (http://dee.su/liberte) operating systems live from a pen drive, Edward Snowden style.
    Once installed on the stick, just plug it in and boot for a clean operating systems every time you use it. When you log out, nothing will be written to the stick.

    Keep your keys in notepad on a different pen drive and access myetherwallet with this USB via one of the operating systems web browsers listed above running live. Use cut and paste and/or the on-screen keyboard to type passwords to avoid keystroke loggers. Machines made after 2006 have memory on the mouse pad or keyboard to store firmware. It is about 2Megabits in size and enough to store malware/keystrokes. If you have an old yellow looking keyboard and ball mouse from the early 1990s use those.

    This will allow you to use myetherwallet in a clean environment. Alternatively, put the most obscure operating systems on an old laptop. Something like: Plan 9 or Solaris8. Just anything that hackers see no profit in hacking. Do people use antivirus with Ubuntu? Don't think they do... they don't YET need to.
  • greenusergreenuser 50.8862°N 4.5537°WMember Posts: 439 ✭✭
    If you use a laptop, remove the mouse pad and the keyboard for reasons above and use old yellow looking keyboard and ball mouse from the early 1990s

    Also, remove the battery. The battery has a memory chip for power managment firmware. It can also bet set up with keystroke software.
    Malware can be planted during firmware updates.

    Grabing your key from java in a browser is not too tricky in windows for a good hacker.
  • themaster2016themaster2016 Member Posts: 20
    Lol, i went with an old laptop in the end and have transferred ether from my mining pc account to the new one...

    I do sit behind a good bit of kit (meraki mx etc) and have locked things down pretty good anyway, i guess its probably just overkill.

    Better to be safe though.

    In regards to the private key do you refer to the file in the keystore folder inside the ethereum folder?

    I have everything backed up in there anyway.

    I only started mining last month really but probably a bit late to make it worthwhile. I think that the value was around $7 when i started.

    Now its doubled everyone is getting on board and the difficulty is rising fast...

    I'd rather the value stay low until pos kicks in...

    Ah well if i have to buy another gpu to stay on target for monthly coin targets i guess ill just have to bit the bullet.

    Currently have 5 msi 390s.
  • greenusergreenuser 50.8862°N 4.5537°WMember Posts: 439 ✭✭
    @themaster2016 can i ask what OS you went with on the "old laptop"?
  • themaster2016themaster2016 Member Posts: 20
    It was windows 10 as i wanted to do it quickly rather than having to do a linux install and have to learn a bunch of stuff.
  • WitchmanWitchman Member Posts: 44
    Trezor is coming out with a firmware update for Ethereum
Sign In or Register to comment.