NVK, CEO of CoinKite joins me on the show to talk about hardware wallets, air gapped computers and all kinds of useful security questions. This episode will help you learn about the kinds of attacks possible against air gapped computers and hardware wallets, as well as bring some nuance and balance to the conversation about how people should use Bitcoin. We chat:

• Locking down security
• Attacks possible against air gapped computers
• Multi sig vulnerabilities and standards
• Helping newcoiners in the space
• Balancing tradeoffs

NVK links:

• Twitter: @nvk  
• Site: CoinKite.com  (use code LIVERA)
• BitcoinSecurity.Guide
• Airgapcomputer.com 

Other links:

• Coinkite Coldcard vuln disclosure blog post
• The Missing Multisig Standard
• Bitcoin Secure Multisig Setup

Sponsors: 

• Swan Bitcoin
• Hodl Hodl Lend
• Compass Mining
• Unchained Capital (code LIVERA)
• CypherSafe (code LIVERA)
• CoinKite.com (code LIVERA)

Stephan Livera links:

• Show notes and website
• Follow me on twitter @stephanlivera
• Subscribe to the podcast
• Patreon @stephanlivera

Podcast Transcript:

Stephan Livera:

NVK, welcome back to the show.

NVK:

Thanks for having me!

Stephan Livera:

Things are getting really crazy now. And it’s obvious there are a lot of new people coming into the space and they’re all asking a lot of these questions around how to secure their Bitcoins. Now, and it’s a really interesting topic that has seemed to come up over the years is this question of air gapped computers versus hardware wallets. So maybe high level. Can you just tell us. What do you think about that question?

NVK:

Yeah, so surprisingly enough, there’s been a lot of discussions, even sort of like this last couple of weeks about this stuff. Every time the price goes up. Everybody revisits their security and they should. So like Air gapping computers in general is one of the best practices for keeping things secure, right? This is not a new thing, just because of Bitcoin. It’s just Bitcoin leverages this technique right? Of what it means is that you don’t have the device connected to the network. It’s like thinking of it as a moat of air around it. There are no cables. Aside from power, and what that means is that it makes a lot harder for an attacker to have asynchronous means of retrieval of an attack. Because imagine that, like, there is no perfect device, there is no device that’s like, doesn’t have any bugs that doesn’t have vulnerabilities that doesn’t have weak spots. Everything is hackable. Things just have sort of degrees in each we defend against which attacks. Now, what happens is say you have an unknown bug on a device. If the device is not connected to the internet, even if the attacker knows that vulnerability exists, he’s not able to get in there remotely and retrieve whatever information he’s seeking. Right. That’s sort of like the goal of air gapping.

Stephan Livera:

So we can think of it. And I think one analogy I’ve heard is imagine you’ve got two houses, one house has 10 doors and 20 windows and the other house has only one door. And that’s the only way in and out. That’s perhaps a good analogy to what we’re trying to achieve here. And so the question then is there are some people in the community who believe that you should not use a hardware wallet because you can air gap a computer. There I think probably the mainstream view is probably more like, look, a hardware wallet is a specially designed Bitcoin computer. It is specially locked down. I guess that’s probably one high-level way to summarize what’s going on. But maybe if someone was to try to air gap a computer, what is actually involved in that process and what are some of the pitfalls in trying to achieve that?

NVK:

So the idea is, let’s just talk first about like general purpose computer versus hardware wallet. So what are they offering? So a general purpose computer is going to protect you against say a specific purpose device vendor vulnerability. So nobody knows what you’re buying the laptop for. If you go to say Apple or Walmart, whatever, and you buy the laptop for cash, right. Nobody even knows you have the laptop. So nobody is going to be targeting you directly for Bitcoin. So that’s one thing, now with hardware wallets, those are Bitcoin hardware wallets. The attacker knows what its going for, that may be a rogue person at a vendor side that may be a carrier ,shipping the device. What happened in that sentence is like then.

NVK:

These are sort of like the more, and I’m being very simplistic. Those are the two sort of like advantages and disadvantages of this general purpose versus single purpose devices. Right. Then you have to look, what steps does the vendor of the hardware wallet take against those attacks scenarios, right. And well that would then count on the air gapping laptop or the laptop itself because nobody knows you have that, but with hardware, wallets say like Coldcard, I can just talk about my case. We have the temporary evident bags. We have the firmware that you can reload. We have anti-phishing words. So like we have like a slew of protections, none of which is perfect, but combine that they offer a great level of satisfactory security.

NVK:

So that you’re protected against sort of like vendor specific attacks or supply chain attacks right now with the laptop on the other hand, well, anytime you buy a laptop from Walmart is going to come with like eight ton of garbage, right? Like all kinds of essentially, like you could almost say it’s malware by the vendor right? Like when you buy a laptop, you have to install a bunch of stuff. Right. An average person is only going to be able to one remove so much of that. Right. And two, even if you wipe it clean and you install something from scratch an average person is not going to understand really how far you have to go to lock it down. Right. While I understand why some very advanced people totally want to go that route because they are completely avoiding the trust in hardware wallets, and they also are very capable of locking down a laptop, but even in their case, honestly a laptop has a football field size of attack surface, right. Because it’s a general purpose device, right. There is a microphone DSP chip in there. Right. Are you drilling that out? Right. And every single, even when you talk about open source, like Linux on top of a laptop all the chips in the laptop, like not all, but like most of it will be closed source. There is even the boot rom. Everything in there is essentially an attack vector. While a hardware wallet not being perfect. It is a very simplistic device like single-purpose often times in our case its just two chips in there. The rest is just sort of like electric and what it does is it just gives you a lot less stuff to have to worry about being attacked and it’s a honeypot as well. So there’s a lot of security research gone into trying to break them. I mean, that’s like all that is done to them all the time. Right. Like it’s just people trying to get in and then show that they can get in to one of those, so that’s sort of like a big difference between the two.

Stephan Livera:

Right. And so just hypothetically, let’s say somebody wanted to do air gapping, a computer, what would that process look like? I guess off the top of my head, it would be things like, okay, I’m trying to strip out the wifi, strip out the microphones, strip out the Bluetooth. Like physically trying to take time to physically remove those things from the laptop device. And then you might need to use some kind of live boot system, for example, tails OS, or maybe you’re flashing something else on there to actually do your Bitcoin things on there. Can you just outline a little bit, what would that process look like?

NVK:

So in my opinion if you’re going to do a a laptop for Bitcoin, I wouldn’t even use most districts of Linux anyways, especially not Ubuntu, because it was meant for people to do like spreadsheeting and word on a Linux version. Right. You would probably pick a security minded distribution that has less cruft for you to clean out and less things for you to lock. And personally I would go for freeBSD, right? It’s a very secure platform and it starts essentially with nothing in it. And you add only the stuff that you need right. As opposed to starting with a lot of stuff like to that, then you take stuff out, right. It’s sort of like, it’s a lot easier to make something safe when you don’t have to take stuff out.

NVK:

Of course you try to sanitize a lot of the hardware by taking stuff out in most modern laptops that became very difficult because a lot of things are single chip. These are very sort of delicate electronics. So it’s not that simple. I think it’s very unrealistic for the average person to do this at a satisfactory level. Right. and then there is the concern about, for example and this is why I feel like freeBSD versus, whatever distro you’re going to use of Linux is that like, you’re going to have to choose like exactly the library and build from source and check each library for say the disk encryption, right? Like, are you going to just trust the disk encryption that comes with the distro? Right. this things are not simple, like imagine the millions and millions and millions of like little libraries and packages and things that like people in the Bitcoin community to say like, yeah build your hardware, wallets, firmware from source. Well that’s a pretty tiny little piece of software comparing to a massive OS. It is just a lot less stuff to go over.

Stephan Livera:

And so I think the other point is using it in practice. So again, it depends what the person is using for, obviously we’re speaking mostly in the cold storage case. However, if that person actually needs to periodically spend out of that storage. Let’s say they’re doing a big life event, they need to spend some coins. Well, now they’ve actually got to facilitate that process of getting a transaction in and out of that air gapped computer. The problem then is how you do that in a user-friendly way? Because, well, theoretically, this is an air gapped computer. You don’t want to connect it to the internet. Now how do you get something in and out of there? Well, maybe you do a USB, but then what software do you use? So it’s kind of, I mean, maybe you’d use Electrum and that’s an example, but what I’m just trying to spell out here is there’s some practical difficulties involved with using these I guess laptops as or air gapped laptops as a hardware wallet. Now, I guess, historically and I’ve used some kind of set up similar to this when I was doing an armory wallet this is years and years ago. But do you have any thoughts around the practical components of using an air gapped laptop?

NVK:

So I think just recently Bitcoin core edits, some support for air gapping, the node, so that he can transfer data on and off. Right. Because you also have to keep blocks up to date. And normally you keep that computer connected to the internet. So it’s kind of complicated that way, I find it personally I find it impractical. And then what happens when you remove some of this practice right? Is that like adds more room for people to mess up, right. It means that like you were going to have to do things that are a lot less natural and a lot less sort of like single purpose. With the hardware wallet the device was designed for that, its simple. So what to do, right?

NVK:

Like you in code cards, case you can do it air gap. So you’re to do the sneaker net of democracy to shuffle PSBT teas in and shuffle transactions out, right. While with the laptop you’re going to have to choose, right? Like are you going to do that with microSDs? Are you gonna do that with USB? Which is a monumental cluster. And yeah it’s just impractical. Right. And I think that opens people to mistake and people as I see this market grow and like for quite some years most people screw themselves out of their coins more than they get robbed. Right. And one thing that was very common back in the day when there were no hardware wallets was for people to get robbed. So I think it’s kind of interesting that way.

Stephan Livera:

So yeah. You make a lot of great points there NVK now I think a really cool website. Now this is your website, but listeners go and check out airgappedcomputer.com and NVK. Do you want to tell us a little bit about this website and maybe tell us about some of the attacks possible?

NVK:

Yeah. So people love to talk about like air gapped computers, but I think a lot of the people don’t understand like how much you can do against the laptop even side channel attacks too. Where the laptops not even connected mind you, a lot of these attacks will require like physical access to the device. But like you can do for example, cold boot attacks. Because the, what happens is when you’re running a laptop, like all your keys normally go into memory. So what happens is, let’s say you turn off the laptop what you can do is you can freeze the RAM with like actually very cold and then you can actually read the RAM.

NVK:

So you have access to some of, there is of course there’s a lot of software that tries to do better against that. Right. But there’s a lot of those little sort of like access. So for example, another one they can read the RAM with the wifi card. So they were able to see via RF, right. Radio frequency the data being calculated inside the RAM. So they were able to take data out. Another cool one was and this is actually quite, it’s simple, but it’s not as simple in this context is I love this one. So they there is this very long distance sensitive microphones that essentially it’s a laser that they point at say your window because the glass resonates right. Sound. and then they can actually listen to your keyboard. And then as you type, they can figure which key you’re typing to get your password. For example,

Stephan Livera:

These are so scary, man. These are just crazy in terms of like what kinds of things are possible. And now side channel attacks are an attack that people, a lot of researchers talk about them. And in fairness that there are side channel attacks versus hardware wallets too. So if you could outline a little bit about the possibilities in terms of side channel attacks versus hardware wallets versus air gap computers?

NVK:

So a great attack for side channel was against the Trezor. This was many years ago somebody managed to do a power differential attack on Trezor, where they were able to read from the power port the device doing cryptography on the MCU. There wasn’t a lot of protection at that time on that, but that was fixed. Another one is there is this being call a chip shouter. So essentially you use a very specific very targeted RF push. So like radio, radio frequency pushed into a little area of the chip and if you do it just right you can actually on a, on a Trezor dump the whole memory of the chip. So you get the seed essentially, right. I guess Coldcard, there was a good one.

NVK:

The guys from ledger essentially removed the, our secure element or old secure element out of a coldcard. And they, they didn’t remove from coldcard, but they use the same type of SE that we use. They found a flaw in it that does, I see is designed so that he cannot appeal the top to try to read the data inside. So they turn it upside down and they dug the bottom of their seat. They pointed laser, very expensive machinery here. Talk about quarter million dollar equipment pointed like a laser to a specific gate of the SE and sent a very specific signal and were able to trick the pin counter of the SE. It’s kind of theoretical runaway because it was not sort of demonstrated with the actual device per se and we keep the seed encrypted in the other chip.

NVK:

But still like it just shows like given infinite resources, nothing is unhackable a good one on actual computers that happens quite a bit now is you have malware on the, say the firmware of a hard drive. So you wipe your laptop, you do all this stuff, but there is the firmware on the hard drive itself that you think is doing encryption or doing something else. There’s malware in there. Right. And it’s not like the kind of firmware even have access to update yourself. Right there’s a lot of stuff going on. That’s why, like, ultimately one of the best defenses you have is to simply never plug a device to any other device. So on the hardware wallet case, it’s like you use the microSD to shuffle the information and on the laptop, that’s air gapped, never connect the laptop to anything.

Stephan Livera:

And of course there are still trade offs associated with that, but it’s kind of like the idea is that’s the most kind of reasonable balance usability wise to still give you some level of security. But yeah, certainly some of those side channel attacks that you’re outlining, they’re quite scary in some ways like the whole differential power analysis thing where people can try to assess based on the power levels, what the device is doing. Because remember when you’re, when you are using a hardware wallet, what you want it to do, obviously it is storing the private keys. And then when you, when you go to actually sign a transaction, it’s signing, it’s doing some operation to sign a Bitcoin transaction so that you can then spend. So if they are able to monitor you in that vulnerable moment, that is potentially where there’s some leakage. Right?

NVK:

Exactly. And then like, and then I like also sort of bring this all back down to sort of reality, right? There’s a lot of these attacks either require physical access or extremely targeted attacks against you. Right. And you’re not Snowden jumping hotels right. Running from the NSA. So chances of a lot of those attacks are much lower and it so I think that like it’s been like over a decade now of like protecting Bitcoin. So I think that the space is still early, but it’s like matured enough that people are not losing money. Right. So the way I like to say it, it’s kind of like you have, for example, we need to stop scaring noobs from self custody. Right. I feel like there is just too much FUD around the solutions for security right now especially from extremely sophisticated people.

NVK:

I understand why, like a person who’s like a core dev or something is extremely sophisticated, understand computers very well would say, Hey of course I can see all these attack vectors on a hardware wallet, right. Or on a laptop. So this person understands how to remediate these things. Right. but we can’t expect an average person to do any of this stuff realistically. So what do we need to do is sort of like, we need to teach them not make them dumb. We don’t want send them to centralised wallets or to wallets where to validation is done by the vendor but we want solutions that are sort of a little bit more self-contained. You just sort of got some Bitcoin on Coinbase, Or no, let’s say Kraken those few hundred dollars, or thousand dollars to your phone wallet.

NVK:

Right. And, but make sure you’re using one, that’s like a non custodial. Right. So you have a backup of the seed in metal. Right. So that’s a nice way of you just getting your feet wet with self custody. Right. And then sort of like, whenever you’re ready, you can sort of upgrade right. And then like the next thing is like do the bitcoinsecurity.guide thing where it’s like, okay, I’m ready. I’m going to take some self custody to the next level, because I have a little bit more money. Right. You get a hardware wallet, you get a metal plate and you get that set up. Right. And then you learn more and then you add the passphrase and then you learn more. Maybe you go multisig. Right. But lap people it’s like follow a path that is like realistic and it’s incremental as opposed to like, no, you have a hundred dollars. No, you have to do five out of seven multisig with 10 laptops that are air gapped. It’s completely, what I mean? Like people go like, no Coinbase is better and I can’t blame them.

Stephan Livera:

Yep. And now I guess one other point that maybe some people out there might recommend is they might literally say, okay, fine. We can’t, even if you can’t air gap the computer, what if you literally bought a computer only to run Bitcoin core on it? And if you just like say you connect it to the internet and you just ran Bitcoin core and nothing else on this laptop, what’s wrong with that?

NVK:

Yeah. So I really, I think it’s a great idea to have a computer that you use for Bitcoin things, including that’s the computer that you use to talk to your hardware wallet right. it’s nice to have a computer like the old adage goes don’t shit where you eat. So like don’t mix in your everyday like chatting apps or your day everyday browsing with the computer where you do your Bitcoin accounting, where you do like your banking, for example. Because that computer have less chance of have viruses. Viruses are still a concern, even when you have a hardware wallet, because the desktop wallet could be pwned by the virus and then lie to your hardware wallet. But at the end of the day, the last line of defense is you, right. At least a hardware wallet, you can look on the screen right. And verify the transaction is going where it needs to go. Right. And then you approve it. So that’s sort of like the last line of defense.

Stephan Livera:

Also, There is some discussion. And one of the concerns that people share around hardware wallets is, Oh the crypto library is maybe it’s not using the Bitcoin cryptography library. This is, and maybe there’s not as many people reviewing the code on those hardware wallets, as opposed to Bitcoin’s cryptography and Bitcoin’s libraries, how would you respond to that kind of concern?

NVK:

I think there’s a few things first here. So libsec256k1, right? This new great library, that’s part of core wasn’t around or mature enough when some of the main hardware wallets came to the market. So that’s one thing, it’s just, it wasn’t around. I guess the other thing is the crypto, the one that we use it does have a lot of eyes on it. It’s one of the most used libraries for hardware wallets. I don’t know which one ledger uses, but at least they get it audited, the closedsourceness of that project, or different set of tradeoffs. But they also have secure elements.

NVK:

Each of these sort of solutions would give you different sets of tradeoffs. Now I do agree that this library the core library is much better. We are actually like transitioning to that about 80% done. It’s a great improvement, especially in speed, but I think it’s a bit of FUD, Because reality is there is like hundreds of millions of dollars in hardware wallets, and attacking the crypto library has not been, at least I have never seen a demonstration that that has been a concern. it’s the same way sort of BIP39 is not as safe, let’s put it this way as maybe other ways of making private keys, but it’s just beyond good enough. It’s so much so that like it became the de facto standard, Sometimes, actually most of the time standards are not the best solution. There are the solution that got the most buy-in.

Stephan Livera:

Yeah, that’s unfortunate, but that’s the way of the world. So for better or worse, this is probably what we’re stuck with. Also thoughts around how this market changes as it grows. So for example, in the early days, you kind of had to know who to go to get these hardware worlds, right. At an extreme, let’s say this next year or so we hit this crazy 10X or a 100X, and the number of people coming in does, at what point does the market change and other options become economically viable. I mean, just as a, maybe a silly idea, but does it ever get to the point where people will buy hardware wallets from the supermarket or from like a department store, that kind of thing.

NVK:

Yeah. So I’m not a huge fan of resellers and third party sellers, because you do introduce one more hand in between. Supply chain attacks are more reasonable right to happen. So for example, even buying hardware wallets on Amazon, I think is a terrible idea, right. Because say I’m a bad guy. I buy a thousand hardware wallets on Amazon. I put very low grade sort of replaced the firmware stuff. That like steals money or even it just preload them as seeds. Because a lot of the people buy on Amazon don’t know better. I returned them, alright and then Amazon resells them again. So now you just open a whole new sort of like low grade, but also low hanging fruit attack on noobs. So I really I think the future and sort of like the best way of handling security devices is to like go to the source to buy it.

NVK:

I think the verticalized sort of space is growing. So like manufacturer to consumer, like you look at like Tesla, you look at Apple, right? Like have all this companies that are skipping the middleman, probably losing some sales in the process, but they have a tighter sort of like tighter control, tighter security, right. On the, on the, on the process. For the more advanced people, you could also build your own hardware wallet kind of deal. And then I think in the future, we might see also, you know, better chips or better like actual hardware solutions that provide better sets of trade-offs that like maybe make it possible to have less concern about supply chain attacks or vendor attacks.

Stephan Livera:

Of course, I’m sure yelling through all of this as my friend, Michael Flaxen and being like, guys, what about multisig? We’ve got to have multisig. I think maybe that space becomes easier as well. Although we wouldn’t recommend that for beginners and say, Hey, you’ve got to go to this level. Like, it’s one of those things where hopefully over time it just becomes easier and more practical, but probably a good point now to talk about this recent multisig vulnerability on the Coldcard. So do you want to just give an overview on what happened there?

NVK:

Yeah. So, so multisig is sort of like fairly like complex and full of like edge cases. So and then that’s part of the reason why, like, as much as it’s great to have multi-vendor multisig, it’s also not great to have multisig multivendor as well, because like you’re not testing against each other’s sort of like bugs and things. But so in our case, this specific bug so most harder wallets don’t keep state. So they don’t keep like information about the cost signer on a multisig. So they wouldn’t even be defended against this in our case we do. But we had a bug that essentially was not checking it correctly. You have the sort of theoretical attack where like somebody would build a virus would say pound Electrum or specter.

NVK:

And then they would build a rogue transaction that would send the money to either a Griffing address or like a hosted address address, or even maybe like a payout address, right. To the attacker. And then if you had received this PSP to sign in your Coldcard, the Coldcard would say it’s okay, however, you’d still ask you to check the transaction. For them, for you to sign, so you are essentially the point of last defense there. You could have said, no, this is wrong. That’s sort of like what the problem was. We were trusting DXFB, so the ID of somebody Wallace that could be sort of three Crete there. So essentially we just sort of redone all the checks. It’s pretty awesome now. And I found it interesting because like, as much as I love, like the fact that he was found and it was fixed and stuff like how most wallets don’t even do this checking. So they wouldn’t even have a possibility to have this bug because they just sort of yellow. Right. They just essentially sign everything.

Stephan Livera:

Okay. So let me just, I guess this is probably getting a little bit technical. Let me try and explain it in simpler terms, just for anyone who’s listening. So I guess we can think of it, like your hardware wallet is kind of it in some ways it’s dumb. It doesn’t know what’s going on out there in the world. And so that’s why we have Bitcoin core and some kind of coordinating application, like electrical specter. And so in this example, Electrum or Spectra, or one of those wallets of blue wallet is trying to feed the hardware world to say, Hey, Hey man, I know you’ve got this private key. Can you sign for this transaction?

NVK:

And only multisig? So this bug was multi-six Pacific.

Stephan Livera:

Yes. Yeah. So in this example, it’s a, let’s say you did a two or three multisignature setup. And so in this example, what we’re talking about here is called card registering the other members of the quorum. So let’s say you had a Coldcard and a Cobo and what’s like another hybrid world. Let’s say you had a specter DIY, and each of those hardware wallet devices has their own, I guess a contribution into the quorum. The set of multisignature devices. And that the bug was essentially that Coldcard was not checking that its own. It was not a member of that quorum that it was setting up. Correct?

NVK:

Yeah. So essentially we were just trusting a heuristic that was not good. There was essentially a bug there.

Stephan Livera:

And then what’s being fixed now is essentially that it does check that it is a member in that quorum. And also, I think when you’re doing that, multisignature set up it. You can sort of scroll through and if you’re just manually looking at okay, just kind of checking the first few letters in the last few letters of the ThreeX pugs in that example that would have also given that use at some level of protection there, correct?

NVK:

Yes. Again, it’s one of those things it’s like is this attack possible? Yes. Is this practical, realistic in any sort of timeframe between being reported and being fixed? No.This is the kind of stuff that’s like you receive all this sort of like disclosures, you fix them, you release a fix more often than not. You don’t tip the bad guys. You release a fix with a farmer quietly. Right. You add that to a feature update. It depends on the case on this one. It makes that sense. Right. And then what you do is you wait for the disclosure period with this firmware out there. And then on the day of the disclosure, you tell everybody to update, but that means that most people have already updated so that you don’t tell all the bad guys, Hey, listen, there is this open bug out there.

Stephan Livera:

Gotcha. Okay. And so in terms of going forward, I know there was a couple response blog posts. I know, for example, Did Hugo of the nunchuck project did a blog post and of course had a blog post as well. I kind of just talking through some of the basics and what’s going on here, but in terms of going forward, it sounds like one of the ideas is to create a multisig standard. So do you want to outline a little bit about that? What is that?

NVK:

Yeah, the problem is inherent to the current state of things, right. There was like, we’re sort of like going above and beyond here to try to create some trust between the devices on the quorum right. Of the multisig. And because there is no secure way of doing that. We ended up doing all this convoluted ways that just open yourself to more possible bugs or possible exploits. Hugo had this great idea of creating a standard for creating a quorum. Cool Carter, where does that? Well, did something like that between code cards? So if you’re just using Coldcard for multisig, you’re a lot more protected. But the challenge here is when you have multiple vendors, Creating a multisig between each other, right? Like we have different ways in which we want to do things.

NVK:

As everybody who works in project knows everybody thinks that their way is the best way. So this standard is great because it’s, we’re calling BSMS Bitcoin security, secure multisig setup. So what it does is it creates just a little standard. It’s actually quite small for the wallets to create a secure session with each other. So essentially they have a handshake between each other at the time of creating the multisig wallet. And then once they have a secure session between them a secure channel, let’s put it this way between them. They can then trade the secrets and important information. So they can trade Xpubs, they can trade all the other method, information of the multisig, like the redeem script. There is no room for somebody else to get in there and try to lie about what’s set up was.

Stephan Livera:

This would just be part of the new setup ritual, if you will, or set up ceremony and essentially it could be conveyed the same way normal information is conveyed to let’s go back to that example. Let’s say it’s Coldcard plus a COBAvolt plus a specter DIY hardware wallet doing a two of three. In the case of the Coldcard, you would still ferry or shuttle that information from say, spectral wallet into your Coldcard using the SD card. Then the other guys you would do probably the QR code scanning, and that’s how you would ingest the infer. Maybe for example, spectrum, while it would show a QR code and then the DIY and the COBAvolt would scan that and then read it. And then the user at that point can I guess, check themselves and say, okay. Yep. Do, does, does this quorum look right to me? Correct?

NVK:

Kind of, yeah. They would be essentially all just standard is it’s creating a secure channel between them, that’s it? Then when you exchanged information which could be other standards, it could be whatever ideally as descriptors then that information. The setting up information can not be fudged because he was sent safely between each other.

Stephan Livera:

I’m also thinking now as well, back to my conversation with Michael Flaxman, where, and also his, a BTCguide.github.io, where he talks about multisig. One of the points there is that you should theoretically depending on how secure you want to be, you should be checking your receive address anyway. So one way to do that, I guess, is to check that, does this address belong to me? And in, for example, the Coldcard address Explorer, you can do this and on some of the other like those hardware wallets with the screen and so on. You can go through and actually see, does this address belong to me?

NVK:

Make sure whichever hardware wallet you use can show you on screen deposit addresses. You need to be able to double check on screen that the address that you’re receiving Bitcoin to is controlled by you. That’s one of the most paramount things. And because there will be more attacks. There will be more vulnerabilities. There probably are some out there. That we don’t know about. So the buck really stops with you. So like, if you’re just double, triple checking stuff you’re safe. Because again, like everything is hackable. But I can’t repeat this enough. All this stuff is very targeted, its very complex. Most people, in most circumstances are not exposed to a lot of these attacks and the alternatives are less safe.

Stephan Livera:

Yeah. I think that’s a very crucial point. I think it’s one of those things where in the earlier days there was less awareness about these things. And so we were just kind of running that risk without even knowing it. Especially for me when I was a total newbie in the space and I was learning like you’re just using for example, things like Tresor web wallet, or you’re just using Armory or something. And without knowing about all these kinds of, Oh, I need to verify the receive address. And I need to these things that you learn and you pick up over time and you sometimes, Hey, I’m pretty sure most, if you talk to anyone who’s been around the Bitcoin space, they’ve got battle scars.They’ve lost coins on something.

NVK:

Yeah. It’s crazy to think, right. That like we’re talking about side channel attacks and things like that while most people are copying a deposit address of an exchange from the browser. Yeah, exactly. All the extensions on, I mean, this is crazy to think. right? Yeah I think a lot of it is like also fault of the market. Like I think there’s just like too much sort of like weaponized PR between competitors and things like that. I really think that it’s a shame really that like you’re going to depend on your sales on sort of like attacking like competitors on like, vulnerabilities. Because they’re essentially just eroding the trust in these devices in general. And I maybe this is an ask for any security researcher listening. I know that like a lot of the stuff you do is incredible.

NVK:

And you want visibility when you find a bug or something, but you have to understand that like, most people don’t know the context of like what it takes to maybe achieve one of those attacks or that it’s not sort of like every, all the time. And then when you do responsibly disclose I think the market has grown now enough. There is enough, like so many players now and so many projects dependent on things that simply emailing like one manufacturer who did find the, like, I don’t care how much you like or dislike. Because this is not about the manufacturer. This is about the users. So I think it’s a time now where like, if you want to be a pro security research, you open a CVE. And you do the process the traditional way of creating a responsible disclosure, right? Because you will probably affect other projects that are not necessarily like a hardware wallet vendor with your disclosure. It can affect a lot of things. And then you just essentially leave users AWOL.

Stephan Livera:

There are obviously a lot of rivalries in the space. And so often hardware wallet manufacturers, slinging things at each other, or it’s security researchers. And I guess the bad cases when vulnerabilities just get openly, publicly disclosed out in the wild, and then they basically force the hardware. If the hardware wallet manufacturer is blindsided, now they’re scrambling and trying to quickly fix this and patch it and put out a fix and try to get their users upgraded so that they are now safe against this attack. While at the same time, it’s like, there’s a funny incentive in some ways where some people who are disclosing a vulnerability might let’s say overstate, the feasibility of running that kind of attack because more press for them, more publicity, we kind of live in this crazy sort of attention economy. So it, you have to, I guess it’s a difficult thing. And I can understand for a new person coming into this space that they don’t know how to maybe assign the right level of risk. They don’t have the right level of context to sort of understand, okay, is this kind of more like an edge case kind of crazy freak scenario or is this kind of like a really everyday thing? And like a lot of people will lose money because of this. And you have to try and assess that.

NVK:

Exactly. And ultimately the person who the entity that chooses the severability of a vulnerability is the target vendor. The vendor is like, sort of like the ultimate source of truth there, even if they minimize it right. Then they would just lose trust. But I would always take with a bit of a grain of salt the party who is disclosing it. I guess you take both parties with a grain of salt, but mind you, when a bug or a problem is big enough, that is a huge problem. Like you will hear in the wild people already losing money to it or something. That’s a very likely scenario. I just think that like, we are now grown up enough, there’s enough people using this stuff that like a lot of the security vulnerability disclosure, like needs to be toned down a bit instead of like, sort of Oh, I’m going to put on the blog of my company because like, you’re not gaining that much anything right by doing that.

NVK:

And everybody’s losing a bit with the erosion of trust on those devices. I think that’s very different than we all sort of like on each other on Twitter. I mean that’s fine. Do you know what I mean? You can say, I find your stuff to be crap, or I find your stuff to not be that safe or whatever. I mean, so be it, we’re all human. And we have our concerns or concern troll whatever. But I think on the actual formal sort of like disclosure and on the blog posts, like things need to be sort of like tone it down a bit because they do scare people. And reporters are completely ignorant about like those issues. They will write the story with a hyperbolic sort of view, just to get clicks to and we see this everywhere all the time in this space.

Stephan Livera:

Yeah. It’s a very tricky thing. So I can definitely appreciate it for somebody who’s new coming into the space and they’re told don’t trust, verify, but then, okay, then what I even do well, who do I look at? What do I need? I need some guidance here. And so that’s a typical concern that I can imagine a new person to this space has. And obviously I’m doing my best to try and guide people into kind of safer pathways, but I’m wondering, do you have any tips around how you help guide newbies in the space? Without kind of scaring them off.

NVK:

So first it’s like, look who actually like the people who are actually sources of not source of truth, but sources of some truth for at least a trusted point of view, right. If somebody claims to be a security researcher, where’s the security research for you to review. Otherwise the person is a security pundit. So there’s a difference there. People have opinions, but are they like producing something that like, sort of creates some rep on them, right? Like, do they have a trusted project? Are they involved in a similar industry or a similar part of the stack, right. For them to have an opinion. Or maybe other people who are trusted in the community freaking out about the specific bug, not about the rhetoric around the bug. Not like around sort of the drama around it, but are they actually concerned about the vulnerability.

NVK:

Are they saying like, you shouldn’t use this device anymore or you should update immediately. What are they saying that sense, but the best heuristic is, when it is disclosed. Was it fixed? Does both parties sometimes they may not agree if it’s a like a vulnerability or a feature like that could have some, I’ll give an example of there later, but does the party who gives you the device most importantly, first. Do they say that it was fixed? If it was fixed. Everything else is just drama. If it was not fixed or it’s not fixable, there are some major concerns with some devices out there. It’s not fixable now, is this something that you’re okay with going forward? You have to make a decision for yourself.

NVK:

If you want to have a device that has a major flaw in it or not. Well, maybe that’s fine for you and so be it. For example, there is things like Coldcard has advanced features for developers. So we support Testnet on the same derivation path as your wallet. It is under a danger menu. And it was brought in because somebody brought to our attention that there was sort of like a path to attack that. Great, but I don’t want to remove that feature just because some people could be possibly, maybe not even confused, they’d have to like, be convinced to actively go into a menu and change something. We took the advice that it could be a concern. So we just made it a little bit more, like more scary to do that.

NVK:

But that’s not necessarily a bug or a vulnerability. That’s just a choice in design. Right. Is very different than sort of having a flaw in your chip that like, you cannot secure it. Well, if you cannot secure, you cannot secure it. There is no way to sort of spin that. That’s why I say it’s important to first listen to your vendor and then look to the community to see. If people are freaking out about updating it, replacing it outright trashing it. If nobody’s freaking out and the vendor gave a satisfactory answer, but the discloser is sort of like being a little bit hyperbolic, but then you have your answer that doesn’t take away from the great thing that happened, which is there was a flaw, or there was a bug that was disclosed and something was fixed. That’s a fantastic outcome.

Stephan Livera:

Yeah very much so. Okay. So I guess one other thing that people might be thinking, okay, so many listeners of the show are themselves. They’re an uncle Jim to somebody else they’re teaching somebody else. What are some ways that you like to, I guess, teach a newbie? Let’s say a person is a total newbie. They’ve got their coins on the exchange and we are trying to teach them, Hey, now’s a good time to learn get a hardware wallet and learn how to take your coins off the exchange. Now some of the difficulty for them might be okay, I’ve got to, maybe they might be worried about, I’ve got to run a full node to do this. And how do you do that now? I guess for me, some of the ways that I’ve been going about this is I might tell them, okay, as an example, you can run a pruned node on your existing laptop or PC.

Stephan Livera:

You don’t even have to go and get a Raspberry PI. You can just try it Stepan Snigirev has that website, prunednode.today. That’s one example. And then you can do that with spectral or in other ways, maybe you can get the Raspberry PI setup. You can do an Umbrel or a myNode or a RoninDojo or a Raspiblitz or nodl. What are some of your tips when you are out there, or if you have customers and they come to you and they’re like a bit more newbie, how do they learn how to use a Coldcard?

NVK:

I normally would send them to Electrum just because for all its flaws, it is sort of like plug and play. You can just sort of like get running there’s privacy considerations in there. And we’re very clear about that. If they want to, what’s cool now is that blue wallet is now on desktop. We send a lot of people to blue wallet. I asked the Nunes and the blue wallet team, they are looking into adding USB support to Coldcard. So then as much as I prefer people use it air gapped, our USB protocol is fairly tight. And I think it’s a good set of trade-offs for a new person starting. Beause I want people to get used to holding your own money. I want them to get used to doing Bitcoin transactions.

NVK:

Once they build a confidence, it’s going to be a lot easier and self evident to them what next steps they should take. We sponsor some and KIS, so Keep It Simple Bitcoin. He has a lot of amazing videos explaining every single step. Some of them are a little bit complicated. Some of them are great and simple. I think Matt Odell has like really good noob friendly. I call them like a whole banana explanations of things where he’ll take you from ordering the device to checking the device, to setting up the nodes, setting up the wallet and going through the whole shebang, Citadel, Livera’s company has like some really good information on that too. It’s just like the wealth of knowledge is huge. No single solution will be the best solution for everybody. I think people really need to learn to research because if you taking things at face value you have a lot more room to get screwed.

Stephan Livera:

Yeah. It’s ultimately a personal responsibility culture. While there are many of us in this space trying to make the education accessible to people, it sometimes you still have to, you have to go and you have to find those people. So we do want to do what we can.

NVK:

Yeah. It’s not easy, there’s a lot of people who sort of scream from the soap boxes. I’m an expert, I’m a security expert you know what I mean, like do the thing I told you to do, and they’re not necessarily providing the solutions that most people would sort of suggest.

Stephan Livera:

Yeah. Because ultimately it is always about trade-offs and again nothing’s perfect, but ultimately I think those of us who are in the space trying to teach people. It’s ultimately about trying to give them a reasonable balance between usability and security and just while at the same time, getting people to take that incremental step. Okay. I’m on the exchange. At least get off the exchange, even if it’s imperfect, just get off the exchange and then okay. Take the next step and so on. And I think that’s kind of, that’s been the approach that I’ve been taking when I’m out there teaching new Bitcoiners. But part of it is I see it as it’s like choosing the right tool for the job. You have to try to understand what is their need, what is their use case, right. If they want a day-to-day spending wallet, well, then you probably want to get them on lightning. But if they want a cold storage, which is most people you’ve got to get them on a hardware wallet. So it’s just choosing the right tool.

NVK:

Yeah. And then like, and then people have different security considerations. Some people live in dangerous places. People live in not so dangerous places. People have different amounts of money. Some people don’t have as many concerns about say using a multisig service, like Casa and Unchained. Because their coins are already doxxed like people have different needs. We can’t just like, sort of bang this idea into the scream this idea out to the world where it’s like, everybody has to do this right now. There is no single solution. We just know that most people will be well served with a Hardware Wallet. But is that for everybody? No Is multisig as a service or a phone wallet good for other people. Yes. I think it’s important to just give people sort of like all the options they have that are safe and explain the trade-offs of each.

Stephan Livera:

Excellent. Well, look, I think we’re coming up to the hour, so it’s probably a good point to wrap up. So if you’ve got any closing thoughts for the listeners and of course tell them where they can find you online.

NVK:

Yeah. Wow. Can’t believe it’s been an hour. Been talking, I think today for eight hours on a clubhouse. Yeah. No, it’s a, I’ve been spending a lot of time there answering questions, the noobs it’s a lot of fun. So yeah, you can find me on Twitter @nvk . You can find the stuff that we do CoinKite.com You can find my security preference for most people @bitcoinsecurity.guide. And yeah. Don’t get caught up in the drama in regards to your security.

Stephan Livera:

Fantastic. Thanks very much NVK.

NVK:

It’s a pleasure!