Hi Bitcoin Reddit!
I’ve been reassessing my Bitcoin security practice and I’m trying to find flaws in my thought process and would like to hear your guys’ opinions.
Disclaimer: my current setup is pretty tech-heavy and definitely not for everyone. So if this sounds like alien language to you by all means move on to the next post :)
While I do realize the advantages of a cold wallet I feel the my setup does a decent job of mitigating most risks by using a combination of open source software and strong encryption.
Details:
-
Linux distro (void) using only open source software (reducing risk of spyware / malware)
-
All volumes are encrypted using LUKS (rendering theft of the computer useless)
-
Using open-source and PGP verified wallet (Wasabi)
-
Wallet seed (without the password) is backed up to a local
encfsvolume (file names + data encryption) and synced to the cloud (yes, cloud backup is a big no no but in my risk model losing the keys is also very high and since my cloud sync is encrypted locally before being uploaded I felt this is sufficiently secure).
With the above setup my machine can get stolen, my cloud data can be hacked and my funds will still be secure. Even in the very unlikely event someone has access to my mnemonic seed (say I leave my computer open after decrypting my data) they’d still need to have my BIP39 passphrase (which isn’t written anywhere) to access my wallet.
Thus my biggest risk is a targeted attack, some type of zero-day Linux/Firefox vulnerability that would install malware / rootkit / ransomware on my laptop. Given that I’m using a rolling release Linux distro and install security updates regularly that’s a risk I’m willing to take.
Any comments / responses are greatly appreciated.
No comments:
Post a Comment