Today, the usage of public hardware wallets is really unsafe. Hackers can get access to your money when you update software, download the wallet on your PC, they can even duplicate your private key. We investigate solutions that can help you to avoid hacking and store your money safely.
Do you use hardware wallets and truly believe that you can safely store cryptocurrencies there? Trezor, Ledger, Keepkey – the list of wallets is endless, but the question arises: Have you ever wondered why there are so many companies eager to organize a “safe” storage of your funds?
Perhaps this article will make you think hard about how safely you are storing your own cryptocurrency savings and open your eyes to proprietary hardware wallets.
What is a hardware wallet?
A hardware wallet is a portable device that allows you to secure the cold storage of your cryptocurrency savings, i.e. Store private keys on a device that doesn’t interact with the Internet, thus eliminating the possibility of compromising and leaking keys. In this case, the data on the device must be stored in encrypted form, so that even if you physically lose the device, no one will be able to get access to it.
When working with proprietary wallets, you expose yourself to the following risks:
Software update. You can never be truly sure, even if you do an accurate code review of each new firmware update, that there won’t be any malicious components that secretly leaked your private keys.
Not all the wallet’s firmware has the open source code. And even if the firmware is in open source, there is no way to verify that this exact firmware is installed on the wallet. Also, some people generally buy used wallets on eBay and other resources, and they don’t figure out what kind of firmware is installed in the wallet.
Installing the wallet’s software on your computer. To interact with the device, you’re required to install software on your computer. This software can not only leak private keys from the hardware wallet, but it can also leak other information and keys from your computer.
It is not known how the seed and private keys are generated. The private key must be generated through a random process and it should be impossible to generate a particular key more than once. However, there are many cases when these processes are not random – at times,.They can be pseudorandom. That means that the initial state and the generator algorithm are allowed to create a key more than once. For this reason,wallet manufacturers can lay a seed generator of phrases that will generate pseudorandom keys which can be selected with a non-zero probability, knowing the generation algorithm.
Someday BTH will cost so much that it would be more profitable for hardware wallet manufacturers to create firmware that steals money from wallets of users and then just disappear, rather than trying to earn more money by manufacturing more hardware wallets. The creation of your non-proprietary hardware wallet will protect you against issues like this because you control all the manipulations in firmware and software.
Now I bet you’re wondering,“how can I ensure the cold storage of my cryptocurrency?”? The answer is very simple, you should make your own hardware wallet. It’s not as difficult as it sounds.
Reload the Mac, holding down the “Alt” key. The device selection screen for downloading should appear. Choose the type of UEFI.
After starting from the boot flash drive stick our future crypto flash drive. And begin the installation of Ubuntu. You need to run the installer via the console without installing the bootloader:ubiquity –no-bootloader, otherwise the installer will overwrite our OsX loader:
Choose the item “something else”:
Find the test drive and click “New partition table”.
Next,, create two partitions, the first 100MB, which has the type “EFI System Partition” with gpt for loading, and the second one 7000mb with the mount point “/” and the ext4 file system for the operating system and all other data.
The flash drive will have the following structure:
We use the minimum number of partitions for more optimal use of the site, without taking to separate / home and / boot partitions. Then, at the remaining space you can create a partition with any convenient file system. For example, you can create hfsplus for access from the poppy and Ubuntu at the same time.
Then, click “install now”. Don’t worry about no swap partition – it’s not necessary.
When you reach the creation of the user account, do not forget to check the box “Encrypt my home folder”. This is one of the levels of encryption and, accordingly, the protection of our private keys.
Click ‘Next’ and wait until the installation is complete.Then reload the PC and press Alt when the computer starts to get to the boot menu. There, select “Efi boot”, i.e. our boot flash drive. The idea is to use the grub bootloader from this flash drive but to boot from the newly created one, because we did not install the bootloader on a crypto drive. When loading, immediately start pressing “c” and get into the console grub:
Then, we need to select a new root partition. Look for our crypto flash drive:
You can check if it’s the required flash drive by looking at the contents/home because we remember the name of our user:
grub> ls (hd2,gpt2)/home
If there are several sections like this, then look here:
grub> ls (hd2,gpt2)/boot/grub
We should see this on a crypto flash drive. Remember the name of the partition and point the bootloader at this root partition:
grub> set root=(hd2,gpt2)
Look at the UUID of our section:
grub> ls -l (hd2,gpt2)
Partition hd2,gpt2: Filesystem type ext* 〈…snip…〉 UUID e86c20b9-83e1-447d-a3be-d1ddaad6c4c6 – Partition start at […]
And specify it in the kernel options (the kernel version is not known in advance so use the auto completion by pressing Tab):
grub> linux /boot/vmlinuz<нажимаем tab>.efi.signed root=UUID=(specify the UUID from the previous command, without brackets)
Similarly, specify initrd:
grub> initrd /boot/initrd〈press tab〉
After the first successful boot, using the grub boot drive, we need to install the bootloader on the crypto drive. To do this, change the type of efi partition to apple / hfs +, format it in HFS +, and install the bootloader directly.
We prepared a script that automates the entire process. It is enough to create the file install_boot.sh and copy the text of the script into it using any text editor, for example, nano install_boot.sh.
#Define the name of the flash drive by the name rootfs