Yea exactly. What is the most secure setup in your estimation nostr:npub1lnms53w04qt742qnhxag5d6awy7nz6055flnmjkr6jg39hm86dlq7arrnt
If one is going full anal on security, the device would never have access to the internet.
The next step up/down would be the device has a dedicated mission and is only brought online to perform a single task and then powered off again.
For the 24/7 devices, all sensitive data needs to be encrypted and stored locally and accessed on a on-demand basis.
So the first one is doing PSTB on a dedicated machine using Ubuntu or some other distro? This is where you’d keep most of your bitcoin?
The second is the same as above but you don’t have to use PSTB.
But can’t hardware wallets be used in place of a dedicated machine? And don’t machines themselves even offline have certain attack vectors and vulnerabilities? (Though highly unlikely)
For the 3rd what’s your assessment of startOS? Thanks.
Sorry I forgot for this bit:
‘And don’t machines themselves even offline have certain attack vectors and vulnerabilities? (Though highly unlikely)’ you already spoke to in your earlier comment above, to which I was responding.
I'd recommend using a Linux distro but really any OS would work though. In my way of thinking the HODL wallet should always be offline with very few exceptions.
For me if I can minimize my dependency on hardware devices, that is where I want to be.
There isn't a 100% risk fee method that I'm aware of. It's game of reducing exposure.
I've not used startOS or similar software-in-a-box solutions. By using them your are trusting they covered all the bases in terms of securing the device.
It what’s the difference in putting your trust in an offline device and a hw wallet, that’s technically not online either right? Or, you don’t need the device you connect it to to be online when you do the business or use a camera on the device to do a PSTB?
A HW wallet is just protecting your seed phrase. I have many things that need protecting that are not seed phrases. I like one solution to rule them all.
