Glacier is a protocol for secure cold storage of bitcoins. https://glacierprotocol.org
Part of it comes from trusting the review process of Glacier, but a big part comes from limiting the attack surface. If someone were able to compromise GlacierScript, there's not much they could do, since GlacierScript has no control over where its inputs come from, or where its outputs go to. After building a transaction with GlacierScript, you scan out the transaction and send it to coinb.in for validation and broadcast.
So in order for the attacker to extract any info, they would need to compromise both GlacierScript (at the time you build your APP USBs), and coinb.in (at the time you build your withdrawal).
Although -- there is one form of attack that might be possible, a "chosen nonce attack", where the signatures in the transaction can reveal a part of your private key. If the attacker could compromise GlacierScript to create such signatures, they could scan the blockchain for your withdrawals and possibly determine your private key. Since Glacier reuses addresses, this could be effective.
I don't think such an attack is possible IF you use an uncompromised Bitcoin Core for signing transactions. And GlacierScript does so, and it has been reviewed and audited by many people (including myself), so I am confident in its security.
Note: any wallet system will have the same kinds of attack vectors. In this regard, Glacier is better than any other system I'm aware of.
Good question. That comes from GlacierScript itself, specifically this code here: https://github.com/GlacierProtocol/GlacierProtocol/blob/bda9582eda7280f6b154d63eb1c5359ab76fe369/glacierscript.py#L635
Which, if compromised, could generate keys known to the attacker.
But in your view, have even the latest releases Of Glacier been reviewed thoroughly enough to support the idea that the code remains well-reviewed? I know many people reviewed and commented on earlier versions, but that enthusiasm from some of the other contributors dropped off over time. What would keep someone from slipping something malicious into the code now that not as many people are looking? Are all modifications to the code, however small, closely monitored?
You can look at the history of PRs to confirm this: https://github.com/GlacierProtocol/GlacierProtocol/pulls?q=is%3Apr+is%3Aclosed
For anyone who might have private keys stored in bank safe deposit boxes as part of their Glacier Protocol, here's something to consider - I was granted access to my safe deposit box yesterday while wearing a medical mask. I was never asked to remove the mask so that they could verify my identity. Granted, I did still have to show my ID and had to have the key to my box, but it was still a bit shocking. Any person with similar physical characteristics to me could have pulled this off if they had my ID and safe key. This helped me understand that bank safe deposit boxes aren't as secure as I once believed them to be.
I have tested GlacierScript with Bitcoin Core v0.20.0rc2 (upcoming release). No changes needed. (Although, thanks to bug #38, Glacier is broken anyway, and nobody seems to care.)
Guess I have to go through updating to the latest Bitcoin Core. Thanks for this https://gist.github.com/bitcoinhodler/8be823fae7b46e924caa594abdde3bd0 @bitcoinhodler you contribution is very much appreciated.
And thanks for pointing out issue #14, must be this. I'll test it later this week.
I've added a warning to my gist to be careful and do your own research. Don't blindly trust those instructions. They have not been reviewed by the wider Glacier community (if there is such a thing) and if I wanted to be malicious I could direct you to download a hacked Bitcoin Core that sends all your coins to me.
@hellosa-sa Not with its current release because this still uses Bitcoin Core 0.13.x. If you update the app USB following @bitcoinhodler‘s gist you‘ll be able to send to bech32 addresses. I tested this. https://gist.github.com/bitcoinhodler/8be823fae7b46e924caa594abdde3bd0
I've tested Glacier with the upcoming Bitcoin Core 0.21 release. We require changes to be compatible. I opened a new PR: GlacierProtocol/GlacierProtocol#80
This only affects creating new App USBs. If you already have App USBs, or if you use my gist (which installs Bitcoin Core v0.19.0.1) to create new App USBs, this does not affect you, and I know of no advantage to upgrading.
My glacier-psbt repo https://github.com/bitcoinhodler/glacier-psbt explains how to import a Glacier address into Bitcoin Core as a watch-only wallet. (It assumes you're comfortable with bitcoin-cli.)
Is it 'bitcoin-cli getrawtransaction "tx id"'
has anyone used more recent versions of ubuntu? alternatively, what about trying to get a specific update onto the permanently air-gapped hardware? My particular issue is I've got an inspiron 11 3000, and the trackpad driver doesn't work... it works for a second or two and then quits. luckily it's got 3 usb ports, so I could get a new wired usb mouse, but I hate the idea of having to use that and not being able to use the trackpad.
but that leads me to the second question of what if one were to need to load a newer version of bitcoin-core onto the air-gapped machine?
has anyone used more recent versions of ubuntu?
@SmeethRoger_twitter years ago I tried to update Glacier to use Ubuntu 18.04 (instead of 16.04) and found that the setup process required significant changes. On the setup PC, we download the Ubuntu ISO into ramdisk, then write it to the Q1 BOOT usb. Ubuntu got bigger between 16.04 and 18.04 and the 18.04 download wouldn't fit in the ramdisk anymore (on a 4GB laptop). I abandoned the project after realizing that.
You could conceivably copy any extra drivers needed onto the Q1 APP usb when you first create them, and add an extra step to the "Prepare Quarantined Workspaces" process to install that driver.
If you want a newer version of Bitcoin Core, you'd have to go back to the setup process and create new APP USBs. (No need to create new BOOT USBs.) But keep in mind that GlacierScript uses APIs in bitcoin-cli that sometimes change between versions, so changing the Bitcoin Core version might break GlacierScript. That's why I opened this issue: GlacierProtocol/GlacierProtocol#38
Also: Glacier Protocol is abandoned and broken. I wouldn't recommend anyone use it anymore.