Thank God, someone is finally talking about this issue. Thank you Charles. Yes, even if you have a hardware wallet you need to secure the 24 keywords or all your cryptocurrency and your voting rights are gone when these are stolen. This is the real elephant in the room. Cryptocurrency will not gain world wide adoption until every person has an easy way to securely store their 24 keywords.
Charles provided us with a 1 1/2 hour class demonstrating his best compromise between security and convenience. It was not easy. Even Charles was not satisfied with his own presentation. What I saw in that video was not a solution. What I saw was a declaration of war! Finally someone important is addressing the issue which is keeping decentralized infrastructure from replacing the centralized.
Right up front Charles states that the very best security is an airgapped device but dismisses it as a solution that is only within the reach of government and large corporations.
The device is nothing more than an encrypted raspberry pi operating system on an encrypted SD card.
In other words you stick this card into any raspberry pi 2 (The pi 2 has no wifi or bluetooth) and you have a fully airgapped computer to do any kind of work you need to do. So what we are offering is not so much a device as a way of working because the devices you see are not required to do the work.
Cloning the encrypted SD card can be done right on the raspberry pi without connecting to any other devices so even cloning the encrypted SD card is an airgapped process. And the cloned cards can be sent to anyone for safe keeping in case your copy is destroyed. You can even leave these SD cards laying around your home because no one else can access the encrypted operating system without the password. If you become a refugee you can send these cloned encrypted cards to another country so that your money, identity, and property deeds are all safe and waiting for you. You can even swallow the tiny little cards if you need to.
Seen in this video or at the following link is a complete PGP course that I made which shows how to use the PrivateKeyVault for managing the 24 words and for sending an receiving encrypted files without breaking the airgap. What we are sending in the video is a secret cake recipe but it is understood that we are really talking about the 24 key words.
In this video we are using the PrivateKeyVault to make a transaction on the Ethereum blockchain without breaking the airgap. We could do this with Cardano just as well. In this video the PrivateKeyVault looks different but the electronics inside are the same.
Neither of these are the final version of the PrivateKeyVault. It is a work in progress. Soon we will make a smaller model that uses the raspberry pi compute module and with better battery power management including automatic safe shutdown in case battery power becomes too low. We will also be building in a custom analog keyboard for which keystrokes can not be logged and which can be verified secure simply by looking at it. But please keep in mind that all you need is any pi that has no radios in order to manage your 24 words securely. The way of working is more important than the actual device.
We would love to work with other people to continue development but until now no one has wanted to talk about the problem of securely managing the 24 words. Maybe now that Charles has started the conversation people may be willing to take a look at what we have made and what we are doing.
We want to collaborate with other people but good-natured competition is helpful for decentralization too. So we encourage people to use our work however they want. There is no need to give us any credit nor is there any need to pay us for the work we have done. We will all be richer in the ways that really matter when this problem is solved.
Thank you Charles for starting the conversation.
Just a few questions on Charles video, which I’ve watched more than once, to get my answers. I know he does mention to run as bootable usb’ but he’s also back and forth with lastpass. How do i use lastpass while in the workspace? Would it be a better idea to set up a “secure enclave” as a virtual machine? Also, I’m just having a play around with Kleopatra, Charles talks about hot/cold key pairs and it looks like it doesn’t need to be encrypted in that order. Is this the case?
good work by the way