Vintage Mac as Crypto-currency Tool

[bigmessowires]

I was inspired by another thread discussing the emerging (?) use of vintage computers for privacy reasons, due to their immunity to modern spyware and malware and other unknown malicious stuff. So here's one concrete example. 

Let's say you want to get into Bitcoin. You could create an account with an exchange like Coinbase. But if you're paranoid, you may worry that Coinbase is going to steal your money, or it will get hacked, or a key logger will steal your Coinbase password. 

To be more secure, you could create your own Bitcoin wallet, using a tool like bitaddress.org. At its heart a Bitcoin wallet is just two large numbers, a public one and a private one. You could print these two numbers on paper and put them in a safe. But how do you generate the numbers, and how do you print them? The computer you use for those steps might have some spyware on it that steals your private key.

Enter the vintage Mac. Assuming you accept the premise that something like a Mac IIsi is incapable of being infected with dangerous spyware (vintage 90s viruses notwithstanding), then you could do the whole process on the Mac. The calculations for public and private key numbers from bitaddress.org are done entirely on the client side in Javascript, so there's no risk of them being intercepted. You could even disconnect from the internet after navigating to the web page, but before generating the numbers. Then print out the info on your Imagewriter II, and you're good to go. Give the public key to other people so they can send you Bitcoin funds, use the private key if you ever want to spend your coins.

The only problem I see is that a web browser old enough to run on a vintage Mac may be incapable of running the Javascript necessary to generate the key numbers. I don't know the details, but it's just math, so it should be possible on an old Mac even if it's slow. Maybe an enterprising vintage Mac software developer could write a Bitcoin keygen app that supports the Mac 128K.



This is a real Bitcoin paper wallet, generated by bitaddress.org. No, it does not have any coins in it, nor do I plan to use it now that I've published the private key. But it gives you an idea for how this could work. The graphics are just to make it look pretty, and the only information that really matters are the two numbers "bitcoin address" and "private key". The two QR codes encode the same information in a way that's easier to enter into other software, should you ever need to do that. 

 

[Cory5412]

http://www.righto.com/2017/07/bitcoin-mining-on-vintage-xerox-alto.html- possibly relevant.

Generating SSH keys on 68k Macs is said to take a long time, I can't imagine that generating a bitcoin address will be much better.

I don't know how this improves security if you're going to mine and use your wallet on a modern machine anyway.

 

[bigmessowires]

This has nothing to do with bitcoin mining. It's for secure cold storage of bitcoins, with high confidence that your private key is not compromised by some spyware on your computer, because the key never touched the internet or any hardware less than 30 years old. Your private key need never touch a modern machine until/unless you want to spend the coins. And even then, there are work-arounds involving off-line transaction signing. 

The speed of address generation isn't really important, since it's something you would only ever have to do once. On a modern machine it's essentially instantaneous, so even if the vintage Mac were thousands of times slower, it would still only take a few seconds or minutes at worst.

 

[luckybob]

So, you are putting your money into a machine that has a high chance of failure?

exactly what made you think this was a good idea?

 

[Cory5412]

What if you just run normal security products on your machine and make regular backups of it?

On the whole, running Windows Defender on a Windows 10 system that you allow to patch itself is more likely to leave you as secure or more secure (in the "access" sense) than having an old Mac do this task.

 

[bigmessowires]

Are you familiar with how Bitcoin works? The vintage Mac would not store or any money, or store anything at all. It would be used once only, to generate a public/private key pair and print them out. This is called a paper wallet, and is fairly common. After that point, the vintage Mac could fail or be destroyed and it wouldn't matter, because any coins you own would exist in the public blockchain, not on the Mac or the paper. To spend the coins, you would need the private key printed on the paper.

Yes, in real life a modern machine with reasonable security would also be fine. It's what people use every day for online banking, after all. An air-gapped PC could work too, because even if some malware on it stole your private key, it could never transmit that information to anyone if it weren't on a network. That's why I said this idea was for super-extra-paranoid folks. Even the most patched Windows 10 system with the best firewall etc is still susceptible to some small risk of new, unknown malware. The NSA has made it their business to develop such stuff, and now that it's leaked out, we've seen the consequences. Meanwhile the vintage Mac hardware and OS is mostly too simplistic to be capable of getting infected by similar stuff, so it's essentially immune by design.

 

[Trash80toHP_Mini]

Cool stuff!

It's almost too bad I don't have anything of import to hide on such a rig, but I'd be on that like white on rice if I did!  [}] ]'> I'd dedicate the good 'ole DA/466 under its lowest possible OS install to a task like that if a 68K under something older and barely adequate to the task wouldn't work.

I wonder if it's possible to write a modern worm or the like that would get past the latest rev of Disinfectant on 68K?

 

[luckybob]

I have hardware that supports virtualization and I use it often.  I did play with bitcoin for a bit, In fact I used it to buy an ati 7970 for xfire goodness.  I can setup a small XP or win7 box, encrypt the drive image, and have better security than an old mac in my mind.  Not going too far into it, but I use a win7 virt-box for testing software that I download via bittorrent to test for bad stuff.

 

[Floofies]

I think it is a bad idea, but also a dangerous thing to try in JS on an old Mac.

Since you probably won't be using a secure SSL algorithm (or even HTTPS at all), all information (That includes your private key and ECDSA hash) can absolutely be intercepted through many different attack vectors. For example if the owners of bitaddress.org haven't enabled HSTS (which would deny you access), then someone can easily launch a MITM attack which would enable any number of backdoors and code injection, made even easier due to how vulnerable old versions of JS are. The older versions of JS allow cross-origin XMLHttpRequests, which means some guy can just inject some code that sends both your private key and hash to him via HTTP. Even with cross-origin requests disabled, the nature of plain HTTP + a MITM attack means you have no real way of knowing what it is your computer is communicating with, which could just as easily be an impostor of the site you're trying to access.

This is also technically infeasible in old JS, as you need to be able to perform mathematical operations on very large unlimited-size integers called bigints, which require their very own support logic even in modern JS. The ECDSA algorithm is barely a concern at all, it's the support logic you need to even run the numbers in the first place. We're talking a lot of advanced academic algorithms and polyfills, written in a hobbled barely-workable language, re-written in an incredibly old implementation of that language. If you are dead-set on making it, I would make a black-box C++ class with a single simple public interface to run the ECDSA hashing. You will need advanced knowledge of mathematics and computer science to get this done on a humble 68040. This would be a little bit easier on a 64-bit Power Mac G5, which doesn't remove the prior concerns but does make it easier to work with the math involved.

 

[bigmessowires]

Since you probably won't be using a secure SSL algorithm (or even HTTPS at all), all information (That includes your private key and ECDSA hash) can absolutely be intercepted through many different attack vectors. For example if the owners of bitaddress.org haven't enabled HSTS (which would deny you access), then someone can easily launch a MITM attack...

The entire key generation calculation runs on the client. There's no communication with any remote server, except to initially download the javascript. As I mentioned in the first post, you can even disconnect from the internet before locally running the javascript to create the public/private key pair. So https and MITM attacks are a total non-concern. If you don't trust the javascript, you can inspect it before running it. But if you don't trust the javascript, then doing this process on a modern PC isn't going to be any better. Doing it on a vintage machine at least provides higher confidence there isn't some nefarious local process watching what you're doing. That is my main point.

You will need advanced knowledge of mathematics and computer science to get this done on a humble 68040. This would be a little bit easier on a 64-bit Power Mac G5, which doesn't remove the prior concerns but does make it easier to work with the math involved.

I wasn't proposing to write my own Bitcoin implementation from scratch - there are already code examples for generating a public/private key pair. I have a really hard time believing that a 68040 is somehow incapable of doing the necessary calculations. Sure it may be slow, but this is a one-time calculation, not a mining rig optimizing for hashes per second. It's not like key generation requires some special processor features or something - it's just C++ code that does a lot of integer arithmetic.

 

[Floofies]

I'm glad you mentioned trust, as it seems this mystery spyware has yet to be described, and definitely changes what you can trust in this type of situation. I'm not arguing any specific point here, but I think it would be cool if we laid it all out so we can fully describe the nature of the threat. Let's say someone is designing spyware to transmit specific information out of your network, which means they are specifically targeting that information or even the individual. Such spyware will likely send telemetry to it's owner via a periodic check-in. Once it has checked in, the attacker is then able to more directly target your entire network, as such an agent would quickly discover other devices also connected to your network, enabling an attacker to totally control non-SSL connections between devices. Even an IDS only barely protects you in this situation if the spyware has already made it past the IDS. All this means is if you have spyware specifically targeting your ECDSA hash, then you have the potential to be much more compromised. Getting a call from your bank would be an eventuality.

As for technical feasibility, I do have some energy to argue about it since academic algorithms is an enjoyable subject for me. I did mention this would be possible/easier in C++ even on an 040, so I'm not sure why you're arguing as if I stated it was incapable; or that it would be a full Bitcoin implementation. Prior to my other reply, I read the existing implementations for generating the ECDSA hash for a bitcoin wallet in JS, including bitaddress.org. I knew what all the requirements were, and what it is versus what it is not. I read the source code of the bigint implementation they use, and components like the elliptic curve algorithm, as well as Scrypt. I did my due diligence and research before replying to you at all, so what you read was my full personal expectation of the cost/benefit ratio and work involved. As far as having "higher confidence" goes, the easiest option would be either a Raspberry Pi with the JS sneaker-netted over to Node, or some other modern machine that is known to be clean; basically anything that runs the version of JavaScript capable of running the code. If you disagree, that is okay and I certainly respect your opinion, but I can't help wondering why someone would go through so much trouble when an easier solution exists.

Just so you get my tone, I think it would be really cool if someone managed to get this working in C++ on an 040. It would mean you could also implement other secure hashing algorithms since you'd be using bigints and other important support logic at that point, so there is a lot of possibilities there. Imagine compiling a custom version of Mozilla or something, with full modern SSL support!

 

[luckybob]

I mean if you REALLY want to trust the machine making your keys/wallet/whatever you can always do the math by hand.  No calculators, just an abacus or slide rule and a bunch of paper.

Granted you would probably want to have a bonfire afterwards, should be fun!

 

[Scott Squires]

What if you just run normal security products on your machine and make regular backups of it?

On the whole, running Windows Defender on a Windows 10 system that you allow to patch itself is more likely to leave you as secure or more secure (in the "access" sense) than having an old Mac do this task.

Well, no. A network-connected computer can never be as secure as an air-gapped one.

Setting aside paper wallets for a moment to address this suggestion that a well-maintained PC is "good enough." If you have a small enough amount of bitcoin that it doesn't matter to you one way or another whether it gets stolen, then sure, a patched Windows 10 with Windows Defender is fine. If it would be a problem for you to lose your bitcoin, any personal computer is really a disaster waiting to happen. PCs (Macs, Windows, Linux, whatever) are fundamentally insecure. It is not uncommon for fully patched and protected systems to contract viruses and malware. Every malware and virus is going to be hunting for your bitcoin. Your un-rooted phone is a far more secure platform. And those with substantial amounts of bitcoin will already have a hardware wallet or be researching them.

A PC is considered secure enough for banking and such only because in the end it doesn't really matter if it gets compromised. Even if your identity gets stolen, life becomes really annoying, but otherwise there's a high chance that things will be fine. In the case of bitcoin, if you were storing it on your computer and it gets compromised, all that money is gone. Period.

 

[techknight]

You could always use a smartcard with a cryptoprocessor that is programmed to the task at hand. Nothing more secure than that. the ST19 is one I am familiar with and it has a 1024bit MAP crypto. There are newer ones out now sure, but ya know. You can use just about any embedded archetecture as long as its fast enough to do the math, or if it has a dedicated crypto unit. Don't really need an OS if you know how to manipulate the CPU/Hardware in a low-level way. 

 

[Cory5412]

I think a lot of how much security is important depends on evaluating the risk.

No networked computer is 100% safe, but if you're doing coin mining on a single Radeon R9-290 while you're at work, how big do you think the wallet really is? For that level of involvement, do you think it's worth investing in an entirely air-gapped computer?

And, at what point is it worth making sure the air-gapped computer is relatively modern, so as to make it easier to physically keep running?

I don't think the needs for the security of your wallet is going to be the same if you're running a large scale mining farm as if you're a person at home running mining on your gaming PC when you aren't using it.

Speaking of un-rooted phone/ipad environments, are there any tools for running bitcoin wallets on those types of devices? Those have the advantage of being portable, relatively easy to back up and encrypt, and generally relatively durable.

 

[Scott Squires]

Techknight, that is how hardware wallets work.

Cory, you seem to be stuck on the idea of mining. Most people who own bitcoin have never mined anything.

I agree that a modern air-gapped computer is better than a vintage one for maintainability.

There are many good mobile wallets. Mycelium, Copay, Airbitz, Breadwallet, etc.