Topic: . (Read 64469 times)
TrueCrypt vs. Offline wallet. I think for both you should have a computer that has never had any connection to the internet or local network. (Which is kinda impossible).
But even so you'll need to get TrueCrypt or any offline wallet generator from the internet on to that computer somehow.
I think that this a way to do it:
Using a Linux live CD distro on a dedicated computer without any harddrive in it or any other storage attached to it.
Get a brand new trusted brand USB stick and store your tools from the internet on there using this Live Linux environment. You'd only have to do this once. Never plug it into any other computer.
Then shutdown the pc entirely, unplug the networkcable, boot into Live Linux again so that anything that was loaded in the RAM during the previous online session gets erased.
And then use the tools offline.
But even so you'll need to get TrueCrypt or any offline wallet generator from the internet on to that computer somehow.
I think that this a way to do it:
Using a Linux live CD distro on a dedicated computer without any harddrive in it or any other storage attached to it.
Get a brand new trusted brand USB stick and store your tools from the internet on there using this Live Linux environment. You'd only have to do this once. Never plug it into any other computer.
Then shutdown the pc entirely, unplug the networkcable, boot into Live Linux again so that anything that was loaded in the RAM during the previous online session gets erased.
And then use the tools offline.
This is just my purely subjective personal opinion but if I had a wallet with $100,000+ in it I would store it on a computer that had complete air gap security - not even an RS-232 link to an Internet-connected computer. I would want the ability to create offline transactions by hand-keying in the source and destination addresses and would broadcast the transaction by having the offline computer print a hard copy that another computer could scan in and upload to the network.
Well you can do that with Armory. It just might be quite a bit of handwriting (I think some transactions can be up to 10kB)...
However, I had considered the possibility of using webcams and QR codes. But that will turn into a mess of wires and complicated interfaces to deal with multiple QR codes, etc.
I believe the QR code spec allows up to about 2,000 reduced ascii characters (not bytes) per QR codes. Base91 appears to be the ideal encoding for QR codes. I know BeeTag on my Nokia 5230 had a software limitation of 250 characters. The smallest BitcoinJ transactions at the time tended to be a bit bigger than what my Nokia could handle, but that is solved easily enough by splitting up the tx across multiple QR codes, using as many character allowed by the spec, and/or storing some basic metadata in the QR code. In any case it would be a lot faster than typing. I estimate my reference implementation could handle transactions up a little over 64,000 bytes.
... of course, as I review this thread I see that even if the serial-port solution is done technically correct, there is likely to be mental discomfort with having a physical cable connecting the two systems. It definitely makes me uncomfortable, even if know that no electrons are flowing...
P.S. - I mislinked in my previous post, I was trying to link to my thread about improving offline wallets. Please go to that thread and revive it if you have more ideas for how to achieve a 100% solution that isn't too complicated.
P.S. - I mislinked in my previous post, I was trying to link to my thread about improving offline wallets. Please go to that thread and revive it if you have more ideas for how to achieve a 100% solution that isn't too complicated.
This is just my purely subjective personal opinion but if I had a wallet with $100,000+ in it I would store it on a computer that had complete air gap security - not even an RS-232 link to an Internet-connected computer. I would want the ability to create offline transactions by hand-keying in the source and destination addresses and would broadcast the transaction by having the offline computer print a hard copy that another computer could scan in and upload to the network.
Well you can do that with Armory. It just might be quite a bit of handwriting (I think some transactions can be up to 10kB)...
However, I had considered the possibility of using webcams and QR codes. But that will turn into a mess of wires and complicated interfaces to deal with multiple QR codes, etc.
This is just my purely subjective personal opinion but if I had a wallet with $100,000+ in it I would store it on a computer that had complete air gap security - not even an RS-232 link to an Internet-connected computer. I would want the ability to create offline transactions by hand-keying in the source and destination addresses and would broadcast the transaction by having the offline computer print a hard copy that another computer could scan in and upload to the network.
I think you're forgetting that Armory can be use, and should be used IMO, to create offline paper backups. Laminate a few of those suckers and store them in fireproof safes. If the the old computer you used, which may have had an active wallet on it, dies; then just grab another computer and one of your paper backups and your back in business.
Thank you for reminding me about another "attack vector" that I neglected.You'll also need to store the Armory source code as well as the source code of its tangled mess of dependencies, including the toolsets required to rebuild them. Or just buy a life insurance policy and a performance bond on Mr. etotheipi.
Sorry, but I have a feeling that explaining certain long-term attack vectors will look to much like a personal attack. I really don't want to go into that discussion.
2112,
I know what you're saying: it's improper to talk about "zero attack-surface" because there's always a vulnerability due to one of the assumptions made which isn't necessary true (unexpected software on the OS, improper software design, maliciously modified software, etc). But what solution do you recommend instead? Both, "what do you do right now to secure your coins" and "how do you improve the software to make it more secure"?
I am not sure if there's anything better than Armory for the first question, right now, in terms of being a solution that moderately-experienced users can use. The answer to the second question has been the topic of many discussions including this one where I sought input from other users on exactly this topic. I don't see any posts from you.
(EDIT: added the correct link to the previous paragraph)
You clearly have constructive input to add, so please do so on those threads. You are clearly very experienced and your input would be valuable so that stupid things don't happen. For reference, I am aware of various pre-installed tools for communicating via serial port -- and even IrDA could be used to initiate logins. I didn't mean to imply that all you need is a serial cable -- using the serial cable would come with a lockdown procedure. It would be for the really advanced users.
I heed your advice about claiming "zero attack vector", I should really be claiming that this is the "best solution currently available." It's certainly better than keeping an encrypted wallet on your online HDD.
P.S. -- One thing to clear up: paper backups for Armory are invaluable. You can print off multiple copies to protect against hardware failure, and any version of Armory can produce a raw list of private keys that could be imported into any other program. Agreed that old hardware is likely to fail, but new hardware fails too -- that's why there's such exhaustive backup features in Armory.
I think you're forgetting that Armory can be use, and should be used IMO, to create offline paper backups. Laminate a few of those suckers and store them in fireproof safes. If the the old computer you used, which may have had an active wallet on it, dies; then just grab another computer and one of your paper backups and your back in business.
Thank you for reminding me about another "attack vector" that I neglected.You'll also need to store the Armory source code as well as the source code of its tangled mess of dependencies, including the toolsets required to rebuild them. Or just buy a life insurance policy and a performance bond on Mr. etotheipi.
Sorry, but I have a feeling that explaining certain long-term attack vectors will look too much like a personal attack. I really don't want to go into that discussion.
I'm pretty sure that Mr. etotheipi is well meaning, but he is also very young and inexperienced. His advice about "attack surface" is generally right, but it just betrays his lack of experience.
1) Those who remember the old product called Laplink and its special "serial and parallel on both ends" cable will probably also remember the trivial procedure used to transfer Laplink from one machine to the other through that cable. Once you had Laplink on both machines you had access to all files on both machines.
2) Ten years old laptop computers frequently have IrDA (or other infrared) port. There wasn't many commercial products using those ports, but it was heavenly invention for hackers. Clever person could gain access to the other person's computer while siting right in front of him around the conference table during negotiations.
3) The biggest attack surface on 10 years old computers in not from hackers, but from your good old friend Murphy. If you plan on following his advice to store your valuable bitcoins on an old PC please buy at least 2 or 3 identical copies to have spare parts in case of inevitable component failure. Also make sure that either you know how to swap those parts or have a trusted person who could help you with that task.
This is pretty much close to a security theater performance art.
The constructive advice I could give is:
1) use modern computers, just learn how to boot them off the external drive or how to swap internal drives.
2) when storing on the hard drives learn about SmartMonTools (or other S.M.A.R.T. toolset), how to use them and how to interpret the results.
3) DVD-RAM is the only consumer-grade removable media technology with any track record of long-term reliability.
4) USB flash drives are to be trusted only if you also have access to the test and configuration application that is specific to the particular controller used in your flash device.
Thank you for reading.
1) Those who remember the old product called Laplink and its special "serial and parallel on both ends" cable will probably also remember the trivial procedure used to transfer Laplink from one machine to the other through that cable. Once you had Laplink on both machines you had access to all files on both machines.
2) Ten years old laptop computers frequently have IrDA (or other infrared) port. There wasn't many commercial products using those ports, but it was heavenly invention for hackers. Clever person could gain access to the other person's computer while siting right in front of him around the conference table during negotiations.
3) The biggest attack surface on 10 years old computers in not from hackers, but from your good old friend Murphy. If you plan on following his advice to store your valuable bitcoins on an old PC please buy at least 2 or 3 identical copies to have spare parts in case of inevitable component failure. Also make sure that either you know how to swap those parts or have a trusted person who could help you with that task.
This is pretty much close to a security theater performance art.
The constructive advice I could give is:
1) use modern computers, just learn how to boot them off the external drive or how to swap internal drives.
2) when storing on the hard drives learn about SmartMonTools (or other S.M.A.R.T. toolset), how to use them and how to interpret the results.
3) DVD-RAM is the only consumer-grade removable media technology with any track record of long-term reliability.
4) USB flash drives are to be trusted only if you also have access to the test and configuration application that is specific to the particular controller used in your flash device.
Thank you for reading.
I think you're forgetting that Armory can be use, and should be used IMO, to create offline paper backups. Laminate a few of those suckers and store them in fireproof safes. If the the old computer you used, which may have had an active wallet on it, dies; then just grab another computer and one of your paper backups and your back in business.
I'm pretty sure that Mr. etotheipi is well meaning, but he is also very young and inexperienced. His advice about "attack surface" is generally right, but it just betrays his lack of experience.
1) Those who remember the old product called Laplink and its special "serial and parallel on both ends" cable will probably also remember the trivial procedure used to transfer Laplink from one machine to the other through that cable. Once you had Laplink on both machines you had access to all files on both machines.
2) Ten years old laptop computers frequently have IrDA (or other infrared) port. There wasn't many commercial products using those ports, but it was heavenly invention for hackers. Clever person could gain access to the other person's computer while siting right in front of him around the conference table during negotiations.
3) The biggest attack surface on 10 years old computers in not from hackers, but from your good old friend Murphy. If you plan on following his advice to store your valuable bitcoins on an old PC please buy at least 2 or 3 identical copies to have spare parts in case of inevitable component failure. Also make sure that either you know how to swap those parts or have a trusted person who could help you with that task.
This is pretty much close to a security theater performance art.
The constructive advice I could give is:
1) use modern computers, just learn how to boot them off the external drive or how to swap internal drives.
2) when storing on the hard drives learn about SmartMonTools (or other S.M.A.R.T. toolset), how to use them and how to interpret the results.
3) DVD-RAM is the only consumer-grade removable media technology with any track record of long-term reliability.
4) USB flash drives are to be trusted only if you also have access to the test and configuration application that is specific to the particular controller used in your flash device.
Thank you for reading.
1) Those who remember the old product called Laplink and its special "serial and parallel on both ends" cable will probably also remember the trivial procedure used to transfer Laplink from one machine to the other through that cable. Once you had Laplink on both machines you had access to all files on both machines.
2) Ten years old laptop computers frequently have IrDA (or other infrared) port. There wasn't many commercial products using those ports, but it was heavenly invention for hackers. Clever person could gain access to the other person's computer while siting right in front of him around the conference table during negotiations.
3) The biggest attack surface on 10 years old computers in not from hackers, but from your good old friend Murphy. If you plan on following his advice to store your valuable bitcoins on an old PC please buy at least 2 or 3 identical copies to have spare parts in case of inevitable component failure. Also make sure that either you know how to swap those parts or have a trusted person who could help you with that task.
This is pretty much close to a security theater performance art.
The constructive advice I could give is:
1) use modern computers, just learn how to boot them off the external drive or how to swap internal drives.
2) when storing on the hard drives learn about SmartMonTools (or other S.M.A.R.T. toolset), how to use them and how to interpret the results.
3) DVD-RAM is the only consumer-grade removable media technology with any track record of long-term reliability.
4) USB flash drives are to be trusted only if you also have access to the test and configuration application that is specific to the particular controller used in your flash device.
Thank you for reading.
I love Armory, and I think it is the easiest possible solution for much of the current bitcoin crowd, but I think the time is approaching that we'll need to begin developing for our parents and less-tech-savvy friends. I know lots of people, even among my cohort, who don't have spare computers sitting around, and even if they did they wouldn't be able to setup an offline Armory wallet.
Edit: BTW, you've got PM.
Edit: BTW, you've got PM.
I whole-heartedly agree. My priority has been to make the functionality exist and accessible for those who want it. So far, I haven't seen cold-storage implemented anywhere else that isn't a complete PITA to use. In that sense, Armory is the perfect response to this thread, because you were already expecting to do 14 steps when you clicked on this thread
At least the steps for Armory cold storage are built into the interface, and lets you have a watching-only wallet...However, as you point out, absolute beginners would probably not figure this out. And to be fair, Armory is not designed, in its current state, to be a beginner's tool. Armory is intended to be the ultimate advanced-users' tool first, then I will work on networking-independence and standard-usermode to make it usable by new users. As long as you need the Satoshi client running in the background, there's no point in catering to beginners, yet...
I agree that a specialized piece of hardware would be nice, but there's a lot of flexibility in using a general purpose system that was about to be thrown out anyway.
Flexibility is nice but it also means more potential ways for a remote attacker to find an exploit. The lack of flexibility in a specialized device is a feature because it greatly reduces the attack surface.It might not be worth it for $1000 but a wallet with $100,000+ is a highly desirable target for someone to go after.
I agree with your sentiment. But a computer that has never touched the internet has no attack surface. The only attack vector is the autorun-USB vulnerabilities when using a USB key for moving tx data back and forth. It's a small surface, but it is theoretically exploitable. That's why I brought up the USB-serial connection, which reduces that attack surface to zero (barring compromised software updates), because there is no way to induce remote-code execution through the serial cable.
EDIT: last sentence is true given a couple basic precautions taken on the offline system. And the entirety of the above is true given that the software was designed "correctly."
I designed Armory specifically for the easiest cold storage capability possible. And most people either have an old spare laptop sitting around waiting to be junked, or can get one from a neighbor/friend/coworker for free. The program walks you through the process, and unlike other solutions, you get a watching-only wallet on your online computer so you can still generate addresses and monitor your balance and transactions, without the risk of someone getting the private keys.
I love Armory, and I think it is the easiest possible solution for much of the current bitcoin crowd, but I think the time is approaching that we'll need to begin developing for our parents and less-tech-savvy friends. I know lots of people, even among my cohort, who don't have spare computers sitting around, and even if they did they wouldn't be able to setup an offline Armory wallet.
Edit: BTW, you've got PM.
because there is no way to induce remote-code execution through the serial cable.
That's what has me worried. It's been a long time since we used dial up modems as a primary means of accessing the internet so how much attention has been paid to the OS serial port drivers and libraries with regards to security flaws? Can you prove there is no possible sequence of bits capable of exploiting a bug somewhere in the stack?In the case of Linux, wasn't the entire TTY layer recently rewritten? How much security auditing has been done on that, given that serial ports don't get a lot of use these days?
I agree that a specialized piece of hardware would be nice, but there's a lot of flexibility in using a general purpose system that was about to be thrown out anyway.
Flexibility is nice but it also means more potential ways for a remote attacker to find an exploit. The lack of flexibility in a specialized device is a feature because it greatly reduces the attack surface.It might not be worth it for $1000 but a wallet with $100,000+ is a highly desirable target for someone to go after.
I agree with your sentiment. But a computer that has never touched the internet has no attack surface. The only attack vector is the autorun-USB vulnerabilities when using a USB key for moving tx data back and forth. It's a small surface, but it is theoretically exploitable. That's why I brought up the USB-serial connection, which reduces that attack surface to zero (barring compromised software updates), because there is no way to induce remote-code execution through the serial cable.
EDIT: last sentence is true given a couple basic precautions taken on the offline system. And the entirety of the above is true given that the software was designed "correctly."
I designed Armory specifically for the easiest cold storage capability possible. And most people either have an old spare laptop sitting around waiting to be junked, or can get one from a neighbor/friend/coworker for free. The program walks you through the process, and unlike other solutions, you get a watching-only wallet on your online computer so you can still generate addresses and monitor your balance and transactions, without the risk of someone getting the private keys.
I agree that a specialized piece of hardware would be nice, but there's a lot of flexibility in using a general purpose system that was about to be thrown out anyway.
Flexibility is nice but it also means more potential ways for a remote attacker to find an exploit. The lack of flexibility in a specialized device is a feature because it greatly reduces the attack surface.It might not be worth it for $1000 but a wallet with $100,000+ is a highly desirable target for someone to go after.
I agree that you can install all sorts of extra stuff on the two systems to prevent most nastiness. But if users are storing $100,000+, they would prefer the 100% guaranteed solution, even if it's a little extra work and a few extra dollars.
If users really are storing $100,000+ there's no reason to use a general-purpose computer as an offline wallet. It seems like a dedicated hardware device should be able to be produced for less than the cost of two USB to Serial converters plus a PC. All it would need to do is receive unsigned transactions, wait for user input, sign the transaction, and return it.Yes and no.
(1) Such hardware devices do not exist yet
(2) Offline systems can usually be found for free, because even 10 yrs old with 256 MB of RAM will work
(3) A specialized hardware device may work, but will lack flexibility -- with the offline system you can import keys, juggle wallets, print backups, etc.
I agree that a specialized piece of hardware would be nice, but there's a lot of flexibility in using a general purpose system that was about to be thrown out anyway.
I agree that you can install all sorts of extra stuff on the two systems to prevent most nastiness. But if users are storing $100,000+, they would prefer the 100% guaranteed solution, even if it's a little extra work and a few extra dollars.
If users really are storing $100,000+ there's no reason to use a general-purpose computer as an offline wallet. It seems like a dedicated hardware device should be able to be produced for less than the cost of two USB to Serial converters plus a PC. All it would need to do is receive unsigned transactions, wait for user input, sign the transaction, and return it. @etotheipi
The offline computer can have an offline antivirus, anti-malware, anti-rootkit software installed. It is updated by virus definition files offline through the USB. Serial cables (as in the RS232?) are non-existent on modern computers and you can consider them obsolete.
Personally, I don't have enough bitcoins to justify an offline computer for the purpose of cold storage, and I think I know relatively enough about malware to prevent it from affecting my daily computer usage despite not having installed anti-virus software (they slow down my computer so much that I notice it.)
Your software is interesting though and I might just download and try it out.
The offline computer can have an offline antivirus, anti-malware, anti-rootkit software installed. It is updated by virus definition files offline through the USB. Serial cables (as in the RS232?) are non-existent on modern computers and you can consider them obsolete.
Personally, I don't have enough bitcoins to justify an offline computer for the purpose of cold storage, and I think I know relatively enough about malware to prevent it from affecting my daily computer usage despite not having installed anti-virus software (they slow down my computer so much that I notice it.)
Your software is interesting though and I might just download and try it out.
You can get USB-to-Serial-port converters for $10. One for each system and a null modem cable to hook'em together.
I agree that you can install all sorts of extra stuff on the two systems to prevent most nastiness. But if users are storing $100,000+, they would prefer the 100% guaranteed solution, even if it's a little extra work and a few extra dollars.
Please try it out and let me know if you have any issues or concerns. I'm always available to help
Jump to: