. | Bitcointalksearch.org

Skrivitor

newbie

Activity: 34

Merit: 0

Quote from: 01BTC10 on March 22, 2012, 08:13:12 AM

If your host is compromised a virtual machine is not that good. A live USB linux distros that you boot only to use your wallet would do better.

Okay, so a separate box partitions the security. Maybe a RaspberryPi (or similar) box that is only booted when transacting with the Bitcoin wallet.

Interactions with the wallet box could be done using Teamviewer or similar remote desktop, that would make the UI a lot like a Virtual machine. Would you enable Wake on Lan in the wallet box to make it convenient to initialize?

anu

legendary

Activity: 1218

Merit: 1001

RepuX - Enterprise Blockchain Protocol

Quote from: Ender985 on March 22, 2012, 08:11:27 AM

However after thinking about it for a while, probably the safest way to generate a truly 'safe wallet' would be to use a live-cd ubuntu, as someone in this board already suggested, since it makes it irrelevant if your original OS is already compromised, generate a bunch of receive addresses, and then take the wallet.dat, encrypt it and spread it around. If you ever need to send coins from that wallet just fire a live-cd again, use that wallet.dat and then, as you suggest, throw it away and start a new one.

A live CD probably fits the definition of dedicated machine. It's your taste if you want to encrypt your wallets. You may also use paper backups and store them into a safe. I use deterministic wallets for cold storage and keep the seed phrase only in my head. Steal it from there!

01BTC10

vip

Activity: 756

Merit: 503

If your host is compromised a virtual machine is not that good. A live USB linux distros that you boot only to use your wallet would do better.

Ender985

newbie

Activity: 3

Merit: 0

[redacted]

anu

legendary

Activity: 1218

Merit: 1001

RepuX - Enterprise Blockchain Protocol

It's a sensible approach to run a wallet for day-to-day use with only an amount on it you can afford to loose.

But if you have large amounts in cold storage, use only a dedicated machine not connected to the net. Have multiple wallets on it and when you use one wallet to send Bitcoins, empty it completely and throw it away.

(In case you are wondering - there is no need to connect a wallet to the Internet to send money to it. Only to send money from it.)

jake262144

full member

Activity: 210

Merit: 100

Quote from: Ender985 on March 21, 2012, 08:11:12 PM

...
As far as I understand, installing a clean OS is one of the best ways to guarantee you are not already compromised by trojans or keyloggers and, if your real OS gets compromised, they would have a hard time reaching inside the virtual machine and getting to the wallet.
...

Actually, you have it all backwards: a compromised host OS might very well have access to each and every file in the virtual machine - it's only a matter of what capabilities the malware has.
Your approach raises the bar by making your machine non-standard, but no VM vendor can guarantee that the clean virtual machine will remain safe when ran on a compromised system.
While an additional degree of security is certainly nice to have, you should not depend on it.

Virtual machines are usually deployed in exactly the opposite scenarios: to contain a threat and prevent it from leaking to the host OS.

Jello

newbie

Activity: 10

Merit: 0

If your (main OS) gets compromised, wouldn't the hacker still have access to your wallet?

Red Emerald

hero member

Activity: 742

Merit: 500

You should look at armory. The offline transactions keep your private keys from ever being on a system that is connected to the internet. It means you need 2 computers, but it is the most secure way to keep your coins.

guruvan

hero member

Activity: 532

Merit: 500

To properly have an online vps wallet seems a little cumbersome to do safely. And prone to attract thieves (as per the Linode heist a few weeks ago). I'd certainly not keep any more money in it than absolutely necessary. (BTC40K+ was a lot of money)

I'd prefer to be in a position to completely monitor all network traffic in or out if I need to handle any significant amounts of funds.

Unless I need it to accept payment as a merchant, I'd rather have a little pocket change in a phone or laptop, and keep other monies offline, in encrypted containers (backed up into differently keyed containers)

Armory looks very promising when it gets out of alpha for offline storage.

Skrivitor

newbie

Activity: 34

Merit: 0

Does anyone have experience with Box.net? 5 to 50GB free.
I think my strategy will be to have a USB drive with a VirturalBox linux/wallet.
I will need a good sync solution for the wallet to the cloud. It would really suck to transfer all your coins over and forget to back it up.

amytron

newbie

Activity: 28

Merit: 0

I'm going to do that with mine

ELT

newbie

Activity: 14

Merit: 0

A friend of mine did something similar, but I would rather just use a spend wallet and a savings wallet that sits offline somewhere. I am moving towards splitting of the two wallets like that. Again, the computer with the VM gets stolen then its no different than just being on your computer in a sense.

Xanax

newbie

Activity: 28

Merit: 0

I don't any point to or not to. Huh

Haplo

full member

Activity: 168

Merit: 100

Hrm dunno, that would probably work but then you still have the problem of having your hardware stolen. I'd prefer storing my "main" wallet compressed/encrypted somewhere on a random server in timbuktu where nobody would ever look. Hell you could even just leave it (without identifying marks) in an email file in a random email account in the timbuktu of your choice and do just fine. That way your money isn't tied up with your physical location or other passwords.

Ender985

newbie

Activity: 3

Merit: 0

[redacted]

Topic: . (Read 1452 times)