Pages:
Author

Topic: A *realy* secure environment for Bitcoint client and private keys (wallet.dat) (Read 2732 times)

jr. member
Activity: 56
Merit: 1
Off topic but thought i'd ask...

If I uninstall Bitcoin and then re-install it, it still has my old wallet loaded... how come? Any way to stop this?

That is because it doesn't delete your wallet, that would destroy all the money in it if you didn't have a backup. Simple move the wallet and it should generate a new one.
full member
Activity: 372
Merit: 114
edit: deleteme wtf why can't I delete my post?
sr. member
Activity: 278
Merit: 251
Bitcoin-Note-and-Voucher-Printing-Empowerer
sr. member
Activity: 280
Merit: 250
Firstbits: 12pqwk
full member
Activity: 406
Merit: 100

--> updated version 0.3:
 http://www.filedropper.com/bitcoinsafeusagev03 (zip file with PDF and PGP signature)
Link still doesn't work from here.
Well, it works, but the downloaded file still isn't a zip file.
Edit: Turns out that you have to point your browser to: your filedropper and get the file from there.


Quote
In my view, to what I know today, the best candidate for such a future Bitcoin Client Linux Live CD Distribution (not intended for mining, just intended for "Bitcoin banking"!) is a fork of the Knoppix Linux distribution, because it provides all the elements that such a Linux distribution would need, namely an open source software basis, a Live CD oriented architecture and a 256 AES encryption for the persistent user data that is saved outside of the Live CD (that's also why descriptions on setting up a system based on Knoppix takes the largest room in my PDF guide).
I'm very happy with my tiny core linux VM with bitcoin client inside. Very small, very non-conventional, so very difficult to hack.  Cool
sr. member
Activity: 278
Merit: 251
Bitcoin-Note-and-Voucher-Printing-Empowerer
I just uploaded an updated version with some small fixes for consistency and some minor editorial changes to improve clarity.

I did this after reading through the complete document myself from the beginning to the end in one go.

Updated version 0.3:
   Zip file with PDF and PGP signature: http://www.filedropper.com/bitcoinsafeusagev03
   Just the PDF: http://www.scribd.com/doc/59249642/Bitcoin-Safe-Usage-v03
sr. member
Activity: 278
Merit: 251
Bitcoin-Note-and-Voucher-Printing-Empowerer
Hi Jack,

Your ~/.bitcoin/ directory is probably not deleted in the uninstall process. And that is the directory where the "wallet.dat" is located.

(in Windows or Mac the directory name reads different, but also something with "bitcoin" in it...)

If you remove the wallet.dat from that directory (plus the other files, which are also not needed any more), OR if you just rename the mentioned directory, and then start the Bitcoin client, it will create a brand-new wallet.dat.

Another possibility is to start the "bitcoin executable" with the command  line parameter "-datadir" to tell the bitcoin client that the data directiory should be at another location than the default one at ~/.bitcoin/

Code:
./bitcoin -datadir=/your_desired/data_directory/

I use this approach to have the data directory at a place inside an encrypted container file that is mounted by Truecrypt. When I close the bitcoin session and unmount the Truecrypt container, the wallet.dat is inside this container file and is not lying openly on the hard disk.

Michael
full member
Activity: 141
Merit: 100
Off topic but thought i'd ask...

If I uninstall Bitcoin and then re-install it, it still has my old wallet loaded... how come? Any way to stop this?
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
sr. member
Activity: 278
Merit: 251
Bitcoin-Note-and-Voucher-Printing-Empowerer
Hello together,

oh, indeed it seems that the original link does not work. Sorry for that! I uploaded it to two more places - they should work fine I hope:
 http://www.filedropper.com/bitcoinsafeusagev02
 http://www.scribd.com/doc/59238311/Bitcoin-Safe-Usage-v02
--> updated version 0.3:
 http://www.filedropper.com/bitcoinsafeusagev03 (zip file with PDF and PGP signature)
 http://www.scribd.com/doc/59249642/Bitcoin-Safe-Usage-v03 (PDF only)

To some of your questions above:

  • I am not implying that Linux or open source is automatically secure by itself just because it is Linux or open source. But I am saying that if you want to set up a secure system, then using an open source system is a precondition (and you have to do it correctly of course). Because with closed source, you can never know if there are backdoors/Trojans.
  • If you are afraid that the PDF I am linking to is somehow infected, I propose you boot from a Live CD like Knoppix or Ubuntu or almost any other of today's distros *after* having unplugged all hard drive cables from your computer system, and then print out the PDF. This would be the "paranoid secure mode" that I would well respect. In this particular case, I can just ensure that the PDF is clean. I wrote it with Open Office and printed it to a PDF printer on an Ubuntu 8.04 LTS which I hope (but I am not sure of course) that it is a "clean system".
  • I do not have the illusion that any single idea in my document is totally new. Probably every single aspect has been written down already sometime somewhere. But what is probably new is that you have everything compressed in one doc. So some readers (not all of course) might have another view on the topic after having read it, or get some new ideas at least. And of course, the concrete guide line given in the paper should help to setup a secure system step by step. The interested reader may want to print it out and use it as a tutorial when setting up his/her secure system for "Bitcoin banking" (not to be confused with systems for mining).

I think everybody who wants the Bitcoin project to succeed should be interested in that the Bitcoin Client is used in a secure way by as many people as possible, to avoid news like the recent "500.000 USD theft", which is counter productive to the Bitcoin project.

Finally, we should all realize that we, the participants in this forum, have different backgrounds, different knowledge and different views of what is secure. And we should respect other opinions, even if our own is a different one, and try to give reason why he have this or that opinion.
E.g., some people think that running bitcoin client in a VMware virtual machine is a means of increasing security; I have some doubts because VMware may contain Trojans since it is closed source. Some think that a Linux distro like "linuxcoin" is a good thing. I think it may be a good thing for MINING as of today, but otherwise only a good IDEA but not a good thing as of today, because it contains lots of proprietary software that cannot be excluded to contain Trojans that spy out your wallet.dat. But maybe one day we will really have a secure and slim Live CD-based 100% open-source Linux distro that is suitable for operating the Bitcoin client quite securely. I very much hope so.

In my view, to what I know today, the best candidate for such a future Bitcoin Client Linux Live CD Distribution (not intended for mining, just intended for "Bitcoin banking"!) is a fork of the Knoppix Linux distribution, because it provides all the elements that such a Linux distribution would need, namely an open source software basis, a Live CD oriented architecture and a 256 AES encryption for the persistent user data that is saved outside of the Live CD (that's also why descriptions on setting up a system based on Knoppix takes the largest room in my PDF guide).
full member
Activity: 168
Merit: 103
Speaking of secure private keys...

bcearl:
Have you seen the BOTG script I whipped up. I was wondering what your opinion was? So far, the only flaw I can think of is some type of virus in the BIOS? But I'd imagine one that could spy on the terminal script would be a pretty big feat? A regular keylogger wouldn't work since the user is actually writing it down manually. I guess the really paranoid could use a new computer...
A physical device of spying on you would work too but kind of rare...


I don't remember. If you give me a link, I will take a look.
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
Speaking of secure private keys...

bcearl:
Have you seen the BOTG script I whipped up. I was wondering what your opinion was? So far, the only flaw I can think of is some type of virus in the BIOS? But I'd imagine one that could spy on the terminal script would be a pretty big feat? A regular keylogger wouldn't work since the user is actually writing it down manually. I guess the really paranoid could use a new computer...
A physical device of spying on you would work too but kind of rare...
full member
Activity: 168
Merit: 103
Why? If you run VM it may be possible to read VM ram from outside. + Vmware has a suspend mode when it saves ram on HDD. Like hibernate on windows.

There is nothing you can do to protect a VM against the host. That's impossible because of the very principle of VMs. You can protect against the VM guest, not the other way.

Stop telling people that bullshit, VMs are not useful for Bitcoin.
newbie
Activity: 42
Merit: 0
Why? If you run VM it may be possible to read VM ram from outside. + Vmware has a suspend mode when it saves ram on HDD. Like hibernate on windows.
full member
Activity: 168
Merit: 103
or VM(heavily encrypted HD image, encrypt ram if possible).

Most stupid statement ever!



If you don't know, shut the fuck up and don't confuse other noobs.
newbie
Activity: 42
Merit: 0
As I imagine "Perfect bitcoin wall", linux is a good choice. By linux I understand bare minimum for console bitcoin client.
Linux core + bare minimum to run bitcoin + firewall that blocks everything except bitcoin client. LiveCD or USB boot, or VM(heavily encrypted HD image, encrypt ram if possible).
Password to log in, pin for every action with bitcoin.
Couple of scripts:
Send N bitcoins to hardcoded spending wallet(password to change spending wallet address)
Move bitcoins to a new wallet. Maybe send bitcoins to the same wallet but new address(will it work and do the trick?)
Maybe simple unicode GUI.

Almost impenetrable by conventional means. Especially if done without VM.
newbie
Activity: 26
Merit: 0
having no contact to another potentially insecure operating system running on the same computer

Are you implying that Linux is not potentially insecure? That is as ignorant as the "Macs don't get viruses" statement I hear from 70 year old ladies. IMHO, Linux is a bad choice for someone who is not savvy or experienced with it. I agree that what you are proposing is a good idea, but could be disasterous for non Linux users. I look at Linux as the OS that assumes you know what you are doing. As the teacher of my first Unix class told us "Unix usually wont stop you from doing something stupid."

Not promoting Windows or any other OS (I like Linux) just poining something out.
full member
Activity: 168
Merit: 103
Careful lol, PDF's can contain nasty things to...not saying it does I'm just not gonna be the one to find out

Yeah, that's why the PDF reader of Ubuntu isn't even allowed to open a URL in a browser.
legendary
Activity: 2940
Merit: 1333
You zip file seems broken.

I tried downloading it twice, and got the same both times - a tiny text file with an error from woofiles in it:

Code:
$ cat Bitcoin_Safe_Usage_v02.zip


Warning:  fclose(): supplied argument is not a valid stream resource in /srv/www/lighttpd/woofiles/includes/HTTPDownload.class.php on line 191

newbie
Activity: 32
Merit: 0
Careful lol, PDF's can contain nasty things to...not saying it does I'm just not gonna be the one to find out
Pages:
Jump to: