Author

Topic: Advice for Offline Storage – Detailed How To: Help! (Read 1460 times)

copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
More answers from more people please!

Apparently the long version is to long...

Also if I was to download for e.g. multibit to my computer, take the computer offline and install+create a wall via USB, is there still a possibility of the private address being hacked if there was a trojan or keylocker on my computer beforehand, even though I created everything offline and via my USB?
No

Can a keylogger implant itself into my USB via software like multibit?

Yes, a very good written one.

Would I see any strange file, or increase in file size?

The signature would not match (see Multibit dl section)

Or would the logger just wait until I am online again with the USB and then send the private key to whoever?

Please help anyone! Grin

Yes, this is possible. However the usuall attacker is not the NSA [1], or at least I hope so for you.

[1] https://en.wikipedia.org/wiki/Stuxnet
newbie
Activity: 24
Merit: 0
More answers from more people please!

Also if I was to download for e.g. multibit to my computer, take the computer offline and install+create a wall via USB, is there still a possibility of the private address being hacked if there was a trojan or keylocker on my computer beforehand, even though I created everything offline and via my USB?

Can a keylogger implant itself into my USB via software like multibit? Would I see any strange file, or increase in file size?

Or would the logger just wait until I am online again with the USB and then send the private key to whoever?

Please help anyone! Grin
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
-snip-
So you say: we can't make offline wallet 'cause you have to get the block chain. Well thats true ,but then why there are many tutorials about it?

Nope, there are wallets that work fine without blockchain. The offline machine does not need to know how much bitcoins are where. AFAIK it does not even need a single block from the blockchain. Its sole purpose is to sign the TX. It just holds the private keys, safely.

My problem with this setup is that its the same machine offline and online the only difference is one time you boot from CD (which you can not keep updated - which might be important) and one time you boot from HDD. Its very easy to forget a step with such a setup. You forget to remove the HDD cable, you forget to remove the Ethernet cable etc. pp. And -if I understood this correct- the idea is that the TX is made, signed and broadcasted from the "offline" system that boots from CD. Which makes it an online system, which requires security updates, which are a pain in the ass for CDs. Broadcasting the TX must be online otherwise its useless. Yes its hard to manipulate an OS that boots from CD, but if you want to know how long an old OS with internet access holds, try running a WinXP (no ServicePack(!)) machine with direct internet access for 5 minutes. While your boot CD OS might not be as extreme as the old WinXP, it will be next year or the year after.

Are there many tutorials that require you to get the entire blockchain for the offline system? I doubt that.

You need the blockchain on your online system, NOT on your offline system. It makes no sense to have it on the offline system. It cant update the blockchain anyway without going online. Well there are these people who are thinking about broadcasting the blockchain via DVBT, which might be something else, but thats not something people use allready.

Again proper offline storrage with the ability to spend the coins require:

- online machine with updated blockchain or client that has direct access to blockchain data. This machine has no private keys, but knows which addresses (watch only mode) to watch in order to use the correct inputs. Here you create a TX, but since you dont have a private key to sign it - and thus make it legit - you copy the unsigned TX to your offline machine and later (see below) after you got it signed you broadcast the signed TX. If this machine gets attacked, the attacker has nothing to gain. The private keys are in another castle.

- offline machine that is airgapped and under perfect circumstances was never online. No patches, no extra software that does not come with the OS. Usually this is not possible because you need at least the wallet software. Thus these are usually made online and then physically taken off every network. Best use would be a machine without any wireless hardware. No WLan, no Bluetooth, just an Ethernet port. Here you take the unsigned TX (with an USB device, Floppy, CD, type it yourself) load it with the wallet, enter your password (still recommended to have one) and sign the TX. The now signed TX is transfered back to the online OS and broadcasted. This machine can only be attacked via the data transfer mechanism of your choosing. If you e.g. choose to type the data from your online machine by hand into your offline machine, there is no way a virus can infect this machine as long as the attacker has no physical access.
sr. member
Activity: 364
Merit: 250
First buy a new pendrive not have to be big like a 256MB will do it. Don't plug it in to your pc! Get a CD then download a live cd (any linux can do it). Boot from it then make a virus test then get multibit. Create a new wallet to your pendrive and you're done. And remember NEVER PUT THIS PENDRIVE TO YOUR NORMAL Operation System only to the live cd.
Armory will need the original Bitcoin-QT that download the block chain so if you want it then you will need a larger pendrive 32GB minimum recommended. https://blockchain.info/charts/blocks-size

How do you do transactions with this setup?

From the linux live cd. You write down you address to a paper.

So its just another online wallet that is on a CD? Topic is offline storage. I dont see how your idea fits in if you just have a CD to boot from on your regular online machine. Well the flaws I see:

- the CD will never have security updates unless you install them after booting or create new updated CDs on a regular basis. So in order to be up to date with possible critical update you have to go online
- the CD will not (at least as you describe it) include multibit so you need to download and verify Multbit every time
- live linux from a CD/DVD is slow as hell. Id say with updates youd need ~2-3 hours to make a TX. Experiences might differ on different systems
-The live CD would access the HDD (with your regular online OS) which could in turn infect the "clean system" and make all the precautions useless. Its in the tin foil hat area, but a possible attack.
- you have a single source of failure. If the USB stick dies your coins are gone.

So you say: we can't make offline wallet 'cause you have to get the block chain. Well thats true ,but then why there are many tutorials about it?
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
First buy a new pendrive not have to be big like a 256MB will do it. Don't plug it in to your pc! Get a CD then download a live cd (any linux can do it). Boot from it then make a virus test then get multibit. Create a new wallet to your pendrive and you're done. And remember NEVER PUT THIS PENDRIVE TO YOUR NORMAL Operation System only to the live cd.
Armory will need the original Bitcoin-QT that download the block chain so if you want it then you will need a larger pendrive 32GB minimum recommended. https://blockchain.info/charts/blocks-size

How do you do transactions with this setup?

From the linux live cd. You write down you address to a paper.

So its just another online wallet that is on a CD? Topic is offline storage. I dont see how your idea fits in if you just have a CD to boot from on your regular online machine. Well the flaws I see:

- the CD will never have security updates unless you install them after booting or create new updated CDs on a regular basis. So in order to be up to date with possible critical update you have to go online
- the CD will not (at least as you describe it) include multibit so you need to download and verify Multbit every time
- live linux from a CD/DVD is slow as hell. Id say with updates youd need ~2-3 hours to make a TX. Experiences might differ on different systems
-The live CD would access the HDD (with your regular online OS) which could in turn infect the "clean system" and make all the precautions useless. Its in the tin foil hat area, but a possible attack.
- you have a single source of failure. If the USB stick dies your coins are gone.
sr. member
Activity: 364
Merit: 250
First buy a new pendrive not have to be big like a 256MB will do it. Don't plug it in to your pc! Get a CD then download a live cd (any linux can do it). Boot from it then make a virus test then get multibit. Create a new wallet to your pendrive and you're done. And remember NEVER PUT THIS PENDRIVE TO YOUR NORMAL Operation System only to the live cd.
Armory will need the original Bitcoin-QT that download the block chain so if you want it then you will need a larger pendrive 32GB minimum recommended. https://blockchain.info/charts/blocks-size

How do you do transactions with this setup?

From the linux live cd. You write down you address to a paper.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
First buy a new pendrive not have to be big like a 256MB will do it. Don't plug it in to your pc! Get a CD then download a live cd (any linux can do it). Boot from it then make a virus test then get multibit. Create a new wallet to your pendrive and you're done. And remember NEVER PUT THIS PENDRIVE TO YOUR NORMAL Operation System only to the live cd.
Armory will need the original Bitcoin-QT that download the block chain so if you want it then you will need a larger pendrive 32GB minimum recommended. https://blockchain.info/charts/blocks-size

How do you do transactions with this setup?
sr. member
Activity: 364
Merit: 250
First buy a new pendrive not have to be big like a 256MB will do it. Don't plug it in to your pc! Get a CD then download a live cd (any linux can do it). Boot from it then make a virus test then get multibit. Create a new wallet to your pendrive and you're done. And remember NEVER PUT THIS PENDRIVE TO YOUR NORMAL Operation System only to the live cd.
Armory will need the original Bitcoin-QT that download the block chain so if you want it then you will need a larger pendrive 32GB minimum recommended. https://blockchain.info/charts/blocks-size
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Hi guys,

Below is a rough guide for what I believe to be a good way to buy and secure your bitcoins. I think one of the main reasons for why there is uncertainty around bitcoin is due to the nature of the internet and the potential security flaws it can create i.e hackers etc.

Can you guys read through what I have written below and possibly answer my question? It will help me and many others who are trying to enter the bitcoin market, but do not want the possibility of losing their BTC.

So here we go:

You want to buy Bitcoins and store them safely.

The process requires buying bitcoins from an exchange, and then sending the bitcoins to an offline wallet, so your safety cannot be compromised.

Step 1:

Before you do anything, complete a thorough malware scan with an accredited piece of anti-virus software. While you’re doing this, you might as well just clean all the crap out of your computer.

Question: Which software would you guys recommended? At the moment I have McAfee Live, but reviews suggest it only catches roughly 98% of new malware.

I am confused. You are talking about offline storrage. Is this for the offline system or the online system? Anyway. There is no good anti malware or antivirus software. They can only catch what has been found.


Step 2:

Firstly download Multibit (or Armory) to your computer.  Multibit is a piece of software created to manifest a wallet ID, along with extra encryption, which you can store offline.

Question: Which software is better, or do they basically do the same thing?


Armory requires bitcoin core resp. bitcoind which requires a full blockchain. Again I am writing while reading this, so I am not sure if you are on your offline or your online system. If you just want a quick wallet setup to send the coins to cold storrage armory is not what you want. Armory however can be good if you use it as well on the offline system as it allows watch only wallets. AFAIK Multibit does not yet support watch only addresses.

Step 3

Once downloaded, take the computer offline. Then install the Multibit software to a directory on your USB, which must be new so you are certain there are no types of malware on the USB.

Paranoid level: tin foil hat - new USB sticks could also have hardware trojans/keylogger/malware installed.

Also make sure the USB package has not been tampered with.

Can be done durring production/before packaging.

The reason you take the computer offline after the download is so that when you install and subsequently create a wallet from your USB, there is no internet connection, meaning there is no chance of ‘prying eyes’ on the creation of your wallet and its subsequent information that you want to keep to yourself.

You have now installed the multibit software onto your computer (which is offline), so the next step is to create a new wallet. Just hit ‘create new wallet’ and there you go. You now have an offline wallet, from which you can receive coins only. For added protection, encrypt the wallet with a password of your choice, and remember/write down this password.

Questions:

•   Can you send coins from the offline wallet?

Nope, you need to create a TX on an online machine, transfer it to the offline machine for signing, transfer it back for broadcasting.

•   Is there any other way a hacker could access your wallet offline now?

Well, does the hacker know where you have your machine? For your everyday malware writer an offline machine is not reachable. Depending on your paranoia level it is not safe. Someone could sneak into your home while you are not there and install a keylogger on your offline machine, etc. pp.

•   If I was to reconnect my wallet to become a ‘hot’ or now online wallet temporarily via my USB to send coins, am I not temporarily at risk?

Yes, you need to keep your online machine safe as well. A way to prevet problems is if you use different OS for cold and hot storrage. E.g. if you use a Mac for your everyday online work and you have your watchonly wallet on a Mac, use Linux for cold storrage. Very few (if any) malware can work in both systems.

•   Can you only send coins through the wallet, i.e need access to the wallet to send coins, or does someone just need my private key only?

Private key is all you need. The signature provided by the private key is what allows anyone to spend the coins accociated with it. However it is not possible for someone to just generate one of your private keys by accident. The only way currently for this to happen is if your random number generator is very bad.

•   If I were to plug in my USB into another infected computer, is my wallet safe as long as the wallet is encrypted? Will I know or see any other files on my USB to signal a virus/malware implant if another computer was infected?

Yes, as long as it is encrypted and your password is reasonably strong you are safe. 9 symbols take ~1.2 million years to bruteforce IIRC. Id suggest a password/-phrase of 20 or more symbols though. Make sure its not something you use elsewhere or can easily guessed.


Step 4

Copy all of this information into a physical format, i.e. using paper and pen, and store this somewhere safe. This is so that if you lose your wallet information or your USB screws up for some reason, you still have your wallet information, allowing you to access your bitcoins. In the unfortunate case that this does happen, create a new wallet using the steps already mentioned, and transfer your bitcoins to the new uncorrupted wallet. It would also be wise to have a spare USB with the information. Overall this = 2 USB’s + 1 paper format.

Question: Which USB would you recommend? How about a USB with a pin, so if you USB were to be used by someone else, they would not be able to connect it to any computer without permission i.e the PIN code, therefore reducing the chance of the USB becoming infected.

IMHO thats overkill. Either you know your online machine is infected and you dont use the USB stick or you dont and you remove the security anyways. Also keep in mind to make regular backups if you are using multibit as newly created addresses need new backups. Something like electrum where you only need to backup a seed once might be more easier to handle esp. when backing up to paper.

Step 5

Register with an exchange depending on your location (may take a few days), buy some bitcoin, transfer to your wallet using the public address and you are done.

Question: Which secure exchange can I use if I am from the United Kingdom or New Zealand? Is there a global exchange present at the moment?

Thanks for reading and I look forward to your responses.

Kash

AFAIK bitstamp is located in the UK, but most (if not all) allow international money deposits. There is a list somewhere with an overview, I did a quick search but didnt find it. The big ones are basically those that are listed on bitcoinwisdom.
newbie
Activity: 24
Merit: 0
Hi guys,

Below is a rough guide for what I believe to be a good way to buy and secure your bitcoins. I think one of the main reasons for why there is uncertainty around bitcoin is due to the nature of the internet and the potential security flaws it can create i.e hackers etc.

Can you guys read through what I have written below and possibly answer my question? It will help me and many others who are trying to enter the bitcoin market, but do not want the possibility of losing their BTC.

So here we go:

You want to buy Bitcoins and store them safely.

The process requires buying bitcoins from an exchange, and then sending the bitcoins to an offline wallet, so your safety cannot be compromised.

Step 1:

Before you do anything, complete a thorough malware scan with an accredited piece of anti-virus software. While you’re doing this, you might as well just clean all the crap out of your computer.

Question: Which software would you guys recommended? At the moment I have McAfee Live, but reviews suggest it only catches roughly 98% of new malware.

Step 2:

Firstly download Multibit (or Armory) to your computer.  Multibit is a piece of software created to manifest a wallet ID, along with extra encryption, which you can store offline.

Question: Which software is better, or do they basically do the same thing?

Step 3

Once downloaded, take the computer offline. Then install the Multibit software to a directory on your USB, which must be new so you are certain there are no types of malware on the USB. Also make sure the USB package has not been tampered with.

The reason you take the computer offline after the download is so that when you install and subsequently create a wallet from your USB, there is no internet connection, meaning there is no chance of ‘prying eyes’ on the creation of your wallet and its subsequent information that you want to keep to yourself.

You have now installed the multibit software onto your computer (which is offline), so the next step is to create a new wallet. Just hit ‘create new wallet’ and there you go. You now have an offline wallet, from which you can receive coins only. For added protection, encrypt the wallet with a password of your choice, and remember/write down this password.

Questions:

•   Can you send coins from the offline wallet?
•   Is there any other way a hacker could access your wallet offline now?
•   If I was to reconnect my wallet to become a ‘hot’ or now online wallet temporarily via my USB to send coins, am I not temporarily at risk?
•   Can you only send coins through the wallet, i.e need access to the wallet to send coins, or does someone just need my private key only?
•   If I were to plug in my USB into another infected computer, is my wallet safe as long as the wallet is encrypted? Will I know or see any other files on my USB to signal a virus/malware implant if another computer was infected?

Step 4

Copy all of this information into a physical format, i.e. using paper and pen, and store this somewhere safe. This is so that if you lose your wallet information or your USB screws up for some reason, you still have your wallet information, allowing you to access your bitcoins. In the unfortunate case that this does happen, create a new wallet using the steps already mentioned, and transfer your bitcoins to the new uncorrupted wallet. It would also be wise to have a spare USB with the information. Overall this = 2 USB’s + 1 paper format.

Question: Which USB would you recommend? How about a USB with a pin, so if you USB were to be used by someone else, they would not be able to connect it to any computer without permission i.e the PIN code, therefore reducing the chance of the USB becoming infected.

Step 5

Register with an exchange depending on your location (may take a few days), buy some bitcoin, transfer to your wallet using the public address and you are done.

Question: Which secure exchange can I use if I am from the United Kingdom or New Zealand? Is there a global exchange present at the moment?

Thanks for reading and I look forward to your responses.

Kash
Jump to: