Pages:
Author

Topic: BitVault LiveCD - Bitcoin Secure Transactions Environment - page 2. (Read 4873 times)

legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
Quote
If your private key would still be in memory the attacker would have to know first what to do with this "key"

.... well that would be the implicit assumption wouldn't it? Worms looking for bitcoin private keys anywhere they find them is the new background environment.

The current Malware is a Trojan and he's only looking for wallet.dat, I haven't heard of such worm reading your RAM for private key. If you find a link I will gladly read it and apply a proper solution to this problem.

... just looking ahead ... trying to think like a criminal.
newbie
Activity: 14
Merit: 0
Quote
If your private key would still be in memory the attacker would have to know first what to do with this "key"

.... well that would be the implicit assumption wouldn't it? Worms looking for bitcoin private keys anywhere they find them is the new background environment.

The current Malware is a Trojan and he's only looking for wallet.dat, I haven't heard of such worm reading your RAM for private key. If you find a link I will gladly read it and apply a proper solution to this problem.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo
Quote
If your private key would still be in memory the attacker would have to know first what to do with this "key"

.... well that would be the implicit assumption wouldn't it? Worms looking for bitcoin private keys anywhere they find them is the new background environment.
newbie
Activity: 14
Merit: 0

Liking these "Vault Environment" projects ... just watching.

So how sure are you that traces of the decrypted private keys are never left anywhere on the machine when you are all done? RAM, cache, buffers, etc? Isn't that somewhat hardware dependent? Be good if an embedded guy could have a look through it also.

Your TrueCrypt Container will remain on your USB key, you are using an instance of  TrueCrypt loaded inside your RAM to decrypt your container, then the program will mount a virtual drive for you so you can access your wallet, there is no interaction with your HDD. You could even boot up inside this LiveCD without your hard drive.

And is there some code that specifically scrubs the private keys out of RAM (and where-ever else) when you are done? probably just left to chance right?

When you are done with the LiveCD you will reboot inside your OS, your RAM will refresh and load your current OS, your container will be unmounted so there's no way to steal the wallet. If your private key would still be in memory the attacker would have to know first what to do with this "key"
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo

Liking these "Vault Environment" projects ... just watching.

So how sure are you that traces of the decrypted private keys are never left anywhere on the machine when you are all done? RAM, cache, buffers, etc? Isn't that somewhat hardware dependent? Be good if an embedded guy could have a look through it also.

Your TrueCrypt Container will remain on your USB key, you are using an instance of  TrueCrypt loaded inside your RAM to decrypt your container, then the program will mount a virtual drive for you so you can access your wallet, there is no interaction with your HDD. You could even boot up inside this LiveCD without your hard drive.

And is there some code that specifically scrubs the private keys out of RAM (and where-ever else) when you are done? probably just left to chance right?
newbie
Activity: 14
Merit: 0

Liking these "Vault Environment" projects ... just watching.

So how sure are you that traces of the decrypted private keys are never left anywhere on the machine when you are all done? RAM, cache, buffers, etc? Isn't that somewhat hardware dependent? Be good if an embedded guy could have a look through it also.

Your TrueCrypt Container will remain on your USB key, you are using an instance of  TrueCrypt loaded inside your RAM to decrypt your container, then the program will mount a virtual drive for you so you can access your wallet, there is no interaction with your HDD. You could even boot up inside this LiveCD without your hard drive.
legendary
Activity: 3920
Merit: 2349
Eadem mutata resurgo

Liking these "Vault Environment" projects ... just watching.

So how sure are you that traces of the decrypted private keys are never left anywhere on the machine when you are all done? RAM, cache, buffers, etc? Isn't that somewhat hardware dependent? Be good if an embedded guy could have a look through it also.
newbie
Activity: 14
Merit: 0
Thanks for your reply, when comes the time I will follow your advice it seems like a great idea. If you ever wish to participate in the project let me know.
Check: https://forum.bitcoin.org/index.php?topic=22128.0



yeah I just saw, if you find other people who would be interested to create this LiveCD, I will gladly help in the create and host it on my website. If not I will do it by myself but it might take a little while since I am really busy right now.
If you made one like how I described it would be pretty sweet! I'll be watching!!

I will do my best.
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
Thanks for your reply, when comes the time I will follow your advice it seems like a great idea. If you ever wish to participate in the project let me know.
Check: https://forum.bitcoin.org/index.php?topic=22128.0



yeah I just saw, if you find other people who would be interested to create this LiveCD, I will gladly help in the create and host it on my website. If not I will do it by myself but it might take a little while since I am really busy right now.
If you made one like how I described it would be pretty sweet! I'll be watching!!
newbie
Activity: 14
Merit: 0
Thanks for your reply, when comes the time I will follow your advice it seems like a great idea. If you ever wish to participate in the project let me know.
Check: https://forum.bitcoin.org/index.php?topic=22128.0



yeah I just saw, if you find other people who would be interested to create this LiveCD, I will gladly help in the create and host it on my website. If not I will do it by myself but it might take a little while since I am really busy right now.
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
Thanks for your reply, when comes the time I will follow your advice it seems like a great idea. If you ever wish to participate in the project let me know.
Check: https://forum.bitcoin.org/index.php?topic=22128.0
newbie
Activity: 14
Merit: 0
I saw on your website you may be planning a linux cd. If so I'd consider Tiny Core Linux.
With it, you could have a download of ONLY 30 MB iso! That's with Bitcoin and a GUI. It would be easy to have something where the cd boots and prompts user to insert usb stick. Once usb is recognized Bitcoin is lauched and block chain copied off of usb stick and encrypted wallet copied and prompts for gpg password. Once done it could re-copy blockchain onto usb and update the encrypted wallet. Since there is almost no other software on it it, there would be less exploitable bugs.

Thanks for your reply, when comes the time I will follow your advice it seems like a great idea. If you ever wish to participate in the project let me know.
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
I saw on your website you may be planning a linux cd. If so I'd consider Tiny Core Linux.
With it, you could have a download of ONLY 30 MB iso! That's with Bitcoin and a GUI. It would be easy to have something where the cd boots and prompts user to insert usb stick. Once usb is recognized Bitcoin is lauched and block chain copied off of usb stick and encrypted wallet copied and prompts for gpg password. Once done it could re-copy blockchain onto usb and update the encrypted wallet. Since there is almost no other software on it it, there would be less exploitable bugs.
newbie
Activity: 14
Merit: 0
I subscribing to this thread.  When anyone tries it out, please respond and give feedback.

If you have any questions do not hesitate to ask me.
sr. member
Activity: 434
Merit: 252
youtube.com/ericfontainejazz now accepts bitcoin
I subscribing to this thread.  When anyone tries it out, please respond and give feedback.
newbie
Activity: 14
Merit: 0
I strongly recommend you apply Sipa's import/export patch, so that bitcoin addresses with their private keys can be exported and/or re-imported.

Could you please provide me a link? I will look into this.

http://forum.bitcoin.org/?topic=3906.0

Thanks, so it does only support this client version 0.3.20 ?
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
I strongly recommend you apply Sipa's import/export patch, so that bitcoin addresses with their private keys can be exported and/or re-imported.

Could you please provide me a link? I will look into this.

http://forum.bitcoin.org/?topic=3906.0
newbie
Activity: 14
Merit: 0
I strongly recommend you apply Sipa's import/export patch, so that bitcoin addresses with their private keys can be exported and/or re-imported.

Could you please provide me a link? I will look into this.
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
I strongly recommend you apply Sipa's import/export patch, so that bitcoin addresses with their private keys can be exported and/or re-imported.
newbie
Activity: 14
Merit: 0
The recent security concerns related to Bitcoin gave me the idea to create a LiveCD where you can do safe transactions without worrying about being infected by the trojan infostealer.Coinbit or being spied by anyone.

Features :
                                              -Use TrueCrypt to access your encrypted Wallet
                                              -If you wish you can surf the web anonymously with JonDoFox
                                              -You can use the client MegaIRC and join your favourite Bitcoin irc channel
                                              -You can also use the calculator to help you in your transactions
                                              -You can connect to the internet with OpenVPN (not yet implemented)
                                              -Block-chain already pre-loaded inside BitVault - you can manually update it
                                              -BitVault Wizard, easy step by step with almost no interaction from the user which install and configure
                                               the bitcoin client for you!




If you wish to know more about BitVault features, method of work and download link, please read this page : http://kittybomber.com/BitVault

I am also seeking volunteer to help me out with this project, read this page for more information : http://kittybomber.com/BitVault_dev


Please give me feedback and if you wish to see something implemented inside this LiveCD let me know!

EDIT:

-Added a new Bitcoin client support from coderrr : http://forum.mtgoxlive.com/showthread.php/11-Patching-The-Bitcoin-Client-To-Make-It-More-Anonymous
 - Please read this page if you wish to use this client http://www.kittybomber.com/config_guide

Feel free to donate : 1D5BjvQi7kGPUBpumWsN7kJ63hixEJcfFW
Pages:
Jump to: