Topic: BitVault LiveCD - Bitcoin Secure Transactions Environment - page 2. (Read 4859 times)

... just looking ahead ... trying to think like a criminal.

The current Malware is a Trojan and he's only looking for wallet.dat, I haven't heard of such worm reading your RAM for private key. If you find a link I will gladly read it and apply a proper solution to this problem.

.... well that would be the implicit assumption wouldn't it? Worms looking for bitcoin private keys anywhere they find them is the new background environment.

When you are done with the LiveCD you will reboot inside your OS, your RAM will refresh and load your current OS, your container will be unmounted so there's no way to steal the wallet. If your private key would still be in memory the attacker would have to know first what to do with this "key"

And is there some code that specifically scrubs the private keys out of RAM (and where-ever else) when you are done? probably just left to chance right?

Your TrueCrypt Container will remain on your USB key, you are using an instance of  TrueCrypt loaded inside your RAM to decrypt your container, then the program will mount a virtual drive for you so you can access your wallet, there is no interaction with your HDD. You could even boot up inside this LiveCD without your hard drive.

Liking these "Vault Environment" projects ... just watching.

So how sure are you that traces of the decrypted private keys are never left anywhere on the machine when you are all done? RAM, cache, buffers, etc? Isn't that somewhat hardware dependent? Be good if an embedded guy could have a look through it also.

I will do my best.

If you made one like how I described it would be pretty sweet! I'll be watching!!

yeah I just saw, if you find other people who would be interested to create this LiveCD, I will gladly help in the create and host it on my website. If not I will do it by myself but it might take a little while since I am really busy right now.

Check: https://forum.bitcoin.org/index.php?topic=22128.0

Thanks for your reply, when comes the time I will follow your advice it seems like a great idea. If you ever wish to participate in the project let me know.

I saw on your website you may be planning a linux cd. If so I'd consider Tiny Core Linux.
With it, you could have a download of ONLY 30 MB iso! That's with Bitcoin and a GUI. It would be easy to have something where the cd boots and prompts user to insert usb stick. Once usb is recognized Bitcoin is lauched and block chain copied off of usb stick and encrypted wallet copied and prompts for gpg password. Once done it could re-copy blockchain onto usb and update the encrypted wallet. Since there is almost no other software on it it, there would be less exploitable bugs.

If you have any questions do not hesitate to ask me.

I subscribing to this thread.  When anyone tries it out, please respond and give feedback.

Thanks, so it does only support this client version 0.3.20 ?

http://forum.bitcoin.org/?topic=3906.0

Could you please provide me a link? I will look into this.

I strongly recommend you apply Sipa's import/export patch, so that bitcoin addresses with their private keys can be exported and/or re-imported.

The recent security concerns related to Bitcoin gave me the idea to create a LiveCD where you can do safe transactions without worrying about being infected by the trojan infostealer.Coinbit or being spied by anyone.

Features :
                                              -Use TrueCrypt to access your encrypted Wallet
                                              -If you wish you can surf the web anonymously with JonDoFox
                                              -You can use the client MegaIRC and join your favourite Bitcoin irc channel
                                              -You can also use the calculator to help you in your transactions
                                              -You can connect to the internet with OpenVPN (not yet implemented)
                                              -Block-chain already pre-loaded inside BitVault - you can manually update it
                                              -BitVault Wizard, easy step by step with almost no interaction from the user which install and configure
                                               the bitcoin client for you!




If you wish to know more about BitVault features, method of work and download link, please read this page : http://kittybomber.com/BitVault

I am also seeking volunteer to help me out with this project, read this page for more information : http://kittybomber.com/BitVault_dev


Please give me feedback and if you wish to see something implemented inside this LiveCD let me know!

EDIT:

-Added a new Bitcoin client support from coderrr : http://forum.mtgoxlive.com/showthread.php/11-Patching-The-Bitcoin-Client-To-Make-It-More-Anonymous
 - Please read this page if you wish to use this client http://www.kittybomber.com/config_guide

Feel free to donate : 1D5BjvQi7kGPUBpumWsN7kJ63hixEJcfFW