Pages:
Author

Topic: Can a factory reset computer be used for cold storage? (Read 2496 times)

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
just curious whats the purpose when you have paper wallets...
No one else can get the bitcoins stored on those paper wallets. That's one purpose.
member
Activity: 83
Merit: 10
just curious whats the purpose when you have paper wallets...
sr. member
Activity: 378
Merit: 250
FURring bitcoin up since 1762
It's important to wipe the hard disk and install a clean OS. If you want to be really safe, boot the computer by using a Linux live CD, create you wallet and write down the private key of your wallet by hand(!!!) Never connect the PC to the Internet while doing so, only after it has been shut down.
sr. member
Activity: 616
Merit: 250
u could just make a paper wallet? a bit easier  Cheesy
hero member
Activity: 882
Merit: 1000
Exhausted
On your laptop,  you can install a fresh copy of windows onto. With a copy replicated with an external hard drive on an offline computer . When  you restore this backup, you could still use the wallet.  Roll Eyes
disconnect from the internet, make a paper wallet and reinstall a new copy of windows.

Why would you use windows when you can use a much safer and open-source linux OS? Smiley
newbie
Activity: 6
Merit: 0
disconnect from the internet, make a paper wallet and reinstall a new copy of windows.
legendary
Activity: 1554
Merit: 1026
★Nitrogensports.eu★
I need to buy a new laptop anyway so I was wondering if I completely wipe my current laptop (It's a sony vaio) could I then use it as my cold storage laptop? I plan to make a large investment in bitcoins very soon and was wondering if factory resetting my current laptop would be sufficient in terms of security? Cheers.

Yes, but make sure that you don't connect it to the internet in the future.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
newbie
Activity: 14
Merit: 0
Download the package or installation files first. Put it on USB. Verify the GPG signatures or SHA1/MD5 hashes.

I need to connect to the internet to download the package and installation files from ubuntu software centre. I've spent hours looking at alternative methods like using synaptic and stuff to get an online computer to download the packages for you and transfer them via usb but they all require to be installed on the offline computer first, thus defeating the point! Sad
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Download the package or installation files first. Put it on USB. Verify the GPG signatures or SHA1/MD5 hashes.
newbie
Activity: 14
Merit: 0
Once I've installed the new ubuntu OS how in the world do I manage to install Armory without connecting to the internet. I've just spent the last 3 hours trying to figure this out again. It's driving me crazy. I don't understand why this isnt a widespread issue. Surely a lot of people use ubuntu for cold storage? Connecting to the net to install the package defeats the whole point of having never touched the net.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I use DBAN with plain zeros. It's a little bit faster.

In fact, if my whole offline drive is full disk encrypted (with truecrypt or diskcryptor), I just use DBAN on Zeros, wait until it reaches 1%, and then stop it.

Then I do the partitions, format, install, etc.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
-snip-

Thats extremely far fetched. What are the chances?

A laptop with wifi turned off (dont even need to remove the actual card for fuck sakes) will be safe unless you are someone like fucking Asagne or something.

100% is extreme, yes.

Whats the best DBAN method to use? PRNG stream?

For a magnetical HDD it does not matter nowadays. The old 7 times "rule" was made for disks with a wider track. Thus you can overwrite the disk with any data, 0's, 1's, random bits, your favorite dog pictures.

Edit: you could test how good DBAN works with DEFT [1]


[1] http://www.deftlinux.net/
newbie
Activity: 14
Merit: 0
Whats the best DBAN method to use? PRNG stream?
hero member
Activity: 672
Merit: 503
-snip-

1. Disconnect the laptop from internet.

2. Run Bitcoin-QT or some program to generate your address.

3. Send the wallet to an USB.

4. Remove the USB.

5. Ctrl+Shift+Del your wallet details from the laptop. If possible, format it once.

6. Connect your laptop to the internet and send bitcoin to your address, whose details are in USB.

7. Just keep the USB detouched from all internet connections... and you are safe Smiley

By the way, is this 100% safe?

Nope, an advanced trojan could be transmitted to the offline system via USB, snatch your private keys and call home when possible (e.g. using your online machine to broadcast the signed TX). So this might be compromised the moment you try to spend the bitcoins (e.g. connect the USB stick to an online machine). You also have a single point of failure (the USB stick) if it breaks your coins are gone.

On the other hand: nothing is 100% safe.



Thats extremely far fetched. What are the chances?

A laptop with wifi turned off (dont even need to remove the actual card for fuck sakes) will be safe unless you are someone like fucking Asagne or something.
newbie
Activity: 14
Merit: 0
Some malware have been known to cross or bridge the air gaps. But those are extreme.

To answer the question, I would probably nuke the old computer using DBAN (Darik's Boot and Nuke), with at least 1 full pass. Then I would create partitions or format it fresh.

I would not use a factory reset. I will just use a linux CD/DVD/ISO or even WinXP/7/8.1.

It's not ever going to connect to the internet right? So you don't need any other drivers. You don't even need the anti-virus stuff. The nice thing about ISO files is you can check the SHA256 or MD5 and know the installation media is clean. More or less.

Thanks for the DBAN tip and idea to just use a linux CD after verifying the sha256. That sounds like a much better idea. Yeah it's never going to connect to the net.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Some malware have been known to cross or bridge the air gaps. But those are extreme.

To answer the question, I would probably nuke the old computer using DBAN (Darik's Boot and Nuke), with at least 1 full pass. Then I would create partitions or format it fresh.

I would not use a factory reset. I will just use a linux CD/DVD/ISO or even WinXP/7/8.1.

It's not ever going to connect to the internet right? So you don't need any other drivers. You don't even need the anti-virus stuff. The nice thing about ISO files is you can check the SHA256 or MD5 and know the installation media is clean. More or less.
newbie
Activity: 14
Merit: 0
-snip-

So if your private keys are air gapped and if even using a usb to sign transactions isn't 100% safe, what is the alternative to signing transactions from an offline computer?

#1 QR Code, e.g. the bither app uses them
#2 sound [1]
#3 type the TX by hand, which is IMHO the safest way, unless your brain was hacked [3].  That level of security is almost never needed. On the other hand its not that hard unless you create a TX with 100 outputs/inputs. The nasty part would be the signed TX, which is just hex code and typos can happen easily.
#4 floppy [2]
#5 CD/DVD which is costly and has the similar problems USB has

Edit: In case this wasnt clear, I think for the majority of bitcoin users an USB stick is fine to transport data from cold to hot wallet. Not everyone needs/has a tinfoil hat.


[1] https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111
[2] https://bitcointalksearch.org/topic/is-old-35-floppy-safer-than-usb-drive-for-cold-storage-813295
[3] http://www.turnkeylinux.org/files/images/blog/i-know-kung-fu.jpg

What a fantastic post. The sound option is fascinating to read about. Thanks a lot!
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
-snip-

So if your private keys are air gapped and if even using a usb to sign transactions isn't 100% safe, what is the alternative to signing transactions from an offline computer?

#1 QR Code, e.g. the bither app uses them
#2 sound [1]
#3 type the TX by hand, which is IMHO the safest way, unless your brain was hacked [3].  That level of security is almost never needed. On the other hand its not that hard unless you create a TX with 100 outputs/inputs. The nasty part would be the signed TX, which is just hex code and typos can happen easily.
#4 floppy [2]
#5 CD/DVD which is costly and has the similar problems USB has

Edit: In case this wasnt clear, I think for the majority of bitcoin users an USB stick is fine to transport data from cold to hot wallet. Not everyone needs/has a tinfoil hat.


[1] https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111
[2] https://bitcointalksearch.org/topic/is-old-35-floppy-safer-than-usb-drive-for-cold-storage-813295
[3]
newbie
Activity: 14
Merit: 0
-snip-

1. Disconnect the laptop from internet.

2. Run Bitcoin-QT or some program to generate your address.

3. Send the wallet to an USB.

4. Remove the USB.

5. Ctrl+Shift+Del your wallet details from the laptop. If possible, format it once.

6. Connect your laptop to the internet and send bitcoin to your address, whose details are in USB.

7. Just keep the USB detouched from all internet connections... and you are safe Smiley

By the way, is this 100% safe?

Nope, an advanced trojan could be transmitted to the offline system via USB, snatch your private keys and call home when possible (e.g. using your online machine to broadcast the signed TX). So this might be compromised the moment you try to spend the bitcoins (e.g. connect the USB stick to an online machine). You also have a single point of failure (the USB stick) if it breaks your coins are gone.

On the other hand: nothing is 100% safe.



So if your private keys are air gapped and if even using a usb to sign transactions isn't 100% safe, what is the alternative to signing transactions from an offline computer?
Pages:
Jump to: