just curious whats the purpose when you have paper wallets...
No one else can get the bitcoins stored on those paper wallets. That's one purpose. 
Topic: Can a factory reset computer be used for cold storage? (Read 2480 times)
just curious whats the purpose when you have paper wallets...
It's important to wipe the hard disk and install a clean OS. If you want to be really safe, boot the computer by using a Linux live CD, create you wallet and write down the private key of your wallet by hand(!!!) Never connect the PC to the Internet while doing so, only after it has been shut down.
u could just make a paper wallet? a bit easier 
On your laptop, you can install a fresh copy of windows onto. With a copy replicated with an external hard drive on an offline computer . When you restore this backup, you could still use the wallet. 
disconnect from the internet, make a paper wallet and reinstall a new copy of windows.
Why would you use windows when you can use a much safer and open-source linux OS?
disconnect from the internet, make a paper wallet and reinstall a new copy of windows.
I need to buy a new laptop anyway so I was wondering if I completely wipe my current laptop (It's a sony vaio) could I then use it as my cold storage laptop? I plan to make a large investment in bitcoins very soon and was wondering if factory resetting my current laptop would be sufficient in terms of security? Cheers.
Yes, but make sure that you don't connect it to the internet in the future.
Get it from here:
https://bitcoinarmory.com/download/
https://bitcoinarmory.com/download/
Download the package or installation files first. Put it on USB. Verify the GPG signatures or SHA1/MD5 hashes.
I need to connect to the internet to download the package and installation files from ubuntu software centre. I've spent hours looking at alternative methods like using synaptic and stuff to get an online computer to download the packages for you and transfer them via usb but they all require to be installed on the offline computer first, thus defeating the point!
Download the package or installation files first. Put it on USB. Verify the GPG signatures or SHA1/MD5 hashes.
Once I've installed the new ubuntu OS how in the world do I manage to install Armory without connecting to the internet. I've just spent the last 3 hours trying to figure this out again. It's driving me crazy. I don't understand why this isnt a widespread issue. Surely a lot of people use ubuntu for cold storage? Connecting to the net to install the package defeats the whole point of having never touched the net.
I use DBAN with plain zeros. It's a little bit faster.
In fact, if my whole offline drive is full disk encrypted (with truecrypt or diskcryptor), I just use DBAN on Zeros, wait until it reaches 1%, and then stop it.
Then I do the partitions, format, install, etc.
In fact, if my whole offline drive is full disk encrypted (with truecrypt or diskcryptor), I just use DBAN on Zeros, wait until it reaches 1%, and then stop it.
Then I do the partitions, format, install, etc.
-snip-
Thats extremely far fetched. What are the chances?
A laptop with wifi turned off (dont even need to remove the actual card for fuck sakes) will be safe unless you are someone like fucking Asagne or something.
Thats extremely far fetched. What are the chances?
A laptop with wifi turned off (dont even need to remove the actual card for fuck sakes) will be safe unless you are someone like fucking Asagne or something.
100% is extreme, yes.
Whats the best DBAN method to use? PRNG stream?
For a magnetical HDD it does not matter nowadays. The old 7 times "rule" was made for disks with a wider track. Thus you can overwrite the disk with any data, 0's, 1's, random bits, your favorite dog pictures.
Edit: you could test how good DBAN works with DEFT [1]
[1] http://www.deftlinux.net/
Whats the best DBAN method to use? PRNG stream?
-snip-
1. Disconnect the laptop from internet.
2. Run Bitcoin-QT or some program to generate your address.
3. Send the wallet to an USB.
4. Remove the USB.
5. Ctrl+Shift+Del your wallet details from the laptop. If possible, format it once.
6. Connect your laptop to the internet and send bitcoin to your address, whose details are in USB.
7. Just keep the USB detouched from all internet connections... and you are safe
1. Disconnect the laptop from internet.
2. Run Bitcoin-QT or some program to generate your address.
3. Send the wallet to an USB.
4. Remove the USB.
5. Ctrl+Shift+Del your wallet details from the laptop. If possible, format it once.
6. Connect your laptop to the internet and send bitcoin to your address, whose details are in USB.
7. Just keep the USB detouched from all internet connections... and you are safe
By the way, is this 100% safe?
Nope, an advanced trojan could be transmitted to the offline system via USB, snatch your private keys and call home when possible (e.g. using your online machine to broadcast the signed TX). So this might be compromised the moment you try to spend the bitcoins (e.g. connect the USB stick to an online machine). You also have a single point of failure (the USB stick) if it breaks your coins are gone.
On the other hand: nothing is 100% safe.
Thats extremely far fetched. What are the chances?
A laptop with wifi turned off (dont even need to remove the actual card for fuck sakes) will be safe unless you are someone like fucking Asagne or something.
Some malware have been known to cross or bridge the air gaps. But those are extreme.
To answer the question, I would probably nuke the old computer using DBAN (Darik's Boot and Nuke), with at least 1 full pass. Then I would create partitions or format it fresh.
I would not use a factory reset. I will just use a linux CD/DVD/ISO or even WinXP/7/8.1.
It's not ever going to connect to the internet right? So you don't need any other drivers. You don't even need the anti-virus stuff. The nice thing about ISO files is you can check the SHA256 or MD5 and know the installation media is clean. More or less.
To answer the question, I would probably nuke the old computer using DBAN (Darik's Boot and Nuke), with at least 1 full pass. Then I would create partitions or format it fresh.
I would not use a factory reset. I will just use a linux CD/DVD/ISO or even WinXP/7/8.1.
It's not ever going to connect to the internet right? So you don't need any other drivers. You don't even need the anti-virus stuff. The nice thing about ISO files is you can check the SHA256 or MD5 and know the installation media is clean. More or less.
Thanks for the DBAN tip and idea to just use a linux CD after verifying the sha256. That sounds like a much better idea. Yeah it's never going to connect to the net.
Some malware have been known to cross or bridge the air gaps. But those are extreme.
To answer the question, I would probably nuke the old computer using DBAN (Darik's Boot and Nuke), with at least 1 full pass. Then I would create partitions or format it fresh.
I would not use a factory reset. I will just use a linux CD/DVD/ISO or even WinXP/7/8.1.
It's not ever going to connect to the internet right? So you don't need any other drivers. You don't even need the anti-virus stuff. The nice thing about ISO files is you can check the SHA256 or MD5 and know the installation media is clean. More or less.
To answer the question, I would probably nuke the old computer using DBAN (Darik's Boot and Nuke), with at least 1 full pass. Then I would create partitions or format it fresh.
I would not use a factory reset. I will just use a linux CD/DVD/ISO or even WinXP/7/8.1.
It's not ever going to connect to the internet right? So you don't need any other drivers. You don't even need the anti-virus stuff. The nice thing about ISO files is you can check the SHA256 or MD5 and know the installation media is clean. More or less.
-snip-
So if your private keys are air gapped and if even using a usb to sign transactions isn't 100% safe, what is the alternative to signing transactions from an offline computer?
So if your private keys are air gapped and if even using a usb to sign transactions isn't 100% safe, what is the alternative to signing transactions from an offline computer?
#1 QR Code, e.g. the bither app uses them
#2 sound [1]
#3 type the TX by hand, which is IMHO the safest way, unless your brain was hacked [3]. That level of security is almost never needed. On the other hand its not that hard unless you create a TX with 100 outputs/inputs. The nasty part would be the signed TX, which is just hex code and typos can happen easily.
#4 floppy [2]
#5 CD/DVD which is costly and has the similar problems USB has
Edit: In case this wasnt clear, I think for the majority of bitcoin users an USB stick is fine to transport data from cold to hot wallet. Not everyone needs/has a tinfoil hat.
[1] https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111
[2] https://bitcointalksearch.org/topic/is-old-35-floppy-safer-than-usb-drive-for-cold-storage-813295
[3] http://www.turnkeylinux.org/files/images/blog/i-know-kung-fu.jpg
What a fantastic post. The sound option is fascinating to read about. Thanks a lot!
-snip-
So if your private keys are air gapped and if even using a usb to sign transactions isn't 100% safe, what is the alternative to signing transactions from an offline computer?
So if your private keys are air gapped and if even using a usb to sign transactions isn't 100% safe, what is the alternative to signing transactions from an offline computer?
#1 QR Code, e.g. the bither app uses them
#2 sound [1]
#3 type the TX by hand, which is IMHO the safest way, unless your brain was hacked [3]. That level of security is almost never needed. On the other hand its not that hard unless you create a TX with 100 outputs/inputs. The nasty part would be the signed TX, which is just hex code and typos can happen easily.
#4 floppy [2]
#5 CD/DVD which is costly and has the similar problems USB has
Edit: In case this wasnt clear, I think for the majority of bitcoin users an USB stick is fine to transport data from cold to hot wallet. Not everyone needs/has a tinfoil hat.
[1] https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111
[2] https://bitcointalksearch.org/topic/is-old-35-floppy-safer-than-usb-drive-for-cold-storage-813295
[3]
-snip-
1. Disconnect the laptop from internet.
2. Run Bitcoin-QT or some program to generate your address.
3. Send the wallet to an USB.
4. Remove the USB.
5. Ctrl+Shift+Del your wallet details from the laptop. If possible, format it once.
6. Connect your laptop to the internet and send bitcoin to your address, whose details are in USB.
7. Just keep the USB detouched from all internet connections... and you are safe
1. Disconnect the laptop from internet.
2. Run Bitcoin-QT or some program to generate your address.
3. Send the wallet to an USB.
4. Remove the USB.
5. Ctrl+Shift+Del your wallet details from the laptop. If possible, format it once.
6. Connect your laptop to the internet and send bitcoin to your address, whose details are in USB.
7. Just keep the USB detouched from all internet connections... and you are safe
By the way, is this 100% safe?
Nope, an advanced trojan could be transmitted to the offline system via USB, snatch your private keys and call home when possible (e.g. using your online machine to broadcast the signed TX). So this might be compromised the moment you try to spend the bitcoins (e.g. connect the USB stick to an online machine). You also have a single point of failure (the USB stick) if it breaks your coins are gone.
On the other hand: nothing is 100% safe.
So if your private keys are air gapped and if even using a usb to sign transactions isn't 100% safe, what is the alternative to signing transactions from an offline computer?
Jump to: