Author

Topic: Can be encrypted virtual machine as good as real offline computer? (Read 976 times)

copper member
Activity: 1428
Merit: 253
10 years ago was such page about firewall leak tests. There was trojans able to leak into processes and escape every firewall. This experience taught me that little is impossible, it's rather who is programming a virus. If there is huge money to earn, some pro guy may sit to it and we will have repeation from summer 2011 Smiley

Thx a lot for your answers!
If a computer is not listening to any ports, then the best virus in the world cannot get in (unless a human allows it)
Trust me, I'm one of those "pros" you're talking about. Smiley
member
Activity: 62
Merit: 10
10 years ago was such page about firewall leak tests. There was trojans able to leak into processes and escape every firewall. This experience taught me that little is impossible, it's rather who is programming a virus. If there is huge money to earn, some pro guy may sit to it and we will have repeation from summer 2011 Smiley

Thx a lot for your answers!
copper member
Activity: 1428
Merit: 253
I don't like idea of having another comp for offline wallet (I travel a lot).
I'm thinking about seting up Ubuntu on VMWare Player, that will be encrypted from inside, not just outer container which seems easier to break. Also connection will be turned off from inside.

Two questions:
1. When ill run this system ill have to put in pass phrase. If I have keylogger, this password will be logged. Can it be used somehow by trojan to decrypt or run and decrypt the virtual system?
2. When system is run and going, is it's image decrypted and vulnerable from host system?


If you know what a keylogger is, most likely you have enough knowledge to not get infected by one. My offline wallet is in a virtual machine in a VMWARE ESxi server that has the vmdk file stored in a NAS protected with RAID 5 so...
How often do I turn on that VM? about once a month to download the new blocks and get my rewards from the pools.
Do I need to enter my passphrase? Not at all unless I want to perform a transaction, And I added the address in blockchain as a watch-only just to make sure I'm getting paid.
So, in short, I wouldn't use a local VM to store the wallet because you rely on one hard drive.
I do rely on a VM to keep my wallet, but the actual virtual hard drive (vmdm) is safely stored in a NAS with redundancy, worst case scenario (The actual NAS fails) I buy a similar one and I install the drives there (been there, done that)
I hope my experience helps.
Otherwise, just create a paper wallet which I also have.
newbie
Activity: 15
Merit: 0
Instead of a whole separate machine or a VM maybe consider using a bootable Linux LiveCD/USB with no network access.  It's not perfect, but it's better than nothing and it's pretty portable.
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
This is a Bad Idea. Virtual machines provide no security against this threat, and are certainly no substitute for a real offline wallet.

When ill run this system ill have to put in pass phrase. If I have keylogger, this password will be logged. Can it be used somehow by trojan to decrypt or run and decrypt the virtual system?
Yes. The host system has access to everything the guest system does, including all your encrypted files. Access to encrypted files + access to passphrase = files not encrypted any more.

When system is run and going, is it's image decrypted and vulnerable from host system?
If the host system has a keylogger, it doesn't matter. See above.
member
Activity: 62
Merit: 10
I don't like idea of having another comp for offline wallet (I travel a lot).
I'm thinking about seting up Ubuntu on VMWare Player, that will be encrypted from inside, not just outer container which seems easier to break. Also connection will be turned off from inside.

Two questions:
1. When ill run this system ill have to put in pass phrase. If I have keylogger, this password will be logged. Can it be used somehow by trojan to decrypt or run and decrypt the virtual system?
2. When system is run and going, is it's image decrypted and vulnerable from host system?
Jump to: