Author

Topic: Cold storage using encrypted, bootable DVDs with SPV wallet and seed (Read 855 times)

newbie
Activity: 39
Merit: 0
I'm working on this cold storage concept by developing a plaintext image that has everything needed (Tor, Electrum, what else?), except the user's wallet data.  The ISO image would be able to then be customized by the end user by adding his wallet data to the image, and remastering it, but with encryption turned on.

Of course, said master image would need to withstand scrutiny that it doesn't contain malware, won't steal your bitcoins when you boot it, etc.  I'm developing it for my own personal use; everyone else will either need to do that themselves, or have some level of trust.

The remastering scripts themselves are simple and easy to check, so as long as you start with an original ISO that you trust, you can trust the output.
newbie
Activity: 39
Merit: 0
I have developed a set of scripts that allow one to take an existing Ubuntu Live DVD ISO image file, customize it, and remaster a new image with all of the contents encrypted with LUKS:

https://github.com/jmcorgan/cryptubuntu

When booting from the DVD, a passphrase is requested to mount the encrypted root filesystem with on-the-fly decryption.

There are many uses for this; consider creating data backups along with the OS and all the software necessary to interact with it.  I use it in my professional work to deliver archived milestones of development projects (with the build environment intact).  The encryption allows the DVD to contain business proprietary and confidential information on it without worrying about 3rd party access.

In the context of Bitcoin, this also allows a new sort of cold storage: By putting a SPV client with a deterministic wallet on it, you can make cheap copies that can live in different places, any of which could provide you access to your bitcoin in an emergency.  Just boot the DVD, provide the decryption passphrase, and let the SPV client download the need blockchain data, which goes into a RAM overlay.  At present this is only ~250MB or so.  With the deterministic seed, access to any of the generated addresses in the future is assured.

The DVD contents, unlike USB drives, are read only.  One may argue the longevity of recordable-DVD storage media vs. USB flash drives, but since they are so cheap to make, you can make many copies.

Since the remastering scripts can take their own output ISO images as the starting point for futher customization and encryption, I'm working on this cold storage concept by developing a plaintext image that has everything needed (Tor, Electrum, what else?), except the user's wallet data.  The ISO image would be able to then be customized by the end user by adding his wallet data to the image, and remastering it, but with encryption turned on.

Of course, this doesn't making choosing a decryption passphrase any simpler; you are essentially daring anyone who has access to the DVD to crack your password to grab your bitcoin.  So all the usual passphrase selection rules apply.  Humans don't supply much entropy.

(Disclaimer: I am not bash script proficient and I'm sure there are many ways to improve things, particularly with corner cases and error checking.  It works for me right now.)
Jump to: