Pages:
Author

Topic: Computer just for coin transactions. (Read 2827 times)

hero member
Activity: 924
Merit: 1001
Unlimited Free Crypto
September 15, 2013, 07:03:53 AM
#56
Dabs:

That's seems quite secure to me. Just last point, One time my sister bought an new laptop. Brand new. The OS was infected with trojans -_- (As I forbid her to use it unless I check the software and hardware first). So is the OS installed by you? and if so how reliable and trustworthy your source for the OS software? If that is checked then hats off. Paranoia Lophie thinks you are awesome.  Cheesy.

Yes, of course installed by me. HD nuked with DBAN first.

You're not gaining anything by having that computer online Dabs.  Just put it offline and use it to only sign transactions.

I'm trying to avoid doing sneakernet (usb/qr code) transfers. I do understand how offline works, because I've done it, with Armory. Haven't tried with Electrum yet.

If you ever do please share the experience. I find it a bit of a hassle really....
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 14, 2013, 12:31:34 PM
#55
Dabs:

That's seems quite secure to me. Just last point, One time my sister bought an new laptop. Brand new. The OS was infected with trojans -_- (As I forbid her to use it unless I check the software and hardware first). So is the OS installed by you? and if so how reliable and trustworthy your source for the OS software? If that is checked then hats off. Paranoia Lophie thinks you are awesome.  Cheesy.

Yes, of course installed by me. HD nuked with DBAN first.

You're not gaining anything by having that computer online Dabs.  Just put it offline and use it to only sign transactions.

I'm trying to avoid doing sneakernet (usb/qr code) transfers. I do understand how offline works, because I've done it, with Armory. Haven't tried with Electrum yet.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 14, 2013, 11:06:48 AM
#54
I mean on purchased used computers.  A real long shot, for sure.

Okay - well you could always record the random K values used for the signing to be sure they never get used again (as I mentioned before).

To go even further I guess it shouldn't be too hard to put together an index of *all* K values that have ever been used (maybe that could be a small side project worth considering - if someone is game I would consider donating something towards an open source project that does this).
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
September 14, 2013, 11:03:12 AM
#53
To be paranoid, there may be an exploit to influence the RNG.  But that's really paranoid.

Yes - was already brought up - although am pretty sure if it was a problem with the major OSs then pretty much all of our BTC should already have been stolen (the thieves didn't waste any time stealing from the broken Java RNG implementation in Android - why would they not have done the same for others then?).

And people did run checks on the entire blockchain for the re-use of the random K values in tx's - apparently re-used K values only showed up for a very small number of tx's that were most likely from the Java RNG issue.


I mean on purchased used computers.  A real long shot, for sure.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 14, 2013, 10:57:38 AM
#52
To be paranoid, there may be an exploit to influence the RNG.  But that's really paranoid.

Yes - was already brought up - although am pretty sure if it was a problem with the major OSs then pretty much all of our BTC should already have been stolen (the thieves didn't waste any time stealing from the broken Java RNG implementation in Android - why would they not have done the same for others then?).

Also note that people did run checks on the entire blockchain (you'll need to search for the relevant topics) for the re-use of the random K values in tx's - apparently re-used K values only showed up for a very small number of tx's that all appear to be from the Java RNG issue (the same analysis was undoubtedly how the thieves worked out what they could steal).
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
September 14, 2013, 10:54:31 AM
#51


Once again - if you *never* connect it online it doesn't matter how nastily infected it is (and physically disabling any ability for it to ever connect is my advice and what I have done to the old laptop I bought for this purpose).

Also don't use the OS on it either - use a LiveOS (and one that doesn't use the HDD).


To be paranoid, there may be an exploit to influence the RNG.  But that's really paranoid.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 14, 2013, 10:50:52 AM
#50
"DO NOT BUY A OLD USED COMPUTER, there can be trojans in the firmware, or exist a SMM backdoor. also do not use any closed source(Windows, Chrome, ...) use linux or bsd. do not use proprietary/binary driver for your GPU, there can exist a backdoor there too.

Once again - if you *never* connect it online it doesn't matter how nastily infected it is (and physically disabling any ability for it to ever connect is my advice and what I have done to the old laptop I bought for this purpose).

Also don't use the OS on it either - use a LiveOS (and one that doesn't use the HDD).
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
September 14, 2013, 10:48:01 AM
#49
You're not gaining anything by having that computer online Dabs.  Just put it offline and use it to only sign transactions.
newbie
Activity: 42
Merit: 0
September 14, 2013, 09:58:51 AM
#48
"DO NOT BUY A OLD USED COMPUTER, there can be trojans in the firmware, or exist a SMM backdoor. also do not use any closed source(Windows, Chrome, ...) use linux or bsd. do not use proprietary/binary driver for your GPU, there can exist a backdoor there too.


your level of paranoia is up to you, but i always have "nc -e sh -p 9090 -l" running."

Perhaps the manufacturer put malware in the BIOS, it's hard to know without the source code.

If the OP wants GNU/Linux on his computer, he should try http://trisquel.info">Trisquel GNU/Linux.
There is no proprietary software in it, as it is one of the nine free-as-in-freedom GNU/Linux distributions endorsed by the Free Software Foundation.
hero member
Activity: 924
Merit: 1001
Unlimited Free Crypto
September 14, 2013, 09:52:44 AM
#47
Dabs:

That's seems quite secure to me. Just last point, One time my sister bought an new laptop. Brand new. The OS was infected with trojans -_- (As I forbid her to use it unless I check the software and hardware first). So is the OS installed by you? and if so how reliable and trustworthy your source for the OS software? If that is checked then hats off. Paranoia Lophie thinks you are awesome.  Cheesy.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 14, 2013, 09:15:08 AM
#46
@lophie, okay, for OS, points taken. Just some things I can't really do much about (and if they're all offline anyway, I don't mind my non-technical workers using closed source software.)

Broadcasting Transactions = through Tor, check.
Signing = offline, use another computer. Armory or similar. OS shouldn't matter because it is completely offline anyway.

However, let's pretend that I have an online computer, as what the OP seems to be suggesting, then this is the 2nd best way. The best way is to use 2 separate computers with one being offline forever.

Then, using routers and firewalls and all those other network things, block all ports except bitcoin's TCP port 8333. As in, block everything.

You can't email, you can't chat, you can't browse (and in fact, there will not be a browser installed or it is purposefully deleted.), you can't do any other internet app that uses any other port, you can't print over the network, you can't share files, you can't play poker. At this point, does the OS matter?

Then you add Tor.

What else is going to get past that? Unless some zero day exploit targets bitcoin-qt itself. (or bitcoind). I remember some worm before that got into even brand new XP computers the minute they went online until they got patched. SASSER or BLASTER or SLAMMER or something like that.
hero member
Activity: 924
Merit: 1001
Unlimited Free Crypto
September 14, 2013, 08:39:16 AM
#45
Dabs, My opinion on OS, I never use closed source (including drivers  Shocked), Regarding network. If not through tor, I don't broadcast transaction, I don't sign transactions and messages using an online computer.

Can't say I am like that all the time, just for the addresses holding triple digits of coins  Cool.

Can't say I anaylze traffic and search for exploits in different software all day long. But Microsoft have a track record and open source have a track record on the opposite direction, if you know what I mean.  Wink.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 14, 2013, 08:10:50 AM
#44
What if there is a problem with the random number generator on the OS like we recently saw with Android?

A relevant point although I've not heard of any such problem with any major PC OS and you can always add your own entropy manually (assuming you are happy to whack at the keyboard or play around with the mouse for a minute or so).

I haven't seen any of the 50+ addresses I've generated offline suddenly become depleted (as has been the case with the known random number issues) and in any case - any *update* is just as likely to contain some new NSA backdoor isn't it?

You could also store the random # used in each tx signing to make sure the # is never used more than once (am not that paranoid myself yet - but may consider adding this functionality).
legendary
Activity: 1974
Merit: 1030
September 14, 2013, 07:56:55 AM
#43
The problem with offline PCs is that you can't update them. Every OS has to be updated regularly via the Internet to keep it safe.

Safe from what?

If it is offline it doesn't need to be kept safe at all - that is the very *point* of being offline.

That what I thought but then he went on:

What if there is a problem with the random number generator on the OS like we recently saw with Android?
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 14, 2013, 07:56:15 AM
#42
Dabs... I don't like to admit it but I used to do alot of shit back in the day.  Simply put, I don't think you are safe. Started using a stripped down distro of linux and go cold. Welcome to the future, Welcome to Bitcoin. Now information are not only worth money, They ARE money!

I was a script kiddie once, then ... eventually worked my way to become a network security consultant for a small ISP (after rooting all their servers with their knowledge and permission.)

But I'll not admit to whatever shit I used to do back in the day. heheh.

Anyway, what are the possible attack vectors for my scenario? It's a computer. It has just the OS and Bitcoin-Qt. It is behind a typical home router.

For OS, there are 3 popular ones: Windows, Mac OS, and Linux.

I have what I consider a "safe" version of Windows XP SP3 because I keep an updated ISO from MSDN and slipstream the updates into the .iso and then burn that, and then use that to install on new production computers with a valid and legal volume license. I do this because I don't yet want to put Win7 or Win8 on them, they don't need it. I might even migrate them to Linux later on as that has everything they need (LibreOffice) except print drivers. (It's for work, so ... stuck with Windows for now.) And my graphic artist needs to work in Photoshop and CorelDraw, dunno if they have Linux versions or if our license covers those, and don't want to pay twice. I haven't check it out though. It seems they don't run natively and I don't want to install a different OS then run them through emulators.

For Linux, I could just grab maybe Ubuntu or Mint or OpenWall? Or one of those security hardened versions.

For Mac OS, (-X), I have no idea, I just don't use them, but it is my understanding they are now similar to Linux OS. I did jailbreak a few ipads and ipods and installed VLC on them.
hero member
Activity: 924
Merit: 1001
Unlimited Free Crypto
September 14, 2013, 06:37:32 AM
#41
Speaking of which, how safe is my online computer? If it is only online about 2 hours a day, which is just enough to grab the latest blockchain data, and send out transactions, sitting behind my router, with nothing else installed on it?

I understand, I am probably not safe from some zero day worm exploits, but the router and firewall should take care of most of that.

Dabs... I don't like to admit it but I used to do alot of shit back in the day.  Simply put, I don't think you are safe. Started using a stripped down distro of linux and go cold. Welcome to the future, Welcome to Bitcoin. Now information are not only worth money, They ARE money!
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 14, 2013, 06:31:45 AM
#40
Speaking of which, how safe is my online computer? If it is only online about 2 hours a day, which is just enough to grab the latest blockchain data, and send out transactions, sitting behind my router, with nothing else installed on it?

I understand, I am probably not safe from some zero day worm exploits, but the router and firewall should take care of most of that.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
September 14, 2013, 06:14:14 AM
#39
The problem with offline PCs is that you can't update them. Every OS has to be updated regularly via the Internet to keep it safe.

Safe from what?

If it is offline it doesn't need to be kept safe at all - that is the very *point* of being offline.
hero member
Activity: 882
Merit: 501
Ching-Chang;Ding-Dong
September 14, 2013, 04:51:04 AM
#38
US A LiveCD distro of linux so that everytime it reboots its guarenteed to be 100% clean. 
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
September 14, 2013, 04:32:37 AM
#37
i know how this stuffs done, would you be willing to accept a computer from me and put bitcoins on it? (im the one getting rich here, not you)

I'll take it. PM me for my mailing address? Or you can do a whois on my lotto's domain and find out where I live and send the computer there.

@OP. Just format your new or old computer / laptop. Put your own OS.

The problem with offline PCs is that you can't update them. Every OS has to be updated regularly via the Internet to keep it safe. But you can't do that with an offline computer. So if say you have to update your bitcoin client and it requires newer versions of certain libraries what do you do? What if there is a problem with the random number generator on the OS like we recently saw with Android? You will have to update the OS and that means going online. Things like these make it hard to maintain a truly offline PC.

I think the point of an offline PC is you never connect it back to the internet once it is set up. If you do, you have to set it up all over again.

However, I think what the OP wants is a computer that can be connected online, and all it would have is bitcoin-qt. This is certainly possible, and while not recommended by the tin-foil-hat group, is certainly better than using your regular computer (with everything else in it, games, work, internet apps, browsers, etc.)

I've set up something like that. It has a barebones OS installed on it and just bitcoin-qt. It's connected. It downloads the blockchain. It can do transactions. And it sits behind my router. It's turned off most of the time and goes online for a few hours each day, just to sync with the network.
Pages:
Jump to: