Pages:
Author

Topic: Computers, Phones & Devices CANNOT be used to Keep Wallets - Safety for Dummies (Read 5382 times)

sr. member
Activity: 364
Merit: 251
I feel like a cock for keep saying but use linuxcoin lol !! and make several backups of your wallet. If you use the secure bitcoin client included in linuxcoin your wallet is saved in encrypted space located /.wallet. This file is hidden but does exist. I recently stored some bitcoins on an encrypted wallet and threw it out in the wild to see if anyone would take the bait and steal the coins. So far noone has claimed them lol Wink

Only problem I see with Linuxcoin is the user friendliness. I'm not sure I can install and run it properly. I tried to read and understand the thread and info. If I actually tried to do it it would be an entirely different matter I guess. But newbie dummyness is something to be considered here. Just because you can do it, does not mean the general population finds it easy to adopt.

Seriously, people need to make instructional videos for doing these things.
I think it's the way some people learn, or non technical people like me. If I read something complicated, I get lost following the thread of the idea, because i have not practically applied the info yet. When I see it on video, I can get the sense of whether or not I can do it as well. If people really care about the future of bitcoin, they need to make simple to follow instructional videos on how to do things like "paper wallet backups", "encrypted USB drives", "Linuxcoin safety and procedures" etc etc.

I'm not complaining here and I appreciate all the input and i'm still trying to wrap my head around a lot of it.
The thing is, i'm not dumb, but i'm not the most computer literate either. I have my own area of study and knowledge and I can see how sometimes people take what they know and understand for granted, but fail to realize how others cannot process the same data in the same way because they lack a foundation in which to process it. That's why videos help. If i'm intimidated by trying to read and learn about it, then Videos would help people like me, and once I studied the videos, I would be able to implement it without fear. Just saying...suggestions folks, make videos.

I'm working really hard on getting linuxcoin as bug free as possible and as user friendly as possible. There's now an easy installer for windows that can set up everything in minuets and everything you need has been GUI'd and put into a menu very similar to the start menu in windows.

I know there's a lack of documentation and information but once I've finished a few things I'll start on the documentation and put some videos together.

i have put a video on how to install linuxcoin with my version of unetbootin if anyone's interested.

http://www.youtube.com/watch?v=l_thiv1l1kU

I watched the videos, thanks. They are complicated for the layperson though. I look forward to your future projects and the progress of Linuxcoin
sr. member
Activity: 308
Merit: 251
I feel like a cock for keep saying but use linuxcoin lol !! and make several backups of your wallet. If you use the secure bitcoin client included in linuxcoin your wallet is saved in encrypted space located /.wallet. This file is hidden but does exist. I recently stored some bitcoins on an encrypted wallet and threw it out in the wild to see if anyone would take the bait and steal the coins. So far noone has claimed them lol Wink

Only problem I see with Linuxcoin is the user friendliness. I'm not sure I can install and run it properly. I tried to read and understand the thread and info. If I actually tried to do it it would be an entirely different matter I guess. But newbie dummyness is something to be considered here. Just because you can do it, does not mean the general population finds it easy to adopt.

Seriously, people need to make instructional videos for doing these things.
I think it's the way some people learn, or non technical people like me. If I read something complicated, I get lost following the thread of the idea, because i have not practically applied the info yet. When I see it on video, I can get the sense of whether or not I can do it as well. If people really care about the future of bitcoin, they need to make simple to follow instructional videos on how to do things like "paper wallet backups", "encrypted USB drives", "Linuxcoin safety and procedures" etc etc.

I'm not complaining here and I appreciate all the input and i'm still trying to wrap my head around a lot of it.
The thing is, i'm not dumb, but i'm not the most computer literate either. I have my own area of study and knowledge and I can see how sometimes people take what they know and understand for granted, but fail to realize how others cannot process the same data in the same way because they lack a foundation in which to process it. That's why videos help. If i'm intimidated by trying to read and learn about it, then Videos would help people like me, and once I studied the videos, I would be able to implement it without fear. Just saying...suggestions folks, make videos.

I'm working really hard on getting linuxcoin as bug free as possible and as user friendly as possible. There's now an easy installer for windows that can set up everything in minuets and everything you need has been GUI'd and put into a menu very similar to the start menu in windows.

I know there's a lack of documentation and information but once I've finished a few things I'll start on the documentation and put some videos together.

i have put a video on how to install linuxcoin with my version of unetbootin if anyone's interested.

http://www.youtube.com/watch?v=l_thiv1l1kU
member
Activity: 84
Merit: 10
I yam what I yam. - Popeye
I'll hereby offer few options for anyone to own a secure wallet with Linuxcoin:

1) $8.00; Buy a 4GB Sandisk Cruzer at Walmart for $8 and follow the instructions in my sig on Noob How To

2) $8.00 + 2btc; you download the linuxcoin 2.1b, Unetbootin, at least one persistence file and install Unetbootin. Buy a Sandisk Cruzer at Walmart for $8. I will LogMeIn to your computer and prepare the USB for you.

3) $8.00 + 3btc; Buy a Sandisk Cruzer at Walmart for $8. I will LogMeIn to your computer download the files onto your computer and prepare the USB for you.

4) 4btc; I will send you by USPS Standard mail a prepared and tested 4GB Linuxcoin USB ready for you to create your encrypted folder and build your new wallet in that encrypted folder.

5) 5btc; I will send you by USPS Standard mail a prepared and tested 4GB Linuxcoin USB with an encrypted wallet that contains 1btc. Prefer that you supply the Password or I will prepare a random 12 digit password that is emailed back to prior to shipping.

Other options available. Just post/PM.

full member
Activity: 150
Merit: 100
Awesome.  I would love to see him rape an IronKey next year.

Me too... When the IronKey was being introduced many articles were doubting that such a device could be made that was truly hack proof.. and so far to this date I have yet to find anyone who has been able to achieve such a feat.  To me it still stands today as a good example of a elegant and well thought out solution to a secure USB thumb drive implementation.

The obvious limitations to the security of the IronKey are not related to weaknesses of their design, rather seem to be related to usage scenarios, or grabbing the data while the drive is in a mounted and unlocked state.

Here is another VERY simple suggestion that anyone with minimal knowledge of adding an extra parameter to your bitcoin shortcut / script to launch bitcoin.

The default path on Windows for the bitcoin data is %appdata%\Bitcoin, you can access the path instantly by entering this as a path in windows explorer.

The simple act of moving your bitcoins to a non-standard (possibly hidden) folder and using the -datadir=path option when launching the bitcoin client will thwart the standard code used in infostealer.coinbit, as well as any directed attack on the standard paths used by the bitcoin client.

You can further improve this by leaving a "honeypot" bitcoin wallet on your computer in the standard location, it certainly can't hurt anything... This can provide a critical warning to a user that an attempt has been made on their bitcoins.   You could monitor the balance of that wallet, or last time accessed.   

I'm attempting to find something to run as a background service that acts as a tripwire to monitor my honeypot wallet... (or any access to a file named wallet.dat on my computer by a non-approved process.)

As an example of what I'm thinking here, you can download a utility called "Process Monitor" to create a log of which processes take an interest in your wallet.dat by adding a simple filter like this.

http://technet.microsoft.com/en-us/sysinternals/bb896645



hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
What about the fact that paper is archaic
Archaic is an advantage here. It's the only place hackers cannot get to.

Scriptkiddies perhaps can't, but a good and motivated hacker, sure.
sr. member
Activity: 364
Merit: 251
drgr33n,
   Since many people cannot follow a basic installation of linuxcoin, or may not want to jeopardize their own systems by doing the install, why don't you sell cheap hardware devices with linuxcoin preinstalled? Is that something workable?
sr. member
Activity: 364
Merit: 251
I feel like a cock for keep saying but use linuxcoin lol !! and make several backups of your wallet. If you use the secure bitcoin client included in linuxcoin your wallet is saved in encrypted space located /.wallet. This file is hidden but does exist. I recently stored some bitcoins on an encrypted wallet and threw it out in the wild to see if anyone would take the bait and steal the coins. So far noone has claimed them lol Wink

Only problem I see with Linuxcoin is the user friendliness. I'm not sure I can install and run it properly. I tried to read and understand the thread and info. If I actually tried to do it it would be an entirely different matter I guess. But newbie dummyness is something to be considered here. Just because you can do it, does not mean the general population finds it easy to adopt.

Seriously, people need to make instructional videos for doing these things.
I think it's the way some people learn, or non technical people like me. If I read something complicated, I get lost following the thread of the idea, because i have not practically applied the info yet. When I see it on video, I can get the sense of whether or not I can do it as well. If people really care about the future of bitcoin, they need to make simple to follow instructional videos on how to do things like "paper wallet backups", "encrypted USB drives", "Linuxcoin safety and procedures" etc etc.

I'm not complaining here and I appreciate all the input and i'm still trying to wrap my head around a lot of it.
The thing is, i'm not dumb, but i'm not the most computer literate either. I have my own area of study and knowledge and I can see how sometimes people take what they know and understand for granted, but fail to realize how others cannot process the same data in the same way because they lack a foundation in which to process it. That's why videos help. If i'm intimidated by trying to read and learn about it, then Videos would help people like me, and once I studied the videos, I would be able to implement it without fear. Just saying...suggestions folks, make videos.
kjj
legendary
Activity: 1302
Merit: 1026
Awesome.  I would love to see him rape an IronKey next year.
full member
Activity: 150
Merit: 100
The IronClad is nifty, but I think the minimum order comes in because they are bound to a specific IronKey Enterprise server license key when they are made, which would make them unsuitable for a group buy.  Also, they use whitelisting for applications, which would make them even more unsuitable.

I wrote Christopher a nice e-mail and gave him a link to the thread to see if he would make a comment.

For now I will hope that someone of Christopher's hardware hacking caliber does not get a hold of my IronKey.. Although upon examination it seems that I am unable to locate a security product that achieves the same goals I am able to achieve using my 8GB IronKey Basic S200.

I ask myself when is enough security enough?

I was able to verify that the S200 series of IronKeys do in fact employ the use of SLC based flash storage which allows for 100,000 to 200,000 write cycles vs 10,000 for consumer grade thumbdrives.



kjj
legendary
Activity: 1302
Merit: 1026
The IronClad is nifty, but I think the minimum order comes in because they are bound to a specific IronKey Enterprise server license key when they are made, which would make them unsuitable for a group buy.  Also, they use whitelisting for applications, which would make them even more unsuitable.
sr. member
Activity: 308
Merit: 251
I feel like a cock for keep saying but use linuxcoin lol !! and make several backups of your wallet. If you use the secure bitcoin client included in linuxcoin your wallet is saved in encrypted space located /.wallet. This file is hidden but does exist. I recently stored some bitcoins on an encrypted wallet and threw it out in the wild to see if anyone would take the bait and steal the coins. So far noone has claimed them lol Wink

I have tested LinuxCoin running on an IronKey thumbdrive using the portable version of VirtualBox (found here http://www.vbox.me/) works GREAT.

I didnt know enough about the TrustWorthiness of the LinuxCoin distribution to put my 100% trust in it, but it did work very well!

Insert and unlock IronKey which has the VirtualBox VM set as an Icon on the IronKey launcher.

Loads the LinuxCoin OS inside of a protected VM running from the IronKey device.

The one thing I WISH my Ironkey could do is directly boot from the flash... Unfortunately this edition of the IronKey is only available from Lockheed Martin in large quantities and high costs unavailable to the average joe.

Group buy?  Lol

http://www.youtube.com/watch?v=M8syM9phtpA

Good stuff !! Glad to see my hard put put into use Wink You can trust me 100% I'm not a greedy person and I've not asked for anything for the development of linuxcoin accept donations. I want to see bitcoin succeed and all these rip off scum bags are not doing the reputation of bitcoin any good. I feel there's some really pressing issues that need to be addressed as quick as possible before we loose the hearts and minds of a lot of people unfortunately.  That's why I'm trying to make a point of promoting linuxcoin and trying to get people using my OS. Everything I can do has been done to make linuxcoin your own bitcoin bodyguard Wink

The one thing I would like to see is knowledgeable people join the linuxcoin dev team. I'm struggling to keep up with the workload Sad there's documentation to write, software to debianize and I also need to port a lot of stuff over to different architectures.
full member
Activity: 150
Merit: 100
I feel like a cock for keep saying but use linuxcoin lol !! and make several backups of your wallet. If you use the secure bitcoin client included in linuxcoin your wallet is saved in encrypted space located /.wallet. This file is hidden but does exist. I recently stored some bitcoins on an encrypted wallet and threw it out in the wild to see if anyone would take the bait and steal the coins. So far noone has claimed them lol Wink

I have tested LinuxCoin running on an IronKey thumbdrive using the portable version of VirtualBox (found here http://www.vbox.me/) works GREAT.

I didnt know enough about the TrustWorthiness of the LinuxCoin distribution to put my 100% trust in it, but it did work very well!

Insert and unlock IronKey which has the VirtualBox VM set as an Icon on the IronKey launcher.

Loads the LinuxCoin OS inside of a protected VM running from the IronKey device.

The one thing I WISH my Ironkey could do is directly boot from the flash... Unfortunately this edition of the IronKey is only available from Lockheed Martin in large quantities and high costs unavailable to the average joe.

Group buy?  Lol

http://www.youtube.com/watch?v=M8syM9phtpA
kjj
legendary
Activity: 1302
Merit: 1026
I don't think he's done anything specific to Ironkey, but he rips apart supposedly secure chips.

http://www.youtube.com/watch?v=WXX00tRKOlw&list=PLAA9393191173E134&index=31

Watch the videos.  The countermeasures that chip makers use to protect their dies are amazing.  The way he bypasses all of them is even more amazing.
sr. member
Activity: 308
Merit: 251
I feel like a cock for keep saying but use linuxcoin lol !! and make several backups of your wallet. If you use the secure bitcoin client included in linuxcoin your wallet is saved in encrypted space located /.wallet. This file is hidden but does exist. I recently stored some bitcoins on an encrypted wallet and threw it out in the wild to see if anyone would take the bait and steal the coins. So far noone has claimed them lol Wink
full member
Activity: 150
Merit: 100
I love my Ironkey, but I don't imagine it to be secure unless the attacker is a mere mortal.  Google "Christopher Tarnovsky" and watch his videos from Blackat.  A FIB is not exactly a common piece of hardware, but you can rent time on them in any major city, and in a few years you could probably build one in your garage.

Also, flash chips fail, without warning.  Keep backups.

Video Link?   I have searched EXTENSIVELY looking for evidence of someone successfully hacking an IronKey... I would love to see what they are claiming.

The backup feature of the IronKey is one of the features that makes it so great for bitcoin.

I realize that ANYTHING is possible, but I can't imagine a technique that could be used to bypass the security used on an IronKey.

I do understand that when the volume is mounted on a PC and the data is accessible there is an opportunity for loss, but in a locked state, in storage, or while carried I can't imagine a vulnerability.

Thanks kjj

EDIT: I found the video where he is removing a thin layer of epoxy from a satellite card using acid and scissors.  http://www.youtube.com/watch?v=tnY7UVyaFiQ

My understanding of the IronKey is that it's electronics themselves are protected against a number of BUS Based attacks, which will cause their encryption chip to instantly wipe the private keys. (If you get that far.)

The type of flash memory used on board is 10-20x longer lived than consumer flash memory in the S200 models.  (SLC not MLC?)

Also.. my understanding is that the actual encryption keys NEVER leave the actual encryption chip, and the password counter is not susceptible to rollback attacks since it also exists inside the same chip and never enters the system memory.  (The unlock application communicates ONLY to the cryptochip & even includes an on screen keyboard if the possibility of a keystroke logger exists.)

The IronKey has been on the market for 4 years now, and I have YET to see one documented example of their design being hacked.

Please if anyone can find a documented case of IronKey security being circumvented please share.. I will gladly stand corrected.

I think I'll shoot an e-mail to Christopher Tarnovsky and ask him for his opinion on the product.
kjj
legendary
Activity: 1302
Merit: 1026
I love my Ironkey, but I don't imagine it to be secure unless the attacker is a mere mortal.  Google "Christopher Tarnovsky" and watch his videos from Blackat.  A FIB is not exactly a common piece of hardware, but you can rent time on them in any major city, and in a few years you could probably build one in your garage.

Also, flash chips fail, without warning.  Keep backups.
full member
Activity: 150
Merit: 100
Assuming we're talking about savings wallets, or other wallets that won't need to be accessed very much, I'm surprised no one has mentioned CDs.
CDs/DVDs are indeed the digital WORM-medium of choice.

But do watch out that sometimes they are very short-lived. I've had many CD-ROMs of 5 years ago already fail. I don't know how they compare to USB sticks on average, though... those might be just as bad.


Flash media is usually rated by the number of write cycles NOT by the age of the product.  As always I am continuing to recommend using the IronKey Product for storing their bitcoin data on.

The S200 Series of IronKey has higher quality flash memory has faster / more write cycles than standard USB thumbdrives.. When stored they are UNHACKABLE without your password.

When connected to a PC they have a built in backup software that can back the data up to your computer (Encrypted Format) with a single click.

In case of loss, the encrypted backups can be restored to an IronKey with a single click.

I recommend the use of the IronKey Basic S200 model.

https://www.ironkey.com/demo-basic

http://www.google.com/search?q=Ironkey+Basic+S200&tbm=shop&hl=en&aq=f

legendary
Activity: 2212
Merit: 1008
a couple years ago i put a USB flash drive through the washer and dryer on accident (left it in my pocket) and it still had all my data intact.  still use it to this day!
kjj
legendary
Activity: 1302
Merit: 1026
Read this.

I describe a way to incrementally detach the wallet from the client.

Read the rest of that thread too.  It describes my notion of a hardware client, and as an added bonus, Gavin describes a service that would provide a lot of security for regular folks.  Actually, the thread was Gavin's, and all of my stuff was off-topic, but whatever.

Also, read this thread.

And while you are at it, read natman3400's posts, particularly on his project, BitClip.  We don't always agree on the details, but his project looks pretty good.
hero member
Activity: 812
Merit: 1022
No Maps for These Territories
Assuming we're talking about savings wallets, or other wallets that won't need to be accessed very much, I'm surprised no one has mentioned CDs.
CDs/DVDs are indeed the digital WORM-medium of choice.

But do watch out that sometimes they are very short-lived. I've had many CD-ROMs of 5 years ago already fail. I don't know how they compare to USB sticks on average, though... those might be just as bad.
Pages:
Jump to: