Topic: Don't get goxxed. Use secure paper wallets. Ubuntu LiveBoot CD wallet generator. (Read 1384 times)
March 03, 2014, 09:35:22 PM
I keep all my bitcoins stuffed under my mattress, on usb flash drives
March 03, 2014, 07:17:11 PM
ship out a Ubuntu CD with the same script on it - except this time I'll modify the Ubuntu loader
Good point. Two answers:
1) As soon as I can convince some trusted people to audit the CD, I'll have them post SHA/MD5 hashes of the CD that can be compared with the CDs that arrive in the mail
2) I'd have to be pretty dumb to compromise the CD since that would be physical evidence that could be used to prove I'm a crook. If I was in the business of stealing money, I'd just modify my website (bitcoinpaperwallet.com) so that it occasionally -- and only rarely! -- served up a different sneaky version of my HTML. We all know that some significant number of people are printing live wallets from websites such as mine, even though they've been told not to...
March 03, 2014, 06:56:48 PM
Confirmed, OP is legit and that is the correct way to do it, cold boot from CD with no internet connection to generate the keys.
March 03, 2014, 06:34:33 PM
So if I was a crook, it would be the easiest thing to go release a script on the web, open source it, have it scrutinized the world over, gain some trust and then ship out a Ubuntu CD with the same script on it - except this time I'll modify the Ubuntu loader that instead of loading and running that script, it would execute a piece of private code that I stick inside the loader.
But I'm not a crook. Maybe you aren't either. But someone is. How do people tell the difference?
But I'm not a crook. Maybe you aren't either. But someone is. How do people tell the difference?
March 03, 2014, 02:38:56 PM
As always, you can't be paranoid enough
It really comes down to an issue of technical competence and trust. If someone is technically competent enough to make their own clean Ubuntu OS, install a well-known paper wallet generator from github, and validate its signature -- then for sure that's the best route to go. I've even provided step-by-step instructions https://bitcoinpaperwallet.com/ubuntu-linux-live-bootable-cd/ to share what I learned about this process.
However, for someone who just doesn't have those technical skills (or a friend with those skills), then why not consider a CD which can fairly easily audited by this community. (In fact, I'm planning to post bounties for 3rd party security audits.) A high degree of paranoia went into the production of the CD, from the mastering all the way to the delivery process.
For example: CDs are sealed with tamper-evident serial numbers, and purchasers are notified via email what serial number to expect. (This way the postman or a roommate can't slip in a bogus CD.)
I agree that you can't be paranoid enough, and I assure you that all my paranoia went into the development of this CD.
March 03, 2014, 01:54:13 PM
I see no issue in using the signed version from github. If you don't trust your pc, boot from a live-linux that is not made for bitcoiners. If somebody tries to push you to run his software to do your bitcoin thing, it is a red flag no matter if you are god himself (on the internet we can't know).
As always, you can't be paranoid enough and noobs will get burned with this and the CDs and basically with anything bitcoin if not guided by some bitcoin savvy person.
As always, you can't be paranoid enough and noobs will get burned with this and the CDs and basically with anything bitcoin if not guided by some bitcoin savvy person.
March 03, 2014, 01:38:41 PM
I can buy a CD that will return one of a million private keys that you have carefully selected and stored away for yourself?
Crikey, that's a bit cynical, don't you think?
The code is open source, PGP-signed, and available from github. It's a fork of bitaddress.org. It's been vetted repeatedly for over a year. Gavin Andresen contributed a security enhancement early on. My real life identity is out in the open, and here's my bitcointalk.org trust profile:
https://bitcointalk.org/index.php?action=trust;u=39021
Not sure how to be more transparent than this!
March 03, 2014, 01:25:30 PM
Cool!
I can buy a CD that will return one of a million private keys that you have carefully selected and stored away for yourself?
Wouldn't it be easier if I just GIVE you all my BitCoin?
I can buy a CD that will return one of a million private keys that you have carefully selected and stored away for yourself?
Wouldn't it be easier if I just GIVE you all my BitCoin?
March 03, 2014, 12:19:00 PM
bitcoinpaperwallet.com author here.
Read here to see how the CD works, what it's for, or for step-by-step instructions on how to make your own customized Ubuntu Live Boot CD for free:
https://bitcoinpaperwallet.com/ubuntu-linux-live-bootable-cd/
I'm also selling this CD right now for $18 USD / .03 BTC -- including free shipping anywhere in the world.
When I leaked an image of this CD on reddit a while back, it caused a veritable shitstorm, so I wanted to post a couple of pre-emptive notes about the March 1, 2014, first official release of this CD:
My sincere hope with this product is to make safe paper wallet generation extremely easy. I promise you there's not a huge profit in this type of venture, especially not at this price point.
In the wake of the MtGox debacle, it's more important than ever to give anyone -- even newbies -- tools for securely working with paper wallets.
Canton Becker
Read here to see how the CD works, what it's for, or for step-by-step instructions on how to make your own customized Ubuntu Live Boot CD for free:
https://bitcoinpaperwallet.com/ubuntu-linux-live-bootable-cd/
I'm also selling this CD right now for $18 USD / .03 BTC -- including free shipping anywhere in the world.
When I leaked an image of this CD on reddit a while back, it caused a veritable shitstorm, so I wanted to post a couple of pre-emptive notes about the March 1, 2014, first official release of this CD:
- This isn't just the standard Ubuntu Live CD you can burn yourself. It has been carefully (securely) re-mastered to include the bitcoinpaperwallet.com bitcoin/litecoin/dogecoin BIP38 paper wallet generator on the desktop. For most computers, using the CD is literally as easy as insert the CD, reboot, and start printing wallets without ever going online.
- Use of the Ubuntu trademark and permission to re-sell this modified version of the Live Boot CD was cleared through Canonical's legal department
- Rigid security practices have been implemented to make this product available, from the production of the CD master in an isolated environment, to the actual burning of CD, to the tamper-evident chain of custody practices used to ensure that the CD you receive in the mail has not been replaced with a fake.
My sincere hope with this product is to make safe paper wallet generation extremely easy. I promise you there's not a huge profit in this type of venture, especially not at this price point.
In the wake of the MtGox debacle, it's more important than ever to give anyone -- even newbies -- tools for securely working with paper wallets.
Canton Becker
Jump to: