Read https://gist.github.com/jacoblyles/80898d6388880334f3e5a78785702ccc
and this https://jacobexmachina.blogspot.ca/2016/10/using-electrum-on-airgapped-machine.html
Don't use USB sticks back and forth between online and offline computer, use QR code with 2 old digital cameras.
DO NOT USE A CELL PHONE FOR ANYTHING. BECAUSE IT CAN EASILY COMMUNICATE BY CELLULAR, WIFI, BLUETOOTH, ETC.
Topic: Electrum online/offline isolation in Tails (Read 1198 times)
Right, I understand that in principle I could run tails on a computer that "never touches the Internet" and create/send transactions from a regular online computer, but:
1. I'm not sure that's necessary, since tails wipes everything between boots.
2. I'd rather send transaction from an online tails than a regular online computer, since tails is less likely to have a virus.
3. If I'm going to use tails for both the offline and online actions anyway, maybe I could use it on the same computer, which would be simpler.
4. I'm not sure it's really advisable for tails to "never touch the Internet" because you are supposed to update tails regularly, which requires connecting tails to the Internet (although I could do that with storage disengaged).
1. I'm not sure that's necessary, since tails wipes everything between boots.
2. I'd rather send transaction from an online tails than a regular online computer, since tails is less likely to have a virus.
3. If I'm going to use tails for both the offline and online actions anyway, maybe I could use it on the same computer, which would be simpler.
4. I'm not sure it's really advisable for tails to "never touch the Internet" because you are supposed to update tails regularly, which requires connecting tails to the Internet (although I could do that with storage disengaged).
1. It is not necessary since tails starts always a new as a live cd/dvd when you are booting it up. Before logging in you have the option to check or uncheck if you want to save download things in your HDD or not. In case you want to use only for Electrum and bitcoin and conserve your privacy uncheck to access the hdd so there is 0 chance you got a virus in Tails.
2. As long as you are using tails without opening TOR browser first you can use Electrum online without problems, in the moment you access both TOR browser and Electrum in the same time there exist a small chance someone steals your information as TOR bounce your communications and changes IP almost every second.
3. Again do not use TOR and Electrum at the same time and you are good to go, online or offline.
4. Never update through the internet, download the latest version from a normal PC and burn it to USB or DVD and always boot the latest version from such media. Make sure you have always stored your seed in a safe place.
Tails is one of the best OS if not the best OS for everyone's privacy and is a good choice when you are in a country like North Korea, Russia ,China or any other dictatorial country. If you are not in one of these, there's no need to use Tails, Debian/Ubuntu Linux is enough to protect you from viruses and keep your Electrum wallet installed there.
Right, I understand that in principle I could run tails on a computer that "never touches the Internet" and create/send transactions from a regular online computer, but:
1. I'm not sure that's necessary, since tails wipes everything between boots.
2. I'd rather send transaction from an online tails than a regular online computer, since tails is less likely to have a virus.
3. If I'm going to use tails for both the offline and online actions anyway, maybe I could use it on the same computer, which would be simpler.
4. I'm not sure it's really advisable for tails to "never touch the Internet" because you are supposed to update tails regularly, which requires connecting tails to the Internet (although I could do that with storage disengaged).
1. I'm not sure that's necessary, since tails wipes everything between boots.
2. I'd rather send transaction from an online tails than a regular online computer, since tails is less likely to have a virus.
3. If I'm going to use tails for both the offline and online actions anyway, maybe I could use it on the same computer, which would be simpler.
4. I'm not sure it's really advisable for tails to "never touch the Internet" because you are supposed to update tails regularly, which requires connecting tails to the Internet (although I could do that with storage disengaged).
If you want extreme airgapped isolation you could transfer transactions by scanning QR codes with another offline computer or offline phone.
I haven't tried tails or the linux electrum, but I read the QR code scanner works in linux. It doesn't work in windows, the windows electrum can generate QR codes, but it can't scan them any more.
I know there are some worms that can infect windows computers using thumbdrives, although I haven't heard of anything similar that can infect linux. Thumbdrives are probably fine for linux unless a similar worm affecting it appears.
I haven't tried tails or the linux electrum, but I read the QR code scanner works in linux. It doesn't work in windows, the windows electrum can generate QR codes, but it can't scan them any more.
I know there are some worms that can infect windows computers using thumbdrives, although I haven't heard of anything similar that can infect linux. Thumbdrives are probably fine for linux unless a similar worm affecting it appears.
What kind of isolation is desirable when using Electrum in Tails for both online sending and offline signing?
For example, can I safely:
1. Have both a watching-only and standard wallet in persistent encrypted storage.
2. Start tails with persistent storage and internet connection active.
3. Open watching-only wallet and create unsigned transaction (save to storage).
4. Reboot tails with persistent storage active and internet connection inactive.
5. Open standard wallet, enter passphrase and sign transaction (save to storage).
6. Reboot tails with persistent storage and internet connection active.
7. Open watching-only wallet and send signed transaction.
In this scenario, the password is never entered into the computer while it is online. Is that good enough, since Tails wipes the computer's memory between boots?
Another scenario:
1. Have standard wallet in persistent encrypted storage, watching-only wallet on 2nd unencrypted thumbdrive.
2. Start tails with persistent storage inactive and internet connection active.
3. Open watching-only wallet and create unsigned transaction (save to 2nd thumbdrive).
4. Reboot tails with persistent storage active and internet connection inactive.
5. Open standard wallet, enter passphrase and sign transaction (save to 2nd thumbdrive).
6. Reboot tails with persistent storage inactive and internet connection active.
7. Open watching-only wallet and send signed transaction.
In this scenario, the persistent storage is never enabled while the computer is online so the computer can't even "see" the electrum wallet while it is online. Is that good enough?
For example, can I safely:
1. Have both a watching-only and standard wallet in persistent encrypted storage.
2. Start tails with persistent storage and internet connection active.
3. Open watching-only wallet and create unsigned transaction (save to storage).
4. Reboot tails with persistent storage active and internet connection inactive.
5. Open standard wallet, enter passphrase and sign transaction (save to storage).
6. Reboot tails with persistent storage and internet connection active.
7. Open watching-only wallet and send signed transaction.
In this scenario, the password is never entered into the computer while it is online. Is that good enough, since Tails wipes the computer's memory between boots?
Another scenario:
1. Have standard wallet in persistent encrypted storage, watching-only wallet on 2nd unencrypted thumbdrive.
2. Start tails with persistent storage inactive and internet connection active.
3. Open watching-only wallet and create unsigned transaction (save to 2nd thumbdrive).
4. Reboot tails with persistent storage active and internet connection inactive.
5. Open standard wallet, enter passphrase and sign transaction (save to 2nd thumbdrive).
6. Reboot tails with persistent storage inactive and internet connection active.
7. Open watching-only wallet and send signed transaction.
In this scenario, the persistent storage is never enabled while the computer is online so the computer can't even "see" the electrum wallet while it is online. Is that good enough?
Jump to: