Pages:
Author

Topic: How I manage and protect my wallets (Ubuntu Linux) (Read 16218 times)

member
Activity: 84
Merit: 10
I yam what I yam. - Popeye
Linuxcoin on a usb
full member
Activity: 168
Merit: 103
Do you see any attacks that I haven't thought of?
Would it be in the swap space somewhere unencrypted?

Yes, that's true. That should be mentioned. I don't use swap for that reason myself.

But some footnotes:

- If Bitcoin is implemented properly, it wouldn't store keys in swappable memory.
- Swap should be encrypted anyway - but that makes hibernation more difficult.
newbie
Activity: 17
Merit: 0
Do you see any attacks that I haven't thought of?
Would it be in the swap space somewhere unencrypted?
full member
Activity: 406
Merit: 100
Air gapped (not networked) computer with bitcoin transferred over via clean USB drive.

Open bitcoin and write down automatically generated address (address x).

From networked computer, open bitcoin and send funds to address x.

Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.

The unencrypted wallet never touches a networked computer.
This looks like a terrific approach to me. Would it be possible to buy a cheap netbook and put a tiny (core) Linux on it and use that as the off-the-net computer?

Further, although I slightly do understand the concept proposed, for my small and not so computer literate brain it's just a bit too abstracty formulated.
Could someone in non-geek language explain to a common, almost layman, bitcoin user how to exactly implement this step by step?
member
Activity: 73
Merit: 10
Chupacabra = Corrupt Gov't,Lies and Fraud
These are all really nice.  Thanks! Smiley

...but now I must ask:  What do I tell my friend studying philosophy, who has some BTC (due to my convicing him to buy some)?  He doesn't know Ubuntu, and actually I have never used it either.

Please, someone, put a one click, one button, safe, secure download on www.bitcoin.org so all this can be done by my philosopher friend... and myself Smiley

Sorry to be only a 'Hunter' and not a wizz!


---- i know this is for the Bitcoin millionares who were the rightful early adopters and tech-savy super geeks

But what are the rest to do, who put in a few hundred $$$ worth, and are just as fearful to have their little wallet stolen?
full member
Activity: 168
Merit: 103
1. Software Keylogger? Hardware keylogger?
2. Vulnerability in the Ubuntu encryption algorithm? From what I read, Truecrypt is supposedly the gold-standard. Can you configure Ubuntu to use it for the home dir?
3. Vulnerability in Ubuntu? If you update your OS, can your download be redirected to another location with a compromised OS patch?

4. For those who use an "air gapped" machine, how do you spend the coins? Is it possible to manually enter a Bitcoin transaction by paper, pen & a networked PC?
1. Hardware Keylogger would be a problem. Software Keylogger would require the System to be fully comprimised, which I already mentioned.

2. No, it is not. TrueCrypt has a lot of fanct featues, most of them very useful. That is why it is hyped a lot by people who don't understand it. Even the TrueCrypt manual says almost literally that it is not true that you can easily be secure with TrueCrypt. (I already opened a thread about it: http://forum.bitcoin.org/index.php?topic=16246.0)
Ubuntu home folder encryption is based on ecryptfs, which is a part of the Linux kernel itself. It is based on the very crypto implementations of the kernel - like a lot of other disk crypto solutions (luks/dm-crypt).
I would not use TrueCrypt for this because it is bloated with a lot of features that are not needed here. For a security concept you should always prefer the simpler solution. A more complicated solution just opens the danger of making mistakes.

3. Yes, a vulnerability that allows root access would be a problem, I mentioned that.
hero member
Activity: 868
Merit: 1008
Software Keylogger? Hardware keylogger?
Vulnerability in the Ubuntu encryption algorithm? From what I read, Truecrypt is supposedly the gold-standard. Can you configure Ubuntu to use it for the home dir?
Vulnerability in Ubuntu? If you update your OS, can your download be redirected to another location with a compromised OS patch?

For those who use an "air gapped" machine, how do you spend the coins? Is it possible to manually enter a Bitcoin transaction by paper, pen & a networked PC?

I had the same question...I may want to adopt this approach myself, but I don't know of an easy way to export/import a transaction.  If such a feature existed, you could generate and export the transaction to a file, copy to USB, and import/broadcast with another connected bitcoin client.  I imagine you could copy the block chain files from a connected client over to the air gapped machine via USB so that the wallet sees the current balance.

It would be nice to add a few features to the client to facilitate this scenario.  It would also be nice if the client supported "receive-only" wallets that have no private keys...this way you could make a "receive-only" copy of a wallet, load that up on a connected client and be able to monitor the balance of your air-gapped, savings wallet without risk of the coins being stolen.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
The miner has to be online, but the address receiving the mined coins doesn't.

For exactly this reason I asked it elsewhere but didn't get an answer: how do i define the address(es) the miner should attribute the reward to?? Best would be to share it among all the guys that have shares in my mining rigs.
member
Activity: 71
Merit: 10
Software Keylogger? Hardware keylogger?
Vulnerability in the Ubuntu encryption algorithm? From what I read, Truecrypt is supposedly the gold-standard. Can you configure Ubuntu to use it for the home dir?
Vulnerability in Ubuntu? If you update your OS, can your download be redirected to another location with a compromised OS patch?

For those who use an "air gapped" machine, how do you spend the coins? Is it possible to manually enter a Bitcoin transaction by paper, pen & a networked PC?
full member
Activity: 168
Merit: 103
I added a list of possible attacks, does anybody see an attack I haven't thought of?
full member
Activity: 168
Merit: 103
taken that mining leaves you with an already quite serious amount of bitcoins once you get just one block, air gapping serious amounts of btc will not work Sad

The miner has to be online, but the address receiving the mined coins doesn't.
legendary
Activity: 1862
Merit: 1114
WalletScrutiny.com
taken that mining leaves you with an already quite serious amount of bitcoins once you get just one block, air gapping serious amounts of btc will not work Sad

in theory (not there yet): i have a fully encrypted (all except boot) usb stick for "serious amount" but do networking with it. it's also my system to do online banking with.
of course the wallet(s) are backed up gpg encrypted with a 30 letters strong password to remote places.

my biggest concern is not that i will ever get my wallet stolen but see this being the advice to friends that will at the same time drive them away from ever using btc.

my hope is that bitcoin wallet for android or similar will work soon so i can also show the easiness of btc handling out on the street - with amounts of cash that i also would carry around in my leather wallet knowing i might loose them any day.
legendary
Activity: 966
Merit: 1009
How do you do it?
That's pretty much what I do.  I have my day-to-day wallet in my main user account, and a separate user account for my "savings" wallet.  If the balance in my day-to-day wallet gets above a certain threshold, I send some coins to my savings wallet.

My savings wallet has also been encrypted and emailed to myself (off site) in case of catastrophic machine failure, house fire, etc.
full member
Activity: 168
Merit: 103
Encrypt wallet.dat on the air-gapped machine, correct?

Yes, that makes sure that no online machine has ever seen the private information.
member
Activity: 115
Merit: 11
I like long walks on the beach, shaving my head...
Air gapped (not networked) computer with bitcoin transferred over via clean USB drive.

Open bitcoin and write down automatically generated address (address x).

From networked computer, open bitcoin and send funds to address x.

Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.

The unencrypted wallet never touches a networked computer.

Gene, this sentence:
Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.

Encrypt wallet.dat on the air-gapped machine, correct?
full member
Activity: 168
Merit: 103
Air gapped (not networked) computer with bitcoin transferred over via clean USB drive.

Open bitcoin and write down automatically generated address (address x).

From networked computer, open bitcoin and send funds to address x.

Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.

The unencrypted wallet never touches a networked computer.

Yeah, I thought of that, too.

I would certainly do that if I had seriously huge amounts of bitcoins.
sr. member
Activity: 252
Merit: 250
Air gapped (not networked) computer with bitcoin transferred over via clean USB drive.

Open bitcoin and write down automatically generated address (address x).

From networked computer, open bitcoin and send funds to address x.

Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.

The unencrypted wallet never touches a networked computer.
member
Activity: 115
Merit: 11
I like long walks on the beach, shaving my head...
Since I'm sick of the discussion about the price of bitcoin over ONE weekend. Give me a break. Buy bitcoin and forget about it. It will be one for the ages. Traders should just take their lumps.
member
Activity: 115
Merit: 11
I like long walks on the beach, shaving my head...
full member
Activity: 168
Merit: 103
Bump. I am still interested in stories, how other people do it.

Maybe if we collected enough, we could even write a recommended security guideline and some tutorials.

Are there people managing large amounts of bitcoins on Windows or Mac machines? What do you do to protect your coins?
Pages:
Jump to: