Topic: How I manage and protect my wallets (Ubuntu Linux) (Read 16204 times)
Linuxcoin on a usb
Do you see any attacks that I haven't thought of?
Would it be in the swap space somewhere unencrypted? Yes, that's true. That should be mentioned. I don't use swap for that reason myself.
But some footnotes:
- If Bitcoin is implemented properly, it wouldn't store keys in swappable memory.
- Swap should be encrypted anyway - but that makes hibernation more difficult.
Do you see any attacks that I haven't thought of?
Would it be in the swap space somewhere unencrypted? 
Air gapped (not networked) computer with bitcoin transferred over via clean USB drive.
Open bitcoin and write down automatically generated address (address x).
From networked computer, open bitcoin and send funds to address x.
Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.
The unencrypted wallet never touches a networked computer.
This looks like a terrific approach to me. Would it be possible to buy a cheap netbook and put a tiny (core) Linux on it and use that as the off-the-net computer?Open bitcoin and write down automatically generated address (address x).
From networked computer, open bitcoin and send funds to address x.
Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.
The unencrypted wallet never touches a networked computer.
Further, although I slightly do understand the concept proposed, for my small and not so computer literate brain it's just a bit too abstracty formulated.
Could someone in non-geek language explain to a common, almost layman, bitcoin user how to exactly implement this step by step?
These are all really nice. Thanks! 
...but now I must ask: What do I tell my friend studying philosophy, who has some BTC (due to my convicing him to buy some)? He doesn't know Ubuntu, and actually I have never used it either.
Please, someone, put a one click, one button, safe, secure download on www.bitcoin.org so all this can be done by my philosopher friend... and myself
Sorry to be only a 'Hunter' and not a wizz!
---- i know this is for the Bitcoin millionares who were the rightful early adopters and tech-savy super geeks
But what are the rest to do, who put in a few hundred $$$ worth, and are just as fearful to have their little wallet stolen?
...but now I must ask: What do I tell my friend studying philosophy, who has some BTC (due to my convicing him to buy some)? He doesn't know Ubuntu, and actually I have never used it either.
Please, someone, put a one click, one button, safe, secure download on www.bitcoin.org so all this can be done by my philosopher friend... and myself
Sorry to be only a 'Hunter' and not a wizz!
---- i know this is for the Bitcoin millionares who were the rightful early adopters and tech-savy super geeks
But what are the rest to do, who put in a few hundred $$$ worth, and are just as fearful to have their little wallet stolen?
1. Software Keylogger? Hardware keylogger?
2. Vulnerability in the Ubuntu encryption algorithm? From what I read, Truecrypt is supposedly the gold-standard. Can you configure Ubuntu to use it for the home dir?
3. Vulnerability in Ubuntu? If you update your OS, can your download be redirected to another location with a compromised OS patch?
4. For those who use an "air gapped" machine, how do you spend the coins? Is it possible to manually enter a Bitcoin transaction by paper, pen & a networked PC?
1. Hardware Keylogger would be a problem. Software Keylogger would require the System to be fully comprimised, which I already mentioned.2. Vulnerability in the Ubuntu encryption algorithm? From what I read, Truecrypt is supposedly the gold-standard. Can you configure Ubuntu to use it for the home dir?
3. Vulnerability in Ubuntu? If you update your OS, can your download be redirected to another location with a compromised OS patch?
4. For those who use an "air gapped" machine, how do you spend the coins? Is it possible to manually enter a Bitcoin transaction by paper, pen & a networked PC?
2. No, it is not. TrueCrypt has a lot of fanct featues, most of them very useful. That is why it is hyped a lot by people who don't understand it. Even the TrueCrypt manual says almost literally that it is not true that you can easily be secure with TrueCrypt. (I already opened a thread about it: http://forum.bitcoin.org/index.php?topic=16246.0)
Ubuntu home folder encryption is based on ecryptfs, which is a part of the Linux kernel itself. It is based on the very crypto implementations of the kernel - like a lot of other disk crypto solutions (luks/dm-crypt).
I would not use TrueCrypt for this because it is bloated with a lot of features that are not needed here. For a security concept you should always prefer the simpler solution. A more complicated solution just opens the danger of making mistakes.
3. Yes, a vulnerability that allows root access would be a problem, I mentioned that.
Software Keylogger? Hardware keylogger?
Vulnerability in the Ubuntu encryption algorithm? From what I read, Truecrypt is supposedly the gold-standard. Can you configure Ubuntu to use it for the home dir?
Vulnerability in Ubuntu? If you update your OS, can your download be redirected to another location with a compromised OS patch?
For those who use an "air gapped" machine, how do you spend the coins? Is it possible to manually enter a Bitcoin transaction by paper, pen & a networked PC?
Vulnerability in the Ubuntu encryption algorithm? From what I read, Truecrypt is supposedly the gold-standard. Can you configure Ubuntu to use it for the home dir?
Vulnerability in Ubuntu? If you update your OS, can your download be redirected to another location with a compromised OS patch?
For those who use an "air gapped" machine, how do you spend the coins? Is it possible to manually enter a Bitcoin transaction by paper, pen & a networked PC?
I had the same question...I may want to adopt this approach myself, but I don't know of an easy way to export/import a transaction. If such a feature existed, you could generate and export the transaction to a file, copy to USB, and import/broadcast with another connected bitcoin client. I imagine you could copy the block chain files from a connected client over to the air gapped machine via USB so that the wallet sees the current balance.
It would be nice to add a few features to the client to facilitate this scenario. It would also be nice if the client supported "receive-only" wallets that have no private keys...this way you could make a "receive-only" copy of a wallet, load that up on a connected client and be able to monitor the balance of your air-gapped, savings wallet without risk of the coins being stolen.
The miner has to be online, but the address receiving the mined coins doesn't.
For exactly this reason I asked it elsewhere but didn't get an answer: how do i define the address(es) the miner should attribute the reward to?? Best would be to share it among all the guys that have shares in my mining rigs.
Software Keylogger? Hardware keylogger?
Vulnerability in the Ubuntu encryption algorithm? From what I read, Truecrypt is supposedly the gold-standard. Can you configure Ubuntu to use it for the home dir?
Vulnerability in Ubuntu? If you update your OS, can your download be redirected to another location with a compromised OS patch?
For those who use an "air gapped" machine, how do you spend the coins? Is it possible to manually enter a Bitcoin transaction by paper, pen & a networked PC?
Vulnerability in the Ubuntu encryption algorithm? From what I read, Truecrypt is supposedly the gold-standard. Can you configure Ubuntu to use it for the home dir?
Vulnerability in Ubuntu? If you update your OS, can your download be redirected to another location with a compromised OS patch?
For those who use an "air gapped" machine, how do you spend the coins? Is it possible to manually enter a Bitcoin transaction by paper, pen & a networked PC?
I added a list of possible attacks, does anybody see an attack I haven't thought of?
taken that mining leaves you with an already quite serious amount of bitcoins once you get just one block, air gapping serious amounts of btc will not work 
The miner has to be online, but the address receiving the mined coins doesn't.
taken that mining leaves you with an already quite serious amount of bitcoins once you get just one block, air gapping serious amounts of btc will not work
in theory (not there yet): i have a fully encrypted (all except boot) usb stick for "serious amount" but do networking with it. it's also my system to do online banking with.
of course the wallet(s) are backed up gpg encrypted with a 30 letters strong password to remote places.
my biggest concern is not that i will ever get my wallet stolen but see this being the advice to friends that will at the same time drive them away from ever using btc.
my hope is that bitcoin wallet for android or similar will work soon so i can also show the easiness of btc handling out on the street - with amounts of cash that i also would carry around in my leather wallet knowing i might loose them any day.
in theory (not there yet): i have a fully encrypted (all except boot) usb stick for "serious amount" but do networking with it. it's also my system to do online banking with.
of course the wallet(s) are backed up gpg encrypted with a 30 letters strong password to remote places.
my biggest concern is not that i will ever get my wallet stolen but see this being the advice to friends that will at the same time drive them away from ever using btc.
my hope is that bitcoin wallet for android or similar will work soon so i can also show the easiness of btc handling out on the street - with amounts of cash that i also would carry around in my leather wallet knowing i might loose them any day.
How do you do it?
That's pretty much what I do. I have my day-to-day wallet in my main user account, and a separate user account for my "savings" wallet. If the balance in my day-to-day wallet gets above a certain threshold, I send some coins to my savings wallet.My savings wallet has also been encrypted and emailed to myself (off site) in case of catastrophic machine failure, house fire, etc.
Encrypt wallet.dat on the air-gapped machine, correct?
Yes, that makes sure that no online machine has ever seen the private information.
Air gapped (not networked) computer with bitcoin transferred over via clean USB drive.
Open bitcoin and write down automatically generated address (address x).
From networked computer, open bitcoin and send funds to address x.
Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.
The unencrypted wallet never touches a networked computer.
Open bitcoin and write down automatically generated address (address x).
From networked computer, open bitcoin and send funds to address x.
Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.
The unencrypted wallet never touches a networked computer.
Gene, this sentence:
Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.
Encrypt wallet.dat on the air-gapped machine, correct?
Air gapped (not networked) computer with bitcoin transferred over via clean USB drive.
Open bitcoin and write down automatically generated address (address x).
From networked computer, open bitcoin and send funds to address x.
Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.
The unencrypted wallet never touches a networked computer.
Open bitcoin and write down automatically generated address (address x).
From networked computer, open bitcoin and send funds to address x.
Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.
The unencrypted wallet never touches a networked computer.
Yeah, I thought of that, too.
I would certainly do that if I had seriously huge amounts of bitcoins.
Air gapped (not networked) computer with bitcoin transferred over via clean USB drive.
Open bitcoin and write down automatically generated address (address x).
From networked computer, open bitcoin and send funds to address x.
Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.
The unencrypted wallet never touches a networked computer.
Open bitcoin and write down automatically generated address (address x).
From networked computer, open bitcoin and send funds to address x.
Encrypt wallet.dat and shred the original on the air gapped machine. Save encrypted wallet all over the place -- hardcopy too.
The unencrypted wallet never touches a networked computer.
Since I'm sick of the discussion about the price of bitcoin over ONE weekend. Give me a break. Buy bitcoin and forget about it. It will be one for the ages. Traders should just take their lumps.
bump
Bump. I am still interested in stories, how other people do it.
Maybe if we collected enough, we could even write a recommended security guideline and some tutorials.
Are there people managing large amounts of bitcoins on Windows or Mac machines? What do you do to protect your coins?
Maybe if we collected enough, we could even write a recommended security guideline and some tutorials.
Are there people managing large amounts of bitcoins on Windows or Mac machines? What do you do to protect your coins?
Jump to: