Pages:
Author

Topic: How safe is a flashdrive? - page 2. (Read 2117 times)

sr. member
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
May 29, 2017, 02:19:20 PM
#14
The best option for you would be to use a paper wallet for archival-style/cold storage of your cryptocurrency. But if you absolutely must use digital storage, do so on a machine that is running Linux to minimize risk, and make sure that you plug in the device(s) from time to time (but that would defeat the purpose of cold storage). Some malware could even just delete your wallet file or re-encrypt it, in which case you should enable write-protection.

Plugging the device in may or may not do anything for flash memory degradation. Assuming NAND flash, simply powering the memory and performing reads won't do anything about leakage from the floating gates of the actual flash cells; flash doesn't refresh on read like DRAM does.
sr. member
Activity: 420
Merit: 251
May 29, 2017, 02:10:34 PM
#13
Encrypted flash drives' data is not at risk due to an infection. In fact, malware does not infect your flash drive, in Windows XP that was viable because autorun was enabled by default, and so the malware would spread itself by USB but now it doesn't because there's no point (autorun is disabled by default on Windows 7 and later, and Linux has no such thing whatsoever). Malware can read the data on a flash drive, but will not 'infect' it. As long as the flash drive is encrypted, it will be safe no matter where you plug it.

However, flash drives (and inherently all storage media) suffer from data degradation. For various reasons (depending on the storage medium), data can degrade over long periods of time if the device hasn't been plugged in. Degradation is also accelerated by heat.

The best option for you would be to use a paper wallet for archival-style/cold storage of your cryptocurrency. But if you absolutely must use digital storage, do so on a machine that is running Linux to minimize risk, and make sure that you plug in the device(s) from time to time (but that would defeat the purpose of cold storage). Some malware could even just delete your wallet file or re-encrypt it, in which case you should enable write-protection.
newbie
Activity: 39
Merit: 0
May 29, 2017, 02:03:53 PM
#12
I have heard suggestions here to have an offline computer where keys are stored. Even transactions that need to be paid can be saved, entered into the offline computer, signed, and the confirmation transferred back to the flashdrive to be uploaded to the internet. But this requires a flashdrive to go back and forth. So how much does that compromise security?

If one only transmits specific files back and forth to the flashdrive, is it safe? Or is it possible for a program to install itself unknowingly on the flashdrive while in the internet-connected computer?

I've heard that flash drives may not hold data for more than a few years if they aren't plugged in to a computer over that period of time. To be safe, you may need to keep a paper backup of your keys.
newbie
Activity: 1
Merit: 0
May 29, 2017, 10:18:42 AM
#11
I have heard suggestions here to have an offline computer where keys are stored. Even transactions that need to be paid can be saved, entered into the offline computer, signed, and the confirmation transferred back to the flashdrive to be uploaded to the internet. But this requires a flashdrive to go back and forth. So how much does that compromise security?

If one only transmits specific files back and forth to the flashdrive, is it safe? Or is it possible for a program to install itself unknowingly on the flashdrive while in the internet-connected computer?

A flash drive can easily become infected and your private keys can then become "exposed".
I would strongly advise you invest in a good hardware wallet (Trezor or Ledger Nano S). This is by far the safest and easiest way to store and spend coins.
legendary
Activity: 3472
Merit: 10611
May 27, 2017, 11:37:40 PM
#10
I use Linux. I do not have any knowledge that my system is infected. It seems that some of the advice is aimed at windows users, how does it change for linux?
not much difference. i said it mostly aimed at windows since it is what most people (including myself) use as their daily OS.
in linux you just don't mount the partitions.

Quote
If usb flashdrives deteriorate over time, then I do not see how it's possible to have backups? If I buy 2 usb flashdrives of different brands, then I can't be sure that they don't both deteriorate over time. Let's say that I put them in remote locations for safety. That precludes me from testing them on an ongoing basis (and nothing to prevent them from stop working after a test is performed).

Eg, I'm confused about this advice:
Quote
The only safe thing to do is to have it backed up on multiple locations.
If you desperately want to use SD Cards or USB drives/flash drives go out and by three high quality ones.

On what medium do I back it up in multiple locations if I don't use SD cards or USB drives; do you mean paper? I was considering electronic because of altcoins in addition to bitcoin. But I suppose private keys of any currency can be printed. I am not sure how I would enter those back onto a computer if I needed to spend, because it would be time-consuming and prone to error?
it can be another USB disk, SD card, CD, or even Floppy disk! but all these digital mediums are going to deteriorate. i am not sure how long will it take but it is not short, so you don't need to worry about it much.

but the best one is to make a hard copy of the private keys (or seed) such as printing it on a piece of paper and laminating it, or etching it on a metal plate or using a hammer and one of those metal letter thingies that can engrave letters and numbers on metal. these things can only be physically lost and not much can damage them.

Quote
Quote
1. install linux on the flash drive and then use your webcam to scam the QR code of the raw unsigned transaction that you are supposed to sign. sign it, make a QR from the signed transaction and scan it with your cell phone and transfer it to online computer for broadcasting. result: 100% airgap wallet

Why do I need to install linux on a flashdrive for this idea? It seems to me that I am scanning a QR code using the non-internet connected computer, either directly from the other computer screen, or printed out on a sheet of paper. I then generate a new QR code that I use my cell phone to scan and connect that to the internet-connected computer?
the offline wallet has to be somewhere on a fresh and clean OS, that is why i said install linux. you can use a live linux with persistence if you like, you can even use a live linux without it and restore your wallet with seed each time for example.
the installed linux works as your very own cheap but secure hardware wallet that you can be sure is secure as long as you don't let anything contaminate it.
legendary
Activity: 1736
Merit: 1023
May 27, 2017, 10:47:28 PM
#9
Using a hardware wallet would probably be greater security than transferring an ordinary USB stick back and forth between an offline and online PC. I'd recommend looking into a Trezor or Ledger Nano S to secure your funds.
sr. member
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
May 27, 2017, 06:00:23 PM
#8
Quote
On what medium do I back it up in multiple locations if I don't use SD cards or USB drives; do you mean paper? I was considering electronic because of altcoins in addition to bitcoin. But I suppose private keys of any currency can be printed. I am not sure how I would enter those back onto a computer if I needed to spend, because it would be time-consuming and prone to error?

It is indeed time-consuming, but backups aren't necessarily meant to be instant, but rather to be a secondary resort in case of computer memory failure; here the archival qualities of a good paper stock and fade-resistant ink stored in a safe place outweigh the time taken to perform printing/writing down and restoration. It could be error-prone depending on your ability to accurately type long strings of seemingly random characters. However, if you use an HD wallet in the same manner, you're writing down a set of distinguishable random words (comprising your seed) instead, which is quite a bit less error-prone.
sr. member
Activity: 503
Merit: 286
May 27, 2017, 05:54:09 PM
#7
I use Linux. I do not have any knowledge that my system is infected. It seems that some of the advice is aimed at windows users, how does it change for linux?

If usb flashdrives deteriorate over time, then I do not see how it's possible to have backups? If I buy 2 usb flashdrives of different brands, then I can't be sure that they don't both deteriorate over time. Let's say that I put them in remote locations for safety. That precludes me from testing them on an ongoing basis (and nothing to prevent them from stop working after a test is performed).

Eg, I'm confused about this advice:
Quote
The only safe thing to do is to have it backed up on multiple locations.
If you desperately want to use SD Cards or USB drives/flash drives go out and by three high quality ones.

On what medium do I back it up in multiple locations if I don't use SD cards or USB drives; do you mean paper? I was considering electronic because of altcoins in addition to bitcoin. But I suppose private keys of any currency can be printed. I am not sure how I would enter those back onto a computer if I needed to spend, because it would be time-consuming and prone to error?

Quote
1. install linux on the flash drive and then use your webcam to scam the QR code of the raw unsigned transaction that you are supposed to sign. sign it, make a QR from the signed transaction and scan it with your cell phone and transfer it to online computer for broadcasting. result: 100% airgap wallet

Why do I need to install linux on a flashdrive for this idea? It seems to me that I am scanning a QR code using the non-internet connected computer, either directly from the other computer screen, or printed out on a sheet of paper. I then generate a new QR code that I use my cell phone to scan and connect that to the internet-connected computer?
member
Activity: 73
Merit: 10
May 27, 2017, 03:21:18 AM
#6
1. install linux on the flash drive and then use your webcam to scam the QR code of the raw unsigned transaction that you are supposed to sign. sign it, make a QR from the signed transaction and scan it with your cell phone and transfer it to online computer for broadcasting. result: 100% airgap wallet

The QR code tip is really innovative. Never thought of that earlier.


And regarding saving your private keys, print paper wallets with the passphrase encrypted private key and store them in several places.
legendary
Activity: 3472
Merit: 10611
May 26, 2017, 11:23:43 PM
#5
these are your options:
1. install linux on the flash drive and then use your webcam to scam the QR code of the raw unsigned transaction that you are supposed to sign. sign it, make a QR from the signed transaction and scan it with your cell phone and transfer it to online computer for broadcasting. result: 100% airgap wallet

2. partition your flash into two separate ones. first partition should be in FAT and second be in linux format. now install in the second one. place the raw unsigned tx into the first partition that your windows recognizes (it doesn't see the second at all) boot up linux from USB, sign, put it back in first partition, shut down, go to windows, broadcast. result pretty good security

in both cases remember to add passwords to both linux and wallet and keep separate backups.
remember that these devices are susceptible to damage and loss of data in case you don't connect them to a power source ie USB port for a long time.
sr. member
Activity: 448
Merit: 250
May 26, 2017, 09:14:44 PM
#4
But this requires a flashdrive to go back and forth. So how much does that compromise security?
I can tell you that you should use SD cards,

I assume the user is using Windows, if so an SD card is mounted as a drive the same as a flash drive, if it was to be infected with malware or ransomware it'd still be infected/encrypted.

The only safe thing to do is to have it backed up on multiple locations.
If you desperately want to use SD Cards or USB drives/flash drives go out and by three high quality ones.
Use one for the daily use every day, another with a backup you update whenever possible and that can be left within your cupboard somewhere in your house. Then the third one which is a backup of the backup should live in a location that is not your home/office, it needs to be a different geographical location aka - storage shed, safe deposit box, wherever you have somewhere else safe you can keep it.

This 3 step backup solution is now protecting you from the following:
  • USB Failure / corruption
  • Ransomware / Cryptolocking
  • Natural disaster
  • Loss of USB Drive OR accidental deletion
  • The event that someone breaks into your house and steals all your tech

If you have any other questions shout out.
legendary
Activity: 2296
Merit: 1014
May 26, 2017, 12:26:46 PM
#3
But this requires a flashdrive to go back and forth. So how much does that compromise security?
100%. It compromises security 100%. U can't do that. Malware is written to infect flash drives/pendrives mostly instantly.
I can tell you that you should use SD cards, they are not infected almost at all. Additionally, disable in Windows all options to autorun inserted drives (CD/PENDRIVE/FLASHDRIVES/EVERYTHING).

Smiley Happy to help.
legendary
Activity: 966
Merit: 1042
May 26, 2017, 11:07:40 AM
#2
If you have an infected system it could infect the flash drive. If you store bitcoins only on one flash drive it will deteriorate over the and you will lose everything.

Make multiple backups like you would with anything important in your life and store them on very secure systems. Ubuntu Live CDs are great for this.
sr. member
Activity: 503
Merit: 286
May 26, 2017, 11:04:32 AM
#1
I have heard suggestions here to have an offline computer where keys are stored. Even transactions that need to be paid can be saved, entered into the offline computer, signed, and the confirmation transferred back to the flashdrive to be uploaded to the internet. But this requires a flashdrive to go back and forth. So how much does that compromise security?

If one only transmits specific files back and forth to the flashdrive, is it safe? Or is it possible for a program to install itself unknowingly on the flashdrive while in the internet-connected computer?

Am using linux.
Pages:
Jump to: