Author

Topic: Is Fomat OS and reinstalling it safe? Electrum Cold storage. (Read 208 times)

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
There's a bunch of sanctions on US goods to countries like Syria and the other countries on the US list and I would assume that Amazon has to abide by that as well, so I don't think they do.

Not sure how the economy works there, there's just too many import restrictions caused by the sanctions and I imagine it could be more expensive to obtain those items.

I live in Sudan, another restricted country and I can confirm some Amazon categories like laptops are indeed banned from being shipped here, all the other categories don't appear blocked but you get stuck when you have to give them a shipping address because street addresses are practically non-existent here (people just say "next to XYZ street in front of ABC store") and I imagine the situation is worse in a war-torn place like Syria.

I'd bet I could get stuff from AliExpress but again shipping stuff here is a huge logistical problem without addresses and a fully-functional postal system so I imagine this applies for Husires too  Undecided
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
And you are trying to tell me that 1) amazon does not deliver to your country and 2) there is no way for you to buy a cheap smartphone or laptop?

You don't need to import a hardware wallet. You could just buy a cheap laptop for 100$.

It is not about if a linux system is good in your case, it is about how it is being accessed (e.g. air-gapped device of every-day computer).
There's a bunch of sanctions on US goods to countries like Syria and the other countries on the US list and I would assume that Amazon has to abide by that as well, so I don't think they do.

Not sure how the economy works there, there's just too many import restrictions caused by the sanctions and I imagine it could be more expensive to obtain those items.
legendary
Activity: 1624
Merit: 2481
If it's not worth for you, then continue using your windows system.
The issue is not the price, but rather the location, I live in Syria and shipping to here is difficult, and it requires trusting a third party to buy hardware wallet and send it to you, so is it better to rely on Linux OS or trust in a third party to ship the device?

And you are trying to tell me that 1) amazon does not deliver to your country and 2) there is no way for you to buy a cheap smartphone or laptop?

You don't need to import a hardware wallet. You could just buy a cheap laptop for 100$.

It is not about if a linux system is good in your case, it is about how it is being accessed (e.g. air-gapped device of every-day computer).
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
If it's not worth for you, then continue using your windows system.
The issue is not the price, but rather the location, I live in Syria and shipping to here is difficult, and it requires trusting a third party to buy hardware wallet and send it to you, so is it better to rely on Linux OS or trust in a third party to ship the device?

If that's the case then maybe you can see if there's an escrow somewhere on this forum who can buy it for you and ship it to Syria on your behalf?

I have never seen something like that happen before but I guess it's your best shot if you want things shipped to you.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Although this question gets asked a lot in different forms, and this particular one has already been answered be several people here, I want this answer to be used as a reference for future people coming with this question.

I say formatting the partition and reinstalling Windows is not the safest option. You should delete the entire partition table from the disk using a Linux Live DVD, (the one Arch Linux provides on it's website is excellent for that and you can accomplish this intuitively with the cfdisk utility), and create multiple different-sized partitions on that disk to thwart any BIOS malware (rootkits) that guesses partition sizes from installing programs into it, format them all with Linux filesystems like ext4 - which can't be read by Windows, implies you have to install Linux - if you want to keep them all separate, or you can combine all these partitions into one filesystem by making them all a Linux LVM partition.

Some manufactuers put rootkits in the BIOSes of Windows computers they sell that automatically installs their junkware after a Windows reinstall. These depend on being able to read an NTFS or FAT32, or basically any other type Windows ever supported officially, partition. Some of these rootkits are old can only read legacy-format MBR partition tables so it's better to create the new one on your disk to use the new and modern GPT table as well. It can also be read by Windows 10 and that's why I singled out old rootkits. At least one major vendor (Lenovo) did this in the past for some of their models, but not on Thinkpads, only on home models like Yoga and the like.

The basic idea for doing all this is to prevent Windows rootkits on the BIOS from working even though they cannot be uninstalled.

Also, using Windows as your OS for cold storage introduces the additional problem of 1) missing out on Windows security updates, and 2) Electrum making a version that indirectly no longer supporting your version (build number in Windows 10's case), because its dependencies dropped support for it. The only way to resolve that would be by connecting the cold storage online to use Windows Update, a big no-no, or by formatting some removable media with a new Windows version and reinstall that.

On Linux it's actually possible to download new versions of all installed packages onto removable media and connect it to the cold storage and update the system from that. This solves 1) and 2) at the same time.

Ok, I don't want to make a new thread since this one is related anyway, but what other Linux distros are good for air gap installation with Electrum?

In Arch Linux it isn't even easy to bring up networking after you do a fresh install. I did install it a few days ago and it was only when I had dhcpcd, systemd-networkd and systemd-resolved all running I was able to get network connectivity from an Ethernet line. If you refrain from installing any network-related packages via its live DVD - because nothing is installed by default and in Arch all the packages must be installed by hand -, it is perfect for cold-storage systems since there's no way for malware installed to connect to the internet even if it wanted to.

I hear Gentoo is similar to Arch except you have to compile your own kernel too, never tried that distro so can't comment about it further.

Otherwise most other distributions automatically set up networking and are equal in that regard.

It literally doesn't matter which distro you use as long as its a reputable one and not something like hannah monatana linux.

Well actually it matters only if you don't want to reinstall newer distro versions because you'd want to use a rolling-release distribution that has perpetual support, or at least a fixed release distribution like Ubuntu which has a special "OS upgrade" command for when your release becomes EOL. This is not a real issue, just an inconvenience.
legendary
Activity: 1624
Merit: 2481
Ok, I don't want to make a new thread since this one is related anyway, but what other Linux distros are good for air gap installation with Electrum?

Ubuntu, Tails, Debian?


It literally doesn't matter which distro you use as long as its a reputable one and not something like hannah monatana linux.

Make sure to verify the download, and you will be fine.
Regardless of whether you use Ubuntu, Debian, Arch, Manjaro, Redhat, Parrot, Tails, Gentoo or any of the other dozens of reputable ones available.
legendary
Activity: 3472
Merit: 10611
I will buy a USB flash drives and burning last Ubuntu OS. Is it safe to boot it without formatting my old OS? What about installing it with my old OS?
Yes, it is safer and there is no need to remove the existing OS. Even if your Windows is infected that won't affect the Live Linux you are running from a DVD or a USB. They run completely from your RAM and you don't even have to mount any of your hard disk drives.
HCP
legendary
Activity: 2086
Merit: 4361
So my concern really, if I get Electrum Appimage for Linux:
https://download.electrum.org/4.0.9/electrum-4.0.9-x86_64.AppImage

That is the binary right?
Correct... by using the AppImage, you shouldn't need to worry about dependencies, as they are all included in the AppImage... that's the entire purpose of the AppImage... download (verify) and run! Wink


https://electrum.org/#download

Also shows Installation from Python sources, I'd have to somehow make sure the dependencies are already in my linux iso or else download them separately and install them.
Correct, running from sources is a bit more involved... as you may not necessarily have all the required dependencies... and getting them onto an "air gapped" machine can be a bit fiddly (and adds a possible attack vector to the air-gapped machine... ie. compromised libraries etc).


I'm probably going to try other distros, but if those 3 work with the appimage, then I guess I'm good to go. Offline. Air Gap. Just need a working camera for QR code scanning.
Seems like you have a fairly good handle on things... any standards compliant camera should suffice... you shouldn't need anything too special to make it work. Even a laptop camera would probably work "OK" but could possibly be a bit fiddly trying to scan QR codes on the "online" machine by holding up a laptop to the screen! Tongue
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
@dabs: all 3 would work: ubuntu, tails and debian.

Yes, I believe you need to download the dependencies for raspi, then copy over those *.deb files.

Anyway, I checked out Ubuntu and Debian and Tails installation stuff.

tails-amd64-4.15.1.iso or .img = size 1.11 GB (1,194,328,064 bytes)
ubuntu-20.04.1-desktop-amd64.iso = size 2.59 GB (2,785,017,856 bytes)
debian-10.7.0-amd64-DVD-1.iso = size 3.69 GB (3,972,317,184 bytes)

So tails is the smallest one, probably has the least attack surface, which shouldn't matter as it's air gapped.

So my concern really, if I get Electrum Appimage for Linux:
https://download.electrum.org/4.0.9/electrum-4.0.9-x86_64.AppImage

That is the binary right?

From the docs here: https://electrum.readthedocs.io/en/latest/tails.html
Quote
... the AppImage binary we distribute (a self-contained executable that should work on any x86_64 Linux including Tails).

https://electrum.org/#download

Also shows Installation from Python sources, I'd have to somehow make sure the dependencies are already in my linux iso or else download them separately and install them.

I'm probably going to try other distros, but if those 3 work with the appimage, then I guess I'm good to go. Offline. Air Gap. Just need a working camera for QR code scanning.
legendary
Activity: 3584
Merit: 5248
https://merel.mobi => buy facemasks with BTC/LTC
@dabs: all 3 would work: ubuntu, tails and debian.

This being said, do remember rPi uses arm architecture, so you won't be able to use the binary's available on electrum.org... This also means you'll have to make sure all those depencies are available, witch is a pain on a machine without network (i'm not saying it's impossible... I'm just saying it'll be harder to get things working and keeping your electrum version updated).

For an airgapped setup, i wouldn't be worried about BIOS virusses either...
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Ok, I don't want to make a new thread since this one is related anyway, but what other Linux distros are good for air gap installation with Electrum?

Ubuntu, Tails, Debian?

The steps I want to do is

1. burn latest version verified ISO to CD/DVD/USB
2. download verified latest version Electrum for Linux / Windows 10
3. erase, wipe, nuke, partition, format on air gap laptop / desktop
4. clean install OS
5. clean install Electrum

I've been looking at really small distros like Puppy Linux and Damn Small Linux, but really, any distro that can easily run on any 5 year old computer should be fine. I've also looked at Raspberry Pi Zero (without wireless, no bluetooth, no wifi) and that's also a low cost option.

I've also managed to get a latest version Windows 10 desktop/laptop completely installed offline and activated offline (without calling Microsoft), legally. So that works for me too. Technically, it does not need to be activated these days, there will just be that reminder on the screen.

All these methods have no guarantees against BIOS/UEFI malware, but I think that's a very small chance at the same time an air gap prevents the machine from talking to any other machine except through your own methods (USB or QR codes by camera). OS level malware is probably the one taken care of by this method and secures any coins you have with almost 100% safety. (not 100%, maybe 99% or something.)

I intend to do this together with either another device or hardware wallet for multi-sig.

I'll have to experiment a bit, but ideally I want step 1 to include any required dependencies already installed (python) so the next step to install Electrum is straightforward. I know Tails works because it does include Electrum already, but I'm also looking at other distros.

If anyone can confirm other distros, that would be great. I'm going to try with Debian as it's the most "plain" and "base" and every other distro seems to use that.
legendary
Activity: 3584
Merit: 5248
https://merel.mobi => buy facemasks with BTC/LTC
--snip--
If you are too cheap to spend 60$ from your ~35.000$, then you are on your own.
--snip--

You wouldn't believe how many times i heared the "a hardware wallet is to expensive" excuse from people that are holding enough bitcoin to buy a house in the city.

@OP: just realize that if you're going to cheap out, it doesn't matter what kind of advice we give you... You'll never be as safe as if you'd just spend $100 and buy a decent (new) hardware wallet from a reputed vendor. It IS possible to achieve the same kind of security (or even slightly better security) with a proper airgapped setup or a properly generated paper wallet, but those setups are hard and really unforgiving. If you don't know what you're doing, you're much better of buying a hardware wallet cause the slightest slipup in your opsec procedure will come back to haunt you.

@OP: yes, you can install ubuntu on an usb stick and boot from it relatively safe... However, i would read following tutorials first:
https://ubuntu.com/tutorials/how-to-verify-ubuntu
https://help.ubuntu.com/community/Installation/CDIntegrityCheck

This being said, if you run ubuntu from a live usb stick, disable the network interface and don't touch your harddisks, you should be relatively safe... I mean, sure, if you're really paranoid this probably won't be enough, but for a normal person it should suffice.
legendary
Activity: 1624
Merit: 2481
The amount is more than 1 Bitcoin, but I bought it in 2018 so it's worth it.I would like to think of the cheapest and safest solution.

The cheapest solution will never be the most secure one.
If you are too cheap to spend 60$ from your ~35.000$, then you are on your own.

If it's not worth for you, then continue using your windows system.
legendary
Activity: 3472
Merit: 10611
If you want real security you wouldn't use Windows in first place and prefer an open source operating system such as Linux.
Speaking of cold storage it is trivial to run Linux from a DVD (live) and preventing it from accessing anything including your network and hard disks. It also doesn't have the backdoors that Windows intentionally has!

Also keep in mind that one of the most important steps is verifying the Electrum binaries signature using PGP not having false sense of security just because you think you've downloaded them from "official site".
legendary
Activity: 1624
Merit: 2481
If you have a "good amount of bitcoins", you do have enough money to buy a second device.

Therefore, i assume the amount is not that high.
And in this case, following the advices from mocacinno, indeed puts you in a pretty safe spot.



legendary
Activity: 3584
Merit: 5248
https://merel.mobi => buy facemasks with BTC/LTC
Well, if you completely format your harddisk, install a legal copy of your OS, install all updates from your vendor, install a legit virusscanner, install a legit firewall, download electrum from electrum.org AND check the signature of electrum... you're pretty safe.

It would be safer to run tails OS from a live disk and disable the network adapter, then restore your wallet from seed and export your xpub, then boot back into your windows OS (online) and create a watch-only wallet with the xpub... Use your offline tails live distro to sign transactions, and your online windows distro to watch the addresses and create unsigned transactions...

But to be honest, without a bit more background info, it's hard to say what is safe and what is not... Doing these steps might be really safe from a crypto point of view, but formatting your harddisk might make you lose other important data...
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
Now I want to use it, is it safe to delete all the data on my Windows (C:) driver, reinstall the operating system (Windows 10) and install Electrum from the official website? What problems might occur?
That means you are not sure if your computer has malware running underneath which could have been as a result of the way you handle the computer for online activities. It will be good to reinstall the OS, it is the best thing to do because your computer could have installed malware. You have your seed already, all you need to do is to install back electrum after installing the computer OS, but I will advice you to install Linux OS instead of window, then download electrum and input your seed.
legendary
Activity: 1596
Merit: 1288
I cannot order hardware wallets and ship them to my country and I do not have money to buy an additional laptop.
I have a good amount of bitcoins. I invested several years ago using electrum and reinstalling my OS after obtaining wallet seed.

Now I want to use it, is it safe to delete all the data on my Windows (C:) driver, reinstall the operating system (Windows 10) and install Electrum from the official website? What problems might occur?

Jump to: