Bitcoin Forum>Bitcoin>Bitcoin Discussion
Pages:
Author

Topic: Is old 3.5 floppy safer than USB drive for cold storage? (Read 5727 times)

Dabs
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Is old 3.5 floppy safer than USB drive for cold storage?
October 12, 2014, 10:53:08 PM
#100
Quote from: santaClause on October 12, 2014, 01:39:04 PM
In order for this to be sufficiently secure you would need to keep your FDE password long/complex enough so that it cannot easily be guessed and is different from other passwords. Cold storage however, by definition is not used very often. Your risk is that you do not enter your password often enough so that you remember your FDE password and lose access to your computer and private key.

Thanks for your concern. This should not be a problem for me. I forget many things, but not my passwords. They are also usually alphanumeric and between 20 to 64 characters long. (Randomly generated.)

And of course, there is a paper backup, stored somewhere safe.
vipgelsi
legendary
Activity: 1736
Merit: 1001
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 12, 2014, 10:49:05 PM
#99
I think the floppy would be safer and kinda cooler.
banders
newbie
Activity: 32
Merit: 0
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 12, 2014, 10:45:31 PM
#98
The Unpatchable Malware That Infects USBs Is Now on the Loose  http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/
iwillwin
newbie
Activity: 28
Merit: 0
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 12, 2014, 03:49:07 PM
#97
Why do you think it would be safer ? I mean you must have given a thought to it as to why do you feel it would be safer ?
Armadillo
newbie
Activity: 33
Merit: 0
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 12, 2014, 02:08:03 PM
#96
It seems to me that there is a greater risk in losing your wealth through the volatility of bitcoin itself than from someone stealing your coins out of cold storage. If you have a large portion of your wealth in bitcoin, a hedging strategy may add more security to your purchasing power than etching your info into a tungsten billet....just sayin.
santaClause
full member
Activity: 183
Merit: 100
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 12, 2014, 01:39:04 PM
#95
Quote from: Dabs on October 12, 2014, 10:32:25 AM
Quote from: Newar on October 11, 2014, 03:02:26 AM
Quote from: Dabs on October 11, 2014, 01:23:06 AM
It's enough, for me, to live in a gated community with armed guards roaming, with CCTV all over the place. And of course, I am armed myself.
[...]

Sometimes the "attack" can come from unexpected angles. There was a thread the other day where a guy lost his private keys he had on his phone wallet. Turns out his kids had access to the phone and deleted the Mycelium data (but not the app) to make room for a game they wanted to play.

My kids are under 3 years old. While they know how to play on the ipad mini and my phone (and have accidentally deleted apps), I don't have any coins stored there, for precisely that reason, because they keep playing Pou or Fruit Ninja or Temple Run, and keep spending all my hard earned play money.

I would probably reserve a phone unit specifically for bitcoin purposes that no one else uses, but nah, that's what my laptops are for. (full drive encrypted, so no one opens it but me.)
In order for this to be sufficiently secure you would need to keep your FDE password long/complex enough so that it cannot easily be guessed and is different from other passwords. Cold storage however, by definition is not used very often. Your risk is that you do not enter your password often enough so that you remember your FDE password and lose access to your computer and private key.
sinip
newbie
Activity: 16
Merit: 0
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 12, 2014, 11:46:35 AM
#94
Quote from: jonald_fyookball on October 06, 2014, 02:45:33 PM
Quote from: Moria843 on October 06, 2014, 01:15:34 PM
With the news on USB firmware hacks I was wondering if I should add a 3.5" floppy to my online computer to transfer from my cold storage old XP computer that already has a floppy. Would it be safer?

yeah but why not go all the back to a 5 1/4" floppy.  Now those actually flopped.
And 5.25 floppies are actually much more durable regarding usage as storage than 3.5 floppies. Trust me, I have personal experience. Smiley Numerous 3.5 floppies would go bad for simply no reason at all, even after being left unused in a box, while 5.25 ones I have with some data on them are still usable. Provided you have working 5.25 inch floppy drive, and a PC to plug it into.. Smiley
abercrombie
legendary
Activity: 1159
Merit: 1001
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 12, 2014, 11:24:51 AM
#93
I use 3 layers of encryption for wallets tucked away.

Bip-38 protected private addresses (steal it, it still won't work)
PGP encrypt your CSV spreadsheet
All encased in a TrueCrypt container

Rename it to something like taxes-2007.xls then make a bunch of copies.
Dabs
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 12, 2014, 10:32:25 AM
#92
Quote from: Newar on October 11, 2014, 03:02:26 AM
Quote from: Dabs on October 11, 2014, 01:23:06 AM
It's enough, for me, to live in a gated community with armed guards roaming, with CCTV all over the place. And of course, I am armed myself.
[...]

Sometimes the "attack" can come from unexpected angles. There was a thread the other day where a guy lost his private keys he had on his phone wallet. Turns out his kids had access to the phone and deleted the Mycelium data (but not the app) to make room for a game they wanted to play.

My kids are under 3 years old. While they know how to play on the ipad mini and my phone (and have accidentally deleted apps), I don't have any coins stored there, for precisely that reason, because they keep playing Pou or Fruit Ninja or Temple Run, and keep spending all my hard earned play money.

I would probably reserve a phone unit specifically for bitcoin purposes that no one else uses, but nah, that's what my laptops are for. (full drive encrypted, so no one opens it but me.)
bf4btc
hero member
Activity: 568
Merit: 500
Smoke weed everyday!
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 12, 2014, 07:21:29 AM
#91
Quote from: Moria843 on October 06, 2014, 01:15:34 PM
With the news on USB firmware hacks I was wondering if I should add a 3.5" floppy to my online computer to transfer from my cold storage old XP computer that already has a floppy. Would it be safer?
It really depends. If you are a business who is potentially sending bitcoin to customers (and taking money from cold storage to refill your hot wallet) then this would be a bad idea. Floppy disks and floppy drives are much less reliable then a USB drive so if it were to fail you would temporarily be unable allow your customers to receive bitcoin that it owed to them. This could cause your business to have a decreased reputation that could potentially be much more costly then having your bitcoin stolen (it is much easier to recover lost money then to recover lost reputation).

If you would be acting as an individual and would have little reason to need immediate access to your cold storage funds then yes it would be safier
sandykho47
sr. member
Activity: 252
Merit: 251
Knowledge its everything
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 12, 2014, 05:39:43 AM
#90
For short term cold storage, CD/DVD & Secure USB (example : Iron Key) is should good enough
For long term cold storage, use best quality DVD & long term Secure USB (this is expensive)

And you might want to encrypt your cold storage file to get more secure
But, i don't reccomended 3.5 floppy because it's difficult to find the reader & i'm afraid floppy disk can working if you don't use for a long time  Sad
funtotry
sr. member
Activity: 420
Merit: 250
Ever wanted to run your own casino? PM me for info
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 11, 2014, 10:19:19 PM
#89
Quote from: Eisenhower34 on October 11, 2014, 02:39:16 PM
Quote from: Newar on October 11, 2014, 03:02:26 AM
Quote from: Eisenhower34 on October 11, 2014, 02:16:54 AM
Quote from: Newar on October 11, 2014, 12:59:10 AM
Quote from: Eisenhower34 on October 11, 2014, 12:13:11 AM
If it is in there, in theory it can be used. Some people want to use thicker "tinfoil hats" then others. I personally don't think it is necessary to go to these extremes (or to the extremes that CIYAM went to above) as I believe the incremental amount of security is low

Only if the attacker has access to the device. At that point I wouldn't worry about USB/wifi security issues anymore. You got a bigger problem then.
Well, in a worse case scenario, an attacker could enable the wifi + somehow capture the private key when it is unencrypted to sign a TX.
Please explain how he could enable wifi on the device without physical access to the device.
I am saying that they would have physical access to the device. Many bitcoin users counter the potential of someone getting physical access to their cold storage with encryption, however the private keys would need to be decrypted temporarily in order to sign a TX. 
You could easily prevent any potential attack on your cold storage computer by renting a large safe deposit box at your bank and storing a laptop in the safe deposit box with the battery out. Colt storage by definition should not be used very frequently so it should not be easy for even you to access. You can store an unused USB drive with the laptop in the safe deposit box. This would resolve the issue of both your wifi being compromised and that your USB drive could somehow get compromised.
Eisenhower34
legendary
Activity: 906
Merit: 1002
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 11, 2014, 02:39:16 PM
#88
Quote from: Newar on October 11, 2014, 03:02:26 AM
Quote from: Eisenhower34 on October 11, 2014, 02:16:54 AM
Quote from: Newar on October 11, 2014, 12:59:10 AM
Quote from: Eisenhower34 on October 11, 2014, 12:13:11 AM
If it is in there, in theory it can be used. Some people want to use thicker "tinfoil hats" then others. I personally don't think it is necessary to go to these extremes (or to the extremes that CIYAM went to above) as I believe the incremental amount of security is low

Only if the attacker has access to the device. At that point I wouldn't worry about USB/wifi security issues anymore. You got a bigger problem then.
Well, in a worse case scenario, an attacker could enable the wifi + somehow capture the private key when it is unencrypted to sign a TX.
Please explain how he could enable wifi on the device without physical access to the device.
I am saying that they would have physical access to the device. Many bitcoin users counter the potential of someone getting physical access to their cold storage with encryption, however the private keys would need to be decrypted temporarily in order to sign a TX. 
CIYAM
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 11, 2014, 03:15:59 AM
#87
In regards to getting the WiFi card removed (and I also stuck "plug stubs" into both the Ethernet and *phone* sockets) - this was not about worrying that some criminal might get physical access to the device but instead to ensure that someone like my wife "doesn't accidentally connect it to the internet".

In fact my cold storage is not *even stored on that computer* (I use a Live OS of CIYAM Safe).
Newar
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 11, 2014, 03:02:26 AM
#86
Quote from: Eisenhower34 on October 11, 2014, 02:16:54 AM
Quote from: Newar on October 11, 2014, 12:59:10 AM
Quote from: Eisenhower34 on October 11, 2014, 12:13:11 AM
If it is in there, in theory it can be used. Some people want to use thicker "tinfoil hats" then others. I personally don't think it is necessary to go to these extremes (or to the extremes that CIYAM went to above) as I believe the incremental amount of security is low

Only if the attacker has access to the device. At that point I wouldn't worry about USB/wifi security issues anymore. You got a bigger problem then.
Well, in a worse case scenario, an attacker could enable the wifi + somehow capture the private key when it is unencrypted to sign a TX.

Please explain how he could enable wifi on the device without physical access to the device.



Quote from: Dabs on October 11, 2014, 01:23:06 AM
It's enough, for me, to live in a gated community with armed guards roaming, with CCTV all over the place. And of course, I am armed myself.
[...]

Sometimes the "attack" can come from unexpected angles. There was a thread the other day where a guy lost his private keys he had on his phone wallet. Turns out his kids had access to the phone and deleted the Mycelium data (but not the app) to make room for a game they wanted to play.
Eisenhower34
legendary
Activity: 906
Merit: 1002
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 11, 2014, 02:16:54 AM
#85
Quote from: Newar on October 11, 2014, 12:59:10 AM
Quote from: Eisenhower34 on October 11, 2014, 12:13:11 AM
If it is in there, in theory it can be used. Some people want to use thicker "tinfoil hats" then others. I personally don't think it is necessary to go to these extremes (or to the extremes that CIYAM went to above) as I believe the incremental amount of security is low

Only if the attacker has access to the device. At that point I wouldn't worry about USB/wifi security issues anymore. You got a bigger problem then.
Well, in a worse case scenario, an attacker could enable the wifi + somehow capture the private key when it is unencrypted to sign a TX.

I agree that most of the vectors of attack would require physical access and a very good alternative to going crazy with tinfoil is to simply buy a safe and put your computer in your safe when you are not using it
Dabs
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 11, 2014, 01:23:06 AM
#84
It's enough, for me, to live in a gated community with armed guards roaming, with CCTV all over the place. And of course, I am armed myself.

For others, it might not be enough, but usually those kinds of people have other problems and has made enemies. They are either obscenely rich, or politicians.

The head of the largest retail group in my country travels with the minimum entourage of bodyguards. You can easily disappear here, even among the locals, if you even have the slightest idea how. I mean, its not easy, but it's not difficult either.

Back to topic: Just print your wallet or private keys, put it in an envelope, and lock it up in a traditional safe or filing cabinet at home.
Newar
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 11, 2014, 01:01:10 AM
#83
Quote from: BTCfan668 on October 10, 2014, 07:13:31 PM
Most people do not send bitcoin directly from their cold storage to the address(es) they are sending to. In my experience most businesses will have a "hot wallet" that will contain a "target" amount of bitcoin. If the hot wallet gets too low then bitcoin will be transferred from their cold storage into their hot wallet. If the hot wallet starts to get too much bitcoin then the company will transfer some of the bitcoin to their cold storage

I guess it's because "most people" don't use Armory.
Newar
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 11, 2014, 12:59:10 AM
#82
Quote from: Eisenhower34 on October 11, 2014, 12:13:11 AM
If it is in there, in theory it can be used. Some people want to use thicker "tinfoil hats" then others. I personally don't think it is necessary to go to these extremes (or to the extremes that CIYAM went to above) as I believe the incremental amount of security is low

Only if the attacker has access to the device. At that point I wouldn't worry about USB/wifi security issues anymore. You got a bigger problem then.
25hashcoin
hero member
Activity: 574
Merit: 500
Re: Is old 3.5 floppy safer than USB drive for cold storage?
October 11, 2014, 12:32:42 AM
#81
Quote from: Eisenhower34 on October 11, 2014, 12:13:11 AM
Quote from: Newar on October 10, 2014, 05:24:22 AM
Quote from: BIGbangTheory on October 09, 2014, 09:02:51 PM
Many computers with built in webcam have built in wifi so if the OP is trying to avoid using USB period then he would probably not to be dealing with a computer that could have it's wifi antenna enabled (although this is serious tinfoil hat status).

Disable it in the BIOS? Or in the OS on first run? Some come with hardware switches that you can super-glue in the off position? Not really a problem.
I personally don't think it is necessary to go to these extremes (or to the extremes that CIYAM went to above) as I believe the incremental amount of security is low


It may be low, but the additional security measures are what seal off the gaps.
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: