Pages:
Author

Topic: Is old 3.5 floppy safer than USB drive for cold storage? - page 2. (Read 5738 times)

legendary
Activity: 906
Merit: 1002
Many computers with built in webcam have built in wifi so if the OP is trying to avoid using USB period then he would probably not to be dealing with a computer that could have it's wifi antenna enabled (although this is serious tinfoil hat status).

Disable it in the BIOS? Or in the OS on first run? Some come with hardware switches that you can super-glue in the off position? Not really a problem.
If it is in there, in theory it can be used. Some people want to use thicker "tinfoil hats" then others. I personally don't think it is necessary to go to these extremes (or to the extremes that CIYAM went to above) as I believe the incremental amount of security is low
sr. member
Activity: 968
Merit: 250
i dont trust usb drives. i have a magnetic field machine i use in my room time to time. i have my flash drives in my closet. my flash drives dont work anymore, lucky i pull my coins out way before it happen. im very paranoid about my coins now, i dont fuk around no more,i hand write my private keys, twice.
member
Activity: 88
Merit: 10
It's not a single key cold storage.

Not sure what you mean by this - but just to be clear you can have as many "keys" as you like using CIYAM Safe.


I understand that. I think the approach is different.

If I understand correctly, CIYAM Safe is meant to put coins in a cold storage as you would with a paper wallet. Put one bitcoin in address A and one in address B. Now, to spend 1.5 BTC for example in single transaction from CIYAM Safe I imagine is a bit tricky?

Whereas with Armory it will create a single transaction 2 BTC -> 1.5 BTC and 0.5 BTC change (to a new adddress) for you. It will also try and select the optimal inputs for a transaction.

I think they are just different solutions to different use cases.


Most people do not send bitcoin directly from their cold storage to the address(es) they are sending to. In my experience most businesses will have a "hot wallet" that will contain a "target" amount of bitcoin. If the hot wallet gets too low then bitcoin will be transferred from their cold storage into their hot wallet. If the hot wallet starts to get too much bitcoin then the company will transfer some of the bitcoin to their cold storage
sr. member
Activity: 534
Merit: 250
The Protocol for the Audience Economy
I ended up using audio using minimodem. This [1] is in the Armory section and for Linux, but it might give you some ideas (you can transmit any kind of data). Cheap investment too for a 3.5mm jack-jack cable.

[1] https://bitcointalksearch.org/topic/tx-signing-via-minimodem-735111

This is a pretty pro way of doing this, though i would not really bother unless you have a large amount of bitcoins Cheesy
sr. member
Activity: 534
Merit: 250
The Protocol for the Audience Economy
I would probably keep a copy on as many mediums and platforms as you can think being safe, such as :

- Print it out
- Encrypted backups on different mediums
- Put it in a vault if you have to Smiley

I would not say one single method is safe enough. You dont know what is going to happen long term.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
I think they are just different solutions to different use cases.

Indeed - I don't deal with "cold storage" like *normal transactions* (and I seriously doubt that anyone else does either).

The basic idea is that you have X "cold storage addresses" and then you "move funds to a hot wallet" from one at a time.
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
It's not a single key cold storage.

Not sure what you mean by this - but just to be clear you can have as many "keys" as you like using CIYAM Safe.


I understand that. I think the approach is different.

If I understand correctly, CIYAM Safe is meant to put coins in a cold storage as you would with a paper wallet. Put one bitcoin in address A and one in address B. Now, to spend 1.5 BTC for example in single transaction from CIYAM Safe I imagine is a bit tricky?

Whereas with Armory it will create a single transaction 2 BTC -> 1.5 BTC and 0.5 BTC change (to a new adddress) for you. It will also try and select the optimal inputs for a transaction.

I think they are just different solutions to different use cases.

legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
Many computers with built in webcam have built in wifi so if the OP is trying to avoid using USB period then he would probably not to be dealing with a computer that could have it's wifi antenna enabled (although this is serious tinfoil hat status).

Disable it in the BIOS? Or in the OS on first run? Some come with hardware switches that you can super-glue in the off position? Not really a problem.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
Many computers with built in webcam have built in wifi so if the OP is trying to avoid using USB period then he would probably not to be dealing with a computer that could have it's wifi antenna enabled (although this is serious tinfoil hat status).

Funnily enough when I bought the old laptop that I use for my "offline system" here in China I got my wife to ask them to remove the WiFi card which surprised the store owner a lot (prompting him to ask why). She looked at him blankly for a few seconds and then explained that the problem is that when she gets online she always ends up in fights with people on the internet so her husband doesn't want her to be able to get online. Smiley
member
Activity: 83
Merit: 10
Sounds good, but how would I get the QR codes off of the offline computer and onto the online computer. I can generate them on the offline computer and scan them into my phone, but how do I get them to the online computer without using a wand or some other USB interface I'm trying to avoid?

Built-in webcam on the online PC? Reads the QR code from the offline PC and you always can double check and compare the output the software provides (QtQR for Linux, for example). But depending on tx size you'll end up scanning several QR codes. (etotheipi's post)
Many computers with built in webcam have built in wifi so if the OP is trying to avoid using USB period then he would probably not to be dealing with a computer that could have it's wifi antenna enabled (although this is serious tinfoil hat status).

@moria I believe the risk of using a USB drive is very low. You can further minimize this risk by utilizing good physical security to both your USB drive and your computer that holds the private keys.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
It's not a single key cold storage.

Not sure what you mean by this - but just to be clear you can have as many "keys" as you like using CIYAM Safe.
newbie
Activity: 11
Merit: 0
In addition to the 5.25 inch floppy of course, I just use 2 USB drives and a CD all kept in different places. Done.
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
Sounds good, but how would I get the QR codes off of the offline computer and onto the online computer. I can generate them on the offline computer and scan them into my phone, but how do I get them to the online computer without using a wand or some other USB interface I'm trying to avoid?

Built-in webcam on the online PC? Reads the QR code from the offline PC and you always can double check and compare the output the software provides (QtQR for Linux, for example). But depending on tx size you'll end up scanning several QR codes. (etotheipi's post)
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
This is what I really don't *get* when Armory (in particular) talk about offline signing for "cold storage" - it always seems as though they are trying to solve problems for "idiots" (but they seem to forget that "idiots and ingenious" and are going to lose their BTC no matter which software they use - and yes I don't recommend CIYAM Safe for "idiots").

Why on earth would I have "40 donations" to a "cold storage address" that should never have never published. Huh

CIYAM Safe works perfectly on the assumption that you "know what you are doing" and you don't go "publishing your cold storage addresses publicly" (so there should only be 1 UTXO to deal with every time which works perfectly with just QR codes - one to receive the unsigned raw tx and one to send the signed raw tx).

Because like you said the other day, Armory is a wallet, that offers the possibility to keep the private keys cold. It's not a single key cold storage. Doesn't matter if it's 40 tx to one address or 40 different addresses. Say you have armoryd (watch-only) giving out addresses to customers. Later you want to spend from those, via the offline computer. There's the problem there.
sr. member
Activity: 406
Merit: 250
AltoCenter.com
I don't think there's any significant difference between the floppy and USB. They both have same kind of storage or at least I have used both of them.
sr. member
Activity: 442
Merit: 250
Found Lost beach - quiet now
I guess most people are missing the main question. I already have paper backups in a safety deposit box. The only thing I'm temporarily storing are files created on my cold storage (offline computer), or the only computer that contains the private keys. These "signature files" are stored to the floppy, then my online computer will read them from the floppy and broadcast the transaction. I can do this with a USB drive also but because of the BadUSB hack I was wondering if the old technology would be safer - I know the USD hack won't work on an FDD controller.
I think a better solution would be to use QR codes to transmit the unsigned/signed TXs between computers (I think this was suggested once or twice above). This would prevent any physical attack to your offline computer and would ensure that nothing that has touched your online computer will ever touch your offline computer
Sounds good, but how would I get the QR codes off of the offline computer and onto the online computer. I can generate them on the offline computer and scan them into my phone, but how do I get them to the online computer without using a wand or some other USB interface I'm trying to avoid?
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
This is what I really don't *get* when Armory (in particular) talk about offline signing for "cold storage" - it always seems as though they are trying to solve problems for "idiots" (but they seem to forget that "idiots and ingenious" and are going to lose their BTC no matter which software they use - and yes I don't recommend CIYAM Safe for "idiots").

Why on earth would I have "40 donations" to a "cold storage address" that should never have never published. Huh

CIYAM Safe works perfectly on the assumption that you "know what you are doing" and you don't go "publishing your cold storage addresses publicly" (so there should only be 1 UTXO to deal with every time which works perfectly with just QR codes - one to receive the unsigned raw tx and one to send the signed raw tx).
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
member
Activity: 109
Merit: 10
I guess most people are missing the main question. I already have paper backups in a safety deposit box. The only thing I'm temporarily storing are files created on my cold storage (offline computer), or the only computer that contains the private keys. These "signature files" are stored to the floppy, then my online computer will read them from the floppy and broadcast the transaction. I can do this with a USB drive also but because of the BadUSB hack I was wondering if the old technology would be safer - I know the USD hack won't work on an FDD controller.
I think a better solution would be to use QR codes to transmit the unsigned/signed TXs between computers (I think this was suggested once or twice above). This would prevent any physical attack to your offline computer and would ensure that nothing that has touched your online computer will ever touch your offline computer
newbie
Activity: 4
Merit: 0
Honnestly I think paper with redundancy is the best, but the exploit is difficult to execute and will not really be a big deal.
Pages:
Jump to: