Author

Topic: Is this a safe way to store bitcoins? Ubuntu Encrypted on USB HD? (Read 1938 times)

member
Activity: 71
Merit: 10
@bcearl : I'm installing Ubuntu on a USB drive at the moment, but I'm a relative linux newb. Do you have instructions for securing it for Bitcoin? ie. removing unnecessary apps, removing swap drive, setting up the firewall, etc.
Also, I read BSD has only had 2 security vulnerabilities in it's whole life. If that's true, it sounds secure, so why choose Ubuntu?

For all others following this path, here's the link to PenDrive Linux - a 1-step USB install of any linux distro
http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/
full member
Activity: 168
Merit: 103
The most secure Linux is one that's off. Followed by one that's up-to-date and behind a proper firewall. It doesn't matter what distro you use, they all share the same kernel vulnerabilities.

One of the lesser-used *nixes like lone of the BSDs will have fewer people trying to crack it, but also fewer people trying to patch it.

Set your machine up behind a firewall that only allows Bitcoin traffic. Then nothing can get in except through a kernel hole in a very well-inspected part of the code, or a hole in the Bitcoin client.

On that note, when was the last time we did a security audit of the client? Are we sure there are no obvious buffer overflows to be found?

That's not true, there are a lot of measurement that are taken by different distros differently.

For example with Ubuntu:
- Everything is compiled with the GCC stack smash protection.
- Everything runs with NX flag (data is not executable)
- Dangerous applications are in an extra sandbox (e.g. CUPS (common unix printing system), evince pdf reader)

I don't like Ubuntu that much. But security is the reason I wouldn't change to another one. (At least I haven't found any convincing alternative.)

EDIT: Most distributions don't use those features because they cost performance. It is not that they aren't available in theory.

second EDIT:
Type "sudo apparmor_status" in Ubuntu, and you will get this:
Code:
apparmor module is loaded.
10 profiles are loaded.
10 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/evince
   /usr/bin/evince-previewer
   /usr/bin/evince-thumbnailer
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/connman/scripts/dhclient-script
   /usr/lib/cups/backend/cups-pdf
   /usr/sbin/cupsd
   /usr/sbin/tcpdump
   /usr/share/gdm/guest-session/Xsession
0 profiles are in complain mode.
2 processes have profiles defined.
2 processes are in enforce mode :
   /sbin/dhclient (20559)
   /usr/sbin/cupsd (1266)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
full member
Activity: 141
Merit: 100
The most secure Linux is one that's off. Followed by one that's up-to-date and behind a proper firewall. It doesn't matter what distro you use, they all share the same kernel vulnerabilities.

One of the lesser-used *nixes like lone of the BSDs will have fewer people trying to crack it, but also fewer people trying to patch it.

Set your machine up behind a firewall that only allows Bitcoin traffic. Then nothing can get in except through a kernel hole in a very well-inspected part of the code, or a hole in the Bitcoin client.

On that note, when was the last time we did a security audit of the client? Are we sure there are no obvious buffer overflows to be found?
sr. member
Activity: 280
Merit: 252
I think the plan is good, but I don't think Ubuntu is the right choice. It's a big system, so there are many possible security flaws. I think I'd go with something like OpenBSD instead.

Damnit. I am creating the bootable ubuntu USB disk now Tongue If I am going to get serious about this however there is good reason to switch to the best possible operating system.

In everyone's opinion: what is the most secure linux operating system available out there to date?

I would use a minimal Ubuntu, not the full blown thing. Get rid of everything unnecessary.

And how exactly does a linux noob do that?

By downloading the "alternate" version and installing to USB hdd with only the "desktop" option installed perhaps?
full member
Activity: 168
Merit: 103
I think the plan is good, but I don't think Ubuntu is the right choice. It's a big system, so there are many possible security flaws. I think I'd go with something like OpenBSD instead.

Damnit. I am creating the bootable ubuntu USB disk now Tongue If I am going to get serious about this however there is good reason to switch to the best possible operating system.

In everyone's opinion: what is the most secure linux operating system available out there to date?

I would use a minimal Ubuntu, not the full blown thing. Get rid of everything unnecessary.
sr. member
Activity: 280
Merit: 252
I think the plan is good, but I don't think Ubuntu is the right choice. It's a big system, so there are many possible security flaws. I think I'd go with something like OpenBSD instead.

Damnit. I am creating the bootable ubuntu USB disk now Tongue If I am going to get serious about this however there is good reason to switch to the best possible operating system.

In everyone's opinion: what is the most secure linux operating system available out there to date?
full member
Activity: 175
Merit: 101
I think the plan is good, but I don't think Ubuntu is the right choice. It's a big system, so there are many possible security flaws. I think I'd go with something like OpenBSD instead.
full member
Activity: 126
Merit: 101
There is a command line option to set the number of extra addresses to generate (-keypool=). If you set it to 1,000,000 your computer is going to be crunching numbers for a long time to generate them all.
full member
Activity: 168
Merit: 103
Receiving payments to a existing address will never be a problem.

They only time you have to worry about a wallet getting out of date is if it is a backup of a wallet that is in use. Then you must update at least every 100 new addresses.

You create a new address when sending coins (unless there is no change to be returned), after receiving coins at the currently displayed address for the first time, when you successfully mine a block solo, or when you click the new address button. When those things have happened a total of 100+ times any backup will have an incomplete set of private keys.

Isn't it possible to set the client to use more than 100 addresses by default?

If I were making an encrypted ubuntu usb drive, I would like to set it to 1,000,000 addresses by default obviously, since I wouldn't want to have to keep creating new copies of the operating system/usb drive. Right?

It is possible. The limit of 100 is for unused addresses only. But even that can be specified in the client software.

Code:
 -keypool=       Set key pool size to (default: 100)
sr. member
Activity: 280
Merit: 252
Receiving payments to a existing address will never be a problem.

They only time you have to worry about a wallet getting out of date is if it is a backup of a wallet that is in use. Then you must update at least every 100 new addresses.

You create a new address when sending coins (unless there is no change to be returned), after receiving coins at the currently displayed address for the first time, when you successfully mine a block solo, or when you click the new address button. When those things have happened a total of 100+ times any backup will have an incomplete set of private keys.

Isn't it possible to set the client to use more than 100 addresses by default?

If I were making an encrypted ubuntu usb drive, I would like to set it to 1,000,000 addresses by default obviously, since I wouldn't want to have to keep creating new copies of the operating system/usb drive. Right?
full member
Activity: 126
Merit: 101
Receiving payments to a existing address will never be a problem.

They only time you have to worry about a wallet getting out of date is if it is a backup of a wallet that is in use. Then you must update at least every 100 new addresses.

You create a new address when sending coins (unless there is no change to be returned), after receiving coins at the currently displayed address for the first time, when you successfully mine a block solo, or when you click the new address button. When those things have happened a total of 100+ times any backup will have an incomplete set of private keys.
sr. member
Activity: 280
Merit: 252
That should be safe so long as you use that OS only for sending and receiving bitcoins. There is a remote chance of something nasty living in the motherboard bios or a GPUs bios, but it is very unlikely. Also it would be a good idea to make sure that the permanent drives were never mounted when running from the USB drive.

If you have $100,000 or more worth of bitcoins you should consider a complete dedicated system.

1. That is a worry indeed... as I would potentially be using this USB thumb drive across multiple machines. How common is such a thing from happening? I have only ever heard of a seagate hard drive shipping with malware on it and that was a very small batch a few years ago.

2. @bcearl: What security benefits do I notice by disabling swap space? What are the drawbacks of disable swap space? I have heard that disable swap space is recommended whenever running the OS from a USB hard drive due to wear on the flash memory or something?

What smaller distrubution would you suggest? I have time to play around with setting them up.

1. If you don't need fancy graphics, maybe you can disable video hardware acceleration as well. But I don't know whether that protects you against that at all.

2.
Benefits: You don't have to worry that some memory page with critical data like keys or passwords gets stored on the disk.
Drawback: If you have enough memory and don't neet hibernation (suspend to disk), everything should be fine without swap.

Thanks guys.

Most of the motherboards I buy nowadays come with "virus protection" I think they are pushing... as in it would be tough to install a virus/trojan on the mobo/cpu or something?? I don't know.. :S

Don't have millions to protect, but I don't have much money period so even $1,000 is enough for me to start getting worried about!

Question: How would one make a duplicate bootable copy of this same USB hard drive?

And what if I received 200 mining pool payments to this wallet without loading up the OS? Would the wallet.dat keep track of all 200+ transactions? Doesn't it only do 100 at a time?
full member
Activity: 168
Merit: 103
That should be safe so long as you use that OS only for sending and receiving bitcoins. There is a remote chance of something nasty living in the motherboard bios or a GPUs bios, but it is very unlikely. Also it would be a good idea to make sure that the permanent drives were never mounted when running from the USB drive.

If you have $100,000 or more worth of bitcoins you should consider a complete dedicated system.

1. That is a worry indeed... as I would potentially be using this USB thumb drive across multiple machines. How common is such a thing from happening? I have only ever heard of a seagate hard drive shipping with malware on it and that was a very small batch a few years ago.

2. @bcearl: What security benefits do I notice by disabling swap space? What are the drawbacks of disable swap space? I have heard that disable swap space is recommended whenever running the OS from a USB hard drive due to wear on the flash memory or something?

What smaller distrubution would you suggest? I have time to play around with setting them up.

1. If you don't need fancy graphics, maybe you can disable video hardware acceleration as well. But I don't know whether that protects you against that at all.

2.
Benefits: You don't have to worry that some memory page with critical data like keys or passwords gets stored on the disk.
Drawback: If you have enough memory and don't neet hibernation (suspend to disk), everything should be fine without swap.
full member
Activity: 126
Merit: 101
I can't recall anything in recent history that has infected the bios. I don't know if this is due to better designs or if it simply that any such virus is too hardware specific to be worth the time to create. You are probably more likely to get struck by lightning. Since I don't know how much money you are protecting, it is up to you to decide what is an acceptable level of risk.
sr. member
Activity: 280
Merit: 252
That should be safe so long as you use that OS only for sending and receiving bitcoins. There is a remote chance of something nasty living in the motherboard bios or a GPUs bios, but it is very unlikely. Also it would be a good idea to make sure that the permanent drives were never mounted when running from the USB drive.

If you have $100,000 or more worth of bitcoins you should consider a complete dedicated system.

That is a worry indeed... as I would potentially be using this USB thumb drive across multiple machines. How common is such a thing from happening? I have only ever heard of a seagate hard drive shipping with malware on it and that was a very small batch a few years ago.

@bcearl: What security benefits do I notice by disabling swap space? What are the drawbacks of disable swap space? I have heard that disable swap space is recommended whenever running the OS from a USB hard drive due to wear on the flash memory or something?

What smaller distrubution would you suggest? I have time to play around with setting them up.
full member
Activity: 168
Merit: 103
You should disable SWAP space. This will make it unable to hibernate, but that's worth the security benefit!

It could be even better to use a smaller distribution, but I think Ubuntu is a good start. They have pretty good security policies (for example all kind of buffer and stack overflow protections, and special treatment for potentially dangerous stuff like PDF and printing servers).
full member
Activity: 126
Merit: 101
That should be safe so long as you use that OS only for sending and receiving bitcoins. There is a remote chance of something nasty living in the motherboard bios or a GPUs bios, but it is very unlikely. Also it would be a good idea to make sure that the permanent drives were never mounted when running from the USB drive.

If you have $100,000 or more worth of bitcoins you should consider a complete dedicated system.
sr. member
Activity: 280
Merit: 252
So here is my "safety plan"...

1) Install ubuntu to a USB Hard Drive and select the option to "encrypt hard disks".

2) Install bitcoin on the ubuntu OS that is running off my USB hard drive with encryption.

3) Done.

You would need phyiscal access to my USB drive AND the login password in order to transfer and bitcoins.

The only other step I might include would be making a duplicate copy of that USB HDD and uploading it to "the cloud" but I don't know how to do that yet...

Would it be even "safer" to use a lesser known distribution like Fedora, CentOS, or some other linux variant that is less commonly used to run a bitcoin client perhaps?
Jump to: