Pages:
Author

Topic: LiveUSB for better security. (Read 2252 times)

legendary
Activity: 938
Merit: 1000
July 13, 2011, 05:12:52 AM
#24
I'm working on a clean solution to this problem: the distro I help to mantain has the possibility of being installed on a usbstick puttting only the iso on it (plus some files needed to boot), adding a hidden crypted file with the wallet inside.  So you have only 1 media to carry but in the some time if you want to add a keylogger or other malware you've to rebuild the whole iso (and to be sure that the iso version you put on it is the same of the bootloader files too - the distro is a rolling release one with weekly snapshoots).

The main reason I am sceptical in regards to persistence is that I don't like the idea of a growing system: malicious code caught on some malicious websites, growing log-files, all sorts of stuff bloating the system...  A LiveCD gives you a fresh start at each reboot.

At least for managing your bitcoin-life savings that's what I see as being safer. A working environment is a different story altogether...

Probably I don't explain well the way it will works (English is not my primary language) : the operating system is a ISO file exactly as the one you can find on a liveCD, all the settings are stored in ram. No way to add files or programs to it unless you know how it has been built (and to do that you need a properly configured server, rebuild the iso, start a Linux system, delete the old iso from the usb key and replace with the fresh one, and the fresh one has to be build from the same snapshot of the startup files on the usb key, otherwise you've to reinstall also the boot file: not a 5 min work - actually installing a liveCD via automated scripts with all the files ready can take up to 10-15 minutes ). On the same media you can write all the files you want, exactly as if is a standard usb key (formatted Ext2), but they're not seen from the system unless you manually mount the pen. There you can create a encrypted area and store there your wallet.dat.
Over the liveCD+usb stick solution you have some advantages: 1 only media to carry, faster to bootup and execute programs (you can use a USB stick), when you want to upgrade the software you've only to download the new media from the official site and launch a script to have it installed and ready to go.
member
Activity: 85
Merit: 10
July 13, 2011, 04:47:05 AM
#23
I'm working on a clean solution to this problem: the distro I help to mantain has the possibility of being installed on a usbstick puttting only the iso on it (plus some files needed to boot), adding a hidden crypted file with the wallet inside.  So you have only 1 media to carry but in the some time if you want to add a keylogger or other malware you've to rebuild the whole iso (and to be sure that the iso version you put on it is the same of the bootloader files too - the distro is a rolling release one with weekly snapshoots).

The main reason I am sceptical in regards to persistence is that I don't like the idea of a growing system: malicious code caught on some malicious websites, growing log-files, all sorts of stuff bloating the system...  A LiveCD gives you a fresh start at each reboot.

At least for managing your bitcoin-life savings that's what I see as being safer. A working environment is a different story altogether...
legendary
Activity: 938
Merit: 1000
July 12, 2011, 11:56:28 PM
#22
What about a partitioned usb stick with an unencrypted partition with the bootable OS and a true crypt (or similar) encrypted partition containing the Bitcoin wallet?
That would work. You just have to be sure that it's not storing swap data on the unencrypted part. Honestly if you want a live distro I'd check either puppy linux or tiny core linux. Both run completely in ram off of a CD and are very fast. Then load the wallet off of a truecrypt container. When you reboot there will be no traces! If you used puppy linux you download the extras you want and when you reboot it will ask where to save those changes. You can put that on usb stick as well! Then you don't have to re-setup every time. Just pick -strong encryption- and not weak encryption (its not actually encryption!) when asked. Anyone familiar with what their strong encryption is? If it's decent you don't even have to worry about truecrypt as your live home folder is saved in the puppy linux storage file. I guess if you keep the usb stick safe your safe.

The Problem with persistence: lend me your USB Key for a Minute and I put a keylogger on.

Tails Linux on a signed CD-R is IMHO the safest choice at the moment

I'm working on a clean solution to this problem: the distro I help to mantain has the possibility of being installed on a usbstick puttting only the iso on it (plus some files needed to boot), adding a hidden crypted file with the wallet inside.  So you have only 1 media to carry but in the some time if you want to add a keylogger or other malware you've to rebuild the whole iso (and to be sure that the iso version you put on it is the same of the bootloader files too - the distro is a rolling release one with weekly snapshoots).
member
Activity: 98
Merit: 10
Testing
July 12, 2011, 11:26:58 PM
#21
With Truecrypt, you can encrypt the whole system partition, I guess that goes for USB sticks too. The bootloader will decrypt the whole USB partition after you supply it with the correct password.

For extra extra security, you could even have a Truecrypt file container inside the whole USB partition container, with perhaps a dummy wallet as a hidden volume, so if you are forced to open your wallet, you can just type the alternate password and then your alternate wallet with perhaps only a few coins will decrypt.

This is the best way

I actually have a HDD set up like this, and cloned it to my desktop internal, offline storage drive
newbie
Activity: 54
Merit: 0
July 11, 2011, 10:56:25 PM
#20
With Truecrypt, you can encrypt the whole system partition, I guess that goes for USB sticks too. The bootloader will decrypt the whole USB partition after you supply it with the correct password.

For extra extra security, you could even have a Truecrypt file container inside the whole USB partition container, with perhaps a dummy wallet as a hidden volume, so if you are forced to open your wallet, you can just type the alternate password and then your alternate wallet with perhaps only a few coins will decrypt.
member
Activity: 85
Merit: 10
July 11, 2011, 01:01:30 PM
#19
What about a partitioned usb stick with an unencrypted partition with the bootable OS and a true crypt (or similar) encrypted partition containing the Bitcoin wallet?
That would work. You just have to be sure that it's not storing swap data on the unencrypted part. Honestly if you want a live distro I'd check either puppy linux or tiny core linux. Both run completely in ram off of a CD and are very fast. Then load the wallet off of a truecrypt container. When you reboot there will be no traces! If you used puppy linux you download the extras you want and when you reboot it will ask where to save those changes. You can put that on usb stick as well! Then you don't have to re-setup every time. Just pick -strong encryption- and not weak encryption (its not actually encryption!) when asked. Anyone familiar with what their strong encryption is? If it's decent you don't even have to worry about truecrypt as your live home folder is saved in the puppy linux storage file. I guess if you keep the usb stick safe your safe.

The Problem with persistence: lend me your USB Key for a Minute and I put a keylogger on.

Tails Linux on a signed CD-R is IMHO the safest choice at the moment
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
July 11, 2011, 09:43:26 AM
#18
What about a partitioned usb stick with an unencrypted partition with the bootable OS and a true crypt (or similar) encrypted partition containing the Bitcoin wallet?
That would work. You just have to be sure that it's not storing swap data on the unencrypted part. Honestly if you want a live distro I'd check either puppy linux or tiny core linux. Both run completely in ram off of a CD and are very fast. Then load the wallet off of a truecrypt container. When you reboot there will be no traces! If you used puppy linux you download the extras you want and when you reboot it will ask where to save those changes. You can put that on usb stick as well! Then you don't have to re-setup every time. Just pick -strong encryption- and not weak encryption (its not actually encryption!) when asked. Anyone familiar with what their strong encryption is? If it's decent you don't even have to worry about truecrypt as your live home folder is saved in the puppy linux storage file. I guess if you keep the usb stick safe your safe.
hero member
Activity: 518
Merit: 500
July 11, 2011, 09:23:15 AM
#17
Does anyone know of an answer for secure usb wallet storage?

Is the concept foolish and impossible?

The best way to secure things is to put the OS on one media (best if is a non writable one like a cd-r) and the wallet datas on a encrypted usb stick.
It's not easy to setup but neither impossible to do. The greates problem is that a livecd is way slow compared to a usb stick and you've to reconfigure your hardware every time.

What about a partitioned usb stick with an unencrypted partition with the bootable OS and a true crypt (or similar) encrypted partition containing the Bitcoin wallet?
member
Activity: 84
Merit: 10
I yam what I yam. - Popeye
July 10, 2011, 07:15:12 PM
#16
Does anyone know of an answer for secure usb wallet storage?

Is the concept foolish and impossible?

The best way to secure things is to put the OS on one media (best if is a non writable one like a cd-r) and the wallet datas on a encrypted usb stick.
It's not easy to setup but neither impossible to do. The greates problem is that a livecd is way slow compared to a usb stick and you've to reconfigure your hardware every time.

I'm still mulling all this over as i attempt to get different OS's bootable on USB sticks.

Right now I think I'll have to settle for "reasonably secure" kind of like the front door any locksmith can pick.

You guys have really helped remove the wool from my eyes.
legendary
Activity: 938
Merit: 1000
July 10, 2011, 03:44:57 PM
#15
Does anyone know of an answer for secure usb wallet storage?

Is the concept foolish and impossible?

The best way to secure things is to put the OS on one media (best if is a non writable one like a cd-r) and the wallet datas on a encrypted usb stick.
It's not easy to setup but neither impossible to do. The greates problem is that a livecd is way slow compared to a usb stick and you've to reconfigure your hardware every time.
hero member
Activity: 588
Merit: 500
July 10, 2011, 02:54:02 PM
#14
See Linuxcoin with Persistence?  http://forum.bitcoin.org/?topic=7374.0

I have spent quite a bit of time on this project and in my opinion it is not at all secure because it allways boots up without asking for a password...ever

It was designed for mining, not wallet storage.

Does anyone know of an answer for secure usb wallet storage?

Is the concept foolish and impossible?

No, it could be done with an encrypted stick. It's just not very easy to set this up.
member
Activity: 84
Merit: 10
I yam what I yam. - Popeye
July 10, 2011, 02:47:44 PM
#13
See Linuxcoin with Persistence?  http://forum.bitcoin.org/?topic=7374.0

I have spent quite a bit of time on this project and in my opinion it is not at all secure because it allways boots up without asking for a password...ever

It was designed for mining, not wallet storage.

Does anyone know of an answer for secure usb wallet storage?

Is the concept foolish and impossible?
member
Activity: 84
Merit: 10
I yam what I yam. - Popeye
July 10, 2011, 02:44:26 PM
#12
See Linuxcoin with Persistence?  http://forum.bitcoin.org/?topic=7374.0
al

I have spent quite a bit of time on this project and in my opinion it is not at all secure because it allways boots up without asking for a password...ever
I help mantain a linux distro and I've to tell that is not so simple make a secure password protected linux usb medium. The password should be stored in the persistent area, but this area is easily readable if you put the pen in a pc.  If you can have the medium in your hand only a strong cryptography of the partition can save your data.

Thank you for that explanation.

With that I can stop wasting my time expecting that I can create a secure yet easy to use wallet.

Oh well.
legendary
Activity: 938
Merit: 1000
July 10, 2011, 02:41:27 PM
#11
See Linuxcoin with Persistence?  http://forum.bitcoin.org/?topic=7374.0
al

I have spent quite a bit of time on this project and in my opinion it is not at all secure because it allways boots up without asking for a password...ever
I help mantain a linux distro and I've to tell that is not so simple make a secure password protected linux usb medium. The password should be stored in the persistent area, but this area is easily readable if you put the pen in a pc.  If you can have the medium in your hand only a strong cryptography of the partition can save your data.
hero member
Activity: 588
Merit: 500
July 10, 2011, 02:34:28 PM
#10
See Linuxcoin with Persistence?  http://forum.bitcoin.org/?topic=7374.0

I have spent quite a bit of time on this project and in my opinion it is not at all secure because it allways boots up without asking for a password...ever

It was designed for mining, not wallet storage.
member
Activity: 84
Merit: 10
I yam what I yam. - Popeye
July 10, 2011, 02:28:00 PM
#9
See Linuxcoin with Persistence?  http://forum.bitcoin.org/?topic=7374.0

I have spent quite a bit of time on this project and in my opinion it is not at all secure because it allways boots up without asking for a password...ever
full member
Activity: 154
Merit: 100
June 28, 2011, 04:54:42 PM
#8
Well, there's two kinds of people.

#1  Otherwise diligent people who make a colossal mistake and then go to great pains to never, ever let it happen again.

#2  People who make a colossal mistake simply because they're just not careful.  Making one colossal mistake doesn't make them any less likely to have another one in the future.

We don't know what type allinvain is.
member
Activity: 126
Merit: 10
June 28, 2011, 03:14:21 PM
#7
Thanks!! It has even been noticed (although not yet endorsed) by allinvain  Embarrassed

Why would you need his endorsement?  His claim to fame is losing a shedload of money through poor security practices.

 Cheesy

Wouldn't that make him the most careful, walking on eggs, bitcoin user at the moment?!?
full member
Activity: 154
Merit: 100
June 28, 2011, 03:00:03 PM
#6
Thanks!! It has even been noticed (although not yet endorsed) by allinvain  Embarrassed

Why would you need his endorsement?  His claim to fame is losing a shedload of money through poor security practices.
Pages:
Jump to: