Topic: Offline Laptops (Read 1966 times)

Paper backups (n-of-m if necessary) are probably the solution to USB drive failure, regardless of the failure mode.  Although I did buy some SLC USB drives on the basis they might be expected to have better longevity than the usual MLC devices.  Haven't used them for anything yet, though.

roy

What would happen if the key suffers several bitflips? It will stop working and you can't even figure out where the errors are.

A possible improvement is to store hash checksums sector by sector elsewhere, so assuming there are no more than two or three errors per sector, it would be feasible to check each sector and locate the errors.

Sorry for slow motion conversation here, but....

Obviously in many ways the ideal solution to your multiple signatories problem is to have multiple people hold individual safe deposit boxes, and use multisig.  Now, if you want to be really secure - perhaps a really high value wallet where it's important to guarantee that none of the box holders can subvert the system by tampering with the laptop - then having a laptop in each of the boxes is justified.  But in some cases it may be an acceptable solution to go for smaller boxes and a single laptop - particular if larger boxes are hard and/or expensive to obtain.

Consider the case of a high value wallet held by an individual, where the n-of-m boxes - perhaps even in different cities - are all held by the same person, but are there in part to slow down withdrawals to make it considerably harder to successfully cooerce the owner into a withdrawal.  In that case perhaps USB keys in safe deposit boxes might considered adequate.

BTW, you're lucky to get a decent sized box for $100.  In the UK, banks are pretty much getting out of the safe deposit business.  Increasingly, banking is electronic; it's no longer about storing large reserves of cash in secure vaults, so increasingly as they move to new premise they no longer have the kinds of vaults with space to store customer boxes.  At most, they need somewhere secure to store some cash to top up the ATMs - but bank vaults are a thing of the past.  I pay more than double what you do for a box at a dedicated safe deposit facility - and it's not big enough for a laptop.

It's true, it depends on the shape of the boxes, too.  Although mine doesn't, I believe some faciiities have small boxes that have a decent area but a very small height.  I assume these are intended to allow documents to be stored without folding - but would would probably work well for storing a netbook or ultraportable laptop, too.

roy

For reference, I do exactly this:  keeping a laptop in a safe deposit box.  I visit the bank and hang out in the privacy room for a while when I need to sign a transaction.  It's encrypted and has no battery.   The price for the larger box isn't a lot.  I think it's about $90/yr versus $50/yr for the smaller one.    Either way, if you're going to the effort of putting your laptop in a safe-deposit box, I"m sure $100/year isn't going to break the deal for you.

At my bank, the privacy room has an outlet.  It's because they have one of those calculators with a small paper/receipt printer in the room which requires power.  I don't know if that's normal, I didn't shop around. But, I made sure beforehand that the computer works with the power cable but no battery.   

I asked the bank manager if they had the option of requiring two signers at once to access the box (perhaps, to open a safe-deposit box for the company).  They misunderstood thinking I wanted multiple signers.  We later clarified they don't have any way to enforce having multiple people present to access the box, though they do keep strict records of exactly what time the box was accessed, and ID the person who accesses it (and the employee who helped).  Not ideal, but at least it still requires collusion of one of the signers and a bank employee in order for tamper evidence to be skipped/destroyed. 

Having the ability to put the wallet encryption key on a USB key is interesting.  I like it for the offline computer (for the same reason I like it for the full-disk encryption).  But for hot wallets, I'm not sure I like it as much.  It's a lot easier to write a process to copy key files every time new media is inserted than to install a keylogger remotely (though, both are still non-negligible risks).  If you do it, you'd have to make sure that removable media is thoroughly protected, so that only your user account can access it and no other system users (which is possible, but I don't think it's default, and may be inconvenient to setup and use).

I have the WI FI disconnected on my offline computer or it's turned off. But I sometimes connect it for Windows updates, Drivers for printer, Virus software updates etc..  As long as I don't surf the net and stick to business I should be ok right?

Actually, how about this as an interesting variant:

Allow offline Armory to access the wallet entirely off a USB drive, with no sensitive data ever hitting the hard drive of the offline computer.  The obvious use case would be that the wallet is always kept in a safe deposit box, and you take the laptop with you to the safe deposit facility when you want to sign a transaction.  This would reduce the exposure of the holder of a large wallet to being coerced into making a large transaction.  The risk would then be not much worse than with a conventional bank account (i.e. the wallet holder would still have to visit a financial institution in person to obtain the wallet).

This above works better than keeping the offline laptop in the safe deposit box because:

• A safe deposit box large enough to put even a small laptop in is rather more expensive than a safe deposit box large enough to put a USB key in (although a holder of a large wallet might not be too price sensitive here)
• Although safe deposit facilities usually have private rooms within the facility where you can consult documents, etc, if you keep the laptop in the safe deposit box then you're reliant either on there being an available power socket in the private room, or on carrying a spare, charged battery (since the battery of a laptop kept in the safe deposit box would inevitably run down)

Actually, I thought Windows hibernation worked fine with Truecrypt FDE.  Restoring from a hibernation goes through the normal boot process, so the key is prompted and the driver loaded just like for a normal boot.

Some systems are nasty, though - e.g. OS X FileVault 2 FDE caches the keys in the EFI BIOS storage before suspending.  (But then FileVault 2 also really, really wants to use your account  login password as the FDE passphrase, too - despite most people not using account paswords that are long enough to be ideal for FDE.)  ETA: It's hard, but not impossible, to set up FileVault 2 securely.  I could provide some pointers if anyone is interested.

Still, can't you achieve something very close to what you want by allowing Armory to accept wallet encryption data from a USB key, and then applying FDE with a conventional passphrase?

roy

I think for starter, forget about Windows OS. Install Linux, it is safer.

I don't see the point of full disk encryption. It takes longer to boot. I prefer using Truecrypt, and have the encryption volume instead.

(1) I said "mostly" for the exact reasons you just mentioned
(2) In the next post I retracted the statement because I wasn't thinking about the privacy aspect.  If I thought it was totally redundant, I wouldn't be doing it myself


Many encrypted OS solutions also encrypt the swap, and doing so will disable suspend/hibernate.  I recommend using that option.  Alternatively, it should be possible to setup the offline system without swap.  It will complain during installation about how important it is to have a swap partition, but I think it usually lets you do it anyway.  Given how little resources are needed for the offline system, I wouldn't think twice about disabling swap.  But I haven't actually tried this.

I disagree.  It protects against problems with sensitive data getting accidentally written to disk (swap files, hibernation files, etc).  I think best practice should be to use full disk encryption on the offline computer, even if Armory takes the best precautions it can to prevent such problems.


If you're confident that the swap/hibernate problem is not a major problem, then surely you can solve the problem entirely within the Armory code. Just introduce an option to allow the wallet encryption key to be provided on a USB key.

roy

I concur that this would be a great option to have.  Any such plans, particularly with watch-only wallets?  It would obviously need to be a different password that the underlying password that encrypts the full wallet.

LUKS itself supports multiple key slots where each key slot could be a typed-in passphrase or a key file stored on USB, etc. If you only want one slot then just use the key file when you create the encrypted volume and don't also add a passphrase.

As long as your preferred method of booting your system supports it, you can encrypt just /home or the entire disk just as easily. Personally I boot from a USB drive so that I can use LUKS on the raw block device for the hard drive, then use LVM to partition the encrypted volume.

The best solution for whole disk encryption is to use Dracut as your initramfs. It can handle boot configurations of arbitrary complexity. On the other hand, I've always compiled my own kernels and such and so feel pretty comfortable customizing the low level details of the boot process. I'm not easy it would be to use Dracut with a distro like Ubuntu that doesn't expect users to mess with that kind of thing on their own.

Duh!  Of course.  I forget the people care about the public information, too.  I think the full-disk encryption is still a good idea for security, but it obviously has big privacy benefits.

Thanks for the link.  That's close to what I used in the past, and I may use that technique for other things.  However, I'm not sure if it works for full-disk/OS encryption.  Can you use it with your home directory and/or OS such that the key needs to be present right after POST in order to boot?  I remember having to either type a password, or insert the USB key to boot my computer.  In this case, I'd want only the USB key.

I would prefer that the addresses or the amount in bitcoin in an Armory wallet should not be visible until the password is entered. I believe from a previous post I read that password protecting the addresses and balance will be an option in the new wallet upcoming. I like the idea of the USB key, a quick search found this approach - http://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile

Extra credit:  have the offline computer encrypted using a USB key, instead of a password.   Your wallet on the computer is already protected with a password, and using the same password for the disk encryption is mostly redundant (though it's better than nothing).    I know it's possible to /dev/random data on a USB key, and have the bootloader use that as the FS encryption key.  But it's been a long time since I've done that, so I don't remember how.

It will improve the "hardness" of the system if it is stolen, as long as you don't keep the USB key with the laptop.  If they don't have the USB key, there's basically no way to even brute force the FS encryption.  If the thief gets both the key and the system, well there's still the wallet password that has to be found (unless you wrote the unencrypted key data to disk;  which should not happen with standard Armory operations, but it's nice to have the extra layer of protection).

If anyone has more details about doing this, I'd love to be reminded.  I've been meaning to upgrade one of my offline systems to that method, but been too busy to go figure it out again.

I hear you. I ripped Windows 8 from my offline computer and replaced with Ubuntu. Only hitch was finding a version that would install and also provide full disk encryption, finally found Ubuntu 12.04 LTS. You have to use the alternate installer if you want 12.04 with full disk encryption and Ubuntu is being a pain about making it easy to find. You have to download by torrent from http://www.ubuntu.com/download/alternative-downloads#mirrors

Ubuntu works great for an Armory offline wallet and if you use the version with full disk encryption your entire computer is password protected. No need to run Armory from a Truecrypt container, but that is an option.

You don't necessarily need a separate laptop.  I've outlined it around here before, but you can create a bootable Windows 8 USB drive from the freely available Windows 8 Enterprise trial.  When you setup the OS, just don't connect to any networks, and then once the OS is setup, go in and disable/uninstall all network drivers. 

You can encrypt the whole USB, encrypt your user folder, and encrypt your Armory wallet (triple encryption).  You could get even fancier with Trucrypt, if you want.  This has the advantage of an offline wallet that can be plugged into just about any machine and booted into.  Just make sure to disconnect any wired network connections before you plug it into a computer.  Wifi isn't a problem because, as previously mentioned, you'll have disabled/uninstalled any Wifi drivers upon first boot and shouldn't have ever allowed the OS access to a network.  Plus you can image the USB and make lots of backups.  It's a much more flexible alternative to a dedicated offline computer.

Give it a week and you'll be fine.
Just delete unused tiles from start menu to make it clean and organised.
I personally skip it on auto and use icons on a taskbar/desktop

If you want to go to desktop Win+D
If you want to shut down - Alt+F4 from desktop with nothing in focus

On my gf's laptop - I've set the power button to shutdown, and closing lid to sleep,which is best I think.

If you miss start button too much - there's a lightweight fanmade software for that, butI don't think that's so necessary.

Funny thing - in win8.1 they have added (kinda) the start button back

and the MOST IMPORTANT combo -  WIN+X    (includes everything you need in 8, and even more in 8.1)

Too late. I bought one with Winows 8. Everything is hard to find. Totally different lay out ? What a mind screw. Eventually it might be ok as I'm slowly figuring out ways of getting things done.

It's like taking your organized file cabinet and dumping it out on the floor. You have to look through every thing to find what your looking for. I guess they were going for the I pad app look?

Four words.

NO GODDAMN START BUTTON!