Pages:
Author

Topic: [OpenSource live USB OS] BitSafe, a safety deposit box for your bitcoins. - page 4. (Read 19591 times)

hero member
Activity: 630
Merit: 500
Instead, what you think about starting a portable version of firefox in a chroot environment with a dedicated user? That should be safe enough IMHO

Yes, it should. Even more if you add NoScript to that firefox.
hero member
Activity: 630
Merit: 500
I've just tested the system. I've found some issues:

  • As I expected, my wireless card wasn't automatically detected. I used a wired connection and followed the instructions given by this tutorial
and everything worked fine... until I reboot. Since everything was done on non-persistent media, it doesn't survive a shutdown.  Sad Is there a way to make such configuration persistent?
  • After I had wifi, I loaded Bitcoin to download the blockchain. I made a mistake with the virtual keyboard and the verification of my password didn't match the first input. The script went a bit crazy after that and created a persistent partition that I cannot access. It claims it's corrupted but doesn't offer to overwrite it (normal, since it doesn't know if there are coins there). I'll probably just format everything since I don't have anything to lose.
  • Not a big issue, but it seems the keyboard layout is chosen based on the language you select on startup. Not sure if it's the best choice... when I chose Portuguese, I couldn't find the symbols I wanted anymore.
hero member
Activity: 797
Merit: 1017
Either case, Tor shouldn't have a much negative impact.
Nice to hear!  Smiley

I didn't quite understand what you meant there... there are PCs incapable of running a virtual machine?
Yes, every CPU is capable of running a virtual machine but only those with hardware virtualization can do it efficently. As this build is likely to be used on old laptops with outdated hardware, I feel that running a modern browser via software virtualization on those slow CPUs isn't viable.
Instead, what you think about starting a portable version of firefox in a chroot environment with a dedicated user? That should be safe enough IMHO
hero member
Activity: 630
Merit: 500
No, TOR is installed but not configuerd to route all connections yet: I still have to figure out how much the routing thru onion increases the time to download the block chain: if the increase is reasonable i'll switch it, at least for the bitcoin client if not for all the connections as you said.

If I'm not mistaken the client does not download the blockchain at "full speed". I don't remember if the reason for this is that the verification process normally takes longer than the download, or that everything is downloaded from one unique connection, not benefiting from the P2P nature of the network like a torrent with so many seeds would. Either case, Tor shouldn't have a much negative impact.
Also, you may deliver your system with the block chain files already downloaded and indexed, up to the point when the release was built. That would be very useful and poses no trust issue.

Anyway, some early user complained about finding impratical to get the addresses to perform payments, so I had to include it.

You could argue that your system is meant to be a "safe banking system", not the browsing system the user will use daily. So, people could leave their larger wallets on your system, and in the browsing system have another wallet credited with an amount they could eventually afford to lose.
Plus, sending addresses to the "banking system" could be done by writing them on a file on the disk, and once in BitSafe, mounting the disk and reading this file. Eventually this could even be automated with a browser plugin on the browsing system side, and an utility app on BitSafe side that would know where to search for addresses during boot time, and then ask the user if he wants to confirm those payments (amount and description info could be included, like those bitcoin URLs. Just giving some ideas... Smiley

I don't like the idea of using a virtual machine, as that would basically cut off all the PCs mounting a CPU without virtualization feature.

I didn't quite understand what you meant there... there are PCs incapable of running a virtual machine?
hero member
Activity: 797
Merit: 1017
Question: is all traffic forced to pass through Tor by default?
No, TOR is installed but not configuerd to route all connections yet: I still have to figure out how much the routing thru onion increases the time to download the block chain: if the increase is reasonable i'll switch it, at least for the bitcoin client if not for all the connections as you said.

Quote
Another question: do you manage wifi the same way Ubuntu does? My laptop wifi wasn't automatically detected by LinuxCoin. It's a Broadcom card, I usually have issues with it, but Ubuntu manages it fairly well.
I use the "new" connection manager in Debian Squeeze which is AFAIK the same one in Ubuntu. I included all the optional wifi drivers and firmware packets i could find in the debian archives, intel-notfree included. If your card doesn't work, please let me know the model so I can look into it.

Quote
Finally, about web browsing: I don't intend to use it, but wouldn't it be better not even to have the possibility? Most people are not aware that browsing can be dangerous. Or, at most, only have the browser encapsulated in a virtual machine... No browsing on the host system which stores the wallet. That would probably be more secure, don't you think?
You're right, that's why in my first builds there was no browser at all. Anyway, some early user complained about finding impratical to get the addresses to perform payments, so I had to include it.
Probably, i'll end up giving two different builds, one with the browser and the other one without. I don't like the idea of using a virtual machine, as that would basically cut off all the PCs mounting a CPU without virtualization feature.
hero member
Activity: 630
Merit: 500
This is great, and only now I saw your thread!

Question: is all traffic forced to pass through Tor by default?

Another question: do you manage wifi the same way Ubuntu does? My laptop wifi wasn't automatically detected by LinuxCoin. It's a Broadcom card, I usually have issues with it, but Ubuntu manages it fairly well.

Finally, about web browsing: I don't intend to use it, but wouldn't it be better not even to have the possibility? Most people are not aware that browsing can be dangerous. Or, at most, only have the browser encapsulated in a virtual machine... No browsing on the host system which stores the wallet. That would probably be more secure, don't you think?

Thank you for this work. I'll try it out as soon as I can.
hero member
Activity: 797
Merit: 1017
Version 0.2B released

To upgrade from previous installations, do NOT flash your drive with the binary.img file! Just delete the "padder" file and replace the filesystem.squashfs file in the live directory with the one in the download section.

Change list:

  • Added an internal backup feature, which will be used by the backup frontend i'm working on. Your sensible data is put in a tar.bz2 archieve and backed up every time you mount the persistent storage partition. This includes the wallet.dat file and the gpg and ssh datadirs.
  • Added GPA, a graphical frontend for GPG
  • Fixed some bugs
member
Activity: 82
Merit: 10
Unable to download file from the Dropbox

P.S. now all right, this is a temporary problems...
newbie
Activity: 47
Merit: 0
I like the visual keyboard thingy.
hero member
Activity: 797
Merit: 1017
If you find a bug, please post it here or in the project page on github

Translations are very welcome, if you wish to help there's a translation project on GetLocalization
hero member
Activity: 797
Merit: 1017
BitSafe is an opensource Debian-based live linux distribution designed to provide an essential and secure environment to store and use your bitcoins from a USB drive, SD card or hard disk.

Unlike other live distros, BitSafe is thought to do nothing else other than to keep your bitcoins really safe. The crypted persistence partition used to store the wallet and the block chain is not mounted as home directory: it's only used by the Bitcoin client and other few applications related to backup and security (gpg and ssh). BitSafe takes care to dynamically mount and unmount said persistence as needed, making everything else volatile: home, cache, temporary files, settings, browser... everything vanishes as soon as it's shut down.
BitSafe comes with full networking support, TOR included, but you can also use it offline for even greater security. When you'll need your bitcoins, you just have to connect it to the net and let it download the block chain.
   
Features:
  • Very light, it can be run on about any PC. If it has 64 MB of ram or more it can run BitSafe
  • Immunity to most malware around, including keyloggers. If you use the built-in soft keyboard to enter passwords, you are immune to hardware keyloggers, too
  • Comes with the latest official Bitcoin client (bitcoin-qt V0.6.0)
  • Volatile, non-persistent home directory. Persistence (for the bitcoin client and backup applications only) is provided by a secondary partition that is automatically created and mounted on-demand (asking for password) whenever you open bitcoin or any program that needs it, and then it's unmounted when it isn't needed anymore
  • Can download the blockchain from a trusted source, to cut down the time needed for the first sync to less than an hour, down from several days.
  • TOR and Vidalia installed by default. You can start bitcoin with TOR networking just by clicking on a icon.
  • Minimal number of applications and installed packages to reduce attack surface. If you need a browser, there's a script to download and run Firefox from RAM with TORbutton and noscript already installed.
  • Persistent screen locking password to protect the client while you're not at the PC.
  • Multilanguage. The default build supports English, German, Italian, Spanish, French, Portoguese and Russian, but you can download the source and build your own localized version choosing any language supported by Debian Squeeze. ATM BitSafe scripts are localized in english and italian only, feel free to contribute
  • If GUI isn't your thing, you can disable x and go text mode with bitcoind. BitSafe scripts will work just fine

Screenshots


Downloads:

Binary Image V0.6.1B (for first time installations) digital signature, MD5: 5f2e67a2da443d697234ddaf7c5ae7f3
Live filesystem V0.6.1B (to upgrade from previous releases) digital signature, MD5: 8a940da24ac18214f9d98cf37a249ad3
You can check the digital signature with the gpg/pgp public key linked in my forum sign.

Source Code
Github repository: https://github.com/rb1205/BitSafe
git clone git://github.com/rb1205/BitSafe.git

Flashing
THIS WILL FORMAT YOUR FLASH DRIVE AND YOU'LL LOSE ANYTHING YOU HAVE ON IT, INCLUDING THE STORAGE PARTITION AND ANY BITCOIN STORED THERE.
IF YOU HAVE ALREADY INSTALLED A PREVIOUS VERSION OF BITSAFE ON THE SAME DRIVE AND YOU ONLY WANT TO UPGRADE, PLEASE FOLLOW THE INSTRUCTIONS IN THE NEXT SECTION.

You'll need a fast USB drive or SD card of 4gb or more. I say fast for a reason: bitcoin goes heavy on disks, and slow devices will greatly slow it down. You want a drive that can at least put down 10 MB/s of write bandwidth. Here's a brief list of some suitable USB sticks. For SD cards, aim for a class 10 device.
Download the Binary Image file and flash it on your drive.

On Linux: sudo dd if=/path/to/binary.img of=/dev/sdX where sdX is the name of the device (not partition) you want to flash BitSafe on
On Mac: Same as for Linux. Remember to unmount (not eject) the device you want to install BitSafe on before using dd or it'll give an error. NOTE: You'll need some extra steps to let bitcoin boot on a Mac, just as any other USB live linux distribution. Read more about this here.
On Windows: I recommend Image Writer. You'll need to launch it as administrator. Go pick the downloaded binary.img file, choose the letter of the drive you want to install BitSafe on and press "Write".

Upgrading
If you have already installed a previous version of BitSafe on a device and you want to upgrade it without losing your storage partition, just download the Live filesystem from the download section, insert the drive with BitSafe in the computer and overwrite the directory "live" with the one in the file you downloaded.

Usage
  • Insert the device you flashed BitSafe on in the PC you wish to use it and start (or reboot) it.
  • As soon as the PC displays the first screen press repeatly the boot list menu button (usually "F12" or "ESC") and choose the BitSafe device from the list you'll get. If your PC doesn't have a boot list menu you'll have to launch the BIOS setup, navigate into the boot options and set your PC to boot from the device with BitSafe first.
  • Choose your preferred language, hit Enter and wait a minute for BitSafe to start
  • Double click on the Bitcoin icon to launch the first time wizard utility
  • BitSafe will ask if you want to create the storage partition. Press yes and enter your choosen password when requested, you'll have to enter it a total of 3 times. Please keep in mind that there's no way to recover the password, should you forget it.
  • BitSafe will ask if you want to download the block chain from the web. Press yes if you are connected to the internet and you're not paranoid, otherwise press no. Keep in mind that the former option takes about 1 hour to reach the sync state from scratch, while the latter takes about 2-3 days.
  • Finally, the Bitcoin client is launched. You can use it as you usually do.
  • Remember to shut down the PC using the shutdown button in the lower right corner of the screen. Cutting down the power while the client is running may
    lead to blockchain or even wallet corruption.

To Do:
  • Backup manager with multiple encryption and output choices.
  • Script to download the blockchain from here and put in the bitcoin data folder done!
  • Trasparent TOR for every ongoing connection (when enabled)
  • GUI for format script
  • Restore the storage partition after flashing the image, to unify first time installations and upgrading.
  • Tool to export all bitcoin addresses in the wallet.dat file

DISCLAMER:
BitSafe is a beta software. I cannot guarantee you will not have problems.
Under no circumstances I will take any responsibility for any damage done to your hardware, your software and/or your finances directly or indirecly caused by my software.
Pages:
Jump to: