Pages:
Author

Topic: Out of the box - LiveCD encryption (Read 4681 times)

sr. member
Activity: 322
Merit: 251
FirstBits: 168Bc
July 18, 2011, 11:24:29 PM
#22
https://tails.boum.org/ is good and can run bitcoin without modification, however http://dee.su/liberte is rock solid, though would require a new bitcoin client to be compiled. And this is a must have patch for anonymity: https://forum.bitcoin.org/index.php?topic=24784.0 (also import/export for power users)
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
June 28, 2011, 02:19:29 AM
#21
AWESOME!! HAHAHAH!!   Grin
legendary
Activity: 1078
Merit: 1003
June 27, 2011, 07:55:37 PM
#20
LiveUSB makes a whole lot more sense to me.

A liveUSB has some problems: someone could modify the distro on your stick so as to look perfectly normal but steal your password / wallet. No one would do that? Well, if your whole life savings are in bitcoin it's absolutely worth it doing that!

A liveCD is safer in that regard (just sign the CD-R and check your signature). Reboot and you start from scratch. Sure, you will have to download the whole blockchain from scratch every time, but if your intended use is a savings account, that's a viable option.

Good point! I almost forget this detail...

1- If you use a "LiveCD", wich means Ubuntu installed on a USB PenDrive and;
2- Just encrypt your /home/ directory and;
3- Somebody knows that you have B$1.000.000,00 there.

 The thief can do:

1- Steal temporarily you PenDrive, when you're at bathroom;
2- Change the bitcoin binary (or any other binary of the system, like shell, etc) for a malicious version;
3- Give back to you, without your knowledge;
4- Wait until you open the system to stole your coins.

 This can not be happen if you have a Ubuntu Live CD with you signature write on it or, if you encrypt the entire file system of the USB PenDrive.

Best,
Thiago

sr. member
Activity: 322
Merit: 251
June 27, 2011, 05:02:37 AM
#19
Sure...

 You can change the "Internet" to a "USB" kind of setup... The point is which may interest to people is the Live session and the entire Bitcoin data encrypted for ever.

 I liked http://bitcoinsforcharity.org/ very much!! IT IS AWESOME!

Regards,
Thiago

Cool Thanks, I designed/developed the site. If you ever have any suggestions for charities we should send flyers to, just pm or email me!
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
June 27, 2011, 04:51:12 AM
#18
You can make a livecd with custom packages such as truecrypt preinstalled. Look into Ubuntu Customization Kit for an easy way to do it, at least if you already have Ubuntu installed somewhere.

Note: be very, very careful when using a livecd for these purposes. Everything you write "to disk" while running the OS off a cd will get erased when you shut down the computer! One way to use such a cd would be to have both Dropbox and Truecrypt installed and store the wallet in an encrypted container on Dropbox. Again, exercise caution when setting your system up. It's very easy to do something silly and lose a lot of coins. At the very least, whatever you do, test your setup thoroughly, reboots and all, before sending any significant amount of coins to the secure wallet. Also, back the wallet up elsewhere than Dropbox as well.

Edit: BTW, if you store the block index on Dropbox as well, you won't need to re-verify the whole thing. You still have to re-download the file of course, but in my experience it's still faster than waiting for the client to verify everything. You might want to store the index on an encrypted volume as well, I'm not sure what kind of attacks are possible if someone manages to tamper with your index, but better safe than sorry...

 Your concern about lose the information when you shutdown is 100% right! But I left everything about this very clear on the following guide:

 Wallet in the Cloud - Keeping your Bitcoins encrypted and saved into the Cloud!
 http://forum.bitcoin.org/index.php?topic=22386.0

 But we need some observations:

1- Not use truecrypt, dropbox, or anything from the "outside", just the standards (out of the box) of some distro, this is a requirement;
2- Not use any customization, which raise people's concerns about the system;

 My guide is SIMPLE and 99% out of the box. Only the Bitcoin binaries comes from Launchpad, but I'm sure that Bitcoin will be part of Ubuntu 11.10.

 I'm preparing some screenshots to make it even more easy to follow.

 Anyway, you're right, pay attention is never something bad...

Cheers!
Thiago
legendary
Activity: 1615
Merit: 1000
June 27, 2011, 03:13:50 AM
#17
You can make a livecd with custom packages such as truecrypt preinstalled. Look into Ubuntu Customization Kit for an easy way to do it, at least if you already have Ubuntu installed somewhere.

Note: be very, very careful when using a livecd for these purposes. Everything you write "to disk" while running the OS off a cd will get erased when you shut down the computer! One way to use such a cd would be to have both Dropbox and Truecrypt installed and store the wallet in an encrypted container on Dropbox. Again, exercise caution when setting your system up. It's very easy to do something silly and lose a lot of coins. At the very least, whatever you do, test your setup thoroughly, reboots and all, before sending any significant amount of coins to the secure wallet. Also, back the wallet up elsewhere than Dropbox as well.

Edit: BTW, if you store the block index on Dropbox as well, you won't need to re-verify the whole thing. You still have to re-download the file of course, but in my experience it's still faster than waiting for the client to verify everything. You might want to store the index on an encrypted volume as well, I'm not sure what kind of attacks are possible if someone manages to tamper with your index, but better safe than sorry...
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
June 26, 2011, 10:46:39 PM
#16
LiveUSB makes a whole lot more sense to me.

A liveUSB has some problems: someone could modify the distro on your stick so as to look perfectly normal but steal your password / wallet. No one would do that? Well, if your whole life savings are in bitcoin it's absolutely worth it doing that!

A liveCD is safer in that regard (just sign the CD-R and check your signature). Reboot and you start from scratch. Sure, you will have to download the whole blockchain from scratch every time, but if your intended use is a savings account, that's a viable option.

Good point! I almost forget this detail...

1- If you use a "LiveCD", wich means Ubuntu installed on a USB PenDrive and;
2- Just encrypt your /home/ directory and;
3- Somebody knows that you have B$1.000.000,00 there.

 The thief can do:

1- Steal temporarily you PenDrive, when you're at bathroom;
2- Change the bitcoin binary (or any other binary of the system, like shell, etc) for a malicious version;
3- Give back to you, without your knowledge;
4- Wait until you open the system to stole your coins.

 This can not be happen if you have a Ubuntu Live CD with you signature write on it or, if you encrypt the entire file system of the USB PenDrive.

Best,
Thiago
member
Activity: 85
Merit: 10
June 26, 2011, 12:22:34 PM
#15
LiveUSB makes a whole lot more sense to me.

A liveUSB has some problems: someone could modify the distro on your stick so as to look perfectly normal but steal your password / wallet. No one would do that? Well, if your whole life savings are in bitcoin it's absolutely worth it doing that!

A liveCD is safer in that regard (just sign the CD-R and check your signature). Reboot and you start from scratch. Sure, you will have to download the whole blockchain from scratch every time, but if your intended use is a savings account, that's a viable option.

legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
June 26, 2011, 11:14:42 AM
#14
LiveUSB makes a whole lot more sense to me.

And about the backup?! It can be hosted in the Cloud too... I mean, using your "LiveUSB" suggestion (which is in fact, not Live, because it is just installed on USB) plus Ubuntu One service, you have the good thing of both worlds: a system dedicated only to Bitcoin (LiveUSB+Bitcoin client), encrypted and in sync with the Cloud (for backup).
unk
member
Activity: 84
Merit: 10
June 26, 2011, 11:02:14 AM
#13
gpg is common, even on cd/dvd distributions of linux.

truecrypt is available in tails (formerly known as 'incognito'), although you need to specify a kernel boot option to enable it. (the tails developers are perhaps overly skeptical of truecrypt because of its license.) i have had some interaction with the tails developers in the past, and they seem on top of a variety of systems-security issues, though i have not evaluated their system in detail myself.
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
June 26, 2011, 10:33:39 AM
#12
Sure...

 You can change the "Internet" to a "USB" kind of setup... The point is which may interest to people is the Live session and the entire Bitcoin data encrypted for ever.

 I liked http://bitcoinsforcharity.org/ very much!! IT IS AWESOME!

Regards,
Thiago
legendary
Activity: 1078
Merit: 1003
June 26, 2011, 10:27:24 AM
#11
LiveUSB makes a whole lot more sense to me.
member
Activity: 71
Merit: 10
June 26, 2011, 10:26:54 AM
#10
I've just finished writing up instructions on making a secure Bitcoin USB linux stick :

https://squarethought.wordpress.com/2011/06/26/bitcoin-on-a-stick-usb/
legendary
Activity: 1148
Merit: 1001
Radix-The Decentralized Finance Protocol
June 26, 2011, 10:14:42 AM
#9
Fellas!

 Take a look at this:

 Wallet in the Cloud - Keeping your Bitcoins encrypted and saved into the Cloud!
 http://forum.bitcoin.org/index.php?topic=22386.0

 What do you guys think about my solution?!

 It is really easy to do by everybody...

 And it can be easily changed, or used with a USB pendrive instead a Cloud environment...

Cheers!
Thiago

I would not upload my private keys to the internet no matter how much encryption. That is just my personal perference though.
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
June 26, 2011, 10:12:15 AM
#8
Sure!

 The "Ubuntu One" part of this setup can be changed to use Wuala, GMailFS, DropBox or even your USB PenDrive!  Wink

 Also, the EncFS is compatible with DropBox / BoxCryptor and a nice GUI interface, called Cryptkeeper. Look: http://blog.boxcryptor.com/how-to-use-boxcryptor-with-encfs-in-ubuntu-ma

 But this is more complicated to setup and needs more (and third party) softwares. My solution is simple for grandma. And it is a Live system!  Grin

 The "good thing" with my original post is that you do not need any third party software... Just Ubuntu stuff and Bitcoin packaged for it from Launchpad.

 BTW, Windows is too risky for everybody. You know, it catch viruses! And Linux does not.

 Anyway, thanks for the tip!

Cheers,
Thiago
legendary
Activity: 2618
Merit: 1007
June 26, 2011, 09:17:03 AM
#7
Just use Wuala, it works on Windows too - unlike some FUSE magic stuff...  Roll Eyes
legendary
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
June 26, 2011, 09:14:29 AM
#6
Fellas!

 Take a look at this:

 Wallet in the Cloud - Keeping your Bitcoins encrypted and saved into the Cloud!
 http://forum.bitcoin.org/index.php?topic=22386.0

 What do you guys think about my solution?!

 It is really easy to do by everybody...

 And it can be easily changed, or used with a USB pendrive instead a Cloud environment...

Cheers!
Thiago
member
Activity: 85
Merit: 10
June 13, 2011, 01:54:05 PM
#5
Have you tried using a VM and using an onscreen keyboard inside the VM?

That's actually a good idea. But I don't like the idea of someone tampering with the VM image. It would need to be read only.

I will look into LUKS, I guess TAILS linux is the most trustworthy live CD...
sr. member
Activity: 350
Merit: 251
June 13, 2011, 07:12:41 AM
#4
Have you tried using a VM and using an onscreen keyboard inside the VM?
administrator
Activity: 5222
Merit: 13032
June 13, 2011, 02:35:48 AM
#3
dm-crypt is probably available on many liveCDs. It comes with the kernel.
Pages:
Jump to: