Topic: Portable Bitcoin Security, Backup & Privacy toolkit. - page 2. (Read 6164 times)

I had an original S100 1GB Ironkey which I subsequently lost...   I was convinced I would see again some day since it displayed the "If Found Please Return to:" info as soon as it was plugged into a computer.  Unfortunately that never happened... I think I sometimes tend to give the average human being more more credit than they deserve.. I assume everyone has a computer and would think to plug it in and see what is on it.  (I always do, if its not empty, I'll try to find some kind of info on it to return it to its rightful owner.)

I wouldn't normally engrave anything on my electronics because I think its tacky, but in this case I'm going to... As soon as I get to my friends gift shop, I'll get the outer body of my Ironkey engraved with my contact information.

Forgot to mention one VERY IMPORTANT AND HIGHLY CRITICAL feature...

The Ironkey by design is electromagnetically shielded which should protect it from a... wait for it...

I haven't had a chance to look into the Yubikey all that much. Mt Gox says that the yubi they send you is useable with their service only but is that the case for most such keys or could a standard yubikey be used to auth to multiple sites?

I don't like that idea of it self-wiping after 10 failed attempts! Other than that it looks pretty neat.

-----

I prefer a paper bitcoin wallet, like one from Casascius, then encode the hex code with something like the one-time code at sprucecodes.com. You can then keep the encoded hex key lying about as it as unbreakable as your 64-character passphrase happens to be.

I find that ever since I got the sheet from Casascius I've been somewhat paranoid about leaving the plaintext sheet anywhere except on my person. If you leave $1000 cash lying about it's easy to tell when it's been stolen as it isn't there any more. But someone can take a quick photo of your sheet of plaintext keys and you'll be none the wiser. But once those private keys are encoded and you have destroyed the plaintext versions then you're safe, even if you put them online or email them to yourself etc. As long as you don't forget the passphrase!

I want like ten iron keys, those look solid and bad ass.  I like that one dude who promoted his key that is in the shape of a key.

Thanks for sharing these personal experiences with the items, not enough people using them and/or talking about it, especially in relation to how much security gets brought up.

Hello Everyone,

I just wanted to share my personal bitcoin security toolkit...

I believe this combination represents the current state of the art in portable bitcoin wallets, privacy, and secure bitcoin exchange access.

The first tool is the "8GB Ironkey Basic S200" which I use for a portable bitcoin wallet & security software ensemble.

The Ironkey is the most secure USB flash drive in the world.. It is virtually impervious to any known exploits, brute force, or physical attacks to attempt to access the data contained on the Flash Memory.  Any data which is read/written to the flash drive has to pass through an embedded encryption chip, which is unlocked by a custom launcher which runs when you put it into a computer. The S200 series contains higher quality SLC flash storage capable of performing swap and virtual memory functions, the D200 edition contains less expensive MLC flash, not suitable for virtual machine usage, however you get about twice as much storage for the same cost.  If the drive is lost or stolen, the attacker has 10 attempts to enter the correct password, after the 10th incorrect password, the internal electronics automatically perform a complete wipe of the flash chips and the encryption chip then will self destruct rendering the drive useless.  The one unique feature of the "Basic" edition of the Ironkey vs the "Personal" edition is the fact that it is able to be configured to only "Wipe the data", but not to self destruct the rest of the electronics. (Ironkey's are not cheap, so I don't want mine to destroy itself under ANY circumstances.)   Initially, the Ironkey emulates a USB CD-ROM drive in order to launch the tool to unlock the encrypted drive.  The password / encryption keys NEVER enter the host computers memory as the application communicates directly with the encryption chip.  Once you unlock the drive you are presented with a set of utilities for managing the Ironkey, including a secure backup facility which is able to make an encrypted backup of the Ironkey to your local hard drive in case it is lost or stolen, you can easily restore this backup to a fresh Ironkey drive.  The Ironkey Unlocker also doubles as an application launcher for your bitcoin client, tor browser bundle, portable virtualbox VM's, security software, or any other portable applications & data you would like to carry with you on the drive.  I am recommending the "Basic" edition of the Ironkey for bitcoin usage since the personal edition bundles some "Windows Only" security software.. some of which require fee's after the first year, like their own "Private Web Browser" which is essentially a custom version of TOR which uses their own private nodes.  Both editions can still be securely unlocked & mounted on Windows, Mac, & Linux... and have the option of being mounted in a "Read-Only" mode... which could be useful for securely performing drive and memory scans of a host computer.  The usefulness of these features are only limited by your own cleverness and creativity.

https://www.ironkey.com/demo-basic

The second tool in the kit is the "Yubikey" provided to me by MT.Gox.

If you don't know what a Yubikey is, then you probably don't religiously listen to the "Security Now" podcast, as Yubico will tell you if you ask them, that they attribute a portion of their success to Steve Gibson's support of their product.  A yubikey appears to be a USB flash drive, but it is more closely related to the electronics found in a standard USB keyboard combined with encryption firmware on board. The build quality of the Yubikey is EXCELLENT, it is similar to that of a solid poker chip, and has been shown to be nearly indestructible & completely sealed and waterproof.  In addition to that it contains no on board battery since it is powered 100% by the host computer.  In its usage with MT.GOX it provides a secondary authentication factor that works on anything that supports a standard USB Keyboard, Linux, Mac, Windows, iPhone/iPad (USB dongle in the Camera Connection Kit) and even various Android devices since they can switch their charging port into a USB host port (google it)...  Neither the Yubikey, or your credentials alone will allow a hacker to get into your account, you must have both the physical Yubikey & the knowledge of your credentials. Once you login with your name and password @ MT.GOX you are then required to do a secondary authentication using the Yubikey.  Each time you press the button it will generate a single use OTP (one time password) that needs to be entered in a field which is presented AFTER you log in with your normal MT.GOX name and password.  Not only does the MT.GOX Yubikey enhance your security during the login process, but it also requires you to hold your finger on the yubikey button for 3 seconds to produce a unique "withdraw password" before allowing any funds to be transferred out of your MT.GOX account.

MT.Gox will provide the Yubikey to any of its users upon request for a small fee, additionally, if you had a trade which got rolled back during the infamous MT.GOX incident, you can request that a yubikey be sent to your completely free of charge. Which was a commendable gesture on their part in my humble opinion.

https://yubikey.mtgox.com/ Request your Yubikey security device here.

http://youtu.be/xYnznunUAOU Yubikey programming & manufacturing video.


Here is a photo of both devices, on my keyring, along side 2 drop forged keyring screwdrivers, my house key, and the key to my secret lair, muhahahaha ha cough.. :-)