Topic: Securing your savings wallet - page 2. (Read 8363 times)

What's wrong with using a brain wallet???

if your going to forgo some security for convenience.. then DO NOT forgo this security:

downloading ready compiled end user bitcoin programs....

the best security is knowing what goes on your computer in the first place.

i personally grabbed the sourcecode for the bitcoinD daemon, read through it then compiled it myself, i then made a simple VB.net program that API calls the daemon with commands i wanted.

i have it on a 16gb memory stick and life is good.

the chances of you getting a bitcoin trojan randomly browsing google for real life stuff is low. but the chances of you getting one downloading ready compiled end user programs from people in the bitcoin community is higher.

so do not get anything ready compiled from within the community. even if they show you sourcecode separately to say their ready to rock compiled executeable is ok... dont do it. compile it yourself.

seeing something large, ready built is tempting.. so was the trojan horse.

this is where i think the world market would suffer with adopting bitcoin. too many naive consumers who dont know how to compile, wanting ready to rock solutions and trusting in a community of hackers, script kiddies and anonymous users they have never met.

I think the most secure way is evenly divide your savings into 5-7 different wallet, and spread them among different platform, medium, physical location, online services, etc... so that you don't have too high risk on any single of them

A distributed saving solution

I will sleep like a baby because my laptop is private and no one but me has access to it.

now you've done it.  hazek won't sleep for a week. 

s/casascius/your own easily generated key pair/g

Seriously? Put my savings in an address someone definitely already saw the private key for? You must be joking.

buy a casascius BTC1 coin, peal it, take a digital picture of the private key and first bits, copy the jpeg to a secure/encrypted SD card (easy to do on Mountain Lion)...use MtGox to cash in the private key and send to a new address...

Modern computers are inherently insecure. They are slapped together quickly and cheaply. The prevelant debuging method employed is "ad-hoc" debugging, where the software or hardware is tweaked until it appears to work. Software and hardware is not proven correct, in part because it is perceived to be impossible. In truth, the halting problem only applies to Turing machines with infinite memory, which computers only imperfectly emulate.

I used to think that modern computers could be considered reasonably secure, if only they ran from Read-only memory. For over a year, I used a diskless computer booting from a live CD as my primary computer (a second computer acted as a file-server). For several more years my router was booting from a read-only floppy disk. Then I learned about an attack on a Voting machine using read-only memory. They leveraged a stack overflow bug in one of the configuration menus into a full machine compromise. Because the machine was battery-backed, they were able to emulate the boot process. To get around to read-only memory limitations, they used a technique called return-oriented programming.

The implications for your laptop booting a "secure" USB key are obvious. A sufficiently skilled attacker may decide to emulate the boot process and prevent you from rebooting the machine; instead putting the machine in standby when you think you are turning it "off" (possibly adjusting LED behaviour in the process). You may think the battery is simply degrading with age. When you boot into Ubuntu, it may be running in a virtual machine, such that the hypervisor can record all of your keystrokes. The best part of return oriented programming is that if you do manage to do a hard-reset on the machine (by removing the battery), there may be no trace of the attack left on your hard-disk: simply because the binaries were never modified. The attacker would simply reinstall the malicious code the next time they come into contact with your machine.

There is a reason people advocate "cold storage" for large ammounts of money, commonly referred to as "savings". As the Armory author told you, it reduces your attack surface considerably.

From your description of this USB key, I get the impression that you are keeping only one copy. This is a security risk too. If your USB key gets lost or damaged, you would not be able to spend the funds. You really should consider some kind of paper backup in a safe somewhere.

How about this alternative, integrated solution:

*Buy cheap used android phone (or new phone if you wish)
*factory reset/flash ROM/etc.
*use wifi to download bitcoin spinner (no carrier service on this phone)
*use SD slot to backup wallet seed
*use camera to scan address from blockchain.info (nice air gap here, no need to even log onto website)
*only power on or turn wifi on when reloading spending wallet.
*phone only communicates with bitcoin spinner servers
*bitcoin spinner servers handle the blockchain

Not the most advanced solution, but VERY EASY TO USE.

Sounds like you're mostly fine. One step better - I would boot this usb stock while disconnected from the net. Save files for transfer somewhere shared. Remove usb, Reboot and connect again. It's pretty unlikely that you'll have problems with what you're doing now but the less your usb stick sees of the net the better. Well known public sites are far more likely to be targets than an unknown individual and this has some bearing on how far you want to go.

Ok I guess I need to be more precise so people can understand what exactly I have in order for them to able to comment on security of my setup. So here goes.

I'm using a laptop with win7. I try to do my best to secure it by having ESET antivirus installed, noscript addon in firefox, hardware firewall on linksys router. For my various accounts I use keepass2 where I keep all my passwords encrypted of course with a strong master password. And for my spending wallet I use blockchain.info with two factor sms authentication and with the javascript verifier installed.

This I think is already decently secure but of course given that it's a working setup constantly online and used mainly for browsing I'm still exposed to a lot of attacks. Most of the attacks can't hurt me because blockchain.info uses encryption so unless someone can read my RAM with the unencrypted wallet while I'm logged in I'm safe from outside attacks there. The main security hole besides counterparty risk is my backup of the blockchain.info wallet sent to my email because if someone were to keylog me, they could get that encrypted backup and decrypt it provided they keylogged both my blockchain.info pw and my email pw, or just my keepass2 master pw if they managed to get my pw database.

That's why I decided to reduce the risk of a successful attack by installing Ubuntu on a USB stick. This is not a LiveUSB, it's an actual full installation of 12.04.1 which I then fully updated. The admin user I was referring to is the installation user that is the first user that you create when installing Ubuntu. I didn't mess with root or created a root user. This installation admin user has it's home directory encrypted with a strong password and is never online. I installed Electrum and created an offline wallet.

Then I created a second user on this same USB ubuntu installation which is a standard user, also encrypted home directory, is online only for the purpose of conveniently communicating receiving addresses between my blockchain.info spending wallet and my offline wallet, has UFW set to block everything except ports 53/udp,80/tcp,443/tcp,8081 out, has noscript and blockchain verifier installed and is not used for any other type of browsing. All I do with this user is log into blockchain to send bitcoins to my savings wallet or to copy an address that I'm going to send bitcoins to from my savings wallet, that's it. Then I have a shared directory which I use to move the offline deseeded wallet between my standard user and my installation admin user and when I need to spend from my savings wallet I log into my installation admin user, reseed the wallet, make an offline transaction, put that file in the shared directory, switch users back to the standard user and send it.

And that's all I use this USB ubuntu stick for, nothing else at all.

The only way I can now from my highly limited understanding see someone steal my savings wallet is if they manage to hack my standard user and somehow insert some malicious code in my kernel files which would then run while I switch back to the installation admin user. If this scenario is something I need to be seriously worried about, so much so that this setup isn't secure enough for my savings wallet, then I just don't understand how any server doesn't instantly get hacked all time.

I'm a little confused by your description. On Ubuntu you would usually have one user who can sudo to get root privileges. But not a separate admin (root) user. Just to be clear, you should not create a root user for admin purposes. Maybe that's not what you meant anyway.

I'm also not clear if you are having just one system for both uses or a regular desktop plus also a flash stick that you reboot into.

I haven't completely figured out my offline approach yet so I won't detail that but I have thought a bit about it. I don't have so much money in btc that I'd need to worry. A few things come to mind. Only have as much as you feel comfortable losing on a net connected system. I've used Linux for years and never had any issue with hacks and stuff but everyone is different and user carelessness matters a lot.

There's lots of ways to do a savings wallet but I think one thing well agreed on by many is that it needs to be a clean offline system. The more minimal the better. Every added component adds more risk, even if minimal.

No one notices the Vanitygen keyconv utility but it generates address/keys in the simplest possible way. A minimal cmd line tool. You can check the code in only a minute because it's so short (250 lines) and only depends on openssl and the std c library.

keyconv -G >> wallet.txt

But most of us want to play around with more complex fancy toys. For security this is less desirable.

Sounds like a hacker with a nice attack-via-browser setup just needs to hack blockchain.info and wait for you to expose your browser to the attack...

Of course the owner of blockchain.info will claim it wasn't them, they were hacked, afterall that is standard procedure for bitcoin services offered as websites so no surprise there...

Just how much coin are you planning to put on your windowsill like that to tempt hackers?

-MarkM-

I made a small adjustment to my plan. This is what I plan to have now:

- Ubuntu 12.04.1 up to date USB stick
- 2 users: administrator, standard (home directory encrypted)
- electrum light client on both
- administrator always offline with no browsing at all using electrum offline tx signing and deseeded wallet sharing
- standard online, synced with electrum servers with a watch only deseeded wallet + blockchain.info in firefox + noscript + verifier + firewall all blocked except out: 53/udp,80/tcp,443/tcp

Is this any better?

You wrote something about configuring a firewall to protect a server. I just made clear, that the configuration of a firewall for a client-system is completely different and not enough.

I know it's different, clearly you didn't read or understand what I said, or read more into it than what I said.
I merely gave advice on configuring his firewall, that is it. None of the stuff you mentioned.

It's a bad idea to use best-practices for protecting a server to protect a client-system. It's a completely different usage profile at a client and thus a different attack vector. Simple example: A server would never connect to blockchain.info, because it's a server, in best case even without gui or browser. Without a browser there's no risk of getting malware through (for example) an xss-attack on blockchain.info. Nevertheless at the client, this risk is very real.

That's just silly.  He said he'll be using his stick with a laptop.

Armory is not an option because having to keep a local copy of the blockchain is a deal breaker for hazek. He's willing to trust his entire savings to third parties (electrum, blockchain.info) and on an online machine. I give up on him, he can do whatever he wants.