Topic: Securing your savings wallet - page 3. (Read 8363 times)

sounds to me then that you should be using Armory.  it avoids any server exposure, allows the watching wallet for your savings wallet, and you don't need to connect the stick to the internet at all to sign tx to send coin to separate spending wallet located on blockchain.info.

No dummy.  

Look, I have two separate wallet files. One resides in blockchain.info the other on my USB stick in the electrum client. If I want to send money from the electrum wallet(my savings wallet) to my blockchain.info wallet (make it available to my spending wallet) I need to be able to input an address that belongs to my blockchain wallet into the electrum client. Got it?

I know I can add a watch only address to blockchain.info wallet but I can't spend from it unless I import the private key for which I'd also need to connect to blockchain.info.

I'm fairly certain I have a pretty firm grasp on what is possible, how things work and what I'm asking for.

what?  smell?  i assume you mean monitoring the balance?  dude, you need to educate yourself better as to how the system works.  you don't need to connect to your stick to do that. just use blockchain.info to monitor the balance.  you're making everyone here twist and contort to unreasonable demands for what you want w/o a complete understanding of the system.

having said that, thanks for this thread as i really enjoy sniffing out these security issues.

Because I can't smell the address I'm sending bitcoins to.

what is c/ping?  copying?  why?

That was my plan. Right now (I'm still not done setting it up) everything in is denied and only ports 53,80/tcp,443/tcp are allowed out. Once I figure out what ports electrum needs (probably what I'm going to end up using) I'll add that to the rules and that's it.

There is no need, but I want the convenience of c/ping the address and I'm ok with the extra risk that that exposes me to. At least I thought I could be.

Put it this way, there is nearly always the potential for you to be hacked or get a virus, but you have to under the % chance of this happening and put it in context, just because there is a 0.0001% chance doesn't mean it's going to happen (numbers maybe made up but they wouldn't be far off for any tech savy user).

I've been on the web for over 24 years. Sure my computer has caught a virus or two, but my personal computer was never purposefully attacked or hacked into. Most of the virus' I got was when I was a child or I let someone else on the computer and they did something stupid and it got compromised because they downloaded something they shouldn't of done and yes all of these were windows machines.
Btw the few linux based PC's I've had and never to my knowledge had either a virus or been hacked into, I use the same level of protection on these as my servers.

I've owned a server, vps, shared hosting of some sorts for around 10 years, those have a nice big target on them, no virus' but do get hack attempts all the time. They were all Linux machines very public, since they are servers and host a few relatively popular websites.
Most hacking attempts are pretty basic, so it's easy to prevent with a properly setup firewall.

If you want to go towards server like protection against hacking attempts, that is what you need to look into how to setup your firewall. One method, limiting outside access by IP address to specific ports, anyone else, gets a denied instantly. Figure out what might need to access you from the outside, make note of it's IP address and put that on a white list. Don't add more than you need to.

So if blockexplorer is the only site you go to, make it so that port will only be open for that IP address of that site.
Same applies for electrum and it's blockchain servers and the ports it uses.

Linux really does not need the same sort of anti-virus protect as windows, so as long as you have something, that is usually enough.

either i don't understand how electrum or multibit work or you don't understand Bitcoin.  when funding your savings wallet there should be no need to open your ubuntu stick and connect to blockchain.info.  you just have to send the coin from blockchain.info to the savings address, period.

No, I'm prepared to hear any answer. I just am frustrated with incomplete answers. Telling me it's not safe despite all these precautions is an incomplete answer. I know it's not 100%, I already said this. I already said I'm willing to forgo complete security for some convenience but what you told me is that you wouldn't trust my setup at all which I just can't take as anything but bullshit. Yes I can lose my money, but here's a newsflash for you, you can also lose your paper wallet if a thief breaks into your safe. Perfect security does not exist and I'm not asking for it. All I'm asking is for a setup that is reasonable safe but you are telling me that my setup is inherently unsafe which I just cannot understand without any further explanations.

I already said that most of what I'm afraid of is a keylogger because I'm already very careful, have keepass and strong, uniquie passwords for any service I use, I have noscript installed, I have an antivirus running...  My windows setup is already a lot safer than what most have but I'm not happy with it because I realize I'm actively browsing on this OS and a keylogging threat exists. All I wanted to do with my USB ubuntu setup is protect myself against that. Why? Because encryption takes care of the rest. And now you're telling me my USB Ubuntu setup will not even protect me against keylogging?

If you're not prepared to hear unwanted answers, you shouldn't ask questions. A few people have already answered with possible attack vectors for your setup, but apparently you don't want to hear it.

All I was saying is that I would not be comfortable storing a significant number of bitcoins with your setup. I prefer to have complete control over my stored coins, something your setup cannot provide.

Ugh.. this is so frustrating. How am I going to lose my coins if blockchain.info won't hold more than what I need for my spending money. And how can a bug get exploited if I'm not going to be actively using my browser.


One more time: I'm going to use my setup as follows. When I want to fund my savings wallet I'm going to reboot to my ubuntu stick, open electrum or multibit(haven't decided yet) open either an exchange page or blockchain.info and transfer the money to my thin client's wallet. After I do this I'm going to close and reboot. If I need to spend my savings money I'm going to reboot to my ubuntu stick, open electrum and open blochchain.info and fund one of my spending addresses. I wont do anything else with my USB stick.

Where exactly is the risk in doing this and how big is it? Is linux really this unsafe that I can't even do the above without risking getting hacked? Is there really no other option but an air gap?! I mean this starting to be too much..

I would store no more than the number of bitcoins I was willing to lose in that setup. Mainly because you are utterly relying on a third party (blockchain.info), but also because of what flipperfish said.

This is what I have now:
- up to date Ubuntu 12.04.1 on a USB stick
- home directory encrypted with a very strong pw
- UFW blocking everything in both directions except 53,80/tcp,443/tcp out
- noscript addon for firefox intalled
- blockchain javascript verifier addon installed
- always browsing in private mode


My plan for use now is to either install electrum or multibit for my savings wallet and use those two in combination with blockchain.info which is the only website I'm ever going to connect to again.


How secure am I? How much money would you store like this?

Great, I can't wait!

IMHO there are a lot of attacks possible. Even if your firewall does block ALL traffic, some bugs in the kernel might be exploited. If you actively use some browser, etc. there is an even bigger attack vector. The firewall cannot protect you from attacks to the browser (because the browser has to be allowed in the firewall). Additionally, as long as you have some kind of storage, which holds modifications to your whole system (so you can install new packages, etc.), there is a chance that malware can hide somewhere (except you check every dir/file before booting).

The solution to this is having a read only system. It has to be checked only once. The wallet often must be read/write, but for the sole purpose of signing offline tx it would be enough to have it writable only at time of creation. This is also the reason, why I think, that encryption for a pendrive solution for bitcoins is overkill. All that has to be protected is integrity (which can be done without encryption of the whole live-system) and confidentiality of the wallet / private keys (which most clients do already).

Hazek,
     I share all your concerns. I'm actively working on a Secure USB Bitcoin stick solution.
I'm currently in the feasibility stage. Trying to brush up on some programming skills to see if the microprocessor that only cost a few dollars will have the capability to generate signatures. If it does, then we are in business. It is going to be open source hardware/firmware.

No I meant the encryption pw could be keylogged..

It's exactly what I'm asking for and trying to setup.  

Also thank you and everyone else very much for all the advice you're giving me here.

how do you keep the A/V up to date?  don't most have to update every day or so online?