Simplest USB stick cold storage. | Bitcointalksearch.org

Ente

legendary

Activity: 2126

Merit: 1001

Quote from: Nim on March 30, 2012, 01:36:08 AM

I'm waiting for someone to suggest making up your own private key and then calculating the public key by hand with pencil and paper...

Watch out, there are calculators with wifi or bluetooth already! Eventually there will be malware for those, when Bitcoin finally skyrockets! :-)

(yeah, you said paper and pencil.. but just because you're paranoid doesnt mean they are not out to get you..)

Nim

member

Activity: 67

Merit: 10

I'm waiting for someone to suggest making up your own private key and then calculating the public key by hand with pencil and paper...

payb.tc

hero member

Activity: 812

Merit: 1000

Quote from: Stephen Gornick on March 29, 2012, 03:05:14 PM

Quote

Some malware families are capable of generating a screen capture with every mouse click during login, then sending the captured sequence of screens to the fraudster, where they can be sifted through visually to steal login credentials.

- http://www.technewsworld.com/story/74461.html

Also
- http://usa.visa.com/download/merchants/key-logger-key-stroke-and-screen-capture.pdf

Now if you are storing small amounts to the paper wallet, ending up with a paper wallet created from a compromised system might be a risk you are willing to take. But since some people are putting larger amounts or are using the wallet for long-term savings of bitcoins, they should know that doing the above only after booting from a trusted live-CD (such as an official Ubuntu release) is the significantly more secure approach.

for this reason you might consider putting together an 'offline' computer specifically for this purpose (i.e. a computer that is never put back online). ...or use an old $50 laptop with the wifi thoroughly disabled.

once you're done with it, melt it.

Revalin

hero member

Activity: 728

Merit: 500

165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g

I'm not a fan of IronKeys. Just use TrueCrypt on a regular USB drive.

Inkjets are better than laser for this purpose since they don't have problems with ghost images. Unfortunately the inks are water soluble, so make sure you laminate the pages.

Ente

legendary

Activity: 2126

Merit: 1001

Quote from: Nim on March 29, 2012, 02:36:20 PM

You forgot to purge the printer's memory after you print and burn a blanking document (to prevent people from looking at the next document that comes out of your laser printer with a microscope).

If you guys want to go that far into the depths of paranoia, your printer is a huge security hole that most people don't do anything about.

Whoa! Thats news to me!
I only knew about printers marking printouts with tiny yellow dots to make them uniquely identificable, and that some typewriters and needle-printers (oh, and labelprinters too!) have a printing ribbon where you can read exactly what was printed.. Talking about paranoia, huh?

Hmm.. I will have to investigate in that ghost-images on the next printout some day. Interesting. Paranoia: this reminds me on the cold-boot-attack, where you reboot a computer with your own OS (USB-drive) to read out the still readable data from the RAM, or simply pry out the RAM modules after supercooling them and read out the data on another computer..

If its that far, you probably wont like the idea to print/write the priv key, walk to a jeweller and give him that key to engrave in some metal piece. Do it quick, before Bitcoins and keys are widely recognized! :-)

Ente

Stephen Gornick

legendary

Activity: 2506

Merit: 1010

Quote from: Nim on March 29, 2012, 02:36:20 PM

Quote from: DeathAndTaxes on March 29, 2012, 08:35:49 AM

1) save a local copy of the webpage from http://bitaddress.org
2) disconnect from the internet
3) generate your addresses
4) print 2+ copies (and/or encrypt a copy of output and store)
5) close browser, delete all files, and reboot
6) store your print or encrypted digital copies in multiple safe locations.

You forgot to purge the printer's memory after you print and burn a blanking document (to prevent people from looking at the next document that comes out of your laser printer with a microscope).

If you guys want to go that far into the depths of paranoia, your printer is a huge security hole that most people don't do anything about.

Paranoia?

If the system was infected with malware that does screen captures even when offline, then even your "offline paper wallet" is at risk.

Quote

Some malware families are capable of generating a screen capture with every mouse click during login, then sending the captured sequence of screens to the fraudster, where they can be sifted through visually to steal login credentials.

- http://www.technewsworld.com/story/74461.html

Also
- http://usa.visa.com/download/merchants/key-logger-key-stroke-and-screen-capture.pdf

Now if you are storing small amounts to the paper wallet, ending up with a paper wallet created from a compromised system might be a risk you are willing to take. But since some people are putting larger amounts or are using the wallet for long-term savings of bitcoins, they should know that doing the above only after booting from a trusted live-CD (such as an official Ubuntu release) is the significantly more secure approach.

Nim

member

Activity: 67

Merit: 10

Quote from: DeathAndTaxes on March 29, 2012, 08:35:49 AM

Quote from: Dan The Man on March 29, 2012, 08:14:20 AM

Has anyone been able to verify for certain that bitaddress doesn't keep any logs?

The code doesn't send anything anywhere temporarily or otherwise, everything is done locally on the browser via javascript.

I have looked over the code (it is just just javascript all the code is right there) and there is no communication to any server.

Still I would recommend that a user do what the the author has recommended ... save a local copy of the generation page.

1) save a local copy of the webpage from http://bitaddress.org
2) disconnect from the internet
3) generate your addresses
4) print 2+ copies (and/or encrypt a copy of output and store)
5) close browser, delete all files, and reboot
6) store your print or encrypted digital copies in multiple safe locations.

You forgot to purge the printer's memory after you print and burn a blanking document (to prevent people from looking at the next document that comes out of your laser printer with a microscope).

If you guys want to go that far into the depths of paranoia, your printer is a huge security hole that most people don't do anything about.

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

That port right there on the left. I can get a lightstream to legacy USB adapter from Walmart for 3 mBTC.

Phinnaeus Gage

legendary

Activity: 1918

Merit: 1570

Bitcoin: An Idea Worth Spending

Quote from: DeathAndTaxes on March 29, 2012, 11:42:30 AM

USB drives may not be made anymore but USB ports will probably exist either natively or via adapters.

RS-232 (serial) has been around since the 1960s and most computers today have a serial port (if only as a MB header). If they don't USB to serial adapters exist.

Got it! BTW, where would you plug it in?

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

USB drives may not be made anymore but USB ports will probably exist either natively or via adapters.

RS-232 (serial) has been around since the 1960s and most computers today have a serial port (if only as a MB header). If they don't USB to serial adapters exist.

Phinnaeus Gage

legendary

Activity: 1918

Merit: 1570

Bitcoin: An Idea Worth Spending

Quote

Say you store 100,000 BTC to those private keys over the next three decades. You plug the USB drive in 2042 for the first time. The inject computer instantly detects an unencrypted wallet.dat circa v0.6 client and makes a copy, transfers the balance to the attackers computer all in <1 sec.

That's, assuming of course, USB drives will still be around in 2042.

Ente

legendary

Activity: 2126

Merit: 1001

Quote from: DeathAndTaxes on March 29, 2012, 09:30:23 AM

Quote from: MaxSan on March 29, 2012, 09:29:09 AM

An Ironkey is easy enough, secure enough, strong enough.

Id trust it up to atleast 5 figures. Personally.

Every byte of flash ever created will eventually fail that is an absolute guarantee.

well, "eventually" is quite open, not?
But I agree, flash stands no chance to survive as long as plain (acid-free) paper written with a pen.
A laserprinter-print should work fine for several lifespans too.
Pro-mode: engrave a metal plate with the privkey. Should survive much about anything, including mould, water, fire.
Use steel for high temperature resistance, copper/brass for high corrosion resistance, silver for being cool! :-)

Ente

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: MaxSan on March 29, 2012, 09:29:09 AM

An Ironkey is easy enough, secure enough, strong enough.

Id trust it up to atleast 5 figures. Personally.

Every byte of flash ever created will eventually fail that is an absolute guarantee.

MaxSan

sr. member

Activity: 369

Merit: 250

An Ironkey is easy enough, secure enough, strong enough.

Id trust it up to atleast 5 figures. Personally.

rjk

sr. member

Activity: 448

Merit: 250

1ngldh

Don't forget to laminate that paper and stick it in a safe!

Ente

legendary

Activity: 2126

Merit: 1001

..or eject the linux-live-cd or delete the virtual machine file.

/paranoia off

Ente

ah, screw that!
/paranoia on

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

Quote from: Dan The Man on March 29, 2012, 08:14:20 AM

Has anyone been able to verify for certain that bitaddress doesn't keep any logs?

The code doesn't send anything anywhere temporarily or otherwise, everything is done locally on the browser via javascript.

I have looked over the code (it is just just javascript all the code is right there) and there is no communication to any server.

Still I would recommend that a user do what the the author has recommended ... save a local copy of the generation page.

1) save a local copy of the webpage from http://bitaddress.org
2) disconnect from the internet
3) generate your addresses
4) print 2+ copies (and/or encrypt a copy of output and store)
5) close browser, delete all files, and reboot
6) store your print or encrypted digital copies in multiple safe locations.

Dan The Man

hero member

Activity: 672

Merit: 500

Has anyone been able to verify for certain that bitaddress doesn't keep any logs?

Revalin

hero member

Activity: 728

Merit: 500

165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g

+1 bitaddress.org. Minimum futzing, paper is very reliable, and it prevents bulk-stealing your keys when you go to redeem them in the future. You can also save a copy to USB if you want.

The sha1 f2e410251c8741ac65d29a1c6fb8ef6919b6ab8b hash is the same as everyone gets for version 1.5. It's the sha1-sum of the actual web page itself. This lets you verify that you have a legitimate copy of the page. Yes, it works fine from a local copy.

Edit: More info about bitaddress here: https://www.bitaddress.org/pgpsignedmsg.txt

bitdragon

hero member

Activity: 609

Merit: 501

peace

Thanks for the bitaddress.org

I saved the webpage and seem to be able to generate new addresses like that as well.
Is there any difference/safer in proceeding like that?
Is the SHA-1.......html specific to my computer?

Topic: Simplest USB stick cold storage. (Read 4554 times)