Pages:
Author

Topic: Transfer keys between USBs (Read 2743 times)

sr. member
Activity: 257
Merit: 343
July 27, 2017, 02:37:10 AM
#27
it depends - what else  Smiley
on the value you want to transfer. This has been discussed many many times, here in the forum and reddit, and Trace Mayer in his bitcoin podcasts repeats it every time - search for it   Wink

Generally:
for a couple of Euros/Pounds/Dollars (up to 100 maybe), it is ok to use a normal machine and wallet (or iPhone and Android). Similiar to your normal wallet for FIAT money. To then copy via USB, use a machine, that has been verified for malware.
When you have values in the 1000 Euros/Pounds/Dollars range, you pay more attention, and copy this stuff from a secure, unixoide (xBSD or Linux LIVE CD) air gapped machine.
At this point in time a cold storage wallet like Trezor or similiar has it's value.
When you have more than 10.000, then you need to spend some time into re-thinking your store of value. Trezor is not secure enough, cause we cannot see, what is "below" the device. Here you would need to have your cold storage setup along with multisig. Do it yourself, make it trusted, and reliably tested. There is no final solution.
Summary:
low value, little effort in securing your keys, high values, much effort securing your keys.
spend two dollars in security efforts for low bitcoin values, spend 1000 dollars for security when bitcoin values are above 10.000 Dollars, and yes, spend much more, when it's a million value. You are your own bank!
full member
Activity: 289
Merit: 103
July 26, 2017, 09:30:57 AM
#26
It depends o how you are going to transfer but with that, you should be careful and raise your guard up like transfer the whole file without leaving any trace.
legendary
Activity: 966
Merit: 1042
July 21, 2017, 09:21:40 PM
#25
Why do people keep trying to reinvent the wheel? Most of us quit using air gapped computers for storage of bitcoin private keys when Trezor came on the market back in 2014.

It's a hell of a lot cheaper to use a $5 USB than a $100 trezor when they can accomplish the same thing, being no private keys while connected to the internet.
sr. member
Activity: 423
Merit: 250
July 21, 2017, 09:13:25 PM
#24
I think its even you are using other OS its still not safe anytime soon if you are not using your usb for a long time or just few months usb can be damage i have lots of transcends usb disk i am using them for making bootable usb but i stop using it for few months but they are damage and never detect in computer or laptop.
So if you really want to be safe the only thing that i know your bitcoin are safe is to buy trezor wallet you can use it offline and save your bitcoin for a long time. its immune to viruses and keyloggers..
If you are going to transfer keys there would be a possibility that it may copy or it can be used by somebody. And we all know that USB is just a universal port of sharing and receiving information such as photo and video. But most of it do not support further security and do not provide safety for you account. So if you want security at its finest you must need to find a more reliable tangible wallet. Such like Trevor that is offline wallet that promises security and anti virus for you safe keys.
hero member
Activity: 2926
Merit: 722
DGbet.fun - Crypto Sportsbook
July 20, 2017, 10:18:58 PM
#23
As soon as you connect your USB disk to your computer, the Operating System and any program that is running on it can have access to your USB disk data (unless it is blocked by Anti virus or something). And it is not hard for a malware to copy itself on your USB disk (infect it so to speak) or read and copy its data.

For example if it is a bitcoin specific malware it can read your USB, analyze the files to see if it can find a wallet file, a list of private keys, ... and using those private keys it can broadcast it to the attacker or sweep them!

If you want to transfer sensitive information like your private keys, then do it on a clean and "air tight gapped sorry, my English sucks sometimes!" computer. You can use a live linux without persistence which is disconnected from the internet.

1. Make sure your computer clean from virus/rat. scan it first by antivirus, antikeylogger, etc
2. Turn off internet connection.
3. Make folder with different name on your other USB disk.
4. You can copy it safe now.
These things i would definitely do specially if those keys contained lots of bitcoins you will surely think up on secure transfer or copy of the key which n one could able to see non whats your doing. First of all having a clean computer free from virus would be really advisable and at the same time turn off  internet since most remote viruses do really move on this way which do rely on internet connection to send out informations to its hacker.
member
Activity: 84
Merit: 10
Scam ICO hater
July 19, 2017, 05:39:45 PM
#22
Good info in this post. Will work to create my air gapped machine
legendary
Activity: 1806
Merit: 1164
July 16, 2017, 10:27:55 PM
#21
Why do people keep trying to reinvent the wheel? Most of us quit using air gapped computers for storage of bitcoin private keys when Trezor came on the market back in 2014.
sr. member
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
July 16, 2017, 10:00:02 PM
#20


So it's good idea to rename documents or folders which contain your private keys. Viruses can parse file and folder names but they can't open random files.

No, that's complete BS. A virus can make a system call to obtain a file handle for reading just like any other user-mode program can. If Notepad (or your favorite choice of benign program) can open files on the computer, what keeps a virus from doing so?
sr. member
Activity: 826
Merit: 250
July 15, 2017, 10:34:04 AM
#19
As soon as you connect your USB disk to your computer, the Operating System and any program that is running on it can have access to your USB disk data (unless it is blocked by Anti virus or something). And it is not hard for a malware to copy itself on your USB disk (infect it so to speak) or read and copy its data.

For example if it is a bitcoin specific malware it can read your USB, analyze the files to see if it can find a wallet file, a list of private keys, ... and using those private keys it can broadcast it to the attacker or sweep them!

If you want to transfer sensitive information like your private keys, then do it on a clean and "air tight gapped sorry, my English sucks sometimes!" computer. You can use a live linux without persistence which is disconnected from the internet.

1. Make sure your computer clean from virus/rat. scan it first by antivirus, antikeylogger, etc
2. Turn off internet connection.
3. Make folder with different name on your other USB disk.
4. You can copy it safe now.
sr. member
Activity: 377
Merit: 282
Finis coronat opus
July 15, 2017, 09:46:36 AM
#18
I dont understand few things in this post. How can a malware read the file is related to wallet or not?
The same way a worm copies itself on your USB disk when you connect it to an infected computer. And checking contents of a file is not a hard thing when it is not encrypted!
Code:
WatchForConnectedDevicesViatUSB().RunAsLongAsSystemIsRunning(inBackground = true);
if(newDeviceDetected)
{
   GetAllFiles().Containing("Wallet", "bitcoin",....);
   ReadContent();
   if(content.IsPrivateKey)
   {
       SendToAttacker();
   }
}

So it's good idea to rename documents or folders which contain your private keys. Viruses can parse file and folder names but they can't open random files.
HCP
legendary
Activity: 2086
Merit: 4361
July 15, 2017, 02:16:12 AM
#17
Remote activation can only happen when when there is something on the victims pc to to allow it to run. You can't magically run things remotely on someone's oc without tricking them into installing something first or it finds an exploit into something they already have installed. Dude go put on your little tin foil hat. Paranoid.
So that whole "wannacry" thing was just a made up story by people being paranoid and nothing to do with exploits in Windows Operating System services then? Roll Eyes

Given that there have been so many "0 day exploit" attacks in the past... and no doubt will be more in the future... being a little bit "paranoid" when it comes to valuable (and easily "stolen") digital assets is not necessarily a bad thing.

hero member
Activity: 966
Merit: 535
July 14, 2017, 06:38:03 PM
#16
I see people talking about programs that steal your info off your usb. Please don't listen to these people they have no clue what they saying. Things don't run on your own without you rinning or installing them yourself end of.

Clearly you live under a rock, are illiterate, or didn't think before posting. I spot 304 hits for published CVEs mentioning remote code execution in Microsoft's products alone. Just search nvd.nist.gov for "remote code execution" and you'll see.

There's being paranoid, and then there's taking appropriate precautions. Spyware that transmits sensitive data such as cryptographic keys from disks and USB devices is not unheard of.

Remote activation can only happen when when there is something on the victims pc to to allow it to run. You can't magically run things remotely on someone's oc without tricking them into installing something first or it finds an exploit into something they already have installed. Dude go put on your little tin foil hat. Paranoid.
legendary
Activity: 1042
Merit: 2805
Bitcoin and C♯ Enthusiast
July 12, 2017, 03:58:47 AM
#15
I dont understand few things in this post. How can a malware read the file is related to wallet or not?
The same way a worm copies itself on your USB disk when you connect it to an infected computer. And checking contents of a file is not a hard thing when it is not encrypted!
Code:
WatchForConnectedDevicesViatUSB().RunAsLongAsSystemIsRunning(inBackground = true);
if(newDeviceDetected)
{
   GetAllFiles().Containing("Wallet", "bitcoin",....);
   ReadContent();
   if(content.IsPrivateKey)
   {
       SendToAttacker();
   }
}
Grin
sr. member
Activity: 700
Merit: 300
July 12, 2017, 12:47:50 AM
#14
Reply:



As soon as you connect your USB disk to your computer, the Operating System and any program that is running on it can have access to your USB disk data (unless it is blocked by Anti virus or something). And it is not hard for a malware to copy itself on your USB disk (infect it so to speak) or read and copy its data.


For example if it is a bitcoin specific malware it can read your USB, analyze the files to see if it can find a wallet file, a list of private keys, ... and using those private keys it can broadcast it to the attacker or sweep them!


If you want to transfer sensitive information like your private keys, then do it on a clean and "air tight gapped sorry, my English sucks sometimes!" computer. You can use a live linux without persistence which is disconnected from the internet.




I dont understand few things in this post. How can a malware read the file is related to wallet or not? It should be present there to do that and guess transferring from one USB to directly another won't give the file path to malware? Moreover, is it possible to send file via sandbox of antivirus where no malware can even touch the stuff.



hero member
Activity: 700
Merit: 500
July 10, 2017, 03:13:09 PM
#13
Hi

Is it safe to transfer private keys between to USBs, that are connected to the computer, at the same time? (two USBs inserted into the computer in other words)

I mean to hold the "alt"-button and drag/copy one key to the other USB. Is this safe to do from a security-perspective?

Or will the computer have some kind of memory of the file going between the two USBs so that a hacker can go into my computer and find the key/file?

Your best bet is actually creating a paper wallet.

Go to https://bitaddress.org to get started. Here you will get your public and private keys whereby you can send Bitcoins to them and print your keys onto physical paper that no one else will ever know except you. This is the absolute safest way to store Bitcoins. It is basically like fiat cash money, except Bitcoins instead.
sr. member
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
July 10, 2017, 09:35:25 AM
#12
It can be very unsafe in Windows. If you are very concerned about security - use Linux, no network connected, same size USB drive and do low level disk copy such as:

dd if=/dev/sdX of=/dev/sdY bs=2M

where sdX source, sdY target. Be careful, that will destroy everything on sdY

What if /dev/sdX is a bigger drive than /dev/sdY and the key file happens to have been fragmented/moved to the end of /dev/sdX? And why not make bs equal to the underlying physical sector size? If running on a secure offline system you should just be able to use cp and skip the raw disk copy nonsense.
member
Activity: 84
Merit: 10
StuffGoGo Developer
July 10, 2017, 09:30:06 AM
#11
It can be very unsafe in Windows. If you are very concerned about security - use Linux, no network connected, same size USB drive and do low level disk copy such as:

dd if=/dev/sdX of=/dev/sdY bs=2M

where sdX source, sdY target. Be careful, that will destroy everything on sdY
sr. member
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
July 09, 2017, 03:34:56 PM
#10
I see people talking about programs that steal your info off your usb. Please don't listen to these people they have no clue what they saying. Things don't run on your own without you rinning or installing them yourself end of.

Clearly you live under a rock, are illiterate, or didn't think before posting. I spot 304 hits for published CVEs mentioning remote code execution in Microsoft's products alone. Just search nvd.nist.gov for "remote code execution" and you'll see.

There's being paranoid, and then there's taking appropriate precautions. Spyware that transmits sensitive data such as cryptographic keys from disks and USB devices is not unheard of.
hero member
Activity: 966
Merit: 535
July 08, 2017, 03:09:34 PM
#9
Well what happens when you transfer data from a us to your hard drive ? It's the same thing. What you asking doesn't really make any sense. Nothing wrong with copying data from one drive to another. I see people talking about programs that steal your info off your usb. Please don't listen to these people they have no clue what they saying. Things don't run on your own without you rinning or installing them yourself end of.

Also to people who are paranoid. Please don't use computers. If you that paranoid computers aren't for you.
legendary
Activity: 1652
Merit: 4392
Be a bank
Pages:
Jump to: