Topic: Transfer keys between USBs (Read 2743 times)

it depends - what else 
on the value you want to transfer. This has been discussed many many times, here in the forum and reddit, and Trace Mayer in his bitcoin podcasts repeats it every time - search for it   

Generally:
for a couple of Euros/Pounds/Dollars (up to 100 maybe), it is ok to use a normal machine and wallet (or iPhone and Android). Similiar to your normal wallet for FIAT money. To then copy via USB, use a machine, that has been verified for malware.
When you have values in the 1000 Euros/Pounds/Dollars range, you pay more attention, and copy this stuff from a secure, unixoide (xBSD or Linux LIVE CD) air gapped machine.
At this point in time a cold storage wallet like Trezor or similiar has it's value.
When you have more than 10.000, then you need to spend some time into re-thinking your store of value. Trezor is not secure enough, cause we cannot see, what is "below" the device. Here you would need to have your cold storage setup along with multisig. Do it yourself, make it trusted, and reliably tested. There is no final solution.
Summary:
low value, little effort in securing your keys, high values, much effort securing your keys.
spend two dollars in security efforts for low bitcoin values, spend 1000 dollars for security when bitcoin values are above 10.000 Dollars, and yes, spend much more, when it's a million value. You are your own bank!

It depends o how you are going to transfer but with that, you should be careful and raise your guard up like transfer the whole file without leaving any trace.

It's a hell of a lot cheaper to use a $5 USB than a $100 trezor when they can accomplish the same thing, being no private keys while connected to the internet.

If you are going to transfer keys there would be a possibility that it may copy or it can be used by somebody. And we all know that USB is just a universal port of sharing and receiving information such as photo and video. But most of it do not support further security and do not provide safety for you account. So if you want security at its finest you must need to find a more reliable tangible wallet. Such like Trevor that is offline wallet that promises security and anti virus for you safe keys.

These things i would definitely do specially if those keys contained lots of bitcoins you will surely think up on secure transfer or copy of the key which n one could able to see non whats your doing. First of all having a clean computer free from virus would be really advisable and at the same time turn off  internet since most remote viruses do really move on this way which do rely on internet connection to send out informations to its hacker.

Good info in this post. Will work to create my air gapped machine

Why do people keep trying to reinvent the wheel? Most of us quit using air gapped computers for storage of bitcoin private keys when Trezor came on the market back in 2014.

No, that's complete BS. A virus can make a system call to obtain a file handle for reading just like any other user-mode program can. If Notepad (or your favorite choice of benign program) can open files on the computer, what keeps a virus from doing so?

1. Make sure your computer clean from virus/rat. scan it first by antivirus, antikeylogger, etc
2. Turn off internet connection.
3. Make folder with different name on your other USB disk.
4. You can copy it safe now.

So it's good idea to rename documents or folders which contain your private keys. Viruses can parse file and folder names but they can't open random files.

So that whole "wannacry" thing was just a made up story by people being paranoid and nothing to do with exploits in Windows Operating System services then?

Given that there have been so many "0 day exploit" attacks in the past... and no doubt will be more in the future... being a little bit "paranoid" when it comes to valuable (and easily "stolen") digital assets is not necessarily a bad thing.

Remote activation can only happen when when there is something on the victims pc to to allow it to run. You can't magically run things remotely on someone's oc without tricking them into installing something first or it finds an exploit into something they already have installed. Dude go put on your little tin foil hat. Paranoid.

The same way a worm copies itself on your USB disk when you connect it to an infected computer. And checking contents of a file is not a hard thing when it is not encrypted!

Reply:





I dont understand few things in this post. How can a malware read the file is related to wallet or not? It should be present there to do that and guess transferring from one USB to directly another won't give the file path to malware? Moreover, is it possible to send file via sandbox of antivirus where no malware can even touch the stuff.

Your best bet is actually creating a paper wallet.

Go to https://bitaddress.org to get started. Here you will get your public and private keys whereby you can send Bitcoins to them and print your keys onto physical paper that no one else will ever know except you. This is the absolute safest way to store Bitcoins. It is basically like fiat cash money, except Bitcoins instead.

What if /dev/sdX is a bigger drive than /dev/sdY and the key file happens to have been fragmented/moved to the end of /dev/sdX? And why not make bs equal to the underlying physical sector size? If running on a secure offline system you should just be able to use cp and skip the raw disk copy nonsense.

It can be very unsafe in Windows. If you are very concerned about security - use Linux, no network connected, same size USB drive and do low level disk copy such as:

dd if=/dev/sdX of=/dev/sdY bs=2M

where sdX source, sdY target. Be careful, that will destroy everything on sdY

Clearly you live under a rock, are illiterate, or didn't think before posting. I spot 304 hits for published CVEs mentioning remote code execution in Microsoft's products alone. Just search nvd.nist.gov for "remote code execution" and you'll see.

There's being paranoid, and then there's taking appropriate precautions. Spyware that transmits sensitive data such as cryptographic keys from disks and USB devices is not unheard of.

Well what happens when you transfer data from a us to your hard drive ? It's the same thing. What you asking doesn't really make any sense. Nothing wrong with copying data from one drive to another. I see people talking about programs that steal your info off your usb. Please don't listen to these people they have no clue what they saying. Things don't run on your own without you rinning or installing them yourself end of.

Also to people who are paranoid. Please don't use computers. If you that paranoid computers aren't for you.

http://trilema.com/2013/how-to-airgap-a-practical-guide/