Topic: Wallet protection ideas for the super paranoid... (Read 5481 times)
Once upon a time there was also rubberhose and phonebookfs. They were well designed for plausible deniability. See http://en.wikipedia.org/wiki/Deniable_encryption#Software Sadly never reached release state and long since discontinued.
How about running the client on a VPS? The hosting service a) backs up regularly b) is more secure than your home computer c) is anonymous since no attacker would know to look there, and d) can be secured with iptables and passwords.
Suggestions, comments?
1. Extract private key from wallet.dat
2. Split data into 100 equal chunks.
3. Encode each chunk in a human-memory friendly format. You know, like 01101000101011 translating to "Pink elephant telephones dirty saxophone" or something like that.
4. Ask 300 of your friends to memorize one chunk each. Each chunk is memorized by 3 friends for the sake of redundancy. They are distributed in an order only know to you to ensure they will be reassembled correctly. Perhaps you could offer your friends a small monetary award for correctly reciting their chunk once a year. Correctness is verified by comparing with the 2 other friends who memorized the same chunk.
5. Memorize the order in which your friends were assigned the chunks and destroy all physical traces of it.
6. Destroy all traces of wallet.dat and private key
The problem with truecrypt is that everyone knows about those hidden volumes and courts might not be so easily convinced that there is no such hidden volume. This makes truecrypt style plausible deniability not so plausible in comparison with proposed above "decoy swarm" method.
But yes, truecrypt hidden volume is still something to consider, maybe even in combination with "decoy swarm" method.
But yes, truecrypt hidden volume is still something to consider, maybe even in combination with "decoy swarm" method.
Solution: Nested hidden volumes. The question is: How far must you nest until courts believe they have really arrived at the last layer?
I'd say 100 times at least
If you hear voices often, this method is for you! 
The truly scary part to that is when you realize they are not only real, but also accurate
If you hear voices often, this method is for you!
How did you know?
You can put your encrypted wallet.dat inside a jpeg file, tt’s a pretty cool trick 
If you hear voices often, this method is for you!
Quote
SSD wear leveling and the way free space must be prepared is an extra level of protection. See this article about protection:
http://news.techworld.com/security/3263093/ssd-fimware-destroys-digital-evidence-researchers-find/
http://news.techworld.com/security/3263093/ssd-fimware-destroys-digital-evidence-researchers-find/
garbage collection - trim - only works when specific criteria are met, you need to be sure that it is actually working and it simply may not clear data you want to protect, while
one hdd overwrite cycle is enough
Quote
USB sticks are rated for around 10 or so years.
MLC chips, not whole pendrive!
Quote
In an air tight PVC pipe underground, a memory stick is in a better environment than above ground. Above ground, you have more extreme temperature and humidity fluctuation.
check what happens with tin at low temperatures - α-tin
Quote
Granted. My approach lacks redundancy
say you just used 20 new pendrives... from batch that was recalled later because of technical problems... you must have diversity there
Quote
With your method, you have just exposed your BitCoins to seizure by the state. With my method, there would be nothing encrypted on my computer.
this is fairly small amount of data and can be hidden in number of ways, tc containers are not distinguishable from random data
Who me? I don't even use truecrypt. All my drives got formatted long time and that thing that looks like random data - it's just elecromagnetic field from my crt playing tricks on carelessly placed HDD's. Hell, I wouldn't even be here if my neighbor wasn't so kind to lend me his laptop once in a while
Now I wonder if there ever was a case in UK where court was not satisfied with the supplied passwords. From technical standpoint there is no way to prove that hidden volume exists
Actually, there's no way to prove it DOESN'T exist. You can prove it DOES exist by opening it up. If you don't have hidden partition, the prosecution (or interrogator) says you're just lying and you really do, and there's no way to prove your innocence.
But the last time I checked it's *NOT guilty* until proven otherwise. If I say there's no hidden volume and they have no evidence that's a pretty lousy case in IMHO. It's the same as me saying prosecution was paid to put me behind bars. Just my word against theirs
Now I wonder if there ever was a case in UK where court was not satisfied with the supplied passwords. From technical standpoint there is no way to prove that hidden volume exists
Actually, there's no way to prove it DOESN'T exist. You can prove it DOES exist by opening it up. If you don't have hidden partition, the prosecution (or interrogator) says you're just lying and you really do, and there's no way to prove your innocence.
terrorist rocket pants
Is that a rocket in your pants or are you just happy to see me?
Now I wonder if there ever was a case in UK where court was not satisfied with the supplied passwords. From technical standpoint there is no way to prove that hidden volume exists
Your suggestion of online backup exposes you to 3rd party knowledge of something encrypted, and the potential violence that entails. For example, in the U.K. you are required to provide the keys to encrypted data on your computer, or face jail time if you refuse. With your method, you have just exposed your BitCoins to seizure by the state. With my method, there would be nothing encrypted on my computer.
As a purely theoretical exercise:
All you need in UK is plausible deniability. One way to get it is to use a bunch of decoys. For example, encrypt many files with various random stuff in it (like pr0n, warez, mp3's etc..) with various easy and medium difficulty passwords. Somewhere among those decoys there is an encrypted file with the real stuff and strong passphrase. Do not name it 'my.bitcoin.treasure.crypto', 'big.titty.crypto' is probably a better name.
Once you are compelled by law to reveal your passwords you give them some of the passwords you can remember, some other can be brute forced since they are weak. Some passwords are just happened to be forgotten, you are happy to comply with court order to the best of your ability but somehow you forgot a few passwords, you are very sorry and apologetic about it. Here you go, plausible deniability, you walk free.
Read Sun Tzu's 'Art of War' for more good ideas.
Even better idea is to use truecrypt
http://www.truecrypt.org/docs/?s=plausible-deniability
http://www.truecrypt.org/docs/?s=plausible-deniability
Quote
Use an SSD because it will quickly erase free space once it is turned on and any type of forensics becomes near impossible. This makes it difficult for 3rd parties to recover deleted wallet files. If you use a conventional HD, the data will hang around for a lot longer and make it easier for forensics to recover any wallet files on your computer.
exactly opposite - hdd data can be shredded easily, you never can be sure if wear levelling mechanisms allowed to actually delete some content on ssd
just use truecrypt with long password that you will remember
http://news.techworld.com/security/3263093/ssd-fimware-destroys-digital-evidence-researchers-find/
Quote
Quote
EDIT: Thumb drives are used instead of CD or DVD because CD and DVD storage start to degrade in 5 to 10 years. Thumb drive data storage has a much longer data storage time.
that time is about data in mlc chip itself, there is no way to be sure that usb stick will live longer than 5 years, especially if you have cold winter tin soldering can be gone after first year
there is no way to know if usb stick will survive more than year, there will be a problem with decrypting stenography and encrypted data unless you use exactly same software, burring things into the ground is no good until you put them like 2-3 meters under - as cold, floods and or construction can destroy them easily
I misquoted the life of a CD and DVD... The blue and green are not rated for more than a year or two. USB sticks are rated for around 10 or so years.
In an air tight PVC pipe underground, a memory stick is in a better environment than above ground. Above ground, you have more extreme temperature and humidity fluctuation.
Quote
instead i would have combination of mediums like pendrive, micro sd card, cd, dvd, blueray, printed copy, and sata disk
three - four sets in different location, perhaps at least one abroad
plus heavily encrypted failsafe backup stored online
most dangerous scenario is data loss and data leak, and i doubt that my backup needs to be interrogation safe
three - four sets in different location, perhaps at least one abroad
plus heavily encrypted failsafe backup stored online
most dangerous scenario is data loss and data leak, and i doubt that my backup needs to be interrogation safe
Granted. My approach lacks redundancy, but can be tweaked to have two or three copies of each bucket in different PVC pipes. Having a copy abroad is a good idea, but not practical if you cannot travel safely to another country.
Your suggestion of online backup exposes you to 3rd party knowledge of something encrypted, and the potential violence that entails. For example, in the U.K. you are required to provide the keys to encrypted data on your computer, or face jail time if you refuse. With your method, you have just exposed your BitCoins to seizure by the state. With my method, there would be nothing encrypted on my computer.
Tattoo a bitbill-style QR code onto your newborn infant's head, and never speak of it again...
snip
15. Once you are sure everything is set, delete everything from the SSD and reformat it.
snip
Facepalm.jpg15. Once you are sure everything is set, delete everything from the SSD and reformat it.
snip
Did you not see that an SSD can never be securely erased escept for destroying the actuall drive. It has to do with the fact that the drive adress is not a specific part on a ssd and changes so your data never gets full dleted. I think thats how it works.
Vladimir, I think I enjoy reading your posts the most. And, this thread title has you written all over it.
Just to add something related to the thread...
Bury the USB stick in a pelican box, on property you own if possible. Mark it with a steel rod so that you can find it with a metal detector 50 years later. Mount with antique USB reader.
And, this thread title has you written all over it. Just to add something related to the thread...
Bury the USB stick in a pelican box, on property you own if possible. Mark it with a steel rod so that you can find it with a metal detector 50 years later. Mount with antique USB reader.
Jump to: