Bitcoin Forum

I've thought a lot about a potential Bitcoin business I could start that would be handling people's Bitcoins (albeit for no longer than 24 hours at a time).  Given the number of hacks, and the fact that I am far from an expert on security, this scares me to death.  The only solution, in my mind, is to keep 100% of coins in cold storage, create transactions from an online machine, and have the cold storage offline machine sign the transactions on a USB stick (Armory's method).  For the purposes of my business idea, this should be acceptable.

But here's the problem:  People know where I live (or could easily find out, as I make little effort at hiding my offline identity).  If I have thousands of Bitcoins on hand, and people know that, then I fear I would be making myself a target for home invasion.

Any suggestions?

Use m-of-n private key (a working implementation with source for Windows: https://casascius.com/btcaddress.zip - Vitalik Buterin also created one in python that works a bit differently)

Don't keep all the pieces in one place.  Use any and all of the following to hide some or all of the pieces: safety deposit boxes, with friends/family, with estate-planning attorney, as well as hidden where only you know.  A critical element of several of the places is that getting access to them takes time, effort, and involves the scrutiny of other people who can't be put under duress by an attacker as easily, and in some cases hopefully can't be identified by a would-be attacker.

Create a document and keep it in your own home that explains that the key is in pieces and drop hints as to how to acquire and assemble the pieces that would only be fully understood by people who know you well.  This gives you plausible deniability in a robbery as well as a way for your family to find your stash if your demise is untimely.  Include on a USB stick any software needed for your family to reconstruct the keys once they assemble them, just in case the software becomes unavailable or difficult for your family to find.

casascius - it seems you misunderstood my intent.  I am not looking for long-term storage.  I would need to have the cold storage transactions signed every 24 hours.  If I had to drive to do it, then I could make that happen, but having to gather pieces every day, then redistribute them would seem highly impractical.  Sorry if I did not make this clear in my OP.

It sounds like I have conveyed enough of the basic concept though, in any case, for you to craft a specific plan that would be more appropriate for your needs.  Assuming of course you thought it was a good idea.

I'm sure you'll be fine.  You pay taxes right?  Just give the police a heads up & they'll send a patrolman over ASAP.

Seriously though, depending on how much you may have access to, you may want to hire a private security firm.  Build the cost into the price.

You can either easily access the coins all the time (including during a robbery) or not.

If you want to suddenly be -unable- to access them, just send them to an address with a key that you don't have handy (something like cas describes). That doesn't help if someone decides they don't believe you or don't care, but at this point it is pretty much someone randomly murdering you because you use bitcoin.

I guess it all depends on how paranoid you want to be.  Looking at it from a high level there are only two general concepts to prevent a third party from forcing you to give access. The first is to create a setup which requires a second party who isn't on-site (counterpart).  The second is to create a setup where you can cause yourself to intentionally lose access.

Second party:
You could split the private keys (protocol independent m of m).  For example you could XOR two 256 bit numbers (half-keys) to produce the private key.  You keep one list of half keys and your partner keeps the other.  To send funds would require both of you to XOR your half-key to produce the full key and sign a tx.

Another option would be a wallet where it requires two pass-phrases to decrypt and you only have one.  You would need to notify your partner and he (via RPC call or some other method) enters his passphrase.  The "dual missile key option".  

For either method you likely would want some challenge and password type setup to ID the counterpart is not compromised.  Upon hearing a duress codeword the counterpart would refuse access.  If you have the info stored securely in a third location the counterpart could destroy his secret upon hearing the duress word.


Lose Access:
The simplest option would be a wallet where upon duress would send the full balance to an address you don't have direct control over (private key is off-site, bank vault, m of n type setup, etc).

Another option would be a deterministic wallet stored only in memory (say a netbook dedicated as a hardware wallet) and created using two 256 bit seeds.  On setup you and your counterpart would enter the seeds.  The wallet could be operated by you alone but upon duress you kill the power and you couldn't restore the wallet without your counterpart.

The in-memory wallet could be done with one person if you can limit access to the seed and don't routinely keep it on site.  For example setup in-memory wallet and then have seed secure in a safety deposit box.

Obviously the disadvantage of the "lose access" method would be that if you are compromised before the duress action can be taken the wallet will be lost.  One option would be to trigger the lose access method to an alarm system.  Someone breaks in, alarm sounds, and a relay kills power to the in-memory wallet.

Consequences:
So there are a couple different ways of doing it but one thing you may wish to consider is .... do you want to be in a situation where you can't give criminals what they want?  Will they believe you?  Will they accept the truth in a non-violent manner?  Maybe investing in a good monitored alarm system (not ADT), strong doors, secure locks, and firearms is better insurance. :)

Thanks for all the input!

It looks like, at this time, I will be unable to conduct this Bitcoin business that I had wanted.  No solution presented thus far is "good enough" for me (I don't want to deal with a second person), and I don't want anyone showing up at my door, strong locks and firearms or not.

Really, an online solution of some sort with insurance sounds better.  But I doubt Bitcoins are something that any insurance company would want to insure...

Maybe another day, I'll find a good solution.  For now, I'll hang on to the idea and the IP associated with it.

For what it's worth, simply opening a safety deposit box costs as little as $10/year, can be done at the bank you already visit, and can be accessed without any questions other than your identity (which will be checked by someone also in a position to detect whether you're under duress and to do something effective about it, including deny access to the box, trip silent alarms, and gain the highest priority attention from law enforcement in the fewest words).

How big risk this really is? The money is behind a safe, which only you know the password to. So they have to threat you with violence to get the private keys/bitcoins. To me it seems like a high-risk operation from robbers viewpoint.

Hmmm... now there's an idea.

I wonder if they would have a power plug in the same area where the deposit boxes are made available?  If not, I could always just take a battery with me.  Potentially, I could put cold storage on a netbook-type device (with paper and USB backup), then stop by the safety deposit box with a USB key to sign transactions as necessary.  If no power is available, I could simply take the battery home and charge it (assuming I had two of the same netbooks), then bring it with me to conduct the transactions.

A bit of a hassle, but doable.

I've never used a safety deposit box.  Are they typically available 24/7?  Can they fit a netbook inside?

The way I figure it is, people will break into a car for a quarter.  I am certain there are individuals out there who would conducted an armed robbery of some sort for $200,000 worth of digital cash.  Sure, it's high risk, but it's also high reward if business is booming for me and I actually have that many bitcoins moving through the service in a 24 hour period.

Hanging out and doing any kind of work inside their vault is not something they're anticipating you'll do.  They expect you will come in, identify yourself, sign their logbook, and go in the vault accompanied with your key and they will insert their key (each box has two locks) and then you will either add things or take them out while they stand by.


A typical safety deposit box is small but LONG (unless you pay for more size).  A typical size is 3x5x22 (inches).  It will definitely fit a USB stick, or rolled-up documents.  But not a computer.  They are only accessible during banking hours unless your bank offers some sort of after-hours access.

Between me and the company I work for, we have several boxes of this size, specifically for contingency plans.  The boxes I use to hold Bitcoin private keys contain parts of m-of-n sets, and they are printed on paper in the form of QR codes.  When I visit the boxes, if I want 1 code, I will usually just scan it with my phone, or if I need several, I might just take part or all of a sheet out of the stapled-&-rolled-up stack.  I always assume that the bank personnel "could" access my box for any reason, so I never leave private keys in the box that would be useful by themselves.

For the sake of this argument, I'll trust the bank and its staff, but will still ensure that the contents of whatever I leave in the deposit box are encrypted.

Assume I rent a large enough box to fit a netbook in then... What about grabbing the netbook, going out to the lobby, conducting my transactions, then stowing it back away again?  Would it be unsafe to have the data "out in the open" in the lobby?

Or, would it be ridiculously slow to simply keep the private keys on a USB drive in the deposit box, then bring a netbook along with me to sign the transactions?  I don't know how having a wallet file on a USB device would affect the speed at which signing with Armory could occur.  And, of course, never actually bringing the netbook online while it is elsewhere, to ensure it truly remains uninfected cold storage.

Just use a brainwallet. That way your bitcoins are not stored "offline"... they aren't stored anywhere at all. There would be no reason why people would come to your house looking for bitcoins, there would be no point. The only way to get them would be coerce you to give up the passphrase. I can go into more details about this (it's a pretty simple system -> you still use an offline computer to sign transactions, but the offline computer never stores the private key).

His scenario is someone DOES come to his house to take the large sum of bitcoins in his offline wallet.  You solved the scenario he isn't asking about. 

Why do you say there is no reason why people would come to my house looking for bitcoins?

As I said in the OP, my name and street address are fairly easily associable with my online identities.  Couple that with the fact that I would be running a business where anyone could see the exact amount of Bitcoins I am holding at any given time, and that number of Bitcoins may increase to a significant number (thousands or tens of thousands of BTC), and I can see very good reason for people wanting to "pay me a visit".

I wouldn't want to be anywhere near a public bitcoin facility especially with a known high balance if it doesn't have adequate protection.  Even if you made it perfectly clear no private keys are available on location, some moron criminal is still going to attempt to steal some money.  They may even harm you as an example to future victims.  Bottom line - either don't make the address public or hire lots of security.

That would probably work, in the sense that the bank is unlikely to have any problem with you doing it.  As for whether it's safe is mostly hypothetical.  Someone in the bank to conduct a robbery is probably there to rob the bank.  Who knows.


I imagine USB versus local storage shouldn't make a significant difference.

What do you mean by "a public bitcoin facility"?

This business wouldn't turn enough coin to hire "lots of security", so I am attempting to figure out a way to run it securely without resorting to such drastic measures.

EDIT:  Thanks for the answer on that Casascius.

Will these customers be informed that the entire amount of funds they've entrusted with you are then one heartbeat away from being lost forever?

Sorry, I should clarify.  Certainly, there would be multiple contingency plans in the event of my unfortunate departure from this world.  I just mean that I don't want to have to deal with gathering information from a second person on a day-to-day basis just to get some transactions signed.

A few "crazy" ideas come to mind.

One that is kind of blown by mentioning it here at all would be a "pretend secure coldwallet service" which holds signed documents from you they can use to prove you and they both agree you do not actually have anything of value in their care, so that if for any reason at all anyone including you does try to claim they have something of yours they are off the hook. It would function by simply being a very public pretense that your emergency coldwallet is safe in their care. The purpose of this would be so that if someone raids you can claim the coins are in someone else's care and point at who; you would not actually place anything in their care, their purpose is simply to be a decoy, you and they both maintain a public sham that they have your emergency coldwallet.

Another idea is put your emergency coldwallet into police evidence locker, as evidence of your being blackmailed or under duress or murdered or rendered incommunicado by violence or whatever. It will only be needed in the event of such a scenario, so anyone coming for it is evidence of such an event having occurred. Arrange that all your coins get sent to that wallet automatically if you hit a panic button or take your hand off a deadman switch. Then in the event someone comes to your house you can show them the button or switch and explain that the coins are all in the evidence locker as evidence that they are at your house.

You could even use both methods; when someone comes to your house you tell them about the pretend secure wallet service people; when someone comes to their house they tell them about the evidence locker...

NOTE: Any number of online services could be monitoring your evidence-locker wallet address, ready to send in SWAT or call fire brigade or whatever in response to cries for help sent out by means of pre-agreed amounts being sent to it from pre-agreed dire-straights wallets etc...

-MarkM-

Encrypt the computer who have Bitcoins with TrueCrypt and strong password. Dont lose the rescue CD also as it will help in case of MBR damage.

If You live in USA buy a gun. Problem solved, no escaped slaves will successfully invade your home and take your Bitcoins.

One idea, you could just have a USB flash drive laying around, containing a wallet.dat file (which contains just random noise), and kept in a place where one would likely store something valuable... and hand it over when asked.  It could have in sharpie marker, "bitcoin backup".

Not very many armed robbers are going to pull out their laptop and rescan the blockchain to make sure it was the real deal.  And it will take them a while to figure out that the wallet is bogus.

Meanwhile, if Alice points a gun at Bob, and in return, Bob gives Alice a flash drive which she then scours and runs everything it contains... which person is the attacker?  ;)

The flash drive may as well contain an executable that starts sending you e-mail, named "wallet.dat.exe", which they are likely to run, and this will squeal their IP to you.  While you're at it, you could include scripts that will gather the MAC addresses of nearby wireless base stations (e.g. in Windows: "netsh wlan show networks mode=bssid")... which might result in you getting lucky and finding out their physical location.

I don't know why Bitcoins can be more attractive target for home invasion robbers than other expensive things such as jewelry or paintings or exotic cars. Some people in your area might be known to have them. They probably cost more than your Bitcoins and most boneheads have no idea what bitcoins are. So don't worry!

1.  just outside the vault of my safe deposit box at my bank is a small private room with electric plugs where customers can view the contents of the box or sign offline tx's in your case.

2.  some guy on etotheipi's thread came up with a very cool USB solution:  https://bitcointalk.org/index.php?topic=56424.msg1182346#msg1182346

I don't understand. What would they stand to gain from paying you a visit? There is nothing to steal at your physical location.

Those items are desirable because they have the property of being easily converted to USD cash.  As do Bitcoins.

This thread confuses me. You don't need to have wallets stored anywhere at all to use Bitcoins. You don't need an online service, you don't need an offline wallet. All you need to do is remember (somehow) your private key. If it was publicly known that I had a million bitcoins, and everyone knew my physical address, thieves could come and steal everything in my house and all of my computers... it wouldn't do them any good.

Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.

I am working on my crazy notion (https://bitcointalk.org/index.php?topic=103477.msg1134538#msg1134538) as a sort of credit union web-of-trust using multiple forms of multisig transactions. It's a social networking model of storing and lending, while building limited trust status.

The solution proposed by casascius is interesting indeed. Safety deposit boxes, m-n, shamir secret, an unthrusted  third-party (bank clerk) that eventually could see the box's contents but unable to spend the keys, while spotting for a possible "coercion" and trigger an alarm. All this can help you to be a Donald Trump of Bitcoins and still protected by the need of physical presence at a secure site to sign transactions. Without dealing with a thrusted second person. One-man operation.

Great thread.

There are at least two schemes to prevent torture. First one is destroying the information enemy needs and not knowing it in first place. Second one is martyrdom to prevent capture. Both of them are somewhat overkill in case of bitcoins. Thiefs are good at physical things, not purely virtual ones like bitcoins.

They could threaten or coerce me, steal family members, etc, is what I was thinking.

Problem is, this particular service does require the holding of ~15,000 different private keys.  I can't just remember those in my head.  ;)

I do not think that is the real problem.

The real problem seems to me to be your desire/need to brag about how many coins you hold.

If the amount was not bragged about / published / known then you could have magic words/commands that retrieve 15,000 keys but retrieve decoy keys instead of real keys given the wrong magic words/commands.

But bragging about how many coins you hold makes it necessary for any decoy to hold as many coins as the real target, which kind of spoils the usefulness of the decoy.

Fort Knox brags about having lots of wealth on the premises, maybe the service you have in mind would be more suitable for them to offer than for you to offer...

Gosh, bragging has a downside? Who'd'a thunk?

-MarkM-

EDIT: Hey waitasec, did I just basically imply there is some security to be found in obscurity?

Apologies in advance for the large quote. Isn't the threat of being coerced a fundamental problem of being publicly rich?

So how many visitors have you had, demanding you log in to your bank and transfer money to them?

Or demanding you drive them to an ATM and get them cash?

Or open the lock to your safe?

The fundamental problem is easy/fast access to the loot.


Zero. But it's traceable.

One time, yes (https://bitcointalk.org/index.php?topic=79065.msg880602#msg880602).

Last year a gang of thugs raided a residencial building where my co-worker lives. Looking for jewelry (inside information, two dealers at the penthouses). 3 hours of action. They started 5:10 AM.


I am interested in any procedure that provides deterrence protection (preferably) against extorsion. (m-n, ssss, banks with insurance, safe boxes with half a key, time lock features etc.)

It's not about wanting to brag.  With this particular business, the knowledge of exactly how many coins I was holding would HAVE to be public information.  There is no way around that.

Also, anyone who says there is no security through obscurity is an idiot.  PASSWORDS are security through obscurity.

Absolutely, point taken.  I just suppose it feels different when it is me being responsible for other people's coins, vs me being responsible for my own.

Interesting idea, thanks.  I think I'd still prefer the deposit box route, but a storage unit WOULD accomplish the same thing.  Worth consideration, at least.

Point taken.  Perhaps I am just too paranoid.  ;)

Depends... has it already been public knowledge for quite a while that you hold as many bitcoins as this business you are planning will hold?

Will you still hold that many of your own when you start also holding those of the business?

Maybe it merely has not yet seemed worthwhile to target you yet due to your not being known yet to hold enough to make it seem worthwhile to try?

-MarkM-

No, you're still not understanding.

I hold like 70 bitcoins to my name.  I am not a worthwhile target, and I doubt I ever will be just by my own wealth.

If the service became popular, then I could see me holding up to somewhere in the tens of thousands of bitcoins before offloading them each day.

Any scheme that makes it impossible for anyone to know the order of magnitude of the amount of coins you have would do that. Ideally, one that would allow you to reveal only a portion of your coins.

With Bitcoin, if you offer an account to receive payments, anyone can tell at any time how many payments and how much you've received at that account. This means you either have to use a number of different accounts to receive payments or anyone who pays you can tell how much total you have received.

For example, any system that didn't reveal the destination address publicly would work. (I proposed such a system last year where each transaction is like a vault and each recipient tries their key on each vault to see if they can open it. There is no public record of the destination of any transaction and no way for a third party to tell which keys opened which vaults.)

I believe I was understanding. I was suggesting you are not too paranoid, that rather it might merely be that you had avoided being a target so far due to not yet holding enough coins to make yourself a target; that once you hold enough coins you well might be a target thus you are not being paranoid you are wisely thinking ahead.

Joel, his problem is he insists on revealing how much he holds.

Presumably he has to actually prove it, so even if he proves it only to individuals and only to the extent of how much of that individual's money he holds, anyone capturing such an individual would be able to see for sure that he holds at least the amount he has proven to that individual he holds...

-MarkM-

Ok, that makes more sense then.

I have to show all of my addresses to the world for the service to work.  So yeah, anyone and everyone could figure out (with a little work) how much I was holding.

I suppose there's always the option of doing multiple withdrawals/day to limit exposure as well.

Well maybe it would be worthwhile to dig deeper into how a completely anonymous service can be trusted?

Could one pretend to have given up on doing it oneself, claim to have therefore sold the business model to some silky roady type corporation that operates only over Tor and i2p and Freenet, and recommend that people go see them for that service since you yourself lack the security bastions and armed guards and locational obscurity that they are able to deploy?

Someone claimed to pretend not to be doing the business he actually does, maybe he can throw some light on ways and means.

-MarkM-

Well, that's partially why I haven't been more specific about the business plan.  ;)

The OTHER problem is, it obviously requires people to have a lot of trust in me, for temporarily holding on to their coins, so I am not sure an anonymous business model would work.  Then again, people seem to keep falling for scams left and right here, so maybe it would...

Depends... how many percent a day can you offer them? ;) :D

Another option might be to use tokens.

Instead of proving you have their bitcoins, maybe an equivalent number of bitcoins could be proven to be in a vault somewhere and you proven to hold that many digi-bitcoin tokens representing them?

Basically don't deal directly with bitcoin, instead tell people to go buy digi-bitcoin tokens and send the tokens to you instead of the bitcoins?

As I operate an Open Transactions server (https://bitcointalk.org/index.php?topic=53329.0) I am in a boat not totally unlike yours.

My server deals with tokens, and I would prefer not to have to keep bailing actual coins out of cold storage all day.

One approach I thought of is posted at https://bitcointalk.org/index.php?topic=102316.0 but response has been underwhelming.

Ideally some number of bitcoins would be in a cold wallet so cold it would be a massive undertaking to get them out, and instead of taking any out people would sell tokens to market-makers, or as some call them, "exchangers". Similarly, people wanting the tokens would buy them from those third parties. I would merely operate the server and have in my "last will and testament" a method by which the cold wallet could be put back together from the various safe deposit boxes its parts reside in and decrypted with keys whose various parts are buried in various backyards, with of course umpteen redundant backup systems extremely convoluted and secure...

-MarkM-

Even if you really have the private key stored in the bank vault, robber of this kind simply won't believe and you will get shot anyway.

The easiest thing for you is to do your business anonymously.

I bet it's possible to make an Android app that can hold a wallet and sign Armory offline transactions.  That phone can stay in the safety-deposit box, and you can get an external battery that you can keep charged at home and take it with you when you go to the bank.  Throughout the day, you accumulate all the transactions you need to be signed on a micro SD card (which most Android phones use for supplemental storage).  You go to the bank, plug in the external battery, put in the SD card, boot the phone, verify&sign everything, the put it away and leave.  It can probably be done in less than 5 minutes.  

Also, isn't there some kind of insurance in the event the bank is robbed?  Are you responsible to cover your own losses when there's a bank robbery?  (the question of whether Bitcoin private keys would be covered by insurance is another story).

EDIT: of course there's still attack surface for anyone who knows you will be plugging the SD card into your phone and can figure out an Android exploit.  However, I bet it would be possible to use something like cyanogenmod to install a super-basic "OS" onto the phone such that it's only job is mount the card, show you all the transactions, and sign them.

On a related note: there may be something of value in the what car-rental places use:  the device will scan a QR code, and has a little printer on it which will print out "reciepts" that are actually QR codes with the signautres needed to complete the transaction.  Of course, any of these ideas will require some modification of existing devices, but such solutions should be developed anyway. (i.e. they aren't specific to your application, there's lot of use for it)

That would be very cool etotheipi!  Hopefully someone will make something like that - I don't have the capabilities to do it myself.

No idea about bank insurance, but it would make sense that the bank would be liable for any robberies that happened on their premises.  I wonder how hard it would be to get an insurance company to pay up for robbed bitcoins though!

Actually, my buddy was helping me develop an Android app for two-factor authentication using Armory&Android phone, but I got side-tracked with other priorities.  This was on hold until I got multi-sig implemented in Armory.  But the app could theoretically be used to make your Android phone the entirety of the solution: it is the offline device instead of a laptop. 

I would much prefer a custom OS that has a bunch of stuff disabled, but my guess is it's no worse (as-is) than using a laptop + USB key.

If it never goes online, is there a need to disable anything in the OS?  Unless you don't trust whoever preloads the OS...

It's more to do with all the things the OS does when you insert a new device.  The weakest point of Armory offline security is USB auto-run viruses, which unfortunately exist for all OS.  It is, of course, orders of magnitude safer than keeping your wallet online, but there's still attack vectors that could be exploited in highly-targeted environments (like what you are talking about).  

I've been investigating ways to reduce mitigate this concern, but modern OS'es really hurt here, because they have so much code under-the-hood to auto-process new media for the convenience of the user.  It dramatically increases the attack surface.  For instance, someone figured out a vulnerability in the thumbnailer application used by the Ubuntu file browser -- they put a file on the USB key with a special icon ... and it was triggered automatically because a file browser pops up the moment you insert the key and it reads the icon file so it can display it.   I don't think it was a root-access kind of vulnerability, but it's still concerning.

I see two major benefits of offline wallets:
(1) Dramatically more difficult to compromise.
(2) Removes attacks of opportunity.  

On point (2): If some script kiddie from Russia stumbles onto your system for some reason, he can dig around and steal information.  If he finds a wallet file, he'll probably take it.  If you're using a watching-only wallet, he won't have anything to take, and will probably move onto other systems with lower-hanging fruit.  That would be an attack of opportunity: the script kiddie wasn't trying to break you, he was just looking for stuff to steal on any computer he can get access to.  A better example is a virus that uploads wallets it finds.  If you have no wallet, it does nothing.  So, if you're going to be compromised with an offline wallet, it's probably because you were targeted.

Unfortunately, this thread is about the fact that you expect to be a target.  In such a case, there is probably ways to compromise your online system and inject a malicious file that will auto-run when you insert the key into the offline system (or Android device).  Don't get me wrong:  this is a dramatically more-complicated attack to pull off.  But it's not impossible.  

However, most of the attack surface is due to auto-execute functionality.  Luckily, linux-based operating systems refuse to auto-execute any code on key insertion (without permission), but as referenced above, there is still an awful lot of code that runs when you insert a new device, and it's not unheard of that someone would figure out how to exploit that.

In many ways, though, there is extraordinary security through obscurity.  If the attacker does not know what kind of system is holding the full wallet, they have no way to know what vulnerabilities exist to exploit.  If you are using a custom-modified Android app with some drivers disabled, etc, then the attacker won't even know where to start.  They don't know whether they are trying to compromise a Windows machine, and Android 4.0 device, Raspberry Pi, etc.

From my perspective, this is really frustrating.  I only need to move a few kB of text back and forth between devices, but there seems to be no media for transferring data that doesn't have dozen of drivers/modules loaded to automatically handle data transfer. 

P.S. - I wouldn't freak out about offline wallets being totally insecure.  I'm just pointing out that this is not a 100% solution as-is, and it actually becomes a non-negligible concern when you expect to be targeted.

That makes sense etotheipi, thanks for the lengthy explanation.  I hadn't thought about viruses being transferred via the USB device I am storing the transactions to be signed on.

Not in my opinion. In my opinion the weakest point of Armory is a side-effect-channels created by the convoluted tangle of dependencies that are required to run Armory:

1) Ubuntu/Windows
2) C++ & C++ dynamic runtimes
3) Python & Python dynamic dependencies
4) Tcl/Tk; I'm not kidding, the official distributions of Python have a plethora of dependecies on Tcl/Tk, I did a classic "WTF?" when I first saw this.

I am thinking that cypherdoc is your example target user of Armory. If I were a bigger asshole that I already am, I would have no problem whatsoever to be helpfull to cypherdoc; help him with the upgrade of his secured/air-gapped installation of Windows/Ubuntu; and then steal all his Bitcoin stash.

But I'm just a very small, pinprick size, of an asshole, so I'm going to say this:

a) I looked at your py2exe distribution downloads. They are obfuscated. But do you know why are you distributing the Linux makefile in your Windows executable download?

b) don't be afraid to be assertive in your support for linking with *.a instead of *.so when some ArchLinux user challenges your choice. You need to understand why are you doing that and be able to explain your choice.

c) in your long term goals aim to minimize the attack surface by statically linking as many things as practical.

d) understand the Python duck typing and how the class override/overload mechanism is the greatest enemy of software security and how are you going to mitigate that.

I want to reiterate that the above is just a friendly advice. Feel free to ask for a full refund if you are not satisfied with my advice.

You have clearly demonstrated that you are an asshole.  But that doesn't mean I won't accept advice from you.  Everyone has their own deficiencies, and clearly yours is a social deficiency, having no tact (or desire to try being tactful) in your expressions that everyone is dead wrong unless they are exactly right.  But I have thick skin, and can look past this.  Especially because you tend to have valuable input somewhere in your asshole ramblings.  After all, extreme technical competence usually comes with quirkier personalities.  I'll assume that's what your problem is...

(a): The Makefile is there because I put it there. I wanted to distribute everything with the executable, because it's all part of the same project.  Perhaps the organization of the files could be improved, but the only people looking for it will know what to do with it when they find it.  I'm not sure what your point was about this.

(b),(c): You have a good point that static linking is a security benefit, in addition to being easier to distribute.  I will look to see how much more stuff I can static-compile.

(d):  I do not agree about duck-typed languages being such a problem.  Sure, they leave room for poor/inexperienced programmers to make messier, more error-prone code.  But the quality of the final product is on the programmer, not the language they used.  Type-checking and error handling is superfluous throughout Armory code, and I am constantly testing everything I can.  I know you're probably going to be an asshole and point me to 10 different lines of code out of the 25,000 lines throughout Armory, where I didn't check variable types, or demonstrated some poor coding practice.  Well, go ahead.  I might even fix those lines.  But I won't apologize for having bugs in my, or doing something sub-optimal.  We can't all be good at everything.  

If you want to continue to discuss this, please do so on the Armory thread, or PM.  As I said, I'm happy to take reasonable advice from you.  However, your attitude is very likely to turn off others who otherwise would listen to your advice, but brush you off because you are so abrasive.

---

SgtSpike,

I'm actually talking to my buddy about the Android app.  He has much of it implemented, already.  As I said, we were waiting for multi-sig, but I had never considered the possibility of using an Android phone as an offline signing device.  I think this would be worth experimenting with, even with the default Android OS (there are no 100% solutions, yet, but I think this is about as close as you're going to get).   Looks like there's plenty of options for independent battery chargers (http://www.shopandroid.com/android-battery-chargers.htm), so you can keep your battery charged at home.  You'd also get the benefit of not having the battery stored with the device, so it would be a tad harder for an employee to boot your phone and pull the keys off.  They'd have to either steal the phone outright, or order a battery (which might end up being traceable).  In most cases, they'd probably just see a crappy Android phone and think it's unimportant. (Edit: this is another example of "attacks of opportunity" vs targeted attacks:  if an employee is digging through safe-deposit boxes looking for stuff to steal, they're going to go after all the jewelry that they can hide in their underwear until they leave work, not your crappy, battery-less Android phone -- the employee would have to know you and the value of that phone and actually target you, before it is stolen)

That's great to hear etotheipi - I do agree it would be a good option to have for those who want it!

I think you're over thinking this...

Physical security is always going to be easier to enforce than digital security. What you ought to do is physically protect the data storage device of the virtual machine your wallet is on (slap that puppy on an SSD and boot it via hyper-v) - keep the block chain updated on the host OS. Then all you have to secure is the room where you store the safe that the drives in.

if you'd rather not secure it yourself - then I'm sure you could figure something out using a bank computer and bootable USB device that you store in a safety deposit box. Or just a laptop that you bring in with you - drop in ssd - etc.

Personally, I'd just setup a few hosted vms that I could access via vpn and be done with it. The weak point in this sort of home invasion thing is always going to be threats towards you or someone you care about. If you've got the keys - and can be convinced to give them to someone... it doesn't matter how secure your setup is. The plus side of all this, you could code something for the vm you're using to ditch your coin to cold storage if you don't follow procedure aka giving you the option to pay them or not without them knowing. Of course, it would all come out in the block chain.

I am overthinking it because no one else is.

Haven't you heard of all of the hacks, coins stolen from VPS's, sometimes even by the VPS providers themselves?  I wouldn't touch a service using a VPS for cold storage with a 10-foot pole.

I didn't say vps - I said vpn accessable vms... for clarity, if you're dealing with that much money - it shouldn't be a big deal to get some rack space in a secure location and drop your own server. That's if you'd rather let someone else physically secure it. But if it were me - I'd worry about physically securing that one SSD and the room it'll be accessed in. Seems way cheaper and easier to manage my own security than to goto the expense and annoyance of outsourcing it via bank vault or remote location.

Also - by cold storage, I meant an offline wallet probably a print out stored in safety deposit box.

Thank you very much for your understanding about my lack of style. I'm more worried that my rant was lacking clearness in the description of the possible avenues of attack.

Basically (a) & (d) are about the same idea: the distribution of source code should be clearly separated from the distribution of the compiled code. By mixing the two you inadvertently opened Armory to the attack by overriding/redefining some of its function/classes by dropping the overriding source anyplace where the Python interpreter could pick it up.
I didn't wanted to spark the discussion about benefit/drawbacks of static-typing vs. duck-typing. As far software security the duck-typed dynamic compiler/interpreter has a serious drawback of being able to accidentaly pick up leftover/changed code from many places in the file system which only Python expert will be able to locate.

The mixing of source/compiled representation also effectively nullifies the benefits of signing the compiled/executable code: anything in it can be changed by a very short (less than 100 bytes) .py file placed away from Armory appication directories.

Another thing that I didn't explained clearly is that Armory Online and Armory Offline have drastically different security postures. I was under impression that you actually understand this differentiation and posted in this thread to spark discussion how to further differentiate the two.

Anyway, it is great that you were able to rise over the presentation style used. I'm going to post a single link to very neutral/matter of fact presentation about offline system security.

http://gaming.nv.gov/index.aspx?page=51

then search for "Technical Standards for Gaming Devices".

For everyone who thinks that they will be better served by a ultra-polite, glad handing and slick presentations: please review the posts of
vadimg and shtylman about the BitFloor.

https://bitcointalk.org/index.php?action=profile;u=37089;sa=showPosts
https://bitcointalk.org/index.php?action=profile;u=37090;sa=showPosts

Again thanks to etotheipi for understanding the substance over the style.

All I can say is that what you have identified as potential vulnerabilities make sense, and I'm interested to dive further into mitigating this.  However, you could've simply emailed, PM'd or posted in my thread about this months ago, and I would've been happy to act on it.  Instead, you lurk in the shadows, popping your head out occasionally to insult people's intelligence for not knowing what you know, and the people who could be best aided by your experience will essentially ignore you, even if you have something important to say.

Please continue this conversation in the Armory thread, so we can stop derailing this thread.

Is the whole amount public, or only for each client or customer? What I mean is, if I were a customer, I should of course know how much bitcoins you have that are assigned to me, but should I also know another customers amount of bitcoins. Maybe that information need not be public.

In which case, people can only speculate how many bitcoins you have in total, but not exactly. If that is true, then no one can ever be sure how much more bitcoins you control.

Kindly correct me if I am wrong. I do not know what business or service you are planning to do, so I do not know how it will operate.

For password security, you could try using a Yubikey or something similar (static mode maybe.) You will never remember the entire password and it can be destroyed convincingly to bad guys so they know they can't get anything from you. A backup should exist, and you can use the bank safety deposit box for that purpose.

Or you could design your own "panic room" not unlike the bank, or the storage unit. Like a large vault. It could be anywhere, it could be undetectable, it could be secret, no one knows where it is, etc.

Again, physical security.

If using remote computers through secure channels, you could always encrypt those systems. Backups get encrypted too.

Personally, I'd just have a laptop with my own mobile internet to do the transactions, and it never leaves my person, has tamper proof seals, and is auto-format/auto-wipe when I don't do something right. It will of course be encrypted so just wiping the keys (or the first and last megabyte) is more than enough to render it useless.

You could use a virtual machine or virtual OS that sits in an encrypted volume (such as TrueCrypt) but is only mounted manually, on a drive that has a wipe function in the startup folder that will wipe the same volume unless you stop it in time.

I actually made a small program to partially wipe a file on a drive. (I use TrueCrypt on Windows XP, you could use FAT32 instead of NTFS.) That way the file is gone if you don't boot it properly, and a single button short-cut or key combination will also do the same thing or do an instant shutdown, also keeping the data (and the private keys) safe.

If you are operating like something like a pawn shop or investing firm or bank like in nature or money changer, then you MUST have physical security, or at least a building that has double locks to give you enough time to push the panic button.

There are some things about your operation that should be kept secret from everyone else, like the nature of your self-destruct mechanism, your passwords, your yubikey, your fingerprints or other biometric security, and the location of your safe room.

If your business can not afford to hire even one armed security guard, then it is not something you should be doing. You'd have to weigh the cost-benefit analysis of this yourself.

Again, personally, I would do my own physical security, and acquire my own firearm (actually, I already have one) but that really depends on where you live and the laws of your country.

Businessmen in my country who are rich enough usually hire at least one bodyguard. There are very few who are completely unarmed, and only because no one else really knows what they're doing, and it's easy to keep some things secret around here.

I don't know what your business is, so I'm sorry if none of what I said can apply to you. I run a business that has several branches in several malls (it's an old fashioned business selling specialty items, unfortunately not for bitcoins) and I've learned how to protect myself from all but the most determined attackers.

Dabs, thanks for the input.  Unfortunately, because of the type of business, every address I was holding coins in would be public, and people could then look at the blockchain to find the balances.  The whole amount would be public, not by choice.

I bolded the part about body guards.  I am curious if ANYONE dealing in Bitcoins has hired one for their Bitcoin business?  I honestly cannot think of any of those companies making enough to impart some of the profits towards a bodyguard.  Regardless, it is certainly not something I would be able to do.  If physical protection like that is a requirement, then it's not a business I can start.

I do have my own firearms, and am not afraid to use them on any intruder.

And certainly, I agree that some of the measures of security should be obscured.

I'm sure you have your reasons for not telling us what kind of business would require such kind of full disclosure. But the moment you started operating it, then everyone would know what it is, and that's not going to stop someone with more capital to do a copy-cat business.

Why not think of a solution that does not require full disclosure? People would have to some how trust you anyway. Look at the exchanges, they have hundreds of thousands of bitcoins. Of course, one is located in Japan, so ... ... you've got physical security right there.

Look at, hmmm, I can't think of anything else really, maybe Silk Road. But the important thing is that people should trust you and maybe there is no need for everyone to know everything, just what it is in the blockchain particular to them, and the rest of the info is summarized so they have an idea.

In my particular case, I only have armed security guards because I employ people in the factory. It is located away from the city, away from the malls that sell the items. Around the immediate area, several crimes have happened but it seems they are crimes of opportunity and chance from small petty criminals (theft of items in unguarded areas, theft of items locked by a wooden door, homicide between drunk people, etc.)

There is a small chance someone will attempt to rob my place because if you have as many people as I do, one might suspect that on some days they might be paid a small amount of cash each. One way I have addressed that is to minimize the cash and majority go through banks. It has actually happened before several years ago at a different location. Thankfully, no one was hurt, they just lost their money. Twice was too much, so we changed strategies and used more deliveries of smaller amounts that would not attract the interest of robbers. Finally, we now require all workers to have their own bank account or cash card, and most of the time (still not all the time) they get paid that way.

But there are still items at the physical location, like raw materials, which are worth a lot to those people who know what they are, and how to make products out of it. Fortunately, this is sort of a niche market so the most thieves could do is steal them and sell them cheap. And then we'd know who did it or what happened.

Actually, the armed guards I have are probably no good if there is still a determined attacker. They are meant as a deterrent to the small time robbers.

Watch any movie. One particular movie I remember is Firewall starring Harrison Ford and Paul Bettany. There is no way you can realistically and reasonably protect yourself from that kind of attack. You can read the plot at wikipedia or any other movie website. Unless you don't like spoilers and actually want to watch the movie, but I like knowing the story ahead of time.

This tactic is called tiger robbery or tiger kidnapping. The counter measure for this is requiring two or more people to do the transaction. None of you need be armed or have bodyguards (although it really helps if you do.) This is like those nuclear launch thingies, or mission impossible thingies that require two or more people to agree on something before it can be done.

That way, people would have to kidnap two or more people. The more, the harder it is. But if you eventually control hundreds of thousands or millions of bitcoins, then they have all the incentive in the world to hire their own personal SWAT team to do the job.

If I were evil, I could get rich systematically invading other wealthy people and threatening their families in exchange for money. Most people are unprotected (or at least they seem so.)

Makes me wonder why no one has tried robbing Bill Gates or Donald Trump or one of those billionaires, I mean, just kidnap their children right? And ask for a measly $10 million dollars in cash. ... ... Oops, I just found out they do have bodyguards. But hey, he controls a few billion dollars, so the risk is gotta be worth it. Doing it Firewall style would prevent the bodyguards and police to get involved.