|
Title: Can be encrypted virtual machine as good as real offline computer? Post by: And1 on March 20, 2013, 09:27:30 PM I don't like idea of having another comp for offline wallet (I travel a lot).
I'm thinking about seting up Ubuntu on VMWare Player, that will be encrypted from inside, not just outer container which seems easier to break. Also connection will be turned off from inside. Two questions: 1. When ill run this system ill have to put in pass phrase. If I have keylogger, this password will be logged. Can it be used somehow by trojan to decrypt or run and decrypt the virtual system? 2. When system is run and going, is it's image decrypted and vulnerable from host system? Title: Re: Can be encrypted virtual machine as good as real offline computer? Post by: Foxpup on March 21, 2013, 01:16:13 AM This is a Bad Idea. Virtual machines provide no security against this threat, and are certainly no substitute for a real offline wallet.
When ill run this system ill have to put in pass phrase. If I have keylogger, this password will be logged. Can it be used somehow by trojan to decrypt or run and decrypt the virtual system? Yes. The host system has access to everything the guest system does, including all your encrypted files. Access to encrypted files + access to passphrase = files not encrypted any more.When system is run and going, is it's image decrypted and vulnerable from host system? If the host system has a keylogger, it doesn't matter. See above.Title: Re: Can be encrypted virtual machine as good as real offline computer? Post by: tilex on March 21, 2013, 05:23:51 AM Instead of a whole separate machine or a VM maybe consider using a bootable Linux LiveCD/USB with no network access. It's not perfect, but it's better than nothing and it's pretty portable.
Title: Re: Can be encrypted virtual machine as good as real offline computer? Post by: deathcode on March 21, 2013, 05:45:45 AM I don't like idea of having another comp for offline wallet (I travel a lot). I'm thinking about seting up Ubuntu on VMWare Player, that will be encrypted from inside, not just outer container which seems easier to break. Also connection will be turned off from inside. Two questions: 1. When ill run this system ill have to put in pass phrase. If I have keylogger, this password will be logged. Can it be used somehow by trojan to decrypt or run and decrypt the virtual system? 2. When system is run and going, is it's image decrypted and vulnerable from host system? If you know what a keylogger is, most likely you have enough knowledge to not get infected by one. My offline wallet is in a virtual machine in a VMWARE ESxi server that has the vmdk file stored in a NAS protected with RAID 5 so... How often do I turn on that VM? about once a month to download the new blocks and get my rewards from the pools. Do I need to enter my passphrase? Not at all unless I want to perform a transaction, And I added the address in blockchain as a watch-only just to make sure I'm getting paid. So, in short, I wouldn't use a local VM to store the wallet because you rely on one hard drive. I do rely on a VM to keep my wallet, but the actual virtual hard drive (vmdm) is safely stored in a NAS with redundancy, worst case scenario (The actual NAS fails) I buy a similar one and I install the drives there (been there, done that) I hope my experience helps. Otherwise, just create a paper wallet which I also have. Title: Re: Can be encrypted virtual machine as good as real offline computer? Post by: And1 on March 21, 2013, 06:49:11 AM 10 years ago was such page about firewall leak tests. There was trojans able to leak into processes and escape every firewall. This experience taught me that little is impossible, it's rather who is programming a virus. If there is huge money to earn, some pro guy may sit to it and we will have repeation from summer 2011 :)
Thx a lot for your answers! Title: Re: Can be encrypted virtual machine as good as real offline computer? Post by: deathcode on March 21, 2013, 07:07:00 AM 10 years ago was such page about firewall leak tests. There was trojans able to leak into processes and escape every firewall. This experience taught me that little is impossible, it's rather who is programming a virus. If there is huge money to earn, some pro guy may sit to it and we will have repeation from summer 2011 :) If a computer is not listening to any ports, then the best virus in the world cannot get in (unless a human allows it)Thx a lot for your answers! Trust me, I'm one of those "pros" you're talking about. :) |