Bitcoin Forum

I have heard suggestions here to have an offline computer where keys are stored. Even transactions that need to be paid can be saved, entered into the offline computer, signed, and the confirmation transferred back to the flashdrive to be uploaded to the internet. But this requires a flashdrive to go back and forth. So how much does that compromise security?

If one only transmits specific files back and forth to the flashdrive, is it safe? Or is it possible for a program to install itself unknowingly on the flashdrive while in the internet-connected computer?

Am using linux.

If you have an infected system it could infect the flash drive. If you store bitcoins only on one flash drive it will deteriorate over the and you will lose everything.

Make multiple backups like you would with anything important in your life and store them on very secure systems. Ubuntu Live CDs are great for this.

100%. It compromises security 100%. U can't do that. Malware is written to infect flash drives/pendrives mostly instantly.
I can tell you that you should use SD cards, they are not infected almost at all. Additionally, disable in Windows all options to autorun inserted drives (CD/PENDRIVE/FLASHDRIVES/EVERYTHING).

:) Happy to help.

I assume the user is using Windows, if so an SD card is mounted as a drive the same as a flash drive, if it was to be infected with malware or ransomware it'd still be infected/encrypted.

The only safe thing to do is to have it backed up on multiple locations.
If you desperately want to use SD Cards or USB drives/flash drives go out and by three high quality ones.
Use one for the daily use every day, another with a backup you update whenever possible and that can be left within your cupboard somewhere in your house. Then the third one which is a backup of the backup should live in a location that is not your home/office, it needs to be a different geographical location aka - storage shed, safe deposit box, wherever you have somewhere else safe you can keep it.

This 3 step backup solution is now protecting you from the following:

• USB Failure / corruption
• Ransomware / Cryptolocking
• Natural disaster
• Loss of USB Drive OR accidental deletion
• The event that someone breaks into your house and steals all your tech

If you have any other questions shout out.

these are your options:
1. install linux on the flash drive and then use your webcam to scam the QR code of the raw unsigned transaction that you are supposed to sign. sign it, make a QR from the signed transaction and scan it with your cell phone and transfer it to online computer for broadcasting. result: 100% airgap wallet

2. partition your flash into two separate ones. first partition should be in FAT and second be in linux format. now install in the second one. place the raw unsigned tx into the first partition that your windows recognizes (it doesn't see the second at all) boot up linux from USB, sign, put it back in first partition, shut down, go to windows, broadcast. result pretty good security

in both cases remember to add passwords to both linux and wallet and keep separate backups.
remember that these devices are susceptible to damage and loss of data in case you don't connect them to a power source ie USB port for a long time.

The QR code tip is really innovative. Never thought of that earlier.


And regarding saving your private keys, print paper wallets with the passphrase encrypted private key and store them in several places.

I use Linux. I do not have any knowledge that my system is infected. It seems that some of the advice is aimed at windows users, how does it change for linux?

If usb flashdrives deteriorate over time, then I do not see how it's possible to have backups? If I buy 2 usb flashdrives of different brands, then I can't be sure that they don't both deteriorate over time. Let's say that I put them in remote locations for safety. That precludes me from testing them on an ongoing basis (and nothing to prevent them from stop working after a test is performed).

Eg, I'm confused about this advice:

On what medium do I back it up in multiple locations if I don't use SD cards or USB drives; do you mean paper? I was considering electronic because of altcoins in addition to bitcoin. But I suppose private keys of any currency can be printed. I am not sure how I would enter those back onto a computer if I needed to spend, because it would be time-consuming and prone to error?


Why do I need to install linux on a flashdrive for this idea? It seems to me that I am scanning a QR code using the non-internet connected computer, either directly from the other computer screen, or printed out on a sheet of paper. I then generate a new QR code that I use my cell phone to scan and connect that to the internet-connected computer?

It is indeed time-consuming, but backups aren't necessarily meant to be instant, but rather to be a secondary resort in case of computer memory failure; here the archival qualities of a good paper stock and fade-resistant ink stored in a safe place outweigh the time taken to perform printing/writing down and restoration. It could be error-prone depending on your ability to accurately type long strings of seemingly random characters. However, if you use an HD wallet in the same manner, you're writing down a set of distinguishable random words (comprising your seed) instead, which is quite a bit less error-prone.

Using a hardware wallet would probably be greater security than transferring an ordinary USB stick back and forth between an offline and online PC. I'd recommend looking into a Trezor or Ledger Nano S to secure your funds.

not much difference. i said it mostly aimed at windows since it is what most people (including myself) use as their daily OS.
in linux you just don't mount the partitions.

it can be another USB disk, SD card, CD, or even Floppy disk! but all these digital mediums are going to deteriorate. i am not sure how long will it take but it is not short, so you don't need to worry about it much.

but the best one is to make a hard copy of the private keys (or seed) such as printing it on a piece of paper and laminating it, or etching it on a metal plate or using a hammer and one of those metal letter thingies that can engrave letters and numbers on metal. these things can only be physically lost and not much can damage them.

the offline wallet has to be somewhere on a fresh and clean OS, that is why i said install linux. you can use a live linux with persistence if you like, you can even use a live linux without it and restore your wallet with seed each time for example.
the installed linux works as your very own cheap but secure hardware wallet that you can be sure is secure as long as you don't let anything contaminate it.

A flash drive can easily become infected and your private keys can then become "exposed".
I would strongly advise you invest in a good hardware wallet (Trezor or Ledger Nano S). This is by far the safest and easiest way to store and spend coins.

I've heard that flash drives may not hold data for more than a few years if they aren't plugged in to a computer over that period of time. To be safe, you may need to keep a paper backup of your keys.

Encrypted flash drives' data is not at risk due to an infection. In fact, malware does not infect your flash drive, in Windows XP that was viable because autorun was enabled by default, and so the malware would spread itself by USB but now it doesn't because there's no point (autorun is disabled by default on Windows 7 and later, and Linux has no such thing whatsoever). Malware can read the data on a flash drive, but will not 'infect' it. As long as the flash drive is encrypted, it will be safe no matter where you plug it.

However, flash drives (and inherently all storage media) suffer from data degradation. For various reasons (depending on the storage medium), data can degrade over long periods of time if the device hasn't been plugged in. Degradation is also accelerated by heat.

The best option for you would be to use a paper wallet for archival-style/cold storage of your cryptocurrency. But if you absolutely must use digital storage, do so on a machine that is running Linux to minimize risk, and make sure that you plug in the device(s) from time to time (but that would defeat the purpose of cold storage). Some malware could even just delete your wallet file or re-encrypt it, in which case you should enable write-protection.

Plugging the device in may or may not do anything for flash memory degradation. Assuming NAND flash, simply powering the memory and performing reads won't do anything about leakage from the floating gates of the actual flash cells; flash doesn't refresh on read like DRAM does.

Encrypted or not flashdrives or hard drives aren't safe for saving security data but instead of using a flashdrive, it's recommended to use a hard drive for any information that needs to be protected and then create multiple copies of the same in case of data degradation on one. Flashdrives can be prone to virus or malware and it can fail more compared to hard drives or SSDs.

But why all this problems ??
All of us know who bitcoin wallet.dat stolen was in pc's with security level / users behaviors not = at Zero .. but negative :-)
I think, have a firewall plus antivirus on PC is good.
... do not open spam email link it's another good behaviour.
More sucurity again, use 2 bitcoin wallet:
One for the daily ops with the minimal balance, and the second with all your booty, better if stored in a backup offline virtual machine ... not important if windows o Linux.

Modern NAND controllers do garbage collection. In that case, simply plugging it in so as to prevent or slow down data degradation is enough. Flash vendors usually include more cells than are available to write data on, in order to 'replace' other worn-out cells.
Under normal conditions, NAND cells can retain a charge for a couple of years. This is enough for most use-cases, but definitely not enough for cold or archival storage.

I agree that NAND controllers do garbage collection on write. However, could you provide a source that suggests that they do so on reads as well? I would assume that they don't because a GC operation will lead to wear on the flash cells as data is relocated (i.e. using up remaining "write cycles"), while reading typically does not lead to such aging/wear.

Actually I was wrong. Bad blocks in NAND can only be identified in a program (write) or erase operation. Only then is the data relocated to the next good block. Those bad blocks are marked in the spare area (the extra cells vendors add) in a bad block table.
Therefore I suppose that you'd also have to run chkdsk each time to locate the bad block.

Instead using flashdrive. Why not use ledger wallet. Its a hardware wallet which more safer because they have better security feature. They have USB and bluetooth capabilities. But still, they are not fool proof. No matter how safe your wallet to keep your btc. If you don't know how to take care of it.

It is very much possible for viruses to install on flash drives. Remember some are so nasty and clever that when removed off your HDD they simply move over to your ram. Now ofcoarse you don't know this so it's very frustrating. Your antivirus should automatically even so if the flashdrive is infected then so are the pcs you transferring between.

First of all, there's no need to be so scared and overprotective. It all depends on how much money you're storing and how secure is your network and apartment.
I've been using hardware wallets on my online computers for many years with no problems.

You can safely store coins on your pc, even if it's online. You only have to remember about basic security measures (link clicking, opening attachments, entering suspicious sites), have good anti virus software and never store your passwords on your pc.

If you're determined to use an offline PC, connecting it for a minute to send transaction is perfectly safe and nobody will have time to hack you in those 2 minutes that you need to pay and disconnect.

A flashdrive is bad for long-term backup. Hey static memory and clear when they haven't had any power for awhile.

The smartest thing i have heard today. I recommend the same approach, but instead of flash drive can be used quality CD+R disk. You can add information to it, with no afraid to erase previous session.

CD-R disks are susceptible to chemical degradation.

So turning off the Wifi using the linux GUI is relatively safe in terms of knowing that it is actually turned off? I am planning on downloading and installing some basic software on a clean laptop and will then turn off the Wifi, generate encrypted passwords, and then later perhaps not connect to the internet, or maybe infrequently as you have mentioned.

---

---

How long will a CR+R disk last compared to a flashdrive?

A CD will probably last more, i have a Bach Concert cd from 87' and it still works  :D

It's way less ... practical to store and would be ruined so much easier. One scratch and you're screwed. Saying your music still works is all well and good, but what if you were storing tens of thousands of dollars on that CD? You wouldn't want it somewhere more secure?

it depends on the quality of that disk too. i have a bunch of CDs that had some valuable stuff on them and i don't know if they were shitty Chinese product or what but they stopped working after a couple of months!
it is always best to keep additional backups from a sensitive information like private keys which are holding your money!

p.s. your CD is as old as me ;D

archive quality cds:

http://www.verbatim.com/subcat/optical-media/cd/archival-grade-gold-cd-r/

Bad idea using a flash drive. It's called flash for a reason. It will not contain the data you want after a few years. The data is flash so it will clear eventually. Is an external HDD. It works because the data is written onto the drive plates. Please please please don't use any flash memory to save important things. They not Kent to store data they for transporting.

It is not safe at all to used flashdrive, usually virus infected from the flashdrive, this indicates that flashdrive is not a good protection from malware and flashdrive is easily broken even without anyone using it, it can suddenly broke

So for storage purposes, and something that could be kept in a safe deposit box, what would be recommended? Hardware wallets are okay for bitcoin and a few other cryptocurrencies, but not for the vast majority. Using paper is cumbersome if there are a number of different cryptocurrencies, and optical recognition software would be necessary to scan in encrypted keys.

CDs and flashdrives are both ill-advised according to posts above. But from my research on flashdrives, as long as they are used periodically they should maintain integrity? Eg, I could insert them in a computer once/year. It would not be my only backup.

If i remember right, and as far as i know there are programs that can install them self on your computer without you knowing it, i mean from flash-drive. But there could be something that a person could do to maximize protection of computer. First do not give flesh-drive to anyone and do not use it on computer that you are not sure it is safe to use, second have a good antivirus program, but even with that you can not be safe 100 percents.