Bitcoin Forum

Can someone add to bitcoin.org's client page the following for Bitcoin to succeed securely:

A downloadable, lightweight bootable image file that automatically boots up into the bitcoin client when a usb stick of 2gb or so is connected to the computer and the computer is booted while it is attached.

It can be free license linux lightweight, automatically opening the Bitcoin client and storing the bitcoin block chain and wallet files on the usb - thus giving an easy to use client and a sterile environment.  It should only do bitcoin - if the user is done with bitcoin transactions - they shut down.

Included in the image file should also be a pre-set free license firewall with rule set to just allow bitcoin client traffic.

The average, computer novice, bitcoin user do not want to (/ can not) set this up manually.

See Linuxcoin with Persistence?  http://forum.bitcoin.org/?topic=7374.0

Thanks!! It has even been noticed (although not yet endorsed) by allinvain  :-[

It would be comforting if some of the veteran technical bitcoin people could verify its secureness and add it to the bitcoin.org client download page as a secure endorsement.

http://www.pendrivelinux.com/put-xubuntu-10-04-on-a-flash-drive-with-windows/

Why would you need his endorsement?  His claim to fame is losing a shedload of money through poor security practices.

 :D

Wouldn't that make him the most careful, walking on eggs, bitcoin user at the moment?!?

Well, there's two kinds of people.

#1  Otherwise diligent people who make a colossal mistake and then go to great pains to never, ever let it happen again.

#2  People who make a colossal mistake simply because they're just not careful.  Making one colossal mistake doesn't make them any less likely to have another one in the future.

We don't know what type allinvain is.

I have spent quite a bit of time on this project and in my opinion it is not at all secure because it allways boots up without asking for a password...ever

It was designed for mining, not wallet storage.

I help mantain a linux distro and I've to tell that is not so simple make a secure password protected linux usb medium. The password should be stored in the persistent area, but this area is easily readable if you put the pen in a pc.  If you can have the medium in your hand only a strong cryptography of the partition can save your data.

Thank you for that explanation.

With that I can stop wasting my time expecting that I can create a secure yet easy to use wallet.

Oh well.

Does anyone know of an answer for secure usb wallet storage?

Is the concept foolish and impossible?

No, it could be done with an encrypted stick. It's just not very easy to set this up.

The best way to secure things is to put the OS on one media (best if is a non writable one like a cd-r) and the wallet datas on a encrypted usb stick.
It's not easy to setup but neither impossible to do. The greates problem is that a livecd is way slow compared to a usb stick and you've to reconfigure your hardware every time.

I'm still mulling all this over as i attempt to get different OS's bootable on USB sticks.

Right now I think I'll have to settle for "reasonably secure" kind of like the front door any locksmith can pick.

You guys have really helped remove the wool from my eyes.

What about a partitioned usb stick with an unencrypted partition with the bootable OS and a true crypt (or similar) encrypted partition containing the Bitcoin wallet?

That would work. You just have to be sure that it's not storing swap data on the unencrypted part. Honestly if you want a live distro I'd check either puppy linux or tiny core linux. Both run completely in ram off of a CD and are very fast. Then load the wallet off of a truecrypt container. When you reboot there will be no traces! If you used puppy linux you download the extras you want and when you reboot it will ask where to save those changes. You can put that on usb stick as well! Then you don't have to re-setup every time. Just pick -strong encryption- and not weak encryption (its not actually encryption!) when asked. Anyone familiar with what their strong encryption is? If it's decent you don't even have to worry about truecrypt as your live home folder is saved in the puppy linux storage file. I guess if you keep the usb stick safe your safe.

The Problem with persistence: lend me your USB Key for a Minute and I put a keylogger on.

Tails Linux on a signed CD-R is IMHO the safest choice at the moment

With Truecrypt, you can encrypt the whole system partition, I guess that goes for USB sticks too. The bootloader will decrypt the whole USB partition after you supply it with the correct password.

For extra extra security, you could even have a Truecrypt file container inside the whole USB partition container, with perhaps a dummy wallet as a hidden volume, so if you are forced to open your wallet, you can just type the alternate password and then your alternate wallet with perhaps only a few coins will decrypt.

This is the best way

I actually have a HDD set up like this, and cloned it to my desktop internal, offline storage drive

I'm working on a clean solution to this problem: the distro I help to mantain has the possibility of being installed on a usbstick puttting only the iso on it (plus some files needed to boot), adding a hidden crypted file with the wallet inside.  So you have only 1 media to carry but in the some time if you want to add a keylogger or other malware you've to rebuild the whole iso (and to be sure that the iso version you put on it is the same of the bootloader files too - the distro is a rolling release one with weekly snapshoots).

The main reason I am sceptical in regards to persistence is that I don't like the idea of a growing system: malicious code caught on some malicious websites, growing log-files, all sorts of stuff bloating the system...  A LiveCD gives you a fresh start at each reboot.

At least for managing your bitcoin-life savings that's what I see as being safer. A working environment is a different story altogether...

Probably I don't explain well the way it will works (English is not my primary language) : the operating system is a ISO file exactly as the one you can find on a liveCD, all the settings are stored in ram. No way to add files or programs to it unless you know how it has been built (and to do that you need a properly configured server, rebuild the iso, start a Linux system, delete the old iso from the usb key and replace with the fresh one, and the fresh one has to be build from the same snapshot of the startup files on the usb key, otherwise you've to reinstall also the boot file: not a 5 min work - actually installing a liveCD via automated scripts with all the files ready can take up to 10-15 minutes ). On the same media you can write all the files you want, exactly as if is a standard usb key (formatted Ext2), but they're not seen from the system unless you manually mount the pen. There you can create a encrypted area and store there your wallet.dat.
Over the liveCD+usb stick solution you have some advantages: 1 only media to carry, faster to bootup and execute programs (you can use a USB stick), when you want to upgrade the software you've only to download the new media from the official site and launch a script to have it installed and ready to go.