Bitcoin Forum

Hello together,

I have made up my mind on how to set up a really secure environment for the Bitcoin client, such that the private keys (wallet.dat) are always safe, under all conceivable scenarios of attack.

As a result, I make three concrete best-practice proposals on how to setup such systems. They all have in common that they are based on 100% open source Linux systems, and the boot medium is a Live CD (preferably), or a USB stick having no contact to another potentially insecure operating system running on the same computer.

The full concept is put together in a 23 pages PDF file that explains all the details and shows illustrations by screenshots and block diagrams.

I hope that many people here in this forum find the time to read it - hopefully it will help making the Bitcoin users more aware of potential threads, and the Bitcoin world a little safer.

The download can be found here:
http://www.woofiles.com/dl-253068-gCx93FSj-BitcoinSafeUsagev02.zip (http://www.woofiles.com/dl-253068-gCx93FSj-BitcoinSafeUsagev02.zip) (Update: Link does not seem to work)
http://www.filedropper.com/bitcoinsafeusagev02 (http://www.filedropper.com/bitcoinsafeusagev02) (Update: This Link should work)
http://www.scribd.com/doc/59238311/Bitcoin-Safe-Usage-v02 (http://www.scribd.com/doc/59238311/Bitcoin-Safe-Usage-v02) (Update: This Link should work)
--> updated version 0.3:
 http://www.filedropper.com/bitcoinsafeusagev03 (http://www.filedropper.com/bitcoinsafeusagev03) (zip file with PDF and PGP signature)
 http://www.scribd.com/doc/59249642/Bitcoin-Safe-Usage-v03 (http://www.scribd.com/doc/59249642/Bitcoin-Safe-Usage-v03) (PDF only)
--> Updated version 0.4:
   PDF:  http://www.scribd.com/doc/59318844/Bitcoin-Safe-Usage-v04 (http://www.scribd.com/doc/59318844/Bitcoin-Safe-Usage-v04)
   ZIP (PDF&SIG):  http://www.filedropper.com/bitcoinsafeusagev04_1 (http://www.filedropper.com/bitcoinsafeusagev04_1)


Abstract/Overview:
A Practical (and Paranoid) Guide: Setting up a Secure System for the Bitcoin Client
- keep your private keys (wallet.dat) secure – and do not loose them -

Version 0.2 (July 2011) by Michael_S (forum.bitcoin.org), OpenPGP KeyID=0xCC7E7C99, Bitcoin donations to 14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

This Guide shows how to set up a practically 100% secure computer system for the Bitcoin client.
Three concrete examples with a detailed step-by-step guide make the topic very tangible. At the core of each of these three examples is a 100% open source GNU Linux system that is booted from a Live CD or a USB stick.

You zip file seems broken.


PS: Please describe what your proposal does, what previous proposals didn't do already?

Careful lol, PDF's can contain nasty things to...not saying it does I'm just not gonna be the one to find out

I tried downloading it twice, and got the same both times - a tiny text file with an error from woofiles in it:

Yeah, that's why the PDF reader of Ubuntu isn't even allowed to open a URL in a browser.

Are you implying that Linux is not potentially insecure? That is as ignorant as the "Macs don't get viruses" statement I hear from 70 year old ladies. IMHO, Linux is a bad choice for someone who is not savvy or experienced with it. I agree that what you are proposing is a good idea, but could be disasterous for non Linux users. I look at Linux as the OS that assumes you know what you are doing. As the teacher of my first Unix class told us "Unix usually wont stop you from doing something stupid."

Not promoting Windows or any other OS (I like Linux) just poining something out.

As I imagine "Perfect bitcoin wall", linux is a good choice. By linux I understand bare minimum for console bitcoin client.
Linux core + bare minimum to run bitcoin + firewall that blocks everything except bitcoin client. LiveCD or USB boot, or VM(heavily encrypted HD image, encrypt ram if possible).
Password to log in, pin for every action with bitcoin.
Couple of scripts:
Send N bitcoins to hardcoded spending wallet(password to change spending wallet address)
Move bitcoins to a new wallet. Maybe send bitcoins to the same wallet but new address(will it work and do the trick?)
Maybe simple unicode GUI.

Almost impenetrable by conventional means. Especially if done without VM.

Most stupid statement ever!



If you don't know, shut the fuck up and don't confuse other noobs.

Why? If you run VM it may be possible to read VM ram from outside. + Vmware has a suspend mode when it saves ram on HDD. Like hibernate on windows.

There is nothing you can do to protect a VM against the host. That's impossible because of the very principle of VMs. You can protect against the VM guest, not the other way.

Stop telling people that bullshit, VMs are not useful for Bitcoin.

Speaking of secure private keys...

bcearl:
Have you seen the BOTG script I whipped up. I was wondering what your opinion was? So far, the only flaw I can think of is some type of virus in the BIOS? But I'd imagine one that could spy on the terminal script would be a pretty big feat? A regular keylogger wouldn't work since the user is actually writing it down manually. I guess the really paranoid could use a new computer...
A physical device of spying on you would work too but kind of rare...

I don't remember. If you give me a link, I will take a look.

Hello together,

oh, indeed it seems that the original link does not work. Sorry for that! I uploaded it to two more places - they should work fine I hope:
 http://www.filedropper.com/bitcoinsafeusagev02 (http://www.filedropper.com/bitcoinsafeusagev02)
 http://www.scribd.com/doc/59238311/Bitcoin-Safe-Usage-v02 (http://www.scribd.com/doc/59238311/Bitcoin-Safe-Usage-v02)
--> updated version 0.3:
 http://www.filedropper.com/bitcoinsafeusagev03 (http://www.filedropper.com/bitcoinsafeusagev03) (zip file with PDF and PGP signature)
 http://www.scribd.com/doc/59249642/Bitcoin-Safe-Usage-v03 (http://www.scribd.com/doc/59249642/Bitcoin-Safe-Usage-v03) (PDF only)

To some of your questions above:

• I am not implying that Linux or open source is automatically secure by itself just because it is Linux or open source. But I am saying that if you want to set up a secure system, then using an open source system is a precondition (and you have to do it correctly of course). Because with closed source, you can never know if there are backdoors/Trojans.
• If you are afraid that the PDF I am linking to is somehow infected, I propose you boot from a Live CD like Knoppix or Ubuntu or almost any other of today's distros *after* having unplugged all hard drive cables from your computer system, and then print out the PDF. This would be the "paranoid secure mode" that I would well respect. In this particular case, I can just ensure that the PDF is clean. I wrote it with Open Office and printed it to a PDF printer on an Ubuntu 8.04 LTS which I hope (but I am not sure of course) that it is a "clean system".
• I do not have the illusion that any single idea in my document is totally new. Probably every single aspect has been written down already sometime somewhere. But what is probably new is that you have everything compressed in one doc. So some readers (not all of course) might have another view on the topic after having read it, or get some new ideas at least. And of course, the concrete guide line given in the paper should help to setup a secure system step by step. The interested reader may want to print it out and use it as a tutorial when setting up his/her secure system for "Bitcoin banking" (not to be confused with systems for mining).

I think everybody who wants the Bitcoin project to succeed should be interested in that the Bitcoin Client is used in a secure way by as many people as possible, to avoid news like the recent "500.000 USD theft", which is counter productive to the Bitcoin project.

Finally, we should all realize that we, the participants in this forum, have different backgrounds, different knowledge and different views of what is secure. And we should respect other opinions, even if our own is a different one, and try to give reason why he have this or that opinion.
E.g., some people think that running bitcoin client in a VMware virtual machine is a means of increasing security; I have some doubts because VMware may contain Trojans since it is closed source. Some think that a Linux distro like "linuxcoin" is a good thing. I think it may be a good thing for MINING as of today, but otherwise only a good IDEA but not a good thing as of today, because it contains lots of proprietary software that cannot be excluded to contain Trojans that spy out your wallet.dat. But maybe one day we will really have a secure and slim Live CD-based 100% open-source Linux distro that is suitable for operating the Bitcoin client quite securely. I very much hope so.

In my view, to what I know today, the best candidate for such a future Bitcoin Client Linux Live CD Distribution (not intended for mining, just intended for "Bitcoin banking"!) is a fork of the Knoppix Linux distribution, because it provides all the elements that such a Linux distribution would need, namely an open source software basis, a Live CD oriented architecture and a 256 AES encryption for the persistent user data that is saved outside of the Live CD (that's also why descriptions on setting up a system based on Knoppix takes the largest room in my PDF guide).

https://forum.bitcoin.org/index.php?topic=23081.0

Off topic but thought i'd ask...

If I uninstall Bitcoin and then re-install it, it still has my old wallet loaded... how come? Any way to stop this?

Hi Jack,

Your ~/.bitcoin/ directory is probably not deleted in the uninstall process. And that is the directory where the "wallet.dat" is located.

(in Windows or Mac the directory name reads different, but also something with "bitcoin" in it...)

If you remove the wallet.dat from that directory (plus the other files, which are also not needed any more), OR if you just rename the mentioned directory, and then start the Bitcoin client, it will create a brand-new wallet.dat.

Another possibility is to start the "bitcoin executable" with the command  line parameter "-datadir" to tell the bitcoin client that the data directiory should be at another location than the default one at ~/.bitcoin/


I use this approach to have the data directory at a place inside an encrypted container file that is mounted by Truecrypt. When I close the bitcoin session and unmount the Truecrypt container, the wallet.dat is inside this container file and is not lying openly on the hard disk.

Michael

I just uploaded an updated version with some small fixes for consistency and some minor editorial changes to improve clarity.

I did this after reading through the complete document myself from the beginning to the end in one go.

Updated version 0.3:
   Zip file with PDF and PGP signature: http://www.filedropper.com/bitcoinsafeusagev03 (http://www.filedropper.com/bitcoinsafeusagev03)
   Just the PDF: http://www.scribd.com/doc/59249642/Bitcoin-Safe-Usage-v03 (http://www.scribd.com/doc/59249642/Bitcoin-Safe-Usage-v03)

Link still doesn't work from here.
Well, it works, but the downloaded file still isn't a zip file.
Edit: Turns out that you have to point your browser to: your filedropper (http://www.filedropper.com/bitcoinsafeusagev02) and get the file from there.


I'm very happy with my tiny core linux VM with bitcoin client inside. Very small, very non-conventional, so very difficult to hack.  8)

"ORealy"?? ???

Updates of today: Version 0.4:
   PDF:  http://www.scribd.com/doc/59318844/Bitcoin-Safe-Usage-v04 (http://www.scribd.com/doc/59318844/Bitcoin-Safe-Usage-v04)
   ZIP:  http://www.filedropper.com/bitcoinsafeusagev04_1 (http://www.filedropper.com/bitcoinsafeusagev04_1)

Now it should be flawless :-)

edit: deleteme wtf why can't I delete my post?

That is because it doesn't delete your wallet, that would destroy all the money in it if you didn't have a backup. Simple move the wallet and it should generate a new one.