Bitcoin Forum

Hi All,

Just posting for some advice on a secure offline wallet I am attempting.

It should go without saying that my aims with creating this 'wallet' are the following:
- secure and closed system
- portability
- multiple backups
- redundant as in not reliable on any particular peice of hardware (or, hopefully software)
- encrypted

My method has been basically as follows:
- small Xubuntu install (3.7GB approx.)
- OS is installed on a Virtual Box platform (I will be keeping copies of the version it is installed on in case of any future incompatabilities)
- disk setup as encrypted LVM
- home directory is also encrypted
- disk encryption and home directory encryption are different passwords
- neither of these passwords are used anywhere else
- all unnecessary software removed (this means pretty much everything except default utilities and the bitcoin client)
- VM's and backups will be stored on multiple USBs and on my fileserver(secure vlan'd/firewalled/acl'd network, ubuntu server box, virtualisation turned off in the bios)


I would love for people to critique what I have mentioned above and give me advice or point out anything I may have missed.


I also have a question regarding the bitcoin.conf file and the keypool value.

Is there a way I can check the value I set has been updated?

My bitcoin.conf file was created by me and I only added the line 'keypool=200'

Is that right, and is that an appropriate/valid amount for the system I am proposing?

Thanks,

JG

You could still be attacked by a key logger ?

Yeh, I had thought of that.

I just don't see how a keylogger would retrieve my wallet file or enough information to imitate my wallet.

I can see that through the host machine it could possible log my passwords but still seems like a massive stretch to do anything beyond that; again let me know if I am missing somnething.

Thanks,

JG

True, I suppose, if we're being paranoid you're host machine could possible be taken over and the VM image retrieved with all the corresponding passwords.

So your host OS opens up your attack space. So don't put your life savings there, but your probably secure enough for most purposes.

You are right there.

Definately a weak point.

I think I failed to mention that the VM and backups will all be stored offline. This includes multiple USB's and my fileserver which is on a secure network and is a secure system with virtualisation turned off in the BIOS.

Do you think that negates the issue you have put forward?

Thanks,

JG

Why use Xubuntu and then remove the stuff. Take a distro that has nothing to start with, then add what you need.

I would use Arch Linux with XFCE, or maybe even a lighter desktop like openbox.

Do not use an unofficial Bitcoin build on Arch if you value your wallet.dat, at least not until Bitcoin has a wallet import/export feature. Bitcoin built on Arch cannot read/write the wallet.dat created by the official build, nor can the official build read/write the wallet.dat created by the Arch build.

I didn't want to get too obscure with my distro choice.

Ubuntu is a nice popular and compliant platform and Xubuntu is just a little lighter.

I agree my implementation/installation could have been done better. I am actually considering redoing it with a minimal iso and manually installing only required components.

Could anyone suggest a better distro or implementation?

Thanks,

JG

I personally build lightweight stuff with Fedora LXDE (http://spins.fedoraproject.org/lxde/). However, note that at present Bitcoin cannot be built using the libraries shipped with Fedora, so you would be stuck with the official binary. Which isn't so bad in itself..

Linuxcoin?

I have some experience with RH distros but am far more comfertable on debian and when it comes to finances, I would rather be in comfertable territory.

Hmmmm, I have no experience with Linux Coin. First question would be is it lightweight enough and how much stuff do I need to remove?

I have had another attempt at my build today. Starting off with base Ubuntu Server install and am running this install right now:

aptitude install --without-recommends xubuntu-desktop

This approach looks like it will net me alot more space to play with on my 3.75GB virtual drive.

During the server install I also manually partitioned up the virtual drive leaving only 200MB boot, 3.7GB root(encrypted LVM) and no swap. I figure seeing as it is a virtual machine I can just increase RAM if ever I have swap issues and it should run fairly light anyway.

I will report back shortly on how the GUI install went.

JG

Well I have to say this latest attempt has the been the best yet.

I started with a plain Ubuntu Server install on a 3.75GB virtual disk.

After that was done I just ran: aptitude install --without-recommends xubuntu-desktop

After Xubuntu Desktop install and before the Bitcoin install and subsequent block chain download I have 2GB free space.

I think we have a winner :)

JG

So I am now quite happy with the VM and OS installation.

I had installed the Bitcoin client last night and left it to run all night to download block chain.

When I woke up it had crashed, or, at least was not running.

When I attempted to restart both the GUI and console versions I got the following error:

EXCEPTION: NSt8ios_base7failureE ReadCompactSize():size too large bitcoin in AppInit()

Searches on this error did not reveal much. I was wondering if anyone had any insight on the possible causes of this exception?

The only changes I had made before I began the block download, was to "mkdir ~/.bitcoin" and "echo 'keypool=300' > ~/.bitcoin/bitcoin.conf"

I will be definitely backing up my wallet file separately from the VM once this secure wallet system actually holds Bitcoins, but regardless, would really feel much more confident if I could figure out these types of bugs beforehand.

Thanks,

Johnny

LinuxCoin works in under 2gb. I use 4gb w/ 2gb persistence file for when I want persistence. It also works great in transient mode for when i don't want to leave a trail.

No idea if others agree - but I'd certainly not use a distro that isn't generic.
The problem with using ANY distro targeted at bitcoin is that something could get in there to take advantage of that.
It certainly creates the possibility of a very LARGE financial gain for anyone unethical enough to attempt such a nefarious act.

My mining rig uses Xubuntu 11.04 and I've documented a list of commands to create it/update it to running cgminer - and the reason I specifically did this is so that it starts with a generic distro (built from the Live CD) and thus I am not a suspect in possibly producing something that could have a backdoor or wallet capture issue ... and no one needs to trust me to use it - they only need trust any software I've said needs installing.

In case anyone is thinking it: the reverse is not worse.
i.e. being worried about a backdoor or wallet capture in the generic distro: since if that is there, any bitcoin targeted distro made from it will also have the same problem (no one building a bitcoin distro is going to search all the software installed on it and guarantee to find issues and remove them)
If anyone finds such it would certainly be removed upstream as soon as they were told about it.

Unencrypted wallet.dat files are the bane of bitcoin (in my opinion), and thus any decision I make about a software distro on a machine that may contain one is going to not choose a distro with bitcoin in it's design target - only as add on software (though for me it won't ever include windows either)

LinuxCoin doesn't have a wallet stealer inside :D There have been 10000's of downloads and no ones complained about their wallet being stolen from a linuxcoin install yet. Also LinuxCoin is like  Xubuntu on roids :D It has added security features you just wouldn't find in a generic OS.

Due to my general borderline paranoid attitude in regards to any IT security issue, I would have to side with Kano here.

Although, I am making no judgement on the authenticity of Linux Coin and do not doubt the honest and ethical nature of the creators. I really applaud them for making Linux accessible as it can be a bit of a struggle for the inexperienced.

I feel like my solution is a fairly good effort and I would love to hear about other peoples solutions as well as the more documentation we have on securing Bitcoin wallets the better.

JG

I have had a quick look at the page for Linux Coin, and I may just be missing it, but can't see the added security features. Could you point me in the right direction or elaborate on them for me?

Grsecurity / PaX hardened kernel (http://grsecurity.net/) giving linuxcoin Role-Based Access Control.
Tor / privoxy preinstalled
sandboxed applications ie; apache  (Coming with next update) If an attacker gains access to your system via the http server which is running for the munin bits and bobs It's jailed. (http://wiki.debian.org/Sandbox)
Optional wallet encryption (Next update depreciates the scripts for the in house wallet encryption.)
bitcoin client has been compiled with hardening cflags.
The system RAM is overwritten when LinuxCoin is being shutdown or when the boot medium is physically removed. Handy if your using linuxcoin not on your personal computer. (https://tails.boum.org/contribute/design/memory_erasure/) coming with next update.

More features to be announced. Put this all together with an encrypted home-rw snapshot and you've got a very secure system to store your coins. I realize that the trust has gone with a lot of people but I'm not in it for a profit and if I was going to include a wallet stealer I would of done it when bitcoins were worth around the £20 mark lol

Sounds like a nice set of features and features to come.

If I wasn't already happy with my own generic setup I may have considered this distro.

Keep up the good work, we need more security concious people developing wares for Bitcoin.

JG

Nice to see you changed your way of thinking ;) also working on compressed persistence so you can store even more data within a smaller space.