Title: Good practice or security theatre Post by: samspaces on September 17, 2018, 08:05:23 PM Generating electrum seeds in the following way:
added temporary user in ubuntu added encrypted VM in temporary user download electrum, sever internet connection (as in, no working router/modem) generate seeds remove VM and all files remove temporary user restore internet Opinions? Title: Re: Good practice or security theatre Post by: aleksej996 on September 17, 2018, 09:13:45 PM There isn't much use of running a VM if what you are trying to protect is on the VM.
VM for security is useful when you are trying to protect the host from the potentially vulnerable software that you run on a VM. Best course of action I would say is to install Tails on a usb drive, unplug the Internet cable and boot from the usb to run Electrum that is already installed in Tails by default. Title: Re: Good practice or security theatre Post by: nc50lc on September 18, 2018, 04:00:58 AM Electrum doesn't need to connect to the internet in order to create SEEDs.
Just directly create a new wallet on an offline computer with a newly installed OS, never plug it on the internet. More extra steps can be considered paranoia. Title: Re: Good practice or security theatre Post by: samspaces on September 18, 2018, 10:15:19 AM More extra steps can be considered paranoia. It felt like such. Title: Re: Good practice or security theatre Post by: bob123 on September 19, 2018, 12:45:12 PM Adding a temporary user doesn't bring you any benefit. Neither does the VM.
With an infected host machine, your VM is compromised too. The general approach to safely create a seed is:
And afterwards you have to make sure to NOT import your seed into a wallet on your online-machine. This would destroy the whole purpose of creating the seed offline. To sign transactions you either have to use an alway-offline-PC or boot into a live system (without internet connection) each time. The easier way probably would be to use a dedicated offline machine or a hardware wallet. |