Super secure environment

[Sandoz]

Hi guys,

I wonder whether you have some tips for this scenario. I am scared of keyloggers and other spyware, thus I am thinking of accessing my most valuable bitcoin wallet from a secure environment. The plan:

1) Boot from a liveCD with my physical signature on it (this makes sure the OS is not tampered with, no persistence)
2) Load an encrypted USB stick (safe encryption makes sure I can backup images of the stick without worries)
3) Decrypt it with an on-screen keyboard to fool any hardware keyloggers
3) Run bitcoin from within the stick

Now, that's the theory. However is such a setup possible? Can anyone help me/us with the needed tools?

More specifically:
-Which linux livecd is best suited? I assume the more stuff there is on it, the less you can trust it
-What encryption for the stick? The liveCD must support it out-of-the-box. I don't care if I can read it only on linux, in the end I will ONLY access it from there (I was able to create a LUKS partition on a stick and I could decrypt it and see the contents but I am unable to run any executables on it. No idea how)

Any help would be greatly appreciated, I assume other people would like such an environment too!!

Thanks!!

[borgfish]

you might want to search the forum for a thread where 8999 lost btc are mentioned.
poor man used same paranoid setup and didnt backup his wallet after each and any transaction.

now to your question: i myself wouldnt trust usb sticks too much. Having above mentioned case in mind, you need more backups, why not on a system with FullDiskEncryption, Harddisk tied to mainboard via TPM (bitlocker?, dont know what linux can offer there)
If you want the usb stick badly, you could boot off it ?

Maybe there are encrypted sticks working with fingerprints which can be unlocked prior to the boot process ? dunno about that

[Sandoz]

you might want to search the forum for a thread where 8999 lost btc are mentioned.
poor man used same paranoid setup and didnt backup his wallet after each and any transaction.

now to your question: i myself wouldnt trust usb sticks too much. Having above mentioned case in mind, you need more backups, why not on a system with FullDiskEncryption, Harddisk tied to mainboard via TPM (bitlocker?, dont know what linux can offer there)
If you want the usb stick badly, you could boot off it ?

Maybe there are encrypted sticks working with fingerprints which can be unlocked prior to the boot process ? dunno about that

Hi Borgfish,

thanks for the reply. I am absolutely aware of the 8999 lost btc thing. Backup of a stick WOULD take place. Just from another OS: creating an image and put it online, on cd's etc. If the USB stick dies I would just take the image and rebuild another stick using that image

I don't trust booting from a stick. Why? There is not persistence. Someone could happily install any software on it (keylogger or whatever). With a CD you have your signature on it, maybe you check the hash.. but you are damn shure the OS is the same as before.

The FullDiskEncryption is intersting, I will look up that, thanks!

[rebuilder]

roll a custom livecd with Dropbox or other cloud storage installed, have your encrypted wallet backed up there?