Bitcoin Forum
November 21, 2017, 09:45:00 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3] 4 »  All
  Print  
Author Topic: Cold storage security  (Read 4709 times)
SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
September 13, 2012, 06:16:33 AM
 #41

But here's the problem:  People know where I live (or could easily find out, as I make little effort at hiding my offline identity).  If I have thousands of Bitcoins on hand, and people know that, then I fear I would be making myself a target for home invasion.

So how many visitors have you had, demanding you log in to your bank and transfer money to them?

Or demanding you drive them to an ATM and get them cash?

Or open the lock to your safe?
Point taken.  Perhaps I am just too paranoid.  Wink

Depends... has it already been public knowledge for quite a while that you hold as many bitcoins as this business you are planning will hold?

Will you still hold that many of your own when you start also holding those of the business?

Maybe it merely has not yet seemed worthwhile to target you yet due to your not being known yet to hold enough to make it seem worthwhile to try?

-MarkM-

No, you're still not understanding.

I hold like 70 bitcoins to my name.  I am not a worthwhile target, and I doubt I ever will be just by my own wealth.

If the service became popular, then I could see me holding up to somewhere in the tens of thousands of bitcoins before offloading them each day.
1511300700
Hero Member
*
Offline Offline

Posts: 1511300700

View Profile Personal Message (Offline)

Ignore
1511300700
Reply with quote  #2

1511300700
Report to moderator
Join ICO Now Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511300700
Hero Member
*
Offline Offline

Posts: 1511300700

View Profile Personal Message (Offline)

Ignore
1511300700
Reply with quote  #2

1511300700
Report to moderator
1511300700
Hero Member
*
Offline Offline

Posts: 1511300700

View Profile Personal Message (Offline)

Ignore
1511300700
Reply with quote  #2

1511300700
Report to moderator
JoelKatz
Legendary
*
Offline Offline

Activity: 1582


Democracy is vulnerable to a 51% attack.


View Profile WWW
September 13, 2012, 06:18:06 AM
 #42

Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.
Any scheme that makes it impossible for anyone to know the order of magnitude of the amount of coins you have would do that. Ideally, one that would allow you to reveal only a portion of your coins.

With Bitcoin, if you offer an account to receive payments, anyone can tell at any time how many payments and how much you've received at that account. This means you either have to use a number of different accounts to receive payments or anyone who pays you can tell how much total you have received.

For example, any system that didn't reveal the destination address publicly would work. (I proposed such a system last year where each transaction is like a vault and each recipient tries their key on each vault to see if they can open it. There is no public record of the destination of any transaction and no way for a third party to tell which keys opened which vaults.)

I am an employee of Ripple. Follow me on Twitter @JoelKatz
1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
markm
Legendary
*
Offline Offline

Activity: 2002



View Profile WWW
September 13, 2012, 10:10:54 AM
 #43

I believe I was understanding. I was suggesting you are not too paranoid, that rather it might merely be that you had avoided being a target so far due to not yet holding enough coins to make yourself a target; that once you hold enough coins you well might be a target thus you are not being paranoid you are wisely thinking ahead.

Joel, his problem is he insists on revealing how much he holds.

Presumably he has to actually prove it, so even if he proves it only to individuals and only to the extent of how much of that individual's money he holds, anyone capturing such an individual would be able to see for sure that he holds at least the amount he has proven to that individual he holds...

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
September 13, 2012, 03:07:40 PM
 #44

I believe I was understanding. I was suggesting you are not too paranoid, that rather it might merely be that you had avoided being a target so far due to not yet holding enough coins to make yourself a target; that once you hold enough coins you well might be a target thus you are not being paranoid you are wisely thinking ahead.

Joel, his problem is he insists on revealing how much he holds.

Presumably he has to actually prove it, so even if he proves it only to individuals and only to the extent of how much of that individual's money he holds, anyone capturing such an individual would be able to see for sure that he holds at least the amount he has proven to that individual he holds...

-MarkM-
Ok, that makes more sense then.

I have to show all of my addresses to the world for the service to work.  So yeah, anyone and everyone could figure out (with a little work) how much I was holding.

I suppose there's always the option of doing multiple withdrawals/day to limit exposure as well.
markm
Legendary
*
Offline Offline

Activity: 2002



View Profile WWW
September 13, 2012, 03:16:50 PM
 #45

Well maybe it would be worthwhile to dig deeper into how a completely anonymous service can be trusted?

Could one pretend to have given up on doing it oneself, claim to have therefore sold the business model to some silky roady type corporation that operates only over Tor and i2p and Freenet, and recommend that people go see them for that service since you yourself lack the security bastions and armed guards and locational obscurity that they are able to deploy?

Someone claimed to pretend not to be doing the business he actually does, maybe he can throw some light on ways and means.

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
September 13, 2012, 03:24:47 PM
 #46

Well maybe it would be worthwhile to dig deeper into how a completely anonymous service can be trusted?

Could one pretend to have given up on doing it oneself, claim to have therefore sold the business model to some silky roady type corporation that operates only over Tor and i2p and Freenet, and recommend that people go see them for that service since you yourself lack the security bastions and armed guards and locational obscurity that they are able to deploy?

Someone claimed to pretend not to be doing the business he actually does, maybe he can throw some light on ways and means.

-MarkM-

Well, that's partially why I haven't been more specific about the business plan.  Wink

The OTHER problem is, it obviously requires people to have a lot of trust in me, for temporarily holding on to their coins, so I am not sure an anonymous business model would work.  Then again, people seem to keep falling for scams left and right here, so maybe it would...
markm
Legendary
*
Offline Offline

Activity: 2002



View Profile WWW
September 13, 2012, 03:38:39 PM
 #47

The OTHER problem is, it obviously requires people to have a lot of trust in me, for temporarily holding on to their coins, so I am not sure an anonymous business model would work.  Then again, people seem to keep falling for scams left and right here, so maybe it would...

Depends... how many percent a day can you offer them? Wink Cheesy

Another option might be to use tokens.

Instead of proving you have their bitcoins, maybe an equivalent number of bitcoins could be proven to be in a vault somewhere and you proven to hold that many digi-bitcoin tokens representing them?

Basically don't deal directly with bitcoin, instead tell people to go buy digi-bitcoin tokens and send the tokens to you instead of the bitcoins?

As I operate an Open Transactions server I am in a boat not totally unlike yours.

My server deals with tokens, and I would prefer not to have to keep bailing actual coins out of cold storage all day.

One approach I thought of is posted at https://bitcointalk.org/index.php?topic=102316.0 but response has been underwhelming.

Ideally some number of bitcoins would be in a cold wallet so cold it would be a massive undertaking to get them out, and instead of taking any out people would sell tokens to market-makers, or as some call them, "exchangers". Similarly, people wanting the tokens would buy them from those third parties. I would merely operate the server and have in my "last will and testament" a method by which the cold wallet could be put back together from the various safe deposit boxes its parts reside in and decrypted with keys whose various parts are buried in various backyards, with of course umpteen redundant backup systems extremely convoluted and secure...

-MarkM-

Browser-launched Crossfire client now online (select CrossCiv server for Galactic  Milieu)
Free website hosting with PHP, MySQL etc: http://hosting.knotwork.com/
jl2012
Legendary
*
Offline Offline

Activity: 1722


View Profile
September 13, 2012, 03:41:19 PM
 #48

Just use a brainwallet. That way your bitcoins are not stored "offline"... they aren't stored anywhere at all. There would be no reason why people would come to your house looking for bitcoins, there would be no point. The only way to get them would be coerce you to give up the passphrase. I can go into more details about this (it's a pretty simple system -> you still use an offline computer to sign transactions, but the offline computer never stores the private key).
Why do you say there is no reason why people would come to my house looking for bitcoins?

As I said in the OP, my name and street address are fairly easily associable with my online identities.  Couple that with the fact that I would be running a business where anyone could see the exact amount of Bitcoins I am holding at any given time, and that number of Bitcoins may increase to a significant number (thousands or tens of thousands of BTC), and I can see very good reason for people wanting to "pay me a visit".

Even if you really have the private key stored in the bank vault, robber of this kind simply won't believe and you will get shot anyway.

The easiest thing for you is to do your business anonymously.

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 13, 2012, 05:38:56 PM
 #49

I bet it's possible to make an Android app that can hold a wallet and sign Armory offline transactions.  That phone can stay in the safety-deposit box, and you can get an external battery that you can keep charged at home and take it with you when you go to the bank.  Throughout the day, you accumulate all the transactions you need to be signed on a micro SD card (which most Android phones use for supplemental storage).  You go to the bank, plug in the external battery, put in the SD card, boot the phone, verify&sign everything, the put it away and leave.  It can probably be done in less than 5 minutes.  

Also, isn't there some kind of insurance in the event the bank is robbed?  Are you responsible to cover your own losses when there's a bank robbery?  (the question of whether Bitcoin private keys would be covered by insurance is another story).

EDIT: of course there's still attack surface for anyone who knows you will be plugging the SD card into your phone and can figure out an Android exploit.  However, I bet it would be possible to use something like cyanogenmod to install a super-basic "OS" onto the phone such that it's only job is mount the card, show you all the transactions, and sign them.

On a related note: there may be something of value in the what car-rental places use:  the device will scan a QR code, and has a little printer on it which will print out "reciepts" that are actually QR codes with the signautres needed to complete the transaction.  Of course, any of these ideas will require some modification of existing devices, but such solutions should be developed anyway. (i.e. they aren't specific to your application, there's lot of use for it)

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
September 13, 2012, 06:31:55 PM
 #50

That would be very cool etotheipi!  Hopefully someone will make something like that - I don't have the capabilities to do it myself.

No idea about bank insurance, but it would make sense that the bank would be liable for any robberies that happened on their premises.  I wonder how hard it would be to get an insurance company to pay up for robbed bitcoins though!
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 13, 2012, 06:43:47 PM
 #51

That would be very cool etotheipi!  Hopefully someone will make something like that - I don't have the capabilities to do it myself.

No idea about bank insurance, but it would make sense that the bank would be liable for any robberies that happened on their premises.  I wonder how hard it would be to get an insurance company to pay up for robbed bitcoins though!

Actually, my buddy was helping me develop an Android app for two-factor authentication using Armory&Android phone, but I got side-tracked with other priorities.  This was on hold until I got multi-sig implemented in Armory.  But the app could theoretically be used to make your Android phone the entirety of the solution: it is the offline device instead of a laptop. 

I would much prefer a custom OS that has a bunch of stuff disabled, but my guess is it's no worse (as-is) than using a laptop + USB key.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
September 13, 2012, 07:06:34 PM
 #52

That would be very cool etotheipi!  Hopefully someone will make something like that - I don't have the capabilities to do it myself.

No idea about bank insurance, but it would make sense that the bank would be liable for any robberies that happened on their premises.  I wonder how hard it would be to get an insurance company to pay up for robbed bitcoins though!

Actually, my buddy was helping me develop an Android app for two-factor authentication using Armory&Android phone, but I got side-tracked with other priorities.  This was on hold until I got multi-sig implemented in Armory.  But the app could theoretically be used to make your Android phone the entirety of the solution: it is the offline device instead of a laptop. 

I would much prefer a custom OS that has a bunch of stuff disabled, but my guess is it's no worse (as-is) than using a laptop + USB key.
If it never goes online, is there a need to disable anything in the OS?  Unless you don't trust whoever preloads the OS...
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 13, 2012, 07:20:37 PM
 #53

That would be very cool etotheipi!  Hopefully someone will make something like that - I don't have the capabilities to do it myself.

No idea about bank insurance, but it would make sense that the bank would be liable for any robberies that happened on their premises.  I wonder how hard it would be to get an insurance company to pay up for robbed bitcoins though!

Actually, my buddy was helping me develop an Android app for two-factor authentication using Armory&Android phone, but I got side-tracked with other priorities.  This was on hold until I got multi-sig implemented in Armory.  But the app could theoretically be used to make your Android phone the entirety of the solution: it is the offline device instead of a laptop.  

I would much prefer a custom OS that has a bunch of stuff disabled, but my guess is it's no worse (as-is) than using a laptop + USB key.
If it never goes online, is there a need to disable anything in the OS?  Unless you don't trust whoever preloads the OS...

It's more to do with all the things the OS does when you insert a new device.  The weakest point of Armory offline security is USB auto-run viruses, which unfortunately exist for all OS.  It is, of course, orders of magnitude safer than keeping your wallet online, but there's still attack vectors that could be exploited in highly-targeted environments (like what you are talking about).  

I've been investigating ways to reduce mitigate this concern, but modern OS'es really hurt here, because they have so much code under-the-hood to auto-process new media for the convenience of the user.  It dramatically increases the attack surface.  For instance, someone figured out a vulnerability in the thumbnailer application used by the Ubuntu file browser -- they put a file on the USB key with a special icon ... and it was triggered automatically because a file browser pops up the moment you insert the key and it reads the icon file so it can display it.   I don't think it was a root-access kind of vulnerability, but it's still concerning.

I see two major benefits of offline wallets:
(1) Dramatically more difficult to compromise.
(2) Removes attacks of opportunity.  

On point (2): If some script kiddie from Russia stumbles onto your system for some reason, he can dig around and steal information.  If he finds a wallet file, he'll probably take it.  If you're using a watching-only wallet, he won't have anything to take, and will probably move onto other systems with lower-hanging fruit.  That would be an attack of opportunity: the script kiddie wasn't trying to break you, he was just looking for stuff to steal on any computer he can get access to.  A better example is a virus that uploads wallets it finds.  If you have no wallet, it does nothing.  So, if you're going to be compromised with an offline wallet, it's probably because you were targeted.

Unfortunately, this thread is about the fact that you expect to be a target.  In such a case, there is probably ways to compromise your online system and inject a malicious file that will auto-run when you insert the key into the offline system (or Android device).  Don't get me wrong:  this is a dramatically more-complicated attack to pull off.  But it's not impossible.  

However, most of the attack surface is due to auto-execute functionality.  Luckily, linux-based operating systems refuse to auto-execute any code on key insertion (without permission), but as referenced above, there is still an awful lot of code that runs when you insert a new device, and it's not unheard of that someone would figure out how to exploit that.

In many ways, though, there is extraordinary security through obscurity.  If the attacker does not know what kind of system is holding the full wallet, they have no way to know what vulnerabilities exist to exploit.  If you are using a custom-modified Android app with some drivers disabled, etc, then the attacker won't even know where to start.  They don't know whether they are trying to compromise a Windows machine, and Android 4.0 device, Raspberry Pi, etc.

From my perspective, this is really frustrating.  I only need to move a few kB of text back and forth between devices, but there seems to be no media for transferring data that doesn't have dozen of drivers/modules loaded to automatically handle data transfer. 

P.S. - I wouldn't freak out about offline wallets being totally insecure.  I'm just pointing out that this is not a 100% solution as-is, and it actually becomes a non-negligible concern when you expect to be targeted.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
September 13, 2012, 07:36:45 PM
 #54

That makes sense etotheipi, thanks for the lengthy explanation.  I hadn't thought about viruses being transferred via the USB device I am storing the transactions to be signed on.
2112
Legendary
*
Offline Offline

Activity: 1974



View Profile
September 13, 2012, 11:55:24 PM
 #55

The weakest point of Armory offline security is USB auto-run viruses, which unfortunately exist for all OS.
Not in my opinion. In my opinion the weakest point of Armory is a side-effect-channels created by the convoluted tangle of dependencies that are required to run Armory:

1) Ubuntu/Windows
2) C++ & C++ dynamic runtimes
3) Python & Python dynamic dependencies
4) Tcl/Tk; I'm not kidding, the official distributions of Python have a plethora of dependecies on Tcl/Tk, I did a classic "WTF?" when I first saw this.

I am thinking that cypherdoc is your example target user of Armory. If I were a bigger asshole that I already am, I would have no problem whatsoever to be helpfull to cypherdoc; help him with the upgrade of his secured/air-gapped installation of Windows/Ubuntu; and then steal all his Bitcoin stash.

But I'm just a very small, pinprick size, of an asshole, so I'm going to say this:

a) I looked at your py2exe distribution downloads. They are obfuscated. But do you know why are you distributing the Linux makefile in your Windows executable download?

b) don't be afraid to be assertive in your support for linking with *.a instead of *.so when some ArchLinux user challenges your choice. You need to understand why are you doing that and be able to explain your choice.

c) in your long term goals aim to minimize the attack surface by statically linking as many things as practical.

d) understand the Python duck typing and how the class override/overload mechanism is the greatest enemy of software security and how are you going to mitigate that.

I want to reiterate that the above is just a friendly advice. Feel free to ask for a full refund if you are not satisfied with my advice.

Please comment, critique, criticize or ridicule BIP 2112: https://bitcointalk.org/index.php?topic=54382.0
Long-term mining prognosis: https://bitcointalk.org/index.php?topic=91101.0
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 14, 2012, 03:16:25 PM
 #56

a) I looked at your py2exe distribution downloads. They are obfuscated. But do you know why are you distributing the Linux makefile in your Windows executable download?

b) don't be afraid to be assertive in your support for linking with *.a instead of *.so when some ArchLinux user challenges your choice. You need to understand why are you doing that and be able to explain your choice.

c) in your long term goals aim to minimize the attack surface by statically linking as many things as practical.

d) understand the Python duck typing and how the class override/overload mechanism is the greatest enemy of software security and how are you going to mitigate that.

I want to reiterate that the above is just a friendly advice. Feel free to ask for a full refund if you are not satisfied with my advice.

You have clearly demonstrated that you are an asshole.  But that doesn't mean I won't accept advice from you.  Everyone has their own deficiencies, and clearly yours is a social deficiency, having no tact (or desire to try being tactful) in your expressions that everyone is dead wrong unless they are exactly right.  But I have thick skin, and can look past this.  Especially because you tend to have valuable input somewhere in your asshole ramblings.  After all, extreme technical competence usually comes with quirkier personalities.  I'll assume that's what your problem is...

(a): The Makefile is there because I put it there. I wanted to distribute everything with the executable, because it's all part of the same project.  Perhaps the organization of the files could be improved, but the only people looking for it will know what to do with it when they find it.  I'm not sure what your point was about this.

(b),(c): You have a good point that static linking is a security benefit, in addition to being easier to distribute.  I will look to see how much more stuff I can static-compile.

(d):  I do not agree about duck-typed languages being such a problem.  Sure, they leave room for poor/inexperienced programmers to make messier, more error-prone code.  But the quality of the final product is on the programmer, not the language they used.  Type-checking and error handling is superfluous throughout Armory code, and I am constantly testing everything I can.  I know you're probably going to be an asshole and point me to 10 different lines of code out of the 25,000 lines throughout Armory, where I didn't check variable types, or demonstrated some poor coding practice.  Well, go ahead.  I might even fix those lines.  But I won't apologize for having bugs in my, or doing something sub-optimal.  We can't all be good at everything.  

If you want to continue to discuss this, please do so on the Armory thread, or PM.  As I said, I'm happy to take reasonable advice from you.  However, your attitude is very likely to turn off others who otherwise would listen to your advice, but brush you off because you are so abrasive.



SgtSpike,

I'm actually talking to my buddy about the Android app.  He has much of it implemented, already.  As I said, we were waiting for multi-sig, but I had never considered the possibility of using an Android phone as an offline signing device.  I think this would be worth experimenting with, even with the default Android OS (there are no 100% solutions, yet, but I think this is about as close as you're going to get).   Looks like there's plenty of options for independent battery chargers, so you can keep your battery charged at home.  You'd also get the benefit of not having the battery stored with the device, so it would be a tad harder for an employee to boot your phone and pull the keys off.  They'd have to either steal the phone outright, or order a battery (which might end up being traceable).  In most cases, they'd probably just see a crappy Android phone and think it's unimportant. (Edit: this is another example of "attacks of opportunity" vs targeted attacks:  if an employee is digging through safe-deposit boxes looking for stuff to steal, they're going to go after all the jewelry that they can hide in their underwear until they leave work, not your crappy, battery-less Android phone -- the employee would have to know you and the value of that phone and actually target you, before it is stolen)

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
September 14, 2012, 03:20:02 PM
 #57

That's great to hear etotheipi - I do agree it would be a good option to have for those who want it!
firefop
Sr. Member
****
Offline Offline

Activity: 420


View Profile
September 14, 2012, 06:56:44 PM
 #58

I think you're over thinking this...

Physical security is always going to be easier to enforce than digital security. What you ought to do is physically protect the data storage device of the virtual machine your wallet is on (slap that puppy on an SSD and boot it via hyper-v) - keep the block chain updated on the host OS. Then all you have to secure is the room where you store the safe that the drives in.

if you'd rather not secure it yourself - then I'm sure you could figure something out using a bank computer and bootable USB device that you store in a safety deposit box. Or just a laptop that you bring in with you - drop in ssd - etc.

Personally, I'd just setup a few hosted vms that I could access via vpn and be done with it. The weak point in this sort of home invasion thing is always going to be threats towards you or someone you care about. If you've got the keys - and can be convinced to give them to someone... it doesn't matter how secure your setup is. The plus side of all this, you could code something for the vm you're using to ditch your coin to cold storage if you don't follow procedure aka giving you the option to pay them or not without them knowing. Of course, it would all come out in the block chain.

SgtSpike
Legendary
*
Offline Offline

Activity: 1358



View Profile
September 14, 2012, 07:20:29 PM
 #59

I think you're over thinking this...

Physical security is always going to be easier to enforce than digital security. What you ought to do is physically protect the data storage device of the virtual machine your wallet is on (slap that puppy on an SSD and boot it via hyper-v) - keep the block chain updated on the host OS. Then all you have to secure is the room where you store the safe that the drives in.

if you'd rather not secure it yourself - then I'm sure you could figure something out using a bank computer and bootable USB device that you store in a safety deposit box. Or just a laptop that you bring in with you - drop in ssd - etc.

Personally, I'd just setup a few hosted vms that I could access via vpn and be done with it. The weak point in this sort of home invasion thing is always going to be threats towards you or someone you care about. If you've got the keys - and can be convinced to give them to someone... it doesn't matter how secure your setup is. The plus side of all this, you could code something for the vm you're using to ditch your coin to cold storage if you don't follow procedure aka giving you the option to pay them or not without them knowing. Of course, it would all come out in the block chain.
I am overthinking it because no one else is.

Haven't you heard of all of the hacks, coins stolen from VPS's, sometimes even by the VPS providers themselves?  I wouldn't touch a service using a VPS for cold storage with a 10-foot pole.
firefop
Sr. Member
****
Offline Offline

Activity: 420


View Profile
September 14, 2012, 09:26:25 PM
 #60

I think you're over thinking this...

Physical security is always going to be easier to enforce than digital security. What you ought to do is physically protect the data storage device of the virtual machine your wallet is on (slap that puppy on an SSD and boot it via hyper-v) - keep the block chain updated on the host OS. Then all you have to secure is the room where you store the safe that the drives in.

if you'd rather not secure it yourself - then I'm sure you could figure something out using a bank computer and bootable USB device that you store in a safety deposit box. Or just a laptop that you bring in with you - drop in ssd - etc.

Personally, I'd just setup a few hosted vms that I could access via vpn and be done with it. The weak point in this sort of home invasion thing is always going to be threats towards you or someone you care about. If you've got the keys - and can be convinced to give them to someone... it doesn't matter how secure your setup is. The plus side of all this, you could code something for the vm you're using to ditch your coin to cold storage if you don't follow procedure aka giving you the option to pay them or not without them knowing. Of course, it would all come out in the block chain.
I am overthinking it because no one else is.

Haven't you heard of all of the hacks, coins stolen from VPS's, sometimes even by the VPS providers themselves?  I wouldn't touch a service using a VPS for cold storage with a 10-foot pole.

I didn't say vps - I said vpn accessable vms... for clarity, if you're dealing with that much money - it shouldn't be a big deal to get some rack space in a secure location and drop your own server. That's if you'd rather let someone else physically secure it. But if it were me - I'd worry about physically securing that one SSD and the room it'll be accessed in. Seems way cheaper and easier to manage my own security than to goto the expense and annoyance of outsourcing it via bank vault or remote location.

Also - by cold storage, I meant an offline wallet probably a print out stored in safety deposit box.

Pages: « 1 2 [3] 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!