hazek (OP)
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
September 17, 2012, 11:25:40 AM Last edit: September 17, 2012, 12:18:43 PM by hazek |
|
Well I finally became a bit security conscious and have searched for anything I can find about how to create a secure savings wallet and I really don't like any of the answers available.
I don't like paper wallets because I don't want to print anything on a paper and I don't like liveCDs because I don't want to download the entire blockchain every time I want to spend from my savings wallet I also don't like a brainwallet because it exposes me to the risk of being robbed while entering my pass phrase when trying to spend from it.
Is there really no option to simply have a USB drive that I can pop in, before doing so restart my laptop, boot the USB and have a ready to go client and wallet with a connection ready and free of any worry of getting hacked?
These are my conditions for what I'd like to use:
-I want it in a digital form, preferably on an encrypted USB stick -I want to be able to use it with my primary and only laptop (needing to reboot my laptop is fine) -I want to be able to at least send myself an email with an address where to send the coins to and be safe doing so or use some other way of copy/paste -I want to spend from my savings wallet without having to download the blockchain
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
Sage
|
|
September 17, 2012, 11:52:27 AM |
|
I'm no expert, but just spent a good chunk of time researching this.
Here's the options recommended elsewhere...
You can setup a bootable USB drive. The OS commonly recommended was Ubuntu. Then boot to that drive. Use exclusively for Bitcoin transactions and that's it.
Another option is to use Truecrypt and Dropbox for your backup. (You're still at risk of keylogger attacks). I wouldn't keep too much wealth in that vault. For this option create a truecrypt vault. Place your wallet in it. It is recommended to use symlink to link to your wallet within the truecrypt vault. I couldn't get that to work. Instead I use MultiBit and specified where to save the wallet in the truecrypt vault.
So long as your computer is clean that should give you reasonable security for spending.
The other option is to use an mtgox online wallet with double authentication. Meaning you have to get an extra piece of hardware for $25 that gives you unique onetime codes each time you access your wallet. Frankly I feel better about using truecrypt/dropbox then a hosted wallet.
Then for savings....
After looking at everything I feel your best bet is still the paper wallet approach. However you don't have to store the paper. You can create screen captures of the private keys (or cut and pastes) and store them in a truecrypt vault. And then store that vault in the cloud. Be sure though when you create the paper wallet your computer is clean (this might be where having that bootable USB comes in very handy).
To import the private keys I tested MultiBit. Using Mac Texedit.app I simply edited an exported private key file, then imported it back into MultiBit. It seems to work and wasn't too much of a hassle for a long-term savings wallet.
|
|
|
|
hazek (OP)
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
September 17, 2012, 11:53:49 AM |
|
These are my conditions:
-I want it in a digital form, preferably on an encrypted USB stick -I want to be able to use it with my primary and only laptop (needing to reboot my laptop is fine) -I want to be able to at least send myself an email with an address where to send the coins to and be safe doing so or use some other way of copy/paste -I want to spend from my savings wallet without having to download the blockchain
Does having a liveCD linux on a USB with armory meet all these conditions?
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
hazek (OP)
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
September 17, 2012, 11:57:22 AM |
|
I'm no expert, but just spent a good chunk of time researching this.
Here's the options recommended elsewhere...
You can setup a bootable USB drive. The OS commonly recommended was Ubuntu. Then boot to that drive. Use exclusively for Bitcoin transactions and that's it.
Then for savings....
After looking at everything I feel your best bet is still the paper wallet approach. However you don't have to store the paper. You can create screen captures of the private keys (or cut and pastes) and store them in a truecrypt vault. And then store that vault in the cloud. Be sure though when you create the paper wallet your computer is clean (this might be where having that bootable USB comes in very handy).
To import the private keys I tested MultiBit. Using Mac Texedit.app I simply edited an exported private key file, then imported it back into MultiBit. It seems to work and wasn't too much of a hassle for a long-term savings wallet.
This actually sounds decent.. And yes keyloging is mainly what I want to protect against, I already secured everything with passwords..
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
hazek (OP)
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
September 17, 2012, 12:01:24 PM |
|
These are my conditions:
-I want it in a digital form, preferably on an encrypted USB stick -I want to be able to use it with my primary and only laptop (needing to reboot my laptop is fine) -I want to be able to at least send myself an email with an address where to send the coins to and be safe doing so or use some other way of copy/paste -I want to spend from my savings wallet without having to download the blockchain
Does having a liveCD linux on a USB with armory meet all these conditions?
Btw I'll pay up to $15 worth of BTC for a plug&play version of this and I'm sure I'm not the only one.
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
Lethos
|
|
September 17, 2012, 12:12:17 PM |
|
I use electrum, on ubuntu, that yes is installed on a usb stick. It's my secondary wallet and is easy to backup and secure without any fuss on downloading a blockchain. Sending and receiving of coins is pretty easy. Since it's a pretty usual ubuntu install I can easily install and do anything I want for it that ubuntu can usually do. I could of made it a live usb based version of ubuntu, but I wanted abit more flexibility, but it be pretty easy to do that if you wanted. I used http://unetbootin.sourceforge.net/ to make the usb install drive, then install it to another. Same program could be used to make a single usb drive a live drive and reserve X amount of room towards any programs and saved data you want between sessions. Electrum is pretty easy to install for Ubuntu to be fair, then you just need to do standard stuff to secure it, giving it a nice long password and securing your seed (backup) somewhere safe http://electrum-desktop.com/download.html
|
|
|
|
Sage
|
|
September 17, 2012, 12:21:23 PM |
|
This might sound a bit naive... ...But before I go through the effort of setting up a USB boot, is it possible to boot to Ubuntu on a Mac running Parallels? If not what are my OS options for this machine? And to make this secure, I would need to be disconnected from the internet when booting to the USB right? If that's the case, is it possible to somehow save the javascript https://www.bitaddress.org is using to generate bitcoin addresses. And then run that on the USB stick in a browser not connected to the internet?
|
|
|
|
Lethos
|
|
September 17, 2012, 12:32:50 PM |
|
This might sound a bit naive... ...But before I go through the effort of setting up a USB boot, is it possible to boot to Ubuntu on a Mac running Parallels? If not what are my OS options for this machine? And to make this secure, I would need to be disconnected from the internet when booting to the USB right? If that's the case, is it possible to somehow save the javascript https://www.bitaddress.org is using to generate bitcoin addresses. And then run that on the USB stick in a browser not connected to the internet? I'm not overly familiar with Mac. So can not offer any advice that is very specific to it. At least with the electrum wallet that doesn't download the blockchain, you'd still need to be online to really check on or change anything. But there is no reason why you would need to stay online longer than you needed to. So yes I suppose during bootup you could be offline. I wouldn't generate an address via a 3rd party, I'd rather my program on my computer did it, that is just me. I'm sure you could do that, some wallets will allow you to import those sort of details.
|
|
|
|
Sage
|
|
September 17, 2012, 12:41:17 PM |
|
I wouldn't generate an address via a 3rd party, I'd rather my program on my computer did it, that is just me. I'm sure you could do that, some wallets will allow you to import those sort of details.
Any open source address generation tools you can recommend?
|
|
|
|
Lethos
|
|
September 17, 2012, 12:53:22 PM |
|
I wouldn't generate an address via a 3rd party, I'd rather my program on my computer did it, that is just me. I'm sure you could do that, some wallets will allow you to import those sort of details.
Any open source address generation tools you can recommend? Pretty much every wallet software that I have installed to my computer has made one for me, upon install. Now if you using one which doesn't, then I don't have any recommendations, since I wouldn't trust a 3rd party to generate my new address.
|
|
|
|
Sage
|
|
September 17, 2012, 01:05:26 PM |
|
If the Bitcoin client generates the keys, is the only way to get those keys is through and export function?
The beauty I saw in the bitcoinaddress.org paper wallet approach is you never had to load the private keys into memory (simply print them). Thus eliminating any chance of key loggers capturing that data. Is there a way to do something similar in a BC client?
|
|
|
|
Lethos
|
|
September 17, 2012, 01:12:27 PM |
|
If the Bitcoin client generates the keys, is the only way to get those keys is through and export function?
The beauty I saw in the bitcoinaddress.org paper wallet approach is you never had to load the private keys into memory (simply print them). Thus eliminating any chance of key loggers capturing that data. Is there a way to do something similar in a BC client?
Think so. I've never worried about that, since I keep all my machines both windows and linux regularly scanned. You really don't have much to worry about on a fresh install of Ubuntu. How you expect it to get infected? You'd only risk comes from keyloggers if you happily installed a wallet on an already infected drive, which quiet frankly is your fault for not making sure it's clean first.
|
|
|
|
hashman
Legendary
Offline
Activity: 1264
Merit: 1008
|
|
September 17, 2012, 03:14:59 PM |
|
If the Bitcoin client generates the keys, is the only way to get those keys is through and export function?
The beauty I saw in the bitcoinaddress.org paper wallet approach is you never had to load the private keys into memory (simply print them). Thus eliminating any chance of key loggers capturing that data. Is there a way to do something similar in a BC client?
Think so. I've never worried about that, since I keep all my machines both windows and linux regularly scanned. You really don't have much to worry about on a fresh install of Ubuntu. How you expect it to get infected? You'd only risk comes from keyloggers if you happily installed a wallet on an already infected drive, which quiet frankly is your fault for not making sure it's clean first. Just some light reading I think might be relevant here for the paranoid: http://www.toucan-system.com/research/blackhat2012_brossard_hardware_backdooring.pdf
|
|
|
|
chrisrico
|
|
September 17, 2012, 03:16:13 PM |
|
These are my conditions:
-I want it in a digital form, preferably on an encrypted USB stick check
-I want to be able to use it with my primary and only laptop (needing to reboot my laptop is fine) check
-I want to be able to at least send myself an email with an address where to send the coins to and be safe doing so or use some other way of copy/paste even better, see below
-I want to spend from my savings wallet without having to download the blockchain check
Does having a liveCD linux on a USB with armory meet all these conditions?
Here's what you do. Download the Ubuntu LiveCD and put it on a USB drive using Unetbootin. Don't forget to allow for space to preserve files across reboots. Boot onto your USB drive and install Armory. Now, disable all network connections inside the operating system. Start up Armory in offline mode (it will prompt you since it won't detect Bitcoin running), and create a new wallet. Go to the wallet properties, and create a watching only copy. Save this to your USB drive (not the mounted file system). Make a paper backup if you want. Now, boot back into your main operating system. Get Bitcoin running and up to date with the block chain. Start up Armory, and import the watching only wallet. With this, you can generate addresses, see incoming payments, and create spending transactions, but you cannot sign them. In order to sign them, you'll have to follow the Offline Transactions prompt, transfer the generated file to your USB drive, boot to USB, sign the transaction, boot back to your main OS, and broadcast the transaction.
|
|
|
|
hazek (OP)
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
September 17, 2012, 03:27:55 PM |
|
Ok chrisrico, that sounds very good but I have two questions: - can I import the watch only wallet into blockchain.info wallet and generate new addresses there or does it have to be the satoshi client? - can I send from those addresses without having to download the blockchain - I don't want the blockchain on my laptop at any point if at all possible?
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
chrisrico
|
|
September 17, 2012, 05:01:23 PM |
|
- can I import the watch only wallet into blockchain.info wallet and generate new addresses there or does it have to be the satoshi client? No, it has to be the Armory client. - can I send from those addresses without having to download the blockchain - I don't want the blockchain on my laptop at any point if at all possible?
Armory requires a copy of the Satoshi client running in order to connect to the network and keep the block chain up to date. I thought your requirement was that you didn't want to have to download the block chain twice, once for your main operating system and once for the secure storage. With Armory, you still need to download it once.
|
|
|
|
hazek (OP)
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
September 17, 2012, 10:35:42 PM |
|
Yeah no, I don't want a blockchain on my laptop at all because I frankly don't see a need to have it given that there are other options.
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
chrisrico
|
|
September 18, 2012, 02:42:02 AM |
|
Since I've been using Armory, I can't imagine using Bitcoin without it.
Same. I love it so much. It's even running on my RPi
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
September 18, 2012, 02:55:02 AM |
|
Yeah no, I don't want a blockchain on my laptop at all because I frankly don't see a need to have it given that there are other options.
those options are then restricted to server based solutions which i personally am not comfortable with. i use an Armory offline netbook as my solution but am intrigued by the USB option outlined above and on etotheipi's thread.
|
|
|
|
cypherdoc
Legendary
Offline
Activity: 1764
Merit: 1002
|
|
September 18, 2012, 02:58:32 AM |
|
Ok chrisrico, that sounds very good but I have two questions: - can I import the watch only wallet into blockchain.info wallet and generate new addresses there or does it have to be the satoshi client?
be aware that the Armory watching only wallet can generate you an infinite number of addresses to receive coins. its a deterministic wallet. thus the backup is easy also and only requires a seed and chain code.
|
|
|
|
|