Sandoz (OP)
Member
Offline
Activity: 85
Merit: 10
|
|
June 12, 2011, 03:59:20 PM |
|
Hi,
I want to get away from all these price discussions and try to understand whether someone has a good answer to this: is there some kind of good encryption (file or volume) that is usually supported out of the box on linux/unix LiveCD's? Maybe some command line tool usually available?
I would love to use bitcoin from a random LiveCD (fear of keyloggers) and know I could decrypt my wallet (delivered via USB stick or downloaded from a server) without the need to burn my own customised LiveCD.
Truecrypt is not an option for instance, as most LiveCD's don't ship with it preinstalled. Booting from USB is not an option as I want a relatively tamperproof CD.
(And, the less bloated the linux distro, the better)
I hope you can help me, in fact I am sure there are plenty of linux/unix experts on this forum!!
|
|
|
|
error
|
|
June 13, 2011, 07:25:57 AM |
|
LUKS is available on some Live CDs (and not others).
Some things to think about are:
If you boot from a CD, where are you storing your files?
You'll need to set up your encrypted volume manually. Doing this right is tricky.
|
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5334
Merit: 13306
|
|
June 13, 2011, 07:35:48 AM |
|
dm-crypt is probably available on many liveCDs. It comes with the kernel.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
ctoon6
|
|
June 13, 2011, 12:12:41 PM |
|
Have you tried using a VM and using an onscreen keyboard inside the VM?
|
|
|
|
Sandoz (OP)
Member
Offline
Activity: 85
Merit: 10
|
|
June 13, 2011, 06:54:05 PM |
|
Have you tried using a VM and using an onscreen keyboard inside the VM?
That's actually a good idea. But I don't like the idea of someone tampering with the VM image. It would need to be read only. I will look into LUKS, I guess TAILS linux is the most trustworthy live CD...
|
|
|
|
ThiagoCMC
Legendary
Offline
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
|
|
June 26, 2011, 02:14:29 PM |
|
Fellas! Take a look at this: Wallet in the Cloud - Keeping your Bitcoins encrypted and saved into the Cloud! http://forum.bitcoin.org/index.php?topic=22386.0 What do you guys think about my solution?! It is really easy to do by everybody... And it can be easily changed, or used with a USB pendrive instead a Cloud environment... Cheers! Thiago
|
|
|
|
Sukrim
Legendary
Offline
Activity: 2618
Merit: 1007
|
|
June 26, 2011, 02:17:03 PM |
|
Just use Wuala, it works on Windows too - unlike some FUSE magic stuff...
|
|
|
|
ThiagoCMC
Legendary
Offline
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
|
|
June 26, 2011, 03:12:15 PM |
|
Sure! The "Ubuntu One" part of this setup can be changed to use Wuala, GMailFS, DropBox or even your USB PenDrive! Also, the EncFS is compatible with DropBox / BoxCryptor and a nice GUI interface, called Cryptkeeper. Look: http://blog.boxcryptor.com/how-to-use-boxcryptor-with-encfs-in-ubuntu-ma But this is more complicated to setup and needs more (and third party) softwares. My solution is simple for grandma. And it is a Live system! The "good thing" with my original post is that you do not need any third party software... Just Ubuntu stuff and Bitcoin packaged for it from Launchpad. BTW, Windows is too risky for everybody. You know, it catch viruses! And Linux does not. Anyway, thanks for the tip! Cheers, Thiago
|
|
|
|
hugolp
Legendary
Offline
Activity: 1148
Merit: 1001
Radix-The Decentralized Finance Protocol
|
|
June 26, 2011, 03:14:42 PM |
|
Fellas! Take a look at this: Wallet in the Cloud - Keeping your Bitcoins encrypted and saved into the Cloud! http://forum.bitcoin.org/index.php?topic=22386.0 What do you guys think about my solution?! It is really easy to do by everybody... And it can be easily changed, or used with a USB pendrive instead a Cloud environment... Cheers! Thiago I would not upload my private keys to the internet no matter how much encryption. That is just my personal perference though.
|
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
June 26, 2011, 03:27:24 PM |
|
LiveUSB makes a whole lot more sense to me.
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
ThiagoCMC
Legendary
Offline
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
|
|
June 26, 2011, 03:33:39 PM |
|
Sure... You can change the "Internet" to a "USB" kind of setup... The point is which may interest to people is the Live session and the entire Bitcoin data encrypted for ever. I liked http://bitcoinsforcharity.org/ very much!! IT IS AWESOME! Regards, Thiago
|
|
|
|
unk
Member
Offline
Activity: 84
Merit: 10
|
|
June 26, 2011, 04:02:14 PM |
|
gpg is common, even on cd/dvd distributions of linux.
truecrypt is available in tails (formerly known as 'incognito'), although you need to specify a kernel boot option to enable it. (the tails developers are perhaps overly skeptical of truecrypt because of its license.) i have had some interaction with the tails developers in the past, and they seem on top of a variety of systems-security issues, though i have not evaluated their system in detail myself.
|
|
|
|
ThiagoCMC
Legendary
Offline
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
|
|
June 26, 2011, 04:14:42 PM |
|
LiveUSB makes a whole lot more sense to me.
And about the backup?! It can be hosted in the Cloud too... I mean, using your "LiveUSB" suggestion (which is in fact, not Live, because it is just installed on USB) plus Ubuntu One service, you have the good thing of both worlds: a system dedicated only to Bitcoin (LiveUSB+Bitcoin client), encrypted and in sync with the Cloud (for backup).
|
|
|
|
Sandoz (OP)
Member
Offline
Activity: 85
Merit: 10
|
|
June 26, 2011, 05:22:34 PM |
|
LiveUSB makes a whole lot more sense to me.
A liveUSB has some problems: someone could modify the distro on your stick so as to look perfectly normal but steal your password / wallet. No one would do that? Well, if your whole life savings are in bitcoin it's absolutely worth it doing that! A liveCD is safer in that regard (just sign the CD-R and check your signature). Reboot and you start from scratch. Sure, you will have to download the whole blockchain from scratch every time, but if your intended use is a savings account, that's a viable option.
|
|
|
|
ThiagoCMC
Legendary
Offline
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
|
|
June 27, 2011, 03:46:39 AM |
|
LiveUSB makes a whole lot more sense to me.
A liveUSB has some problems: someone could modify the distro on your stick so as to look perfectly normal but steal your password / wallet. No one would do that? Well, if your whole life savings are in bitcoin it's absolutely worth it doing that! A liveCD is safer in that regard (just sign the CD-R and check your signature). Reboot and you start from scratch. Sure, you will have to download the whole blockchain from scratch every time, but if your intended use is a savings account, that's a viable option. Good point! I almost forget this detail... 1- If you use a "LiveCD", wich means Ubuntu installed on a USB PenDrive and; 2- Just encrypt your /home/ directory and; 3- Somebody knows that you have B$1.000.000,00 there. The thief can do: 1- Steal temporarily you PenDrive, when you're at bathroom; 2- Change the bitcoin binary (or any other binary of the system, like shell, etc) for a malicious version; 3- Give back to you, without your knowledge; 4- Wait until you open the system to stole your coins. This can not be happen if you have a Ubuntu Live CD with you signature write on it or, if you encrypt the entire file system of the USB PenDrive. Best, Thiago
|
|
|
|
rebuilder
Legendary
Offline
Activity: 1615
Merit: 1000
|
|
June 27, 2011, 08:13:50 AM |
|
You can make a livecd with custom packages such as truecrypt preinstalled. Look into Ubuntu Customization Kit for an easy way to do it, at least if you already have Ubuntu installed somewhere.
Note: be very, very careful when using a livecd for these purposes. Everything you write "to disk" while running the OS off a cd will get erased when you shut down the computer! One way to use such a cd would be to have both Dropbox and Truecrypt installed and store the wallet in an encrypted container on Dropbox. Again, exercise caution when setting your system up. It's very easy to do something silly and lose a lot of coins. At the very least, whatever you do, test your setup thoroughly, reboots and all, before sending any significant amount of coins to the secure wallet. Also, back the wallet up elsewhere than Dropbox as well.
Edit: BTW, if you store the block index on Dropbox as well, you won't need to re-verify the whole thing. You still have to re-download the file of course, but in my experience it's still faster than waiting for the client to verify everything. You might want to store the index on an encrypted volume as well, I'm not sure what kind of attacks are possible if someone manages to tamper with your index, but better safe than sorry...
|
Selling out to advertisers shows you respect neither yourself nor the rest of us. --------------------------------------------------------------- Too many low-quality posts? Mods not keeping things clean enough? Self-moderated threads let you keep signature spammers and trolls out!
|
|
|
ThiagoCMC
Legendary
Offline
Activity: 1204
Merit: 1000
฿itcoin: Currency of Resistance!
|
|
June 27, 2011, 09:51:12 AM |
|
You can make a livecd with custom packages such as truecrypt preinstalled. Look into Ubuntu Customization Kit for an easy way to do it, at least if you already have Ubuntu installed somewhere.
Note: be very, very careful when using a livecd for these purposes. Everything you write "to disk" while running the OS off a cd will get erased when you shut down the computer! One way to use such a cd would be to have both Dropbox and Truecrypt installed and store the wallet in an encrypted container on Dropbox. Again, exercise caution when setting your system up. It's very easy to do something silly and lose a lot of coins. At the very least, whatever you do, test your setup thoroughly, reboots and all, before sending any significant amount of coins to the secure wallet. Also, back the wallet up elsewhere than Dropbox as well.
Edit: BTW, if you store the block index on Dropbox as well, you won't need to re-verify the whole thing. You still have to re-download the file of course, but in my experience it's still faster than waiting for the client to verify everything. You might want to store the index on an encrypted volume as well, I'm not sure what kind of attacks are possible if someone manages to tamper with your index, but better safe than sorry...
Your concern about lose the information when you shutdown is 100% right! But I left everything about this very clear on the following guide: Wallet in the Cloud - Keeping your Bitcoins encrypted and saved into the Cloud! http://forum.bitcoin.org/index.php?topic=22386.0 But we need some observations: 1- Not use truecrypt, dropbox, or anything from the "outside", just the standards (out of the box) of some distro, this is a requirement; 2- Not use any customization, which raise people's concerns about the system; My guide is SIMPLE and 99% out of the box. Only the Bitcoin binaries comes from Launchpad, but I'm sure that Bitcoin will be part of Ubuntu 11.10. I'm preparing some screenshots to make it even more easy to follow. Anyway, you're right, pay attention is never something bad... Cheers! Thiago
|
|
|
|
nhodges
|
|
June 27, 2011, 10:02:37 AM |
|
Sure... You can change the "Internet" to a "USB" kind of setup... The point is which may interest to people is the Live session and the entire Bitcoin data encrypted for ever. I liked http://bitcoinsforcharity.org/ very much!! IT IS AWESOME! Regards, Thiago Thanks, I designed/developed the site. If you ever have any suggestions for charities we should send flyers to, just pm or email me!
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
June 28, 2011, 12:55:37 AM |
|
LiveUSB makes a whole lot more sense to me.
A liveUSB has some problems: someone could modify the distro on your stick so as to look perfectly normal but steal your password / wallet. No one would do that? Well, if your whole life savings are in bitcoin it's absolutely worth it doing that! A liveCD is safer in that regard (just sign the CD-R and check your signature). Reboot and you start from scratch. Sure, you will have to download the whole blockchain from scratch every time, but if your intended use is a savings account, that's a viable option. Good point! I almost forget this detail... 1- If you use a "LiveCD", wich means Ubuntu installed on a USB PenDrive and; 2- Just encrypt your /home/ directory and; 3- Somebody knows that you have B$1.000.000,00 there. The thief can do: 1- Steal temporarily you PenDrive, when you're at bathroom; 2- Change the bitcoin binary (or any other binary of the system, like shell, etc) for a malicious version; 3- Give back to you, without your knowledge; 4- Wait until you open the system to stole your coins. This can not be happen if you have a Ubuntu Live CD with you signature write on it or, if you encrypt the entire file system of the USB PenDrive. Best, Thiago
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
|