ulhaq (OP)
|
|
May 26, 2017, 04:04:32 PM Last edit: June 12, 2017, 01:17:38 PM by ulhaq |
|
I have heard suggestions here to have an offline computer where keys are stored. Even transactions that need to be paid can be saved, entered into the offline computer, signed, and the confirmation transferred back to the flashdrive to be uploaded to the internet. But this requires a flashdrive to go back and forth. So how much does that compromise security?
If one only transmits specific files back and forth to the flashdrive, is it safe? Or is it possible for a program to install itself unknowingly on the flashdrive while in the internet-connected computer?
Am using linux.
|
|
|
|
cpfreeplz
Legendary
Offline
Activity: 966
Merit: 1042
|
|
May 26, 2017, 04:07:40 PM |
|
If you have an infected system it could infect the flash drive. If you store bitcoins only on one flash drive it will deteriorate over the and you will lose everything.
Make multiple backups like you would with anything important in your life and store them on very secure systems. Ubuntu Live CDs are great for this.
|
|
|
|
Velkro
Legendary
Offline
Activity: 2296
Merit: 1014
|
|
May 26, 2017, 05:26:46 PM |
|
But this requires a flashdrive to go back and forth. So how much does that compromise security?
100%. It compromises security 100%. U can't do that. Malware is written to infect flash drives/pendrives mostly instantly. I can tell you that you should use SD cards, they are not infected almost at all. Additionally, disable in Windows all options to autorun inserted drives (CD/PENDRIVE/FLASHDRIVES/EVERYTHING). Happy to help.
|
|
|
|
merve10495
|
|
May 27, 2017, 02:14:44 AM |
|
But this requires a flashdrive to go back and forth. So how much does that compromise security?
I can tell you that you should use SD cards, I assume the user is using Windows, if so an SD card is mounted as a drive the same as a flash drive, if it was to be infected with malware or ransomware it'd still be infected/encrypted. The only safe thing to do is to have it backed up on multiple locations. If you desperately want to use SD Cards or USB drives/flash drives go out and by three high quality ones. Use one for the daily use every day, another with a backup you update whenever possible and that can be left within your cupboard somewhere in your house. Then the third one which is a backup of the backup should live in a location that is not your home/office, it needs to be a different geographical location aka - storage shed, safe deposit box, wherever you have somewhere else safe you can keep it. This 3 step backup solution is now protecting you from the following: - USB Failure / corruption
- Ransomware / Cryptolocking
- Natural disaster
- Loss of USB Drive OR accidental deletion
- The event that someone breaks into your house and steals all your tech
If you have any other questions shout out.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11029
Crypto Swap Exchange
|
|
May 27, 2017, 04:23:43 AM |
|
these are your options: 1. install linux on the flash drive and then use your webcam to scam the QR code of the raw unsigned transaction that you are supposed to sign. sign it, make a QR from the signed transaction and scan it with your cell phone and transfer it to online computer for broadcasting. result: 100% airgap wallet
2. partition your flash into two separate ones. first partition should be in FAT and second be in linux format. now install in the second one. place the raw unsigned tx into the first partition that your windows recognizes (it doesn't see the second at all) boot up linux from USB, sign, put it back in first partition, shut down, go to windows, broadcast. result pretty good security
in both cases remember to add passwords to both linux and wallet and keep separate backups. remember that these devices are susceptible to damage and loss of data in case you don't connect them to a power source ie USB port for a long time.
|
|
|
|
nativehasher
Member
Offline
Activity: 73
Merit: 10
|
|
May 27, 2017, 08:21:18 AM |
|
1. install linux on the flash drive and then use your webcam to scam the QR code of the raw unsigned transaction that you are supposed to sign. sign it, make a QR from the signed transaction and scan it with your cell phone and transfer it to online computer for broadcasting. result: 100% airgap wallet
The QR code tip is really innovative. Never thought of that earlier. And regarding saving your private keys, print paper wallets with the passphrase encrypted private key and store them in several places.
|
golang, node.js and C++ developer. BTC: 1NativecFuCN68n1rmHabkXRZnwuxpoJ4f
|
|
|
ulhaq (OP)
|
|
May 27, 2017, 10:54:09 PM |
|
I use Linux. I do not have any knowledge that my system is infected. It seems that some of the advice is aimed at windows users, how does it change for linux? If usb flashdrives deteriorate over time, then I do not see how it's possible to have backups? If I buy 2 usb flashdrives of different brands, then I can't be sure that they don't both deteriorate over time. Let's say that I put them in remote locations for safety. That precludes me from testing them on an ongoing basis (and nothing to prevent them from stop working after a test is performed). Eg, I'm confused about this advice: The only safe thing to do is to have it backed up on multiple locations. If you desperately want to use SD Cards or USB drives/flash drives go out and by three high quality ones.
On what medium do I back it up in multiple locations if I don't use SD cards or USB drives; do you mean paper? I was considering electronic because of altcoins in addition to bitcoin. But I suppose private keys of any currency can be printed. I am not sure how I would enter those back onto a computer if I needed to spend, because it would be time-consuming and prone to error? 1. install linux on the flash drive and then use your webcam to scam the QR code of the raw unsigned transaction that you are supposed to sign. sign it, make a QR from the signed transaction and scan it with your cell phone and transfer it to online computer for broadcasting. result: 100% airgap wallet
Why do I need to install linux on a flashdrive for this idea? It seems to me that I am scanning a QR code using the non-internet connected computer, either directly from the other computer screen, or printed out on a sheet of paper. I then generate a new QR code that I use my cell phone to scan and connect that to the internet-connected computer?
|
|
|
|
hexafraction
Sr. Member
Offline
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
|
|
May 27, 2017, 11:00:23 PM |
|
On what medium do I back it up in multiple locations if I don't use SD cards or USB drives; do you mean paper? I was considering electronic because of altcoins in addition to bitcoin. But I suppose private keys of any currency can be printed. I am not sure how I would enter those back onto a computer if I needed to spend, because it would be time-consuming and prone to error? It is indeed time-consuming, but backups aren't necessarily meant to be instant, but rather to be a secondary resort in case of computer memory failure; here the archival qualities of a good paper stock and fade-resistant ink stored in a safe place outweigh the time taken to perform printing/writing down and restoration. It could be error-prone depending on your ability to accurately type long strings of seemingly random characters. However, if you use an HD wallet in the same manner, you're writing down a set of distinguishable random words (comprising your seed) instead, which is quite a bit less error-prone.
|
|
|
|
kolloh
Legendary
Offline
Activity: 1736
Merit: 1023
|
|
May 28, 2017, 03:47:28 AM |
|
Using a hardware wallet would probably be greater security than transferring an ordinary USB stick back and forth between an offline and online PC. I'd recommend looking into a Trezor or Ledger Nano S to secure your funds.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11029
Crypto Swap Exchange
|
|
May 28, 2017, 04:37:40 AM |
|
I use Linux. I do not have any knowledge that my system is infected. It seems that some of the advice is aimed at windows users, how does it change for linux?
not much difference. i said it mostly aimed at windows since it is what most people (including myself) use as their daily OS. in linux you just don't mount the partitions. If usb flashdrives deteriorate over time, then I do not see how it's possible to have backups? If I buy 2 usb flashdrives of different brands, then I can't be sure that they don't both deteriorate over time. Let's say that I put them in remote locations for safety. That precludes me from testing them on an ongoing basis (and nothing to prevent them from stop working after a test is performed). Eg, I'm confused about this advice: The only safe thing to do is to have it backed up on multiple locations. If you desperately want to use SD Cards or USB drives/flash drives go out and by three high quality ones.
On what medium do I back it up in multiple locations if I don't use SD cards or USB drives; do you mean paper? I was considering electronic because of altcoins in addition to bitcoin. But I suppose private keys of any currency can be printed. I am not sure how I would enter those back onto a computer if I needed to spend, because it would be time-consuming and prone to error? it can be another USB disk, SD card, CD, or even Floppy disk! but all these digital mediums are going to deteriorate. i am not sure how long will it take but it is not short, so you don't need to worry about it much. but the best one is to make a hard copy of the private keys (or seed) such as printing it on a piece of paper and laminating it, or etching it on a metal plate or using a hammer and one of those metal letter thingies that can engrave letters and numbers on metal. these things can only be physically lost and not much can damage them. 1. install linux on the flash drive and then use your webcam to scam the QR code of the raw unsigned transaction that you are supposed to sign. sign it, make a QR from the signed transaction and scan it with your cell phone and transfer it to online computer for broadcasting. result: 100% airgap wallet
Why do I need to install linux on a flashdrive for this idea? It seems to me that I am scanning a QR code using the non-internet connected computer, either directly from the other computer screen, or printed out on a sheet of paper. I then generate a new QR code that I use my cell phone to scan and connect that to the internet-connected computer? the offline wallet has to be somewhere on a fresh and clean OS, that is why i said install linux. you can use a live linux with persistence if you like, you can even use a live linux without it and restore your wallet with seed each time for example. the installed linux works as your very own cheap but secure hardware wallet that you can be sure is secure as long as you don't let anything contaminate it.
|
|
|
|
coinmore.org
Newbie
Offline
Activity: 1
Merit: 0
|
|
May 29, 2017, 03:18:42 PM |
|
I have heard suggestions here to have an offline computer where keys are stored. Even transactions that need to be paid can be saved, entered into the offline computer, signed, and the confirmation transferred back to the flashdrive to be uploaded to the internet. But this requires a flashdrive to go back and forth. So how much does that compromise security?
If one only transmits specific files back and forth to the flashdrive, is it safe? Or is it possible for a program to install itself unknowingly on the flashdrive while in the internet-connected computer?
A flash drive can easily become infected and your private keys can then become "exposed". I would strongly advise you invest in a good hardware wallet (Trezor or Ledger Nano S). This is by far the safest and easiest way to store and spend coins.
|
|
|
|
watermark
Newbie
Offline
Activity: 39
Merit: 0
|
|
May 29, 2017, 07:03:53 PM |
|
I have heard suggestions here to have an offline computer where keys are stored. Even transactions that need to be paid can be saved, entered into the offline computer, signed, and the confirmation transferred back to the flashdrive to be uploaded to the internet. But this requires a flashdrive to go back and forth. So how much does that compromise security?
If one only transmits specific files back and forth to the flashdrive, is it safe? Or is it possible for a program to install itself unknowingly on the flashdrive while in the internet-connected computer?
I've heard that flash drives may not hold data for more than a few years if they aren't plugged in to a computer over that period of time. To be safe, you may need to keep a paper backup of your keys.
|
|
|
|
Emoclaw
|
|
May 29, 2017, 07:10:34 PM |
|
Encrypted flash drives' data is not at risk due to an infection. In fact, malware does not infect your flash drive, in Windows XP that was viable because autorun was enabled by default, and so the malware would spread itself by USB but now it doesn't because there's no point (autorun is disabled by default on Windows 7 and later, and Linux has no such thing whatsoever). Malware can read the data on a flash drive, but will not 'infect' it. As long as the flash drive is encrypted, it will be safe no matter where you plug it.
However, flash drives (and inherently all storage media) suffer from data degradation. For various reasons (depending on the storage medium), data can degrade over long periods of time if the device hasn't been plugged in. Degradation is also accelerated by heat.
The best option for you would be to use a paper wallet for archival-style/cold storage of your cryptocurrency. But if you absolutely must use digital storage, do so on a machine that is running Linux to minimize risk, and make sure that you plug in the device(s) from time to time (but that would defeat the purpose of cold storage). Some malware could even just delete your wallet file or re-encrypt it, in which case you should enable write-protection.
|
|
|
|
hexafraction
Sr. Member
Offline
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
|
|
May 29, 2017, 07:19:20 PM |
|
The best option for you would be to use a paper wallet for archival-style/cold storage of your cryptocurrency. But if you absolutely must use digital storage, do so on a machine that is running Linux to minimize risk, and make sure that you plug in the device(s) from time to time (but that would defeat the purpose of cold storage). Some malware could even just delete your wallet file or re-encrypt it, in which case you should enable write-protection.
Plugging the device in may or may not do anything for flash memory degradation. Assuming NAND flash, simply powering the memory and performing reads won't do anything about leakage from the floating gates of the actual flash cells; flash doesn't refresh on read like DRAM does.
|
|
|
|
erikalui
Legendary
Offline
Activity: 2632
Merit: 1094
|
|
May 29, 2017, 07:45:00 PM |
|
Encrypted or not flashdrives or hard drives aren't safe for saving security data but instead of using a flashdrive, it's recommended to use a hard drive for any information that needs to be protected and then create multiple copies of the same in case of data degradation on one. Flashdrives can be prone to virus or malware and it can fail more compared to hard drives or SSDs.
|
|
|
|
italianMiner72
|
|
May 30, 2017, 07:39:38 AM |
|
Encrypted or not flashdrives or hard drives aren't safe for saving security data but instead of using a flashdrive, it's recommended to use a hard drive for any information that needs to be protected and then create multiple copies of the same in case of data degradation on one. Flashdrives can be prone to virus or malware and it can fail more compared to hard drives or SSDs.
But why all this problems ?? All of us know who bitcoin wallet.dat stolen was in pc's with security level / users behaviors not = at Zero .. but negative :-) I think, have a firewall plus antivirus on PC is good. ... do not open spam email link it's another good behaviour. More sucurity again, use 2 bitcoin wallet: One for the daily ops with the minimal balance, and the second with all your booty, better if stored in a backup offline virtual machine ... not important if windows o Linux.
|
|
|
|
Emoclaw
|
|
May 30, 2017, 01:17:53 PM |
|
The best option for you would be to use a paper wallet for archival-style/cold storage of your cryptocurrency. But if you absolutely must use digital storage, do so on a machine that is running Linux to minimize risk, and make sure that you plug in the device(s) from time to time (but that would defeat the purpose of cold storage). Some malware could even just delete your wallet file or re-encrypt it, in which case you should enable write-protection.
Plugging the device in may or may not do anything for flash memory degradation. Assuming NAND flash, simply powering the memory and performing reads won't do anything about leakage from the floating gates of the actual flash cells; flash doesn't refresh on read like DRAM does. Modern NAND controllers do garbage collection. In that case, simply plugging it in so as to prevent or slow down data degradation is enough. Flash vendors usually include more cells than are available to write data on, in order to 'replace' other worn-out cells. Under normal conditions, NAND cells can retain a charge for a couple of years. This is enough for most use-cases, but definitely not enough for cold or archival storage.
|
|
|
|
hexafraction
Sr. Member
Offline
Activity: 392
Merit: 268
Tips welcomed: 1CF4GhXX1RhCaGzWztgE1YZZUcSpoqTbsJ
|
|
May 30, 2017, 08:13:37 PM |
|
Modern NAND controllers do garbage collection. In that case, simply plugging it in so as to prevent or slow down data degradation is enough. Flash vendors usually include more cells than are available to write data on, in order to 'replace' other worn-out cells. Under normal conditions, NAND cells can retain a charge for a couple of years. This is enough for most use-cases, but definitely not enough for cold or archival storage.
I agree that NAND controllers do garbage collection on write. However, could you provide a source that suggests that they do so on reads as well? I would assume that they don't because a GC operation will lead to wear on the flash cells as data is relocated (i.e. using up remaining "write cycles"), while reading typically does not lead to such aging/wear.
|
|
|
|
Emoclaw
|
|
May 31, 2017, 08:28:17 AM |
|
Modern NAND controllers do garbage collection. In that case, simply plugging it in so as to prevent or slow down data degradation is enough. Flash vendors usually include more cells than are available to write data on, in order to 'replace' other worn-out cells. Under normal conditions, NAND cells can retain a charge for a couple of years. This is enough for most use-cases, but definitely not enough for cold or archival storage.
I agree that NAND controllers do garbage collection on write. However, could you provide a source that suggests that they do so on reads as well? I would assume that they don't because a GC operation will lead to wear on the flash cells as data is relocated (i.e. using up remaining "write cycles"), while reading typically does not lead to such aging/wear. Actually I was wrong. Bad blocks in NAND can only be identified in a program (write) or erase operation. Only then is the data relocated to the next good block. Those bad blocks are marked in the spare area (the extra cells vendors add) in a bad block table. Therefore I suppose that you'd also have to run chkdsk each time to locate the bad block.
|
|
|
|
Immakillya
|
|
May 31, 2017, 12:24:05 PM |
|
Instead using flashdrive. Why not use ledger wallet. Its a hardware wallet which more safer because they have better security feature. They have USB and bluetooth capabilities. But still, they are not fool proof. No matter how safe your wallet to keep your btc. If you don't know how to take care of it.
|
|
|
|
|