Are VMs adequate for cold/cool wallets?

Quote from: cypherdoc on May 04, 2013, 01:22:12 AM

Quote from: proudhon on May 03, 2013, 11:32:10 PM

I've been playing around with Windows to Go on a USB thumbdrive lately. I downloaded the Windows 8 Enterprise trial ISO from Microsoft and installed it on freshly formatted hard drive in an offline PC. From that Enterprise installation I created a live and bootable Windows 8 Enterprise USB using the Windows to Go feature. You can choose to use Microsoft's BitLocker encryption on the USB drive from the Windows to Go installation wizard. Once Go is finished installing, you can boot up that installation of Windows on any capable system. On boot you'll be prompted for the BitLocker password to decrypt the drive.

On any systems you use with your USB drive you'd just want to make sure any network cables are disconnected before you boot up. The first time I booted from my USB drive I just went ahead and uninstalled all network devices. I installed Armory and have used it for a few small offline wallets. I think this gives you something almost as secure as a dedicated offline computer for Armory with more flexibility. The way I've set it up you need the BitLocker decryption key, the regular Windows password, and the password for the Armory wallets in order to sign transactions to be moved to an online system for broadcasting.

Of course, you can do something similar with Linux, but I wanted to try it out with Windows because Armory updates typically go out to Windows first, and I wanted to avoid worrying about dependencies and stuff like that. What's nice is that I think you can do this for free. You can get the trial Enterprise ISO directly from Microsoft. The standard installation is limited to 90 days, but you just need to install it in order to create a Windows to Go USB drive. After that, you don't need it anymore. The Go installation will tell you it's not activated with a watermark, but being unactivated, as far as I can tell, just means you can use some Windows features like the Windows store - stuff you don't need on an offline installation anyway.

I guess it's a slight step down from a dedicated Armory offline computer because I it's conceivable that a wallet compromising virus could travel from the hard drive of host computer onto the USB installation; although, from my USB Go installation I've never been able to access the drive resources of the host computer, so I assume there some partitioning going on to protect against that sort of thing. Anyway, like I said, probably a slight step down in security from the recommended Armory setup, but a step up in security, I think, from VMs on network connected computers. Plus you get a lot more flexibility since you could more easily travel with an encrypted USB that you can use on your main laptop or any other computer.

Just something I've been playing with.

Were you able to set that up for free?

You might be interested in the ironkey that's coming out later this year that will have hardware encryption with windows to go and can boot up in ram.

Yep, it's free. Just used the trial Enterprise ISO. It gets watermarked as unactivated, and some Windows features get disabled - like Windows Store -, but otherwise it works perfectly fine for an offline wallet OS.