Bitcoin Forum
December 04, 2016, 12:37:41 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: BitVault LiveCD - Bitcoin Secure Transactions Environment  (Read 4287 times)
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 25, 2011, 05:32:22 PM
 #21

Doesn't rebooting flush the RAM? Once power is lost to the RAM it clears if I remember correctly. I remember reading an article on how these hackers wanted to get a key off of RAM but the computer was locked. They knew the KEY was in the RAM so they froze the RAM with liquid nitrogen so they could examine the RAM and find the key. They couldn't lose power to the RAM without freezing it.

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480855061
Hero Member
*
Offline Offline

Posts: 1480855061

View Profile Personal Message (Offline)

Ignore
1480855061
Reply with quote  #2

1480855061
Report to moderator
1480855061
Hero Member
*
Offline Offline

Posts: 1480855061

View Profile Personal Message (Offline)

Ignore
1480855061
Reply with quote  #2

1480855061
Report to moderator
Globz
Newbie
*
Offline Offline

Activity: 14

www.kittybomber.com


View Profile WWW
June 25, 2011, 05:36:14 PM
 #22

Doesn't rebooting flush the RAM? Once power is lost to the RAM it clears if I remember correctly. I remember reading an article on how these hackers wanted to get a key off of RAM but the computer was locked. They knew the KEY was in the RAM so they froze the RAM with liquid nitrogen so they could examine the RAM and find the key. They couldn't lose power to the RAM without freezing it.

Yes, there's no way to flush the RAM without crashing your computer. You have to reboot.

BitVault LiveCD - Bitcoin Secure Transactions Environment
http://www.kittybomber.com/BitVault
ben-abuya
Sr. Member
****
Offline Offline

Activity: 323



View Profile WWW
June 25, 2011, 05:59:50 PM
 #23

Might want to check out this distro, too. They've modified the kernel to prevent hard disk mounting and disabled network access:

https://www.privacy-cd.org/

They recommend doing a full memory test on reboot to wipe memory. I use this on a $300 netbook which I never connect to the Internet or use for anything else.

http://lamassubtc.com/
Lamassu Bitcoin Ventures
Globz
Newbie
*
Offline Offline

Activity: 14

www.kittybomber.com


View Profile WWW
June 25, 2011, 06:05:09 PM
 #24

Its a cool distro but the goal of this LiveCD is to do transactions so we need a network access. As long as you hide your IP and that you run everything from RAM your chance of being hack by someone are lot less.

I would like some feedback from people who tried it, I know there's some stuff to improve or add so please let me know. I am currently working on sipa's bitcoin client.

BitVault LiveCD - Bitcoin Secure Transactions Environment
http://www.kittybomber.com/BitVault
Globz
Newbie
*
Offline Offline

Activity: 14

www.kittybomber.com


View Profile WWW
June 25, 2011, 10:36:03 PM
 #25

-Added a new Bitcoin client support from coderrr : http://forum.mtgoxlive.com/showthread.php/11-Patching-The-Bitcoin-Client-To-Make-It-More-Anonymous
 - Please read this page if you wish to use this client http://www.kittybomber.com/config_guide

BitVault LiveCD - Bitcoin Secure Transactions Environment
http://www.kittybomber.com/BitVault
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 26, 2011, 07:55:04 AM
 #26

Perhaps adding a demo copy of WinHex or another suitable hex editor that can do full disk scans may be helpful for deleted/corrupted wallet recovery.  See this thread:

http://forum.bitcoin.org/index.php?topic=22697.msg285466#msg285466

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Sandoz
Member
**
Offline Offline

Activity: 85


View Profile
June 26, 2011, 08:44:30 AM
 #27

Might want to check out this distro, too. They've modified the kernel to prevent hard disk mounting and disabled network access:

https://www.privacy-cd.org/

They recommend doing a full memory test on reboot to wipe memory. I use this on a $300 netbook which I never connect to the Internet or use for anything else.

I have another one: TAILS Linux (the amnesic...): http://tails.boum.org/about/index.en.html

That's is my favorite livecd as it does everything possible for anonymity... Every internet connection goes through tor by default, the memory is immediately overwritten as soon as you unplug the boot medium (someone with a gun comes in, you raise your hands and step away from the computer automatically unplugging the USB stick from which you booted and which is connected to your belt), it has a nice on-screen keyboard to defeat hardware keyloggers, provides a MAC changer for anonymity in hostile environments... And they are even so paranoid that they want to remove truecrypt support (check their site for the rationale)

They are considering to add a bitcoin client per default in the future. For me this is quite a great candidate for a paranoid BitVault distro (Thanks for NOT calling it VaultCoin)

marcus_of_augustus
Legendary
*
Offline Offline

Activity: 2086



View Profile
June 26, 2011, 11:34:37 AM
 #28

Might want to check out this distro, too. They've modified the kernel to prevent hard disk mounting and disabled network access:

https://www.privacy-cd.org/

They recommend doing a full memory test on reboot to wipe memory. I use this on a $300 netbook which I never connect to the Internet or use for anything else.

I have another one: TAILS Linux (the amnesic...): http://tails.boum.org/about/index.en.html

That's is my favorite livecd as it does everything possible for anonymity... Every internet connection goes through tor by default, the memory is immediately overwritten as soon as you unplug the boot medium (someone with a gun comes in, you raise your hands and step away from the computer automatically unplugging the USB stick from which you booted and which is connected to your belt), it has a nice on-screen keyboard to defeat hardware keyloggers, provides a MAC changer for anonymity in hostile environments... And they are even so paranoid that they want to remove truecrypt support (check their site for the rationale)

They are considering to add a bitcoin client per default in the future. For me this is quite a great candidate for a paranoid BitVault distro (Thanks for NOT calling it VaultCoin)



sounds awesome ... there will be an immediate market for these for sure .... and has some interesting evolutionary direction possibilities also ...

Globz
Newbie
*
Offline Offline

Activity: 14

www.kittybomber.com


View Profile WWW
June 26, 2011, 02:46:36 PM
 #29

Might want to check out this distro, too. They've modified the kernel to prevent hard disk mounting and disabled network access:

https://www.privacy-cd.org/

They recommend doing a full memory test on reboot to wipe memory. I use this on a $300 netbook which I never connect to the Internet or use for anything else.

I have another one: TAILS Linux (the amnesic...): http://tails.boum.org/about/index.en.html

That's is my favorite livecd as it does everything possible for anonymity... Every internet connection goes through tor by default, the memory is immediately overwritten as soon as you unplug the boot medium (someone with a gun comes in, you raise your hands and step away from the computer automatically unplugging the USB stick from which you booted and which is connected to your belt), it has a nice on-screen keyboard to defeat hardware keyloggers, provides a MAC changer for anonymity in hostile environments... And they are even so paranoid that they want to remove truecrypt support (check their site for the rationale)

They are considering to add a bitcoin client per default in the future. For me this is quite a great candidate for a paranoid BitVault distro (Thanks for NOT calling it VaultCoin)



Sounds like a really cool distro. If you guys have more security stuff that you would like to see implemented inside BitVault, please let me know.

BitVault LiveCD - Bitcoin Secure Transactions Environment
http://www.kittybomber.com/BitVault
Globz
Newbie
*
Offline Offline

Activity: 14

www.kittybomber.com


View Profile WWW
June 26, 2011, 03:18:53 PM
 #30

Perhaps adding a demo copy of WinHex or another suitable hex editor that can do full disk scans may be helpful for deleted/corrupted wallet recovery.  See this thread:

http://forum.bitcoin.org/index.php?topic=22697.msg285466#msg285466

Seems like a good idea, I found this free HexEditor and you can do a search of your hard drive.

http://mh-nexus.de/en/programs.php


I will add it to BitVault.

BitVault LiveCD - Bitcoin Secure Transactions Environment
http://www.kittybomber.com/BitVault
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 26, 2011, 03:33:08 PM
 #31

A few things I'm wondering about based on the text on the website...

Quote
With this in mind, I decided to create a Live CD based on MiniXP architecture, by using BitVault the user will not have to worry about being infected or getting spied on by someone.
How exactly (besides being a LiveCD) does it ensure that it cannot be infected, especially since it's based on Windows?

Quote
I wanted to have a user friendly approach rather than a complicated (for most people) command line interface like Linux
Where did you get the idea that Linux is a "command line interface"? Environments on Linux like GNOME and KDE are often far more userfriendly than the Windows environment, and it's possible to customize Linux distributions to such a degree that you can make it only have the necessary controls for the purpose of the OS (which, in this case, would be Bitcoin-related tasks).

Now I also took a look at the screenshots... and I see a (commandline) batch file that is used to do transactions? Now seeing as you just mentioned you wanted to avoid command line interfaces, why use a batch file?

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
Globz
Newbie
*
Offline Offline

Activity: 14

www.kittybomber.com


View Profile WWW
June 26, 2011, 03:52:37 PM
 #32

A few things I'm wondering about based on the text on the website...

Quote
With this in mind, I decided to create a Live CD based on MiniXP architecture, by using BitVault the user will not have to worry about being infected or getting spied on by someone.
How exactly (besides being a LiveCD) does it ensure that it cannot be infected, especially since it's based on Windows?

Quote
I wanted to have a user friendly approach rather than a complicated (for most people) command line interface like Linux
Where did you get the idea that Linux is a "command line interface"? Environments on Linux like GNOME and KDE are often far more userfriendly than the Windows environment, and it's possible to customize Linux distributions to such a degree that you can make it only have the necessary controls for the purpose of the OS (which, in this case, would be Bitcoin-related tasks).

Now I also took a look at the screenshots... and I see a (commandline) batch file that is used to do transactions? Now seeing as you just mentioned you wanted to avoid command line interfaces, why use a batch file?

It can be infected, but you will be browsing the net anonymously and you are using firefox with no-script, Enforce HTTPS, harden Adobe Acrobat against attacks, this should help you a lot read : http://anonymous-proxy-servers.net/wiki/index.php/JonDoFox_extension_for_Firefox  Remember that you are using this LiveCD for Transactions only, you should only browse bitcoin related websites/forums to minimize the risks.


About Linux, the problem is most of the time you have to configure a lot of stuff with a command line to make it work properly on your computer, of course I know GNOME and KDE but like I said I wanted to use Windows as my first distro, I will make a Linux distro.


For the batchfile, if pressing enter is too hard for the user than I do not know what to tell you.

BitVault LiveCD - Bitcoin Secure Transactions Environment
http://www.kittybomber.com/BitVault
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 26, 2011, 11:09:51 PM
 #33

A few things I'm wondering about based on the text on the website...

Quote
With this in mind, I decided to create a Live CD based on MiniXP architecture, by using BitVault the user will not have to worry about being infected or getting spied on by someone.
How exactly (besides being a LiveCD) does it ensure that it cannot be infected, especially since it's based on Windows?

Quote
I wanted to have a user friendly approach rather than a complicated (for most people) command line interface like Linux
Where did you get the idea that Linux is a "command line interface"? Environments on Linux like GNOME and KDE are often far more userfriendly than the Windows environment, and it's possible to customize Linux distributions to such a degree that you can make it only have the necessary controls for the purpose of the OS (which, in this case, would be Bitcoin-related tasks).

Now I also took a look at the screenshots... and I see a (commandline) batch file that is used to do transactions? Now seeing as you just mentioned you wanted to avoid command line interfaces, why use a batch file?

It can be infected, but you will be browsing the net anonymously and you are using firefox with no-script, Enforce HTTPS, harden Adobe Acrobat against attacks, this should help you a lot read : http://anonymous-proxy-servers.net/wiki/index.php/JonDoFox_extension_for_Firefox  Remember that you are using this LiveCD for Transactions only, you should only browse bitcoin related websites/forums to minimize the risks.
For the PDF reader I'd advise using Foxit Reader, both because it's a lot lighter/faster and more secure.

Quote

About Linux, the problem is most of the time you have to configure a lot of stuff with a command line to make it work properly on your computer, of course I know GNOME and KDE but like I said I wanted to use Windows as my first distro, I will make a Linux distro.
I've used SuSE (with both KDE and GNOME) for years, and never really had to use the commandline. When I did, it was usually because I *wanted* to mess around, not because something didn't work. Puppy Linux (which would be more useful for something like this) combined with IceWM gave me pretty much the same experience: no commandline needed to use it, at all. I work on (non-profit) refurbishing of computers regularly, and often use Puppy Linux on them, and never really had anything that didn't work out of the box.

Quote

For the batchfile, if pressing enter is too hard for the user than I do not know what to tell you.
I was only refering to the "commandline" thing Smiley

EDIT: Regarding KDE vs. GNOME, I'd certainly recommend GNOME for ease of use, KDE is simply too bloated and messy nowadays. For something like a simple Live CD however, IceWM would probably be the best choice.

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
Globz
Newbie
*
Offline Offline

Activity: 14

www.kittybomber.com


View Profile WWW
June 27, 2011, 02:06:32 AM
 #34

A few things I'm wondering about based on the text on the website...

Quote
With this in mind, I decided to create a Live CD based on MiniXP architecture, by using BitVault the user will not have to worry about being infected or getting spied on by someone.
How exactly (besides being a LiveCD) does it ensure that it cannot be infected, especially since it's based on Windows?

Quote
I wanted to have a user friendly approach rather than a complicated (for most people) command line interface like Linux
Where did you get the idea that Linux is a "command line interface"? Environments on Linux like GNOME and KDE are often far more userfriendly than the Windows environment, and it's possible to customize Linux distributions to such a degree that you can make it only have the necessary controls for the purpose of the OS (which, in this case, would be Bitcoin-related tasks).

Now I also took a look at the screenshots... and I see a (commandline) batch file that is used to do transactions? Now seeing as you just mentioned you wanted to avoid command line interfaces, why use a batch file?

It can be infected, but you will be browsing the net anonymously and you are using firefox with no-script, Enforce HTTPS, harden Adobe Acrobat against attacks, this should help you a lot read : http://anonymous-proxy-servers.net/wiki/index.php/JonDoFox_extension_for_Firefox  Remember that you are using this LiveCD for Transactions only, you should only browse bitcoin related websites/forums to minimize the risks.
For the PDF reader I'd advise using Foxit Reader, both because it's a lot lighter/faster and more secure.

Quote

About Linux, the problem is most of the time you have to configure a lot of stuff with a command line to make it work properly on your computer, of course I know GNOME and KDE but like I said I wanted to use Windows as my first distro, I will make a Linux distro.
I've used SuSE (with both KDE and GNOME) for years, and never really had to use the commandline. When I did, it was usually because I *wanted* to mess around, not because something didn't work. Puppy Linux (which would be more useful for something like this) combined with IceWM gave me pretty much the same experience: no commandline needed to use it, at all. I work on (non-profit) refurbishing of computers regularly, and often use Puppy Linux on them, and never really had anything that didn't work out of the box.

Quote

For the batchfile, if pressing enter is too hard for the user than I do not know what to tell you.
I was only refering to the "commandline" thing Smiley

EDIT: Regarding KDE vs. GNOME, I'd certainly recommend GNOME for ease of use, KDE is simply too bloated and messy nowadays. For something like a simple Live CD however, IceWM would probably be the best choice.


Yeah I would use GNOME too, I will look into this, thanks for the advice!

BitVault LiveCD - Bitcoin Secure Transactions Environment
http://www.kittybomber.com/BitVault
Globz
Newbie
*
Offline Offline

Activity: 14

www.kittybomber.com


View Profile WWW
June 27, 2011, 03:02:41 PM
 #35

I am currently looking for a compiled Windows version of sipa's client  or else I will try to build it under Windows.

Thanks.

BitVault LiveCD - Bitcoin Secure Transactions Environment
http://www.kittybomber.com/BitVault
JohnDoe
Sr. Member
****
Offline Offline

Activity: 392



View Profile
June 27, 2011, 04:44:27 PM
 #36

Doesn't rebooting flush the RAM? Once power is lost to the RAM it clears if I remember correctly. I remember reading an article on how these hackers wanted to get a key off of RAM but the computer was locked. They knew the KEY was in the RAM so they froze the RAM with liquid nitrogen so they could examine the RAM and find the key. They couldn't lose power to the RAM without freezing it.

So if I see some Delta Force dudes bursting through my window it would be safer to reboot instead of shutting down?

Just read this article and it seems like it doesn't make a difference:
http://www.zdnet.com/blog/security/cryogenically-frozen-ram-bypasses-all-disk-encryption-methods/900

"This same attack works without the compressed air or RAM migration if the computer is configured for USB or LAN boot. You simply put in a USB dongle and boot off that dongle or you can boot off the network. Booting off the optical drive is probably just as easy and more likely to work. Then you can dump the RAW memory contents to the USB dongle or a network share"
netrin
Sr. Member
****
Offline Offline

Activity: 322


FirstBits: 168Bc


View Profile
July 19, 2011, 04:23:17 AM
 #37

https://tails.boum.org/ is good and can run bitcoin without modification, however http://dee.su/liberte is rock solid, though would require a new bitcoin client to be compiled. And this is a must have patch for anonymity: https://forum.bitcoin.org/index.php?topic=24784.0 (also import/export for power users)

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
Sandoz
Member
**
Offline Offline

Activity: 85


View Profile
July 19, 2011, 04:43:50 AM
 #38

https://tails.boum.org/ is good and can run bitcoin without modification, however http://dee.su/liberte is rock solid, though would require a new bitcoin client to be compiled. And this is a must have patch for anonymity: https://forum.bitcoin.org/index.php?topic=24784.0 (also import/export for power users)

Indeed. I think both distros have the same goal. I don't know the difference very well but what I like about tails is the daemon which immediately wipes the memory as soon as you eject the cd or start the shut down sequence. But that could be ported to liberté too I guess
netrin
Sr. Member
****
Offline Offline

Activity: 322


FirstBits: 168Bc


View Profile
July 19, 2011, 03:33:12 PM
 #39

https://tails.boum.org/ is good and can run bitcoin without modification, however http://dee.su/liberte is rock solid, though would require a new bitcoin client to be compiled. And this is a must have patch for anonymity: https://forum.bitcoin.org/index.php?topic=24784.0 (also import/export for power users)

Indeed. I think both distros have the same goal. I don't know the difference very well but what I like about tails is the daemon which immediately wipes the memory as soon as you eject the cd or start the shut down sequence. But that could be ported to liberté too I guess

Liberte does that as well. Liberte is smaller, faster, and much more locked down than TAILS. Tails will let you run external applications (such as bitcoin) without reconfiguring the ISO. Liberte will not. You must pre-generate the Liberte image and it will be verified on boot. After booting into the GUI, root/sudo is not possible. I believe both encrypt the swap space. Try it. Liberte is very restrictive, but quite secure, to the point of being impractical for anything but communication.

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
jerfelix
Sr. Member
****
Offline Offline

Activity: 266


View Profile
July 19, 2011, 03:58:06 PM
 #40

Remember that you are using this LiveCD for Transactions only, you should only browse bitcoin related websites/forums to minimize the risks.

On the contrary, I'd think that Bitcoin virus writers will likely place their viruses on Bitcoin related websites and forums.
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!