Bitcoin Forum
March 29, 2024, 12:09:40 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2  All
  Print  
Author Topic: BitVault LiveCD - Bitcoin Secure Transactions Environment  (Read 4803 times)
Globz (OP)
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile WWW
June 24, 2011, 05:10:28 PM
Last edit: June 25, 2011, 10:35:31 PM by Globz
 #1

The recent security concerns related to Bitcoin gave me the idea to create a LiveCD where you can do safe transactions without worrying about being infected by the trojan infostealer.Coinbit or being spied by anyone.

Features :
                                              -Use TrueCrypt to access your encrypted Wallet
                                              -If you wish you can surf the web anonymously with JonDoFox
                                              -You can use the client MegaIRC and join your favourite Bitcoin irc channel
                                              -You can also use the calculator to help you in your transactions
                                              -You can connect to the internet with OpenVPN (not yet implemented)
                                              -Block-chain already pre-loaded inside BitVault - you can manually update it
                                              -BitVault Wizard, easy step by step with almost no interaction from the user which install and configure
                                               the bitcoin client for you!




If you wish to know more about BitVault features, method of work and download link, please read this page : http://kittybomber.com/BitVault

I am also seeking volunteer to help me out with this project, read this page for more information : http://kittybomber.com/BitVault_dev


Please give me feedback and if you wish to see something implemented inside this LiveCD let me know!

EDIT:

-Added a new Bitcoin client support from coderrr : http://forum.mtgoxlive.com/showthread.php/11-Patching-The-Bitcoin-Client-To-Make-It-More-Anonymous
 - Please read this page if you wish to use this client http://www.kittybomber.com/config_guide

Feel free to donate : 1D5BjvQi7kGPUBpumWsN7kJ63hixEJcfFW
1711670980
Hero Member
*
Offline Offline

Posts: 1711670980

View Profile Personal Message (Offline)

Ignore
1711670980
Reply with quote  #2

1711670980
Report to moderator
1711670980
Hero Member
*
Offline Offline

Posts: 1711670980

View Profile Personal Message (Offline)

Ignore
1711670980
Reply with quote  #2

1711670980
Report to moderator
Each block is stacked on top of the previous one. Adding another block to the top makes all lower blocks more difficult to remove: there is more "weight" above each block. A transaction in a block 6 blocks deep (6 confirmations) will be very difficult to remove.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 24, 2011, 05:15:28 PM
 #2

I strongly recommend you apply Sipa's import/export patch, so that bitcoin addresses with their private keys can be exported and/or re-imported.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Globz (OP)
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile WWW
June 24, 2011, 05:28:05 PM
 #3

I strongly recommend you apply Sipa's import/export patch, so that bitcoin addresses with their private keys can be exported and/or re-imported.

Could you please provide me a link? I will look into this.
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
June 24, 2011, 05:47:21 PM
 #4

I strongly recommend you apply Sipa's import/export patch, so that bitcoin addresses with their private keys can be exported and/or re-imported.

Could you please provide me a link? I will look into this.

http://forum.bitcoin.org/?topic=3906.0

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Globz (OP)
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile WWW
June 24, 2011, 06:03:33 PM
 #5

I strongly recommend you apply Sipa's import/export patch, so that bitcoin addresses with their private keys can be exported and/or re-imported.

Could you please provide me a link? I will look into this.

http://forum.bitcoin.org/?topic=3906.0

Thanks, so it does only support this client version 0.3.20 ?
em3rgentOrdr
Sr. Member
****
Offline Offline

Activity: 434
Merit: 251


youtube.com/ericfontainejazz now accepts bitcoin


View Profile WWW
June 24, 2011, 07:15:00 PM
 #6

I subscribing to this thread.  When anyone tries it out, please respond and give feedback.

"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.

Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
Globz (OP)
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile WWW
June 24, 2011, 09:01:25 PM
 #7

I subscribing to this thread.  When anyone tries it out, please respond and give feedback.

If you have any questions do not hesitate to ask me.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 24, 2011, 10:26:54 PM
 #8

I saw on your website you may be planning a linux cd. If so I'd consider Tiny Core Linux.
With it, you could have a download of ONLY 30 MB iso! That's with Bitcoin and a GUI. It would be easy to have something where the cd boots and prompts user to insert usb stick. Once usb is recognized Bitcoin is lauched and block chain copied off of usb stick and encrypted wallet copied and prompts for gpg password. Once done it could re-copy blockchain onto usb and update the encrypted wallet. Since there is almost no other software on it it, there would be less exploitable bugs.

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
Globz (OP)
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile WWW
June 24, 2011, 10:58:48 PM
 #9

I saw on your website you may be planning a linux cd. If so I'd consider Tiny Core Linux.
With it, you could have a download of ONLY 30 MB iso! That's with Bitcoin and a GUI. It would be easy to have something where the cd boots and prompts user to insert usb stick. Once usb is recognized Bitcoin is lauched and block chain copied off of usb stick and encrypted wallet copied and prompts for gpg password. Once done it could re-copy blockchain onto usb and update the encrypted wallet. Since there is almost no other software on it it, there would be less exploitable bugs.

Thanks for your reply, when comes the time I will follow your advice it seems like a great idea. If you ever wish to participate in the project let me know.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 24, 2011, 11:50:30 PM
 #10

Thanks for your reply, when comes the time I will follow your advice it seems like a great idea. If you ever wish to participate in the project let me know.
Check: https://forum.bitcoin.org/index.php?topic=22128.0

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
Globz (OP)
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile WWW
June 25, 2011, 12:18:45 AM
 #11

Thanks for your reply, when comes the time I will follow your advice it seems like a great idea. If you ever wish to participate in the project let me know.
Check: https://forum.bitcoin.org/index.php?topic=22128.0



yeah I just saw, if you find other people who would be interested to create this LiveCD, I will gladly help in the create and host it on my website. If not I will do it by myself but it might take a little while since I am really busy right now.
bitlotto
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 25, 2011, 12:28:17 AM
 #12

Thanks for your reply, when comes the time I will follow your advice it seems like a great idea. If you ever wish to participate in the project let me know.
Check: https://forum.bitcoin.org/index.php?topic=22128.0



yeah I just saw, if you find other people who would be interested to create this LiveCD, I will gladly help in the create and host it on my website. If not I will do it by myself but it might take a little while since I am really busy right now.
If you made one like how I described it would be pretty sweet! I'll be watching!!

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
Globz (OP)
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile WWW
June 25, 2011, 03:59:09 AM
 #13

Thanks for your reply, when comes the time I will follow your advice it seems like a great idea. If you ever wish to participate in the project let me know.
Check: https://forum.bitcoin.org/index.php?topic=22128.0



yeah I just saw, if you find other people who would be interested to create this LiveCD, I will gladly help in the create and host it on my website. If not I will do it by myself but it might take a little while since I am really busy right now.
If you made one like how I described it would be pretty sweet! I'll be watching!!

I will do my best.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2347


Eadem mutata resurgo


View Profile
June 25, 2011, 03:53:36 PM
 #14


Liking these "Vault Environment" projects ... just watching.

So how sure are you that traces of the decrypted private keys are never left anywhere on the machine when you are all done? RAM, cache, buffers, etc? Isn't that somewhat hardware dependent? Be good if an embedded guy could have a look through it also.

Globz (OP)
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile WWW
June 25, 2011, 04:27:08 PM
 #15


Liking these "Vault Environment" projects ... just watching.

So how sure are you that traces of the decrypted private keys are never left anywhere on the machine when you are all done? RAM, cache, buffers, etc? Isn't that somewhat hardware dependent? Be good if an embedded guy could have a look through it also.

Your TrueCrypt Container will remain on your USB key, you are using an instance of  TrueCrypt loaded inside your RAM to decrypt your container, then the program will mount a virtual drive for you so you can access your wallet, there is no interaction with your HDD. You could even boot up inside this LiveCD without your hard drive.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2347


Eadem mutata resurgo


View Profile
June 25, 2011, 04:42:19 PM
 #16


Liking these "Vault Environment" projects ... just watching.

So how sure are you that traces of the decrypted private keys are never left anywhere on the machine when you are all done? RAM, cache, buffers, etc? Isn't that somewhat hardware dependent? Be good if an embedded guy could have a look through it also.

Your TrueCrypt Container will remain on your USB key, you are using an instance of  TrueCrypt loaded inside your RAM to decrypt your container, then the program will mount a virtual drive for you so you can access your wallet, there is no interaction with your HDD. You could even boot up inside this LiveCD without your hard drive.

And is there some code that specifically scrubs the private keys out of RAM (and where-ever else) when you are done? probably just left to chance right?

Globz (OP)
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile WWW
June 25, 2011, 04:46:32 PM
 #17


Liking these "Vault Environment" projects ... just watching.

So how sure are you that traces of the decrypted private keys are never left anywhere on the machine when you are all done? RAM, cache, buffers, etc? Isn't that somewhat hardware dependent? Be good if an embedded guy could have a look through it also.

Your TrueCrypt Container will remain on your USB key, you are using an instance of  TrueCrypt loaded inside your RAM to decrypt your container, then the program will mount a virtual drive for you so you can access your wallet, there is no interaction with your HDD. You could even boot up inside this LiveCD without your hard drive.

And is there some code that specifically scrubs the private keys out of RAM (and where-ever else) when you are done? probably just left to chance right?

When you are done with the LiveCD you will reboot inside your OS, your RAM will refresh and load your current OS, your container will be unmounted so there's no way to steal the wallet. If your private key would still be in memory the attacker would have to know first what to do with this "key"
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2347


Eadem mutata resurgo


View Profile
June 25, 2011, 05:00:22 PM
 #18

Quote
If your private key would still be in memory the attacker would have to know first what to do with this "key"

.... well that would be the implicit assumption wouldn't it? Worms looking for bitcoin private keys anywhere they find them is the new background environment.

Globz (OP)
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile WWW
June 25, 2011, 05:14:56 PM
 #19

Quote
If your private key would still be in memory the attacker would have to know first what to do with this "key"

.... well that would be the implicit assumption wouldn't it? Worms looking for bitcoin private keys anywhere they find them is the new background environment.

The current Malware is a Trojan and he's only looking for wallet.dat, I haven't heard of such worm reading your RAM for private key. If you find a link I will gladly read it and apply a proper solution to this problem.
marcus_of_augustus
Legendary
*
Offline Offline

Activity: 3920
Merit: 2347


Eadem mutata resurgo


View Profile
June 25, 2011, 05:16:51 PM
 #20

Quote
If your private key would still be in memory the attacker would have to know first what to do with this "key"

.... well that would be the implicit assumption wouldn't it? Worms looking for bitcoin private keys anywhere they find them is the new background environment.

The current Malware is a Trojan and he's only looking for wallet.dat, I haven't heard of such worm reading your RAM for private key. If you find a link I will gladly read it and apply a proper solution to this problem.

... just looking ahead ... trying to think like a criminal.

Pages: [1] 2  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!