Globz (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 24, 2011, 05:10:28 PM Last edit: June 25, 2011, 10:35:31 PM by Globz |
|
The recent security concerns related to Bitcoin gave me the idea to create a LiveCD where you can do safe transactions without worrying about being infected by the trojan infostealer.Coinbit or being spied by anyone. Features : -Use TrueCrypt to access your encrypted Wallet -If you wish you can surf the web anonymously with JonDoFox -You can use the client MegaIRC and join your favourite Bitcoin irc channel -You can also use the calculator to help you in your transactions -You can connect to the internet with OpenVPN (not yet implemented) -Block-chain already pre-loaded inside BitVault - you can manually update it -BitVault Wizard, easy step by step with almost no interaction from the user which install and configure the bitcoin client for you! If you wish to know more about BitVault features, method of work and download link, please read this page : http://kittybomber.com/BitVaultI am also seeking volunteer to help me out with this project, read this page for more information : http://kittybomber.com/BitVault_devPlease give me feedback and if you wish to see something implemented inside this LiveCD let me know! EDIT: -Added a new Bitcoin client support from coderrr : http://forum.mtgoxlive.com/showthread.php/11-Patching-The-Bitcoin-Client-To-Make-It-More-Anonymous - Please read this page if you wish to use this client http://www.kittybomber.com/config_guideFeel free to donate : 1D5BjvQi7kGPUBpumWsN7kJ63hixEJcfFW
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
June 24, 2011, 05:15:28 PM |
|
I strongly recommend you apply Sipa's import/export patch, so that bitcoin addresses with their private keys can be exported and/or re-imported.
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
Globz (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 24, 2011, 05:28:05 PM |
|
I strongly recommend you apply Sipa's import/export patch, so that bitcoin addresses with their private keys can be exported and/or re-imported.
Could you please provide me a link? I will look into this.
|
|
|
|
casascius
Mike Caldwell
VIP
Legendary
Offline
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
|
|
June 24, 2011, 05:47:21 PM |
|
I strongly recommend you apply Sipa's import/export patch, so that bitcoin addresses with their private keys can be exported and/or re-imported.
Could you please provide me a link? I will look into this. http://forum.bitcoin.org/?topic=3906.0
|
Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable. I never believe them. If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins. I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion. Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice. Don't keep coins online. Use paper or hardware wallets instead.
|
|
|
Globz (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 24, 2011, 06:03:33 PM |
|
I strongly recommend you apply Sipa's import/export patch, so that bitcoin addresses with their private keys can be exported and/or re-imported.
Could you please provide me a link? I will look into this. http://forum.bitcoin.org/?topic=3906.0Thanks, so it does only support this client version 0.3.20 ?
|
|
|
|
em3rgentOrdr
|
|
June 24, 2011, 07:15:00 PM |
|
I subscribing to this thread. When anyone tries it out, please respond and give feedback.
|
"We will not find a solution to political problems in cryptography, but we can win a major battle in the arms race and gain a new territory of freedom for several years.
Governments are good at cutting off the heads of a centrally controlled networks, but pure P2P networks are holding their own."
|
|
|
Globz (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 24, 2011, 09:01:25 PM |
|
I subscribing to this thread. When anyone tries it out, please respond and give feedback.
If you have any questions do not hesitate to ask me.
|
|
|
|
bitlotto
|
|
June 24, 2011, 10:26:54 PM |
|
I saw on your website you may be planning a linux cd. If so I'd consider Tiny Core Linux. With it, you could have a download of ONLY 30 MB iso! That's with Bitcoin and a GUI. It would be easy to have something where the cd boots and prompts user to insert usb stick. Once usb is recognized Bitcoin is lauched and block chain copied off of usb stick and encrypted wallet copied and prompts for gpg password. Once done it could re-copy blockchain onto usb and update the encrypted wallet. Since there is almost no other software on it it, there would be less exploitable bugs.
|
*Next Draw Feb 1* BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR TOR2WEB Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
|
|
|
Globz (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 24, 2011, 10:58:48 PM |
|
I saw on your website you may be planning a linux cd. If so I'd consider Tiny Core Linux. With it, you could have a download of ONLY 30 MB iso! That's with Bitcoin and a GUI. It would be easy to have something where the cd boots and prompts user to insert usb stick. Once usb is recognized Bitcoin is lauched and block chain copied off of usb stick and encrypted wallet copied and prompts for gpg password. Once done it could re-copy blockchain onto usb and update the encrypted wallet. Since there is almost no other software on it it, there would be less exploitable bugs.
Thanks for your reply, when comes the time I will follow your advice it seems like a great idea. If you ever wish to participate in the project let me know.
|
|
|
|
bitlotto
|
|
June 24, 2011, 11:50:30 PM |
|
Thanks for your reply, when comes the time I will follow your advice it seems like a great idea. If you ever wish to participate in the project let me know.
Check: https://forum.bitcoin.org/index.php?topic=22128.0
|
*Next Draw Feb 1* BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR TOR2WEB Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
|
|
|
Globz (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 25, 2011, 12:18:45 AM |
|
yeah I just saw, if you find other people who would be interested to create this LiveCD, I will gladly help in the create and host it on my website. If not I will do it by myself but it might take a little while since I am really busy right now.
|
|
|
|
bitlotto
|
|
June 25, 2011, 12:28:17 AM |
|
yeah I just saw, if you find other people who would be interested to create this LiveCD, I will gladly help in the create and host it on my website. If not I will do it by myself but it might take a little while since I am really busy right now. If you made one like how I described it would be pretty sweet! I'll be watching!!
|
*Next Draw Feb 1* BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR TOR2WEB Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
|
|
|
Globz (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 25, 2011, 03:59:09 AM |
|
yeah I just saw, if you find other people who would be interested to create this LiveCD, I will gladly help in the create and host it on my website. If not I will do it by myself but it might take a little while since I am really busy right now. If you made one like how I described it would be pretty sweet! I'll be watching!! I will do my best.
|
|
|
|
marcus_of_augustus
Legendary
Offline
Activity: 3920
Merit: 2349
Eadem mutata resurgo
|
|
June 25, 2011, 03:53:36 PM |
|
Liking these "Vault Environment" projects ... just watching.
So how sure are you that traces of the decrypted private keys are never left anywhere on the machine when you are all done? RAM, cache, buffers, etc? Isn't that somewhat hardware dependent? Be good if an embedded guy could have a look through it also.
|
|
|
|
Globz (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 25, 2011, 04:27:08 PM |
|
Liking these "Vault Environment" projects ... just watching.
So how sure are you that traces of the decrypted private keys are never left anywhere on the machine when you are all done? RAM, cache, buffers, etc? Isn't that somewhat hardware dependent? Be good if an embedded guy could have a look through it also.
Your TrueCrypt Container will remain on your USB key, you are using an instance of TrueCrypt loaded inside your RAM to decrypt your container, then the program will mount a virtual drive for you so you can access your wallet, there is no interaction with your HDD. You could even boot up inside this LiveCD without your hard drive.
|
|
|
|
marcus_of_augustus
Legendary
Offline
Activity: 3920
Merit: 2349
Eadem mutata resurgo
|
|
June 25, 2011, 04:42:19 PM |
|
Liking these "Vault Environment" projects ... just watching.
So how sure are you that traces of the decrypted private keys are never left anywhere on the machine when you are all done? RAM, cache, buffers, etc? Isn't that somewhat hardware dependent? Be good if an embedded guy could have a look through it also.
Your TrueCrypt Container will remain on your USB key, you are using an instance of TrueCrypt loaded inside your RAM to decrypt your container, then the program will mount a virtual drive for you so you can access your wallet, there is no interaction with your HDD. You could even boot up inside this LiveCD without your hard drive. And is there some code that specifically scrubs the private keys out of RAM (and where-ever else) when you are done? probably just left to chance right?
|
|
|
|
Globz (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 25, 2011, 04:46:32 PM |
|
Liking these "Vault Environment" projects ... just watching.
So how sure are you that traces of the decrypted private keys are never left anywhere on the machine when you are all done? RAM, cache, buffers, etc? Isn't that somewhat hardware dependent? Be good if an embedded guy could have a look through it also.
Your TrueCrypt Container will remain on your USB key, you are using an instance of TrueCrypt loaded inside your RAM to decrypt your container, then the program will mount a virtual drive for you so you can access your wallet, there is no interaction with your HDD. You could even boot up inside this LiveCD without your hard drive. And is there some code that specifically scrubs the private keys out of RAM (and where-ever else) when you are done? probably just left to chance right? When you are done with the LiveCD you will reboot inside your OS, your RAM will refresh and load your current OS, your container will be unmounted so there's no way to steal the wallet. If your private key would still be in memory the attacker would have to know first what to do with this "key"
|
|
|
|
marcus_of_augustus
Legendary
Offline
Activity: 3920
Merit: 2349
Eadem mutata resurgo
|
|
June 25, 2011, 05:00:22 PM |
|
If your private key would still be in memory the attacker would have to know first what to do with this "key" .... well that would be the implicit assumption wouldn't it? Worms looking for bitcoin private keys anywhere they find them is the new background environment.
|
|
|
|
Globz (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 25, 2011, 05:14:56 PM |
|
If your private key would still be in memory the attacker would have to know first what to do with this "key" .... well that would be the implicit assumption wouldn't it? Worms looking for bitcoin private keys anywhere they find them is the new background environment. The current Malware is a Trojan and he's only looking for wallet.dat, I haven't heard of such worm reading your RAM for private key. If you find a link I will gladly read it and apply a proper solution to this problem.
|
|
|
|
marcus_of_augustus
Legendary
Offline
Activity: 3920
Merit: 2349
Eadem mutata resurgo
|
|
June 25, 2011, 05:16:51 PM |
|
If your private key would still be in memory the attacker would have to know first what to do with this "key" .... well that would be the implicit assumption wouldn't it? Worms looking for bitcoin private keys anywhere they find them is the new background environment. The current Malware is a Trojan and he's only looking for wallet.dat, I haven't heard of such worm reading your RAM for private key. If you find a link I will gladly read it and apply a proper solution to this problem. ... just looking ahead ... trying to think like a criminal.
|
|
|
|
|