[REQUEST] Developing Bootable Bitcoin-QT

[rme]

Hi,
You're afraid of viruses, java exploits, keyloggers on your PC?
I have the solution, Bootable Bitcoin-QT.

Note: This is not a developed yet, its only a conept, Bitcoin core developers have to code it.





Bootalble Bitcoin-QT is a simple OS containing only the Bitcoin-QT client.
No desktop, no binary files, no access to command line, no internet browser, no menu bar, not even windows. Only Bitcoin-QT.

You download (or build from source) a Bootable Bitcoin-QT ISO file, you burn in a CD/DVD or a bootable USB, you plug in into your PC and reboot.

Wallet.dat and Blockchain data is stored in a separate USB drive (encrypted by a password and formatted in a different way so Windows cannot recognice this drive.






Post under construction, I will add more info about the concept.

[1714935548]

1714935548

[No 1]

interesting... ill watch this

[redcomet]

This would be fun, you should start a bounty

[qualalol]

Probably best to start with Damn Small Linux, and customise things as needed from there -- I'm assuming you'd want to update the whole CD every time you have a new Bitcoin-Qt version, otherwise you'd have to store it on the USB drive -- but ideally you would set the system up to not run any executables from anywhere except the cd. (Using LUKS with usb drives works well, so no issues with encrypting things there.) It's probably also worth having a wrapper program which can launch Bitcoin-Qt (or Armory, which I'd include if I was doing this myself, at least once the stability issues are solved) and deal with the mounting/unmounting of the external drive.

[virtualmaster]

Good idea.

[FlappySocks]

It's a good idea, and one I have thought about previously as a stopgap for a hardware wallet.

One hurdle is to build trust, that it's not in itself loaded with some kind of mailware. 

[rme]

It's a good idea, and one I have thought about previously as a stopgap for a hardware wallet.

One hurdle is to build trust, that it's not in itself loaded with some kind of mailware. 

Thats why we need the Bitcoin Core developers to build this.

[AliceWonder]

Don't use Bitcoin-QT - it will be a headache due to downloading the blockchain.
Use an alternate client that does not require the whole blockchain.

[Jaxkr]

Don't use Bitcoin-QT - it will be a headache due to downloading the blockchain.
Use an alternate client that does not require the whole blockchain.

Electrum!

[jl2012]

How about hardware trojan and hardware keylogger?

[AliceWonder]

How about hardware trojan and hardware keylogger?

That's a little on the over paranoid side. The user should be reasonable sure their hardware has not been compromised regardless of what type of financial transactions they are using their computer for. There's only so much software developers can reasonably be expected to accomodate for.

[Peter Todd]

How about hardware trojan and hardware keylogger?

Use hardware built prior to 2009

[rme]

How about hardware trojan and hardware keylogger?

Actually you can buy a keyboard hardware keylogger but you can do nothing with the password, you need the wallet file.
That requires hardware that copys the USB when it is plugged, that is the reason that the usb is formated in a encrypted format.

Also you can just type the password with a virtual keyboard.

[AliceWonder]

If someone has physical access to the machine to install a hardware logger, getting the wallet.dat is probably not that difficult.

[kostagr33k]

Well you could easily script this which would be open for others to scrutinize.


I'd possibly be interested in putting time into this if there was interest, and a bounty wouldn't hurt.


Kosta

[peapodamus]

I'm wondering why someone hasn't remixed ubuntu to do this yet. It would be doable in a day or so.

[jubalix]

this is almost 1/3 of the killer app for bitcoin because people just need a usb they can associate a wallet and a nice gui front end operates for them....they can copy it and use a password, feel and be secure

the other 1/3 is a distributed exchange

the final third is speed, as in near instant or chain, throw away chains, local chains etc

also you may need to use electrum if the block chain gets to big.....to quickly

[rme]

I'm wondering why someone hasn't remixed ubuntu to do this yet. It would be doable in a day or so.

IMO, Ubuntu is a too complex distro.
We need some small linux distro (50-100mb), remove most of the packages preinstalled, add Bitcoin-QT (customized), full screen, no browser, no .deb files, no repos, no text editor, no impr pant command, no nothing.

Also, if developers want we can use Electrum wallet or similar.
Also, we could ask Electrum developers to develop this.

The main thing is that we need a trusted developer to build this OS. (And release the source).

[kostagr33k]

ID suggest either going all out and building a custom linux from scratch distro , and strip everything out as suggested above or DSL (or similar distro) with very fine customizations


kosta

[AliceWonder]

I'm wondering why someone hasn't remixed ubuntu to do this yet. It would be doable in a day or so.

IMO, Ubuntu is a too complex distro.
We need some small linux distro (50-100mb), remove most of the packages preinstalled, add Bitcoin-QT (customized), full screen, no browser, no .deb files, no repos, no text editor, no impr pant command, no nothing.

Also, if developers want we can use Electrum wallet or similar.
Also, we could ask Electrum developers to develop this.

The main thing is that we need a trusted developer to build this OS. (And release the source).

Linux From Scratch - you don't get more barebones than that.

Seriously, you probably do want to use something that has either rpm or deb packages simply because you can build the packages in a clean chroot environment (like mock) to make sure they have dependency sanity and don't accidentally link against packages you don't want them to.

You probably also do want a text editor, vim is probably fine and does not need x11 libraries to build.
I would however recommend a minimalist X11 environment and a web browser (web browser is useful for pywallet) - midori is a good basic browser (gtk-webkit), but don't include flash/java plugins.

Not having a text editor isn't going to make it more secure, if a hacker gets a shell he'll just upload a kit that has busybox and whatever other tools he needs, including a text editor.

[jubalix]

one point

if you build this a nice feature would be to have it work so transactions are done offline by signing, then transferred to another virtual running linux os inside, or other os that only happens when you hit send, an this is what accepts the signed instruction and connects, so it is auto air gapped. The primary os would have no internet driver or so it could not connect, or alternatively if the primary os had to have such this then the virtual os would be the one running you user gui client to make the signing.

This would be done behind the scene away from the user of course

[kostagr33k]

@jubalix that would be interesting but since this would be a USB wallet with an "offline" OS it might be overkill / more of a pain. IF you only go online with that USB drive to send , then I'd say you should be almost 99% safe from someone stealing your wallet.

For that to happen, they would have to know when you boot up that system in the short timeframe that it takes you to send coins. And since this system would be firewalled from any incoming connections, it would be fairly hard to get into it.


Kosta

[rme]

Bump

[doof]

good idea.

[rme]

Up

[devthedev]

This is a pretty slick idea! Like others have mentioned, Linux from Scratch is a pretty fantastic framework.

[blockgenesis]

This idea should probably not be made available for download until HD (deterministic) wallets are used in the bootable environment.

The reason for this is that in a temporary environment (or with cheap USB storage), there's plenty of risk for new unsaved Bitcoin addresses to be destroyed at shutdown. In case you don't know this, Bitcoin-Qt for instance always create a new Bitcoin address for each payment and moves the "change" of a transaction to this address. There's at least one case of someone who lost a lot of bitcoins in that exact same situation in the past.

Deterministic wallets will be (to my knowledge) immune to this problem, as all Bitcoin addresses generated by these wallets can be re-generated later if the wallet hasn't been saved correctly or when restoring an old backup.

[rme]

This idea should probably not be made available for download until HD (deterministic) wallets are used in the bootable environment.

The reason for this is that in a temporary environment (or with cheap USB storage), there's plenty of risk for new unsaved Bitcoin addresses to be destroyed at shutdown. In case you don't know this, Bitcoin-Qt for instance always create a new Bitcoin address for each payment and moves the "change" of a transaction to this address. There's at least one case of someone who lost a lot of bitcoins in that exact same situation in the past.

Deterministic wallets will be (to my knowledge) immune to this problem, as all Bitcoin addresses generated by these wallets can be re-generated later if the wallet hasn't been saved correctly or when restoring an old backup.

True, we can also change this request to "Developing Bootable Electrum Wallet".

This will save us from downloading the blockchain.

This way we only need a bootable cd + our wallet seed to import our wallet.

[kostagr33k]

Is electrum considered the "Safe way" to do it? I know I read in the past people prefer Bitcoin-qt as you have the whole block chain, and less of a chance to get duped.


Thanks

Kosta

[rme]

Is electrum considered the "Safe way" to do it? I know I read in the past people prefer Bitcoin-qt as you have the whole block chain, and less of a chance to get duped.


Thanks

Kosta

As I said in the post, I am not developing this, just presenting the idea to the comunity so someone may develop it.

The Bitcoin Core developers have telled to me that they have no time for this so the Electrum ones may have.

[super3]

Yeah having to download the blockchain would make this quite unusable. Essentially Electrum on LiveCD is all you need. Combine this with a hardware authentication method like YubiKey. Essentially a Trezor like solution for $30.

[rme]

We need that someone trusted develop a bootable Electrum with the same requirements as the first idea.

[super3]

We need that someone trusted develop a bootable Electrum with the same requirements as the first idea.

Put like a $500 bounty for the Electrum part. Probably not hard for someone with LiveCD skills. Just need to add an extra package, and recompile the LiveCD.

[frito_mosquito]

We need that someone trusted develop a bootable Electrum with the same requirements as the first idea.

Put like a $500 bounty for the Electrum part. Probably not hard for someone with LiveCD skills. Just need to add an extra package, and recompile the LiveCD.

I am actively working on this, although I am not sure I meet the 'trusted' requirement, as I am rather new to the community.  My plan is to be as transparent as possible, and include detailed instructions for creating the ISO yourself.

[frito_mosquito]

Looks like I may be out of my league.  Bitcoin needs an entire suit of linux distributions.  Cold Wallets. Hot wallets. Different node types. All these need their own, custom Linux distro, and possibly even kernel, built from scratch.  That is out of my league for the immediate future.

But that won't keep me from trying.  I will see if I can hack something together.

Regards,
Frito_Mosquito

[UncleBen]

If security is a higher goal for that application, why not use a slim and bootable version of OpenBSD with XServer as terminal system?
They don't even found a backdoor after a FBI affair, see: http://arstechnica.com/information-technology/2010/12/openbsd-code-audit-uncovers-bugs-but-no-evidence-of-backdoor/.

Their slogan: "Only two remote holes in the default install, in a heck of a long time!"

Just my 2BTCcents…

[jbis1]

I started working on an Electrum live cd. You can find the source at https://github.com/josephbisch/electrum-live-cd-amd64. Build instructions are found in README.md.

The main changes I made are in /config/hooks/ and /config/includes.chroot/. There is no desktop environment, just metacity as the window manager.

An i386 version will be coming soon. In the meantime, you can just modify /auto/config by replacing amd64 with i386. Make sure you run lb config after making the change.

I hesitate to release a build of binary.hybrid.iso for obvious reasons, but will if people really want me to. It is currently at 412MB, but there are probably packages that aren't strictly necessary to run Electrum.

There are currently some known issues. The .xsession script, which starts metacity and electrum when X is started, should restart electrum when it exits with an error. It should shutdown the computer when electrum exits without error, like when you go to file and click on close. Currently, it is shutting down even if electrum exits with an error.

I need to figure out a good way to allow the user to configure their wireless network. Currently just electrum is running, so you must switch to a console and configure your network through there. Suggestions welcome.

As always with Electrum, if you import a private key, you must backup your wallet. Any private keys you import will not be regenerated from your seed.

https://i.imgur.com/6Q1VfNn.png

https://i.imgur.com/FoMvWgG.png

[GianniDalerta]

this is awesome! been wanting to provide my family and friends a working cold storage system. This I think is a great way to do it.

[rme]

Bump

[bitcoinbitcoin]

Currently, what is the most secure Linux Distro to run BitcoinQT or Armory?
Is Linux-TAILS the best or something else better? But is it possible to install TAILS to an internal hard drive while still having persistence?
Is there another distro with TOR on by default, that you can install on a hard drive?

Or is there a newer custom Bitcoin Distro? Like LinuxCoin or Bitsafe, but they are old.
Sorry if this is redundant, it's hard to keep up with the latest custom Bitcoin Distros.

[jbis1]

Currently, what is the most secure Linux Distro to run BitcoinQT or Armory?
Is Linux-TAILS the best or something else better? But is it possible to install TAILS to an internal hard drive while still having persistence?
Is there another distro with TOR on by default, that you can install on a hard drive?

Or is there a newer custom Bitcoin Distro? Like LinuxCoin or Bitsafe, but they are old.
Sorry if this is redundant, it's hard to keep up with the latest custom Bitcoin Distros.

What do you want? Do you want to run the client thru Tor? Do you want a LiveCD or install to hard drive. It sounds like you want Tor and hard drive install, but LinuxCoin and Bitsafe appear to work differently.

Let me know your needs and I should be able to throw something together that is based on Debian.

[bitcoinbitcoin]

Well, for an offline/online system i'm trying to decide between running 2 LiveUSBs vs 2 full dedicated laptops. Or one dedicated offline laptop, and one online LiveUSB (like TAILS).
Is running an wallet using a LiveUSB completely safe, or is it better to have a dedicated laptop for your wallet?

With the LiveUSB, you should remove the virus-infested Windows8 internal HDD, before you run it. And disable wifi in BIOS if you want offline.
Anything else you should do for security when booting to the LiveUSB? Some say remove the battery for 60 seconds?

[jbis1]

It is not completely safe to run LiveUSB, just like it is not completely safe to run a dedicated computer. The manufacturer may have introduced a vulnerability into either the computer or USB drive at the hardware level. There are steps to take that will allow you to safely use with a LiveUSB or dedicated computer, assuming that the devices are not compromised on a hardware level.

This addresses the LiveUSB security issue. If you use a USB device with an integrated switch to disable write access you can be sure that the contents of the drive don't change. This is assuming the device never leaves your sight (since someone can just flip the switch and modify files on the drive) and assuming that you trust the drive manufacturer to correctly implement the write protect feature.

I would be careful where I got the USB device from. They have microcontrollers in them, which can be reprogrammed.

Of course, if you want persistence (wallet files, etc.) you need to disable the write protect or have one flash drive for the OS and another for the data.

Ultimately it is up to you to answer: Do you have enough bitcoin to justify (a) dedicated computer(s)? I personally feel a LiveCD is sufficient, with a flash drive for the (encrypted) wallet.dat.

[bitcoinbitcoin]

For your offline wallet on dedicated computer:
  Why does it help to be offline STARTING before installing Linux? I thought it only matters that it is offline forever-- STARTING right before the wallet is created.

But many guides recommend to install xubuntu offline with apt-offline, etc.. That is a PITA. Please explain the benefit.
  It's so much easier to install the OS and armory/electrum while online, THEN unplug the ethernet cable and superglue the port   Can you refer me to a complete guide?  So many are different/outdated.

Thanks again, sorry if redundant.

[jbis1]

For your offline wallet on dedicated computer:
  Why does it help to be offline STARTING before installing Linux? I thought it only matters that it is offline forever-- STARTING right before the wallet is created.

But many guides recommend to install xubuntu offline with apt-offline, etc.. That is a PITA. Please explain the benefit.
  It's so much easier to install the OS and armory/electrum while online, THEN unplug the ethernet cable and superglue the port   Can you refer me to a complete guide?  So many are different/outdated.

Thanks again, sorry if redundant.

If you are replying to me, I don't think I ever said to be offline before installing Linux. Of course you need to get Linux from somewhere and that is probably the Internet. I agree that you should install the OS and wallet first, then disable the Internet.

I don't know of a complete guide. You want to first create the Linux LiveUSB. How you do that depends on whether you are currently running Linux or Windows. The following is a guide for if you are running Linux.

http://www.pendrivelinux.com/creating-an-ubuntu-live-usb-from-cd/#more-5191

[rme]

up