rme (OP)
|
|
June 06, 2013, 01:07:22 PM Last edit: October 13, 2013, 08:36:00 AM by rme |
|
Hi, You're afraid of viruses, java exploits, keyloggers on your PC? I have the solution, Bootable Bitcoin-QT. Note: This is not a developed yet, its only a conept, Bitcoin core developers have to code it.Bootalble Bitcoin-QT is a simple OS containing only the Bitcoin-QT client. No desktop, no binary files, no access to command line, no internet browser, no menu bar, not even windows. Only Bitcoin-QT.
You download (or build from source) a Bootable Bitcoin-QT ISO file, you burn in a CD/DVD or a bootable USB, you plug in into your PC and reboot.
Wallet.dat and Blockchain data is stored in a separate USB drive (encrypted by a password and formatted in a different way so Windows cannot recognice this drive. Post under construction, I will add more info about the concept.
|
|
|
|
|
|
|
"In a nutshell, the network works like a distributed
timestamp server, stamping the first transaction to spend a coin. It
takes advantage of the nature of information being easy to spread but
hard to stifle." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
No 1
Full Member
Offline
Activity: 140
Merit: 100
Ad Infinitum Et Ultra
|
|
June 07, 2013, 05:29:23 AM |
|
interesting... ill watch this
|
12wqXQuExLnWoWWQy7j35hzBEW91bUz1YS LcbBQ5oXtTjyKK4V8iaDqgUAAtahv9nsHR
|
|
|
redcomet
Newbie
Offline
Activity: 52
Merit: 0
|
|
June 07, 2013, 05:50:31 AM |
|
This would be fun, you should start a bounty
|
|
|
|
qualalol
Newbie
Offline
Activity: 57
Merit: 0
|
|
June 07, 2013, 07:44:02 PM |
|
Probably best to start with Damn Small Linux, and customise things as needed from there -- I'm assuming you'd want to update the whole CD every time you have a new Bitcoin-Qt version, otherwise you'd have to store it on the USB drive -- but ideally you would set the system up to not run any executables from anywhere except the cd. (Using LUKS with usb drives works well, so no issues with encrypting things there.) It's probably also worth having a wrapper program which can launch Bitcoin-Qt (or Armory, which I'd include if I was doing this myself, at least once the stability issues are solved) and deal with the mounting/unmounting of the external drive.
|
|
|
|
|
FlappySocks
|
|
June 12, 2013, 06:56:39 PM |
|
It's a good idea, and one I have thought about previously as a stopgap for a hardware wallet.
One hurdle is to build trust, that it's not in itself loaded with some kind of mailware.
|
|
|
|
rme (OP)
|
|
June 28, 2013, 11:50:32 AM |
|
It's a good idea, and one I have thought about previously as a stopgap for a hardware wallet.
One hurdle is to build trust, that it's not in itself loaded with some kind of mailware.
Thats why we need the Bitcoin Core developers to build this.
|
|
|
|
AliceWonder
|
|
June 28, 2013, 04:42:07 PM |
|
Don't use Bitcoin-QT - it will be a headache due to downloading the blockchain. Use an alternate client that does not require the whole blockchain.
|
|
|
|
Jaxkr
|
|
June 28, 2013, 04:50:51 PM |
|
Don't use Bitcoin-QT - it will be a headache due to downloading the blockchain. Use an alternate client that does not require the whole blockchain.
Electrum!
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1093
|
|
June 28, 2013, 05:12:50 PM |
|
How about hardware trojan and hardware keylogger?
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
AliceWonder
|
|
June 28, 2013, 05:29:53 PM |
|
How about hardware trojan and hardware keylogger?
That's a little on the over paranoid side. The user should be reasonable sure their hardware has not been compromised regardless of what type of financial transactions they are using their computer for. There's only so much software developers can reasonably be expected to accomodate for.
|
|
|
|
Peter Todd
Legendary
Offline
Activity: 1120
Merit: 1150
|
|
June 28, 2013, 05:41:25 PM |
|
How about hardware trojan and hardware keylogger?
Use hardware built prior to 2009
|
|
|
|
rme (OP)
|
|
June 28, 2013, 08:23:51 PM |
|
How about hardware trojan and hardware keylogger?
Actually you can buy a keyboard hardware keylogger but you can do nothing with the password, you need the wallet file. That requires hardware that copys the USB when it is plugged, that is the reason that the usb is formated in a encrypted format. Also you can just type the password with a virtual keyboard.
|
|
|
|
AliceWonder
|
|
June 28, 2013, 08:37:19 PM |
|
If someone has physical access to the machine to install a hardware logger, getting the wallet.dat is probably not that difficult.
|
|
|
|
kostagr33k
|
|
June 29, 2013, 02:28:46 AM |
|
Well you could easily script this which would be open for others to scrutinize.
I'd possibly be interested in putting time into this if there was interest, and a bounty wouldn't hurt.
Kosta
|
|
|
|
peapodamus
Newbie
Offline
Activity: 43
Merit: 0
|
|
June 29, 2013, 03:28:01 AM |
|
I'm wondering why someone hasn't remixed ubuntu to do this yet. It would be doable in a day or so.
|
|
|
|
jubalix
Legendary
Offline
Activity: 2618
Merit: 1022
|
|
June 29, 2013, 03:50:43 AM |
|
this is almost 1/3 of the killer app for bitcoin because people just need a usb they can associate a wallet and a nice gui front end operates for them....they can copy it and use a password, feel and be secure
the other 1/3 is a distributed exchange
the final third is speed, as in near instant or chain, throw away chains, local chains etc
also you may need to use electrum if the block chain gets to big.....to quickly
|
|
|
|
rme (OP)
|
|
June 29, 2013, 04:21:43 AM |
|
I'm wondering why someone hasn't remixed ubuntu to do this yet. It would be doable in a day or so.
IMO, Ubuntu is a too complex distro. We need some small linux distro (50-100mb), remove most of the packages preinstalled, add Bitcoin-QT (customized), full screen, no browser, no .deb files, no repos, no text editor, no impr pant command, no nothing. Also, if developers want we can use Electrum wallet or similar. Also, we could ask Electrum developers to develop this. The main thing is that we need a trusted developer to build this OS. (And release the source).
|
|
|
|
kostagr33k
|
|
June 29, 2013, 04:36:31 AM |
|
ID suggest either going all out and building a custom linux from scratch distro , and strip everything out as suggested above or DSL (or similar distro) with very fine customizations
kosta
|
|
|
|
AliceWonder
|
|
June 29, 2013, 04:37:53 AM |
|
I'm wondering why someone hasn't remixed ubuntu to do this yet. It would be doable in a day or so.
IMO, Ubuntu is a too complex distro. We need some small linux distro (50-100mb), remove most of the packages preinstalled, add Bitcoin-QT (customized), full screen, no browser, no .deb files, no repos, no text editor, no impr pant command, no nothing. Also, if developers want we can use Electrum wallet or similar. Also, we could ask Electrum developers to develop this. The main thing is that we need a trusted developer to build this OS. (And release the source). Linux From Scratch - you don't get more barebones than that. Seriously, you probably do want to use something that has either rpm or deb packages simply because you can build the packages in a clean chroot environment (like mock) to make sure they have dependency sanity and don't accidentally link against packages you don't want them to. You probably also do want a text editor, vim is probably fine and does not need x11 libraries to build. I would however recommend a minimalist X11 environment and a web browser (web browser is useful for pywallet) - midori is a good basic browser (gtk-webkit), but don't include flash/java plugins. Not having a text editor isn't going to make it more secure, if a hacker gets a shell he'll just upload a kit that has busybox and whatever other tools he needs, including a text editor.
|
|
|
|
jubalix
Legendary
Offline
Activity: 2618
Merit: 1022
|
|
June 29, 2013, 07:56:06 AM |
|
one point
if you build this a nice feature would be to have it work so transactions are done offline by signing, then transferred to another virtual running linux os inside, or other os that only happens when you hit send, an this is what accepts the signed instruction and connects, so it is auto air gapped. The primary os would have no internet driver or so it could not connect, or alternatively if the primary os had to have such this then the virtual os would be the one running you user gui client to make the signing.
This would be done behind the scene away from the user of course
|
|
|
|
kostagr33k
|
|
June 30, 2013, 12:54:34 AM |
|
@jubalix that would be interesting but since this would be a USB wallet with an "offline" OS it might be overkill / more of a pain. IF you only go online with that USB drive to send , then I'd say you should be almost 99% safe from someone stealing your wallet.
For that to happen, they would have to know when you boot up that system in the short timeframe that it takes you to send coins. And since this system would be firewalled from any incoming connections, it would be fairly hard to get into it.
Kosta
|
|
|
|
rme (OP)
|
|
October 12, 2013, 10:36:38 PM |
|
Bump
|
|
|
|
doof
|
|
October 13, 2013, 02:18:38 AM |
|
good idea.
|
|
|
|
rme (OP)
|
|
November 01, 2013, 11:07:30 PM |
|
Up
|
|
|
|
devthedev
Legendary
Offline
Activity: 1050
Merit: 1004
|
|
November 03, 2013, 07:11:55 PM |
|
This is a pretty slick idea! Like others have mentioned, Linux from Scratch is a pretty fantastic framework.
|
|
|
|
blockgenesis
Sr. Member
Offline
Activity: 285
Merit: 250
Bitcoin.org maintainer
|
|
November 03, 2013, 07:36:38 PM |
|
This idea should probably not be made available for download until HD (deterministic) wallets are used in the bootable environment.
The reason for this is that in a temporary environment (or with cheap USB storage), there's plenty of risk for new unsaved Bitcoin addresses to be destroyed at shutdown. In case you don't know this, Bitcoin-Qt for instance always create a new Bitcoin address for each payment and moves the "change" of a transaction to this address. There's at least one case of someone who lost a lot of bitcoins in that exact same situation in the past.
Deterministic wallets will be (to my knowledge) immune to this problem, as all Bitcoin addresses generated by these wallets can be re-generated later if the wallet hasn't been saved correctly or when restoring an old backup.
|
Donation: 18XXXQs1vAQGBAZbXKA322r9Zy1nZac2H4
|
|
|
rme (OP)
|
|
November 04, 2013, 04:07:11 PM |
|
This idea should probably not be made available for download until HD (deterministic) wallets are used in the bootable environment.
The reason for this is that in a temporary environment (or with cheap USB storage), there's plenty of risk for new unsaved Bitcoin addresses to be destroyed at shutdown. In case you don't know this, Bitcoin-Qt for instance always create a new Bitcoin address for each payment and moves the "change" of a transaction to this address. There's at least one case of someone who lost a lot of bitcoins in that exact same situation in the past.
Deterministic wallets will be (to my knowledge) immune to this problem, as all Bitcoin addresses generated by these wallets can be re-generated later if the wallet hasn't been saved correctly or when restoring an old backup.
True, we can also change this request to "Developing Bootable Electrum Wallet". This will save us from downloading the blockchain. This way we only need a bootable cd + our wallet seed to import our wallet.
|
|
|
|
kostagr33k
|
|
November 04, 2013, 04:42:43 PM |
|
Is electrum considered the "Safe way" to do it? I know I read in the past people prefer Bitcoin-qt as you have the whole block chain, and less of a chance to get duped.
Thanks
Kosta
|
|
|
|
rme (OP)
|
|
November 04, 2013, 05:12:57 PM |
|
Is electrum considered the "Safe way" to do it? I know I read in the past people prefer Bitcoin-qt as you have the whole block chain, and less of a chance to get duped.
Thanks
Kosta
As I said in the post, I am not developing this, just presenting the idea to the comunity so someone may develop it. The Bitcoin Core developers have telled to me that they have no time for this so the Electrum ones may have.
|
|
|
|
super3
Legendary
Offline
Activity: 1094
Merit: 1006
|
|
December 03, 2013, 06:14:54 PM |
|
Yeah having to download the blockchain would make this quite unusable. Essentially Electrum on LiveCD is all you need. Combine this with a hardware authentication method like YubiKey. Essentially a Trezor like solution for $30.
|
|
|
|
rme (OP)
|
|
December 03, 2013, 06:28:05 PM |
|
We need that someone trusted develop a bootable Electrum with the same requirements as the first idea.
|
|
|
|
super3
Legendary
Offline
Activity: 1094
Merit: 1006
|
|
December 03, 2013, 06:50:11 PM |
|
We need that someone trusted develop a bootable Electrum with the same requirements as the first idea.
Put like a $500 bounty for the Electrum part. Probably not hard for someone with LiveCD skills. Just need to add an extra package, and recompile the LiveCD.
|
|
|
|
frito_mosquito
Newbie
Offline
Activity: 8
Merit: 0
|
|
December 03, 2013, 10:00:17 PM |
|
We need that someone trusted develop a bootable Electrum with the same requirements as the first idea.
Put like a $500 bounty for the Electrum part. Probably not hard for someone with LiveCD skills. Just need to add an extra package, and recompile the LiveCD. I am actively working on this, although I am not sure I meet the 'trusted' requirement, as I am rather new to the community. My plan is to be as transparent as possible, and include detailed instructions for creating the ISO yourself.
|
|
|
|
frito_mosquito
Newbie
Offline
Activity: 8
Merit: 0
|
|
December 05, 2013, 12:29:05 AM |
|
Looks like I may be out of my league. Bitcoin needs an entire suit of linux distributions. Cold Wallets. Hot wallets. Different node types. All these need their own, custom Linux distro, and possibly even kernel, built from scratch. That is out of my league for the immediate future.
But that won't keep me from trying. I will see if I can hack something together.
Regards, Frito_Mosquito
|
|
|
|
|
jbis1
Newbie
Offline
Activity: 50
Merit: 0
|
|
December 10, 2013, 08:18:06 PM |
|
I started working on an Electrum live cd. You can find the source at https://github.com/josephbisch/electrum-live-cd-amd64. Build instructions are found in README.md. The main changes I made are in /config/hooks/ and /config/includes.chroot/. There is no desktop environment, just metacity as the window manager. An i386 version will be coming soon. In the meantime, you can just modify /auto/config by replacing amd64 with i386. Make sure you run lb config after making the change. I hesitate to release a build of binary.hybrid.iso for obvious reasons, but will if people really want me to. It is currently at 412MB, but there are probably packages that aren't strictly necessary to run Electrum. There are currently some known issues. The .xsession script, which starts metacity and electrum when X is started, should restart electrum when it exits with an error. It should shutdown the computer when electrum exits without error, like when you go to file and click on close. Currently, it is shutting down even if electrum exits with an error. I need to figure out a good way to allow the user to configure their wireless network. Currently just electrum is running, so you must switch to a console and configure your network through there. Suggestions welcome. As always with Electrum, if you import a private key, you must backup your wallet. Any private keys you import will not be regenerated from your seed. https://i.imgur.com/6Q1VfNn.pnghttps://i.imgur.com/FoMvWgG.png
|
|
|
|
GianniDalerta
Newbie
Offline
Activity: 26
Merit: 0
|
|
December 13, 2013, 08:22:29 PM |
|
this is awesome! been wanting to provide my family and friends a working cold storage system. This I think is a great way to do it.
|
|
|
|
rme (OP)
|
|
February 04, 2014, 08:49:01 PM |
|
Bump
|
|
|
|
bitcoinbitcoin
Newbie
Offline
Activity: 31
Merit: 0
|
|
February 16, 2014, 08:38:10 AM Last edit: February 16, 2014, 10:01:13 AM by bitcoinbitcoin |
|
Currently, what is the most secure Linux Distro to run BitcoinQT or Armory? Is Linux-TAILS the best or something else better? But is it possible to install TAILS to an internal hard drive while still having persistence? Is there another distro with TOR on by default, that you can install on a hard drive?
Or is there a newer custom Bitcoin Distro? Like LinuxCoin or Bitsafe, but they are old. Sorry if this is redundant, it's hard to keep up with the latest custom Bitcoin Distros.
|
|
|
|
jbis1
Newbie
Offline
Activity: 50
Merit: 0
|
|
February 17, 2014, 02:35:05 PM |
|
Currently, what is the most secure Linux Distro to run BitcoinQT or Armory? Is Linux-TAILS the best or something else better? But is it possible to install TAILS to an internal hard drive while still having persistence? Is there another distro with TOR on by default, that you can install on a hard drive?
Or is there a newer custom Bitcoin Distro? Like LinuxCoin or Bitsafe, but they are old. Sorry if this is redundant, it's hard to keep up with the latest custom Bitcoin Distros.
What do you want? Do you want to run the client thru Tor? Do you want a LiveCD or install to hard drive. It sounds like you want Tor and hard drive install, but LinuxCoin and Bitsafe appear to work differently. Let me know your needs and I should be able to throw something together that is based on Debian.
|
|
|
|
bitcoinbitcoin
Newbie
Offline
Activity: 31
Merit: 0
|
|
March 06, 2014, 12:20:42 AM Last edit: March 06, 2014, 03:51:14 AM by bitcoinbitcoin |
|
Well, for an offline/online system i'm trying to decide between running 2 LiveUSBs vs 2 full dedicated laptops. Or one dedicated offline laptop, and one online LiveUSB (like TAILS). Is running an wallet using a LiveUSB completely safe, or is it better to have a dedicated laptop for your wallet?
With the LiveUSB, you should remove the virus-infested Windows8 internal HDD, before you run it. And disable wifi in BIOS if you want offline. Anything else you should do for security when booting to the LiveUSB? Some say remove the battery for 60 seconds?
|
|
|
|
jbis1
Newbie
Offline
Activity: 50
Merit: 0
|
|
March 06, 2014, 09:56:28 PM |
|
It is not completely safe to run LiveUSB, just like it is not completely safe to run a dedicated computer. The manufacturer may have introduced a vulnerability into either the computer or USB drive at the hardware level. There are steps to take that will allow you to safely use with a LiveUSB or dedicated computer, assuming that the devices are not compromised on a hardware level. This addresses the LiveUSB security issue. If you use a USB device with an integrated switch to disable write access you can be sure that the contents of the drive don't change. This is assuming the device never leaves your sight (since someone can just flip the switch and modify files on the drive) and assuming that you trust the drive manufacturer to correctly implement the write protect feature. I would be careful where I got the USB device from. They have microcontrollers in them, which can be reprogrammed. Of course, if you want persistence (wallet files, etc.) you need to disable the write protect or have one flash drive for the OS and another for the data. Ultimately it is up to you to answer: Do you have enough bitcoin to justify (a) dedicated computer(s)? I personally feel a LiveCD is sufficient, with a flash drive for the (encrypted) wallet.dat.
|
|
|
|
bitcoinbitcoin
Newbie
Offline
Activity: 31
Merit: 0
|
|
March 09, 2014, 01:04:19 AM |
|
For your offline wallet on dedicated computer: Why does it help to be offline STARTING before installing Linux? I thought it only matters that it is offline forever-- STARTING right before the wallet is created. But many guides recommend to install xubuntu offline with apt-offline, etc.. That is a PITA. Please explain the benefit. It's so much easier to install the OS and armory/electrum while online, THEN unplug the ethernet cable and superglue the port Can you refer me to a complete guide? So many are different/outdated. Thanks again, sorry if redundant.
|
|
|
|
jbis1
Newbie
Offline
Activity: 50
Merit: 0
|
|
March 09, 2014, 10:37:53 PM |
|
For your offline wallet on dedicated computer: Why does it help to be offline STARTING before installing Linux? I thought it only matters that it is offline forever-- STARTING right before the wallet is created. But many guides recommend to install xubuntu offline with apt-offline, etc.. That is a PITA. Please explain the benefit. It's so much easier to install the OS and armory/electrum while online, THEN unplug the ethernet cable and superglue the port Can you refer me to a complete guide? So many are different/outdated. Thanks again, sorry if redundant. If you are replying to me, I don't think I ever said to be offline before installing Linux. Of course you need to get Linux from somewhere and that is probably the Internet. I agree that you should install the OS and wallet first, then disable the Internet. I don't know of a complete guide. You want to first create the Linux LiveUSB. How you do that depends on whether you are currently running Linux or Windows. The following is a guide for if you are running Linux. http://www.pendrivelinux.com/creating-an-ubuntu-live-usb-from-cd/#more-5191
|
|
|
|
rme (OP)
|
|
July 19, 2014, 05:26:30 AM |
|
up
|
|
|
|
|