rme (OP)
|
|
June 06, 2013, 01:07:22 PM Last edit: October 13, 2013, 08:36:00 AM by rme |
|
Hi, You're afraid of viruses, java exploits, keyloggers on your PC? I have the solution, Bootable Bitcoin-QT. Note: This is not a developed yet, its only a conept, Bitcoin core developers have to code it.Bootalble Bitcoin-QT is a simple OS containing only the Bitcoin-QT client. No desktop, no binary files, no access to command line, no internet browser, no menu bar, not even windows. Only Bitcoin-QT.
You download (or build from source) a Bootable Bitcoin-QT ISO file, you burn in a CD/DVD or a bootable USB, you plug in into your PC and reboot.
Wallet.dat and Blockchain data is stored in a separate USB drive (encrypted by a password and formatted in a different way so Windows cannot recognice this drive. Post under construction, I will add more info about the concept.
|
|
|
|
No 1
Full Member
Offline
Activity: 140
Merit: 100
Ad Infinitum Et Ultra
|
|
June 07, 2013, 05:29:23 AM |
|
interesting... ill watch this
|
12wqXQuExLnWoWWQy7j35hzBEW91bUz1YS LcbBQ5oXtTjyKK4V8iaDqgUAAtahv9nsHR
|
|
|
redcomet
Newbie
Offline
Activity: 52
Merit: 0
|
|
June 07, 2013, 05:50:31 AM |
|
This would be fun, you should start a bounty
|
|
|
|
qualalol
Jr. Member
Offline
Activity: 57
Merit: 1
|
|
June 07, 2013, 07:44:02 PM |
|
Probably best to start with Damn Small Linux, and customise things as needed from there -- I'm assuming you'd want to update the whole CD every time you have a new Bitcoin-Qt version, otherwise you'd have to store it on the USB drive -- but ideally you would set the system up to not run any executables from anywhere except the cd. (Using LUKS with usb drives works well, so no issues with encrypting things there.) It's probably also worth having a wrapper program which can launch Bitcoin-Qt (or Armory, which I'd include if I was doing this myself, at least once the stability issues are solved) and deal with the mounting/unmounting of the external drive.
|
|
|
|
|
FlappySocks
|
|
June 12, 2013, 06:56:39 PM |
|
It's a good idea, and one I have thought about previously as a stopgap for a hardware wallet.
One hurdle is to build trust, that it's not in itself loaded with some kind of mailware.
|
|
|
|
rme (OP)
|
|
June 28, 2013, 11:50:32 AM |
|
It's a good idea, and one I have thought about previously as a stopgap for a hardware wallet.
One hurdle is to build trust, that it's not in itself loaded with some kind of mailware.
Thats why we need the Bitcoin Core developers to build this.
|
|
|
|
AliceWonder
|
|
June 28, 2013, 04:42:07 PM |
|
Don't use Bitcoin-QT - it will be a headache due to downloading the blockchain. Use an alternate client that does not require the whole blockchain.
|
|
|
|
Jaxkr
|
|
June 28, 2013, 04:50:51 PM |
|
Don't use Bitcoin-QT - it will be a headache due to downloading the blockchain. Use an alternate client that does not require the whole blockchain.
Electrum!
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1111
|
|
June 28, 2013, 05:12:50 PM |
|
How about hardware trojan and hardware keylogger?
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
AliceWonder
|
|
June 28, 2013, 05:29:53 PM |
|
How about hardware trojan and hardware keylogger?
That's a little on the over paranoid side. The user should be reasonable sure their hardware has not been compromised regardless of what type of financial transactions they are using their computer for. There's only so much software developers can reasonably be expected to accomodate for.
|
|
|
|
Peter Todd
Legendary
Offline
Activity: 1120
Merit: 1152
|
|
June 28, 2013, 05:41:25 PM |
|
How about hardware trojan and hardware keylogger?
Use hardware built prior to 2009
|
|
|
|
rme (OP)
|
|
June 28, 2013, 08:23:51 PM |
|
How about hardware trojan and hardware keylogger?
Actually you can buy a keyboard hardware keylogger but you can do nothing with the password, you need the wallet file. That requires hardware that copys the USB when it is plugged, that is the reason that the usb is formated in a encrypted format. Also you can just type the password with a virtual keyboard.
|
|
|
|
AliceWonder
|
|
June 28, 2013, 08:37:19 PM |
|
If someone has physical access to the machine to install a hardware logger, getting the wallet.dat is probably not that difficult.
|
|
|
|
kostagr33k
|
|
June 29, 2013, 02:28:46 AM |
|
Well you could easily script this which would be open for others to scrutinize.
I'd possibly be interested in putting time into this if there was interest, and a bounty wouldn't hurt.
Kosta
|
|
|
|
peapodamus
Newbie
Offline
Activity: 43
Merit: 0
|
|
June 29, 2013, 03:28:01 AM |
|
I'm wondering why someone hasn't remixed ubuntu to do this yet. It would be doable in a day or so.
|
|
|
|
jubalix
Legendary
Offline
Activity: 2632
Merit: 1022
|
|
June 29, 2013, 03:50:43 AM |
|
this is almost 1/3 of the killer app for bitcoin because people just need a usb they can associate a wallet and a nice gui front end operates for them....they can copy it and use a password, feel and be secure
the other 1/3 is a distributed exchange
the final third is speed, as in near instant or chain, throw away chains, local chains etc
also you may need to use electrum if the block chain gets to big.....to quickly
|
|
|
|
rme (OP)
|
|
June 29, 2013, 04:21:43 AM |
|
I'm wondering why someone hasn't remixed ubuntu to do this yet. It would be doable in a day or so.
IMO, Ubuntu is a too complex distro. We need some small linux distro (50-100mb), remove most of the packages preinstalled, add Bitcoin-QT (customized), full screen, no browser, no .deb files, no repos, no text editor, no impr pant command, no nothing. Also, if developers want we can use Electrum wallet or similar. Also, we could ask Electrum developers to develop this. The main thing is that we need a trusted developer to build this OS. (And release the source).
|
|
|
|
kostagr33k
|
|
June 29, 2013, 04:36:31 AM |
|
ID suggest either going all out and building a custom linux from scratch distro , and strip everything out as suggested above or DSL (or similar distro) with very fine customizations
kosta
|
|
|
|
AliceWonder
|
|
June 29, 2013, 04:37:53 AM |
|
I'm wondering why someone hasn't remixed ubuntu to do this yet. It would be doable in a day or so.
IMO, Ubuntu is a too complex distro. We need some small linux distro (50-100mb), remove most of the packages preinstalled, add Bitcoin-QT (customized), full screen, no browser, no .deb files, no repos, no text editor, no impr pant command, no nothing. Also, if developers want we can use Electrum wallet or similar. Also, we could ask Electrum developers to develop this. The main thing is that we need a trusted developer to build this OS. (And release the source). Linux From Scratch - you don't get more barebones than that. Seriously, you probably do want to use something that has either rpm or deb packages simply because you can build the packages in a clean chroot environment (like mock) to make sure they have dependency sanity and don't accidentally link against packages you don't want them to. You probably also do want a text editor, vim is probably fine and does not need x11 libraries to build. I would however recommend a minimalist X11 environment and a web browser (web browser is useful for pywallet) - midori is a good basic browser (gtk-webkit), but don't include flash/java plugins. Not having a text editor isn't going to make it more secure, if a hacker gets a shell he'll just upload a kit that has busybox and whatever other tools he needs, including a text editor.
|
|
|
|
|