LiveUSB for better security.

[TheShoura]

With Truecrypt, you can encrypt the whole system partition, I guess that goes for USB sticks too. The bootloader will decrypt the whole USB partition after you supply it with the correct password.

For extra extra security, you could even have a Truecrypt file container inside the whole USB partition container, with perhaps a dummy wallet as a hidden volume, so if you are forced to open your wallet, you can just type the alternate password and then your alternate wallet with perhaps only a few coins will decrypt.

This is the best way

I actually have a HDD set up like this, and cloned it to my desktop internal, offline storage drive

[1713273733]

1713273733

[ercolinux]

What about a partitioned usb stick with an unencrypted partition with the bootable OS and a true crypt (or similar) encrypted partition containing the Bitcoin wallet?

That would work. You just have to be sure that it's not storing swap data on the unencrypted part. Honestly if you want a live distro I'd check either puppy linux or tiny core linux. Both run completely in ram off of a CD and are very fast. Then load the wallet off of a truecrypt container. When you reboot there will be no traces! If you used puppy linux you download the extras you want and when you reboot it will ask where to save those changes. You can put that on usb stick as well! Then you don't have to re-setup every time. Just pick -strong encryption- and not weak encryption (its not actually encryption!) when asked. Anyone familiar with what their strong encryption is? If it's decent you don't even have to worry about truecrypt as your live home folder is saved in the puppy linux storage file. I guess if you keep the usb stick safe your safe.

The Problem with persistence: lend me your USB Key for a Minute and I put a keylogger on.

Tails Linux on a signed CD-R is IMHO the safest choice at the moment

I'm working on a clean solution to this problem: the distro I help to mantain has the possibility of being installed on a usbstick puttting only the iso on it (plus some files needed to boot), adding a hidden crypted file with the wallet inside.  So you have only 1 media to carry but in the some time if you want to add a keylogger or other malware you've to rebuild the whole iso (and to be sure that the iso version you put on it is the same of the bootloader files too - the distro is a rolling release one with weekly snapshoots).

[Sandoz]

I'm working on a clean solution to this problem: the distro I help to mantain has the possibility of being installed on a usbstick puttting only the iso on it (plus some files needed to boot), adding a hidden crypted file with the wallet inside.  So you have only 1 media to carry but in the some time if you want to add a keylogger or other malware you've to rebuild the whole iso (and to be sure that the iso version you put on it is the same of the bootloader files too - the distro is a rolling release one with weekly snapshoots).

The main reason I am sceptical in regards to persistence is that I don't like the idea of a growing system: malicious code caught on some malicious websites, growing log-files, all sorts of stuff bloating the system...  A LiveCD gives you a fresh start at each reboot.

At least for managing your bitcoin-life savings that's what I see as being safer. A working environment is a different story altogether...

[ercolinux]

I'm working on a clean solution to this problem: the distro I help to mantain has the possibility of being installed on a usbstick puttting only the iso on it (plus some files needed to boot), adding a hidden crypted file with the wallet inside.  So you have only 1 media to carry but in the some time if you want to add a keylogger or other malware you've to rebuild the whole iso (and to be sure that the iso version you put on it is the same of the bootloader files too - the distro is a rolling release one with weekly snapshoots).

The main reason I am sceptical in regards to persistence is that I don't like the idea of a growing system: malicious code caught on some malicious websites, growing log-files, all sorts of stuff bloating the system...  A LiveCD gives you a fresh start at each reboot.

At least for managing your bitcoin-life savings that's what I see as being safer. A working environment is a different story altogether...

Probably I don't explain well the way it will works (English is not my primary language) : the operating system is a ISO file exactly as the one you can find on a liveCD, all the settings are stored in ram. No way to add files or programs to it unless you know how it has been built (and to do that you need a properly configured server, rebuild the iso, start a Linux system, delete the old iso from the usb key and replace with the fresh one, and the fresh one has to be build from the same snapshot of the startup files on the usb key, otherwise you've to reinstall also the boot file: not a 5 min work - actually installing a liveCD via automated scripts with all the files ready can take up to 10-15 minutes ). On the same media you can write all the files you want, exactly as if is a standard usb key (formatted Ext2), but they're not seen from the system unless you manually mount the pen. There you can create a encrypted area and store there your wallet.dat.
Over the liveCD+usb stick solution you have some advantages: 1 only media to carry, faster to bootup and execute programs (you can use a USB stick), when you want to upgrade the software you've only to download the new media from the official site and launch a script to have it installed and ready to go.