Bitcoin Forum
September 25, 2018, 09:56:54 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Paranoid about key generation on Raspberry Pi 3  (Read 775 times)
lukaexpl
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile
November 15, 2017, 06:44:53 PM
 #1

I am not familiar with Linux. That is the reason I am asking the question.

I used the following process to derive my private keys and use them for bitcoin cold storage.

1. Ordered Raspberry Pi, MicroSD card and USB disk exclusively for this purpose.
2. Copied NOOBS from raspberrypi.org onto microSD card on a windows machine.
3. Checked hash of NOOBS with MD5 and Checksum utility.
4. Saved bitaddress.org, keybase.io/warp wallet and iancoleman BIP 39 pages on the USB disk.
5. Started RaspberryPi.
6. Installed Raspbian from NOOBS microSD card. Raspberry Pi was never online or connected to any other device except Sony TV via HDMI cable.
7. Opened Chromium in incognito mode and opened the pages under 4)
8. Created first private key on bitaddress.org
9. Plugged that private key into warp wallet and created another private key
10. Plugged that private key into BIP39 as the seed for 24-word mnemonic.
11. Typed in password as the 25th seed.
12. Wrote that down.
13. Checked public addresses via QR code generator and mobile phone on google to verify that they are unknown entities in online space.
14. Plugged wiped Trezor into windows machine and used secure seed recovery.
15. Transfered bitcoins to that address.

Questions that I have are:
WHAT SHOULD I DO WITH MICROSD CARD AND USB STICK?

Please state reasons for choosing one of the options.

Options:

1. Burn 'em. It is not worth risking your BTC for 20 bucks of disposables.

2. Wipe both. If so how?

3. You can use both because the process that you described does in no way, shape or form leave a trace that a malicious party could use to restore your master private key or seed?

I would like to LEARN what happens with such drives under Linux distribution and also recycle them in order to repeat the same process for another altcoin or a smaller BTC amount that I can use as semi-cold storage.

Thanks
1537912614
Hero Member
*
Offline Offline

Posts: 1537912614

View Profile Personal Message (Offline)

Ignore
1537912614
Reply with quote  #2

1537912614
Report to moderator
1537912614
Hero Member
*
Offline Offline

Posts: 1537912614

View Profile Personal Message (Offline)

Ignore
1537912614
Reply with quote  #2

1537912614
Report to moderator
1537912614
Hero Member
*
Offline Offline

Posts: 1537912614

View Profile Personal Message (Offline)

Ignore
1537912614
Reply with quote  #2

1537912614
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537912614
Hero Member
*
Offline Offline

Posts: 1537912614

View Profile Personal Message (Offline)

Ignore
1537912614
Reply with quote  #2

1537912614
Report to moderator
1537912614
Hero Member
*
Offline Offline

Posts: 1537912614

View Profile Personal Message (Offline)

Ignore
1537912614
Reply with quote  #2

1537912614
Report to moderator
cellard
Legendary
*
Offline Offline

Activity: 1134
Merit: 1145


View Profile
November 15, 2017, 07:07:47 PM
 #2

I am not familiar with Linux. That is the reason I am asking the question.

I used the following process to derive my private keys and use them for bitcoin cold storage.

1. Ordered Raspberry Pi, MicroSD card and USB disk exclusively for this purpose.
2. Copied NOOBS from raspberrypi.org onto microSD card on a windows machine.
3. Checked hash of NOOBS with MD5 and Checksum utility.
4. Saved bitaddress.org, keybase.io/warp wallet and iancoleman BIP 39 pages on the USB disk.
5. Started RaspberryPi.
6. Installed Raspbian from NOOBS microSD card. Raspberry Pi was never online or connected to any other device except Sony TV via HDMI cable.
7. Opened Chromium in incognito mode and opened the pages under 4)
8. Created first private key on bitaddress.org
9. Plugged that private key into warp wallet and created another private key
10. Plugged that private key into BIP39 as the seed for 24-word mnemonic.
11. Typed in password as the 25th seed.
12. Wrote that down.
13. Checked public addresses via QR code generator and mobile phone on google to verify that they are unknown entities in online space.
14. Plugged wiped Trezor into windows machine and used secure seed recovery.
15. Transfered bitcoins to that address.

Questions that I have are:
WHAT SHOULD I DO WITH MICROSD CARD AND USB STICK?

Please state reasons for choosing one of the options.

Options:

1. Burn 'em. It is not worth risking your BTC for 20 bucks of disposables.

2. Wipe both. If so how?

3. You can use both because the process that you described does in no way, shape or form leave a trace that a malicious party could use to restore your master private key or seed?

I would like to LEARN what happens with such drives under Linux distribution and also recycle them in order to repeat the same process for another altcoin or a smaller BTC amount that I can use as semi-cold storage.

Thanks

MicroSD, USB, and anything of similar nature (including SSD hard drives) aren't a good thing if you have on mind completely erasing the data therein. With an HDD you can completely erase data with secure-delete (or secure erase, not sure what the name was).

So if what you used contained your wallet data at any point in time, wipe them, but kept them... just in case.

In order to move a transaction from a cold storage into an online machine, you could use a QR scanner. Convert the raw transaction data into QR code, read it into your node and you can then broadcast it into the network. This way you don't leave data anywhere. The QR code could be contained in the RAM temporarily as far as I know, but that should be it.

lukaexpl
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile
November 16, 2017, 08:25:10 AM
 #3



So if what you used contained your wallet data at any point in time, wipe them, but kept them... just in case.


It did not contain wallet data as such. It contained mnemonic seed displayed on an offline Linux machine within vetted Javascript pages inside Chromium webbrowser. The question is: poses such a thing a potential security threat?
bob123
Hero Member
*****
Offline Offline

Activity: 686
Merit: 568



View Profile WWW
November 16, 2017, 02:45:50 PM
 #4

If your USB-Stick and SD-Card did not contain any sensible data (those couln't 100% securely be erased, since thats not the easiest thing on flash memories).
AND if that was a new usb/sd, which you can be sure of that it didn't contain any malware.. then its safe to plug it into any pc and use it as a storage device.
You'd need a lot of bitcoins, for people to directly targeting you and trying anything thats possible to recover anything out of it.
If your usb stick / sd card weren't new.. and already were plugged in in any other pc.. i personally would not plug them into another pc anymore.
I'd rather put them into the microwave to destroy them once for all.

cellard
Legendary
*
Offline Offline

Activity: 1134
Merit: 1145


View Profile
November 16, 2017, 05:00:33 PM
 #5



So if what you used contained your wallet data at any point in time, wipe them, but kept them... just in case.


It did not contain wallet data as such. It contained mnemonic seed displayed on an offline Linux machine within vetted Javascript pages inside Chromium webbrowser. The question is: poses such a thing a potential security threat?

If an USB is plugged in a machine that is connected to the internet, it is safe to be considered compromised. Call me paranoid, but there is no such thing as enough paranoia when it comes to bitcoin, got to stay safe.

I wouldn't be using seeds for offline storage. Maybe Armory is the best solution for offline storage, since you keep the private keys separate like on a wallet.dat file (I think).

The point is to not have all of your money on a single seed that would give access to an attacker to all of your money. So don't use Electrum to manage offline cold storage for example, since it uses a seed.

lukaexpl
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile
November 16, 2017, 09:36:56 PM
 #6



So if what you used contained your wallet data at any point in time, wipe them, but kept them... just in case.


It did not contain wallet data as such. It contained mnemonic seed displayed on an offline Linux machine within vetted Javascript pages inside Chromium webbrowser. The question is: poses such a thing a potential security threat?

If an USB is plugged in a machine that is connected to the internet, it is safe to be considered compromised. Call me paranoid, but there is no such thing as enough paranoia when it comes to bitcoin, got to stay safe.

I wouldn't be using seeds for offline storage. Maybe Armory is the best solution for offline storage, since you keep the private keys separate like on a wallet.dat file (I think).

The point is to not have all of your money on a single seed that would give access to an attacker to all of your money. So don't use Electrum to manage offline cold storage for example, since it uses a seed.

But without a seed you can not hold it your head.
ASICWorld
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile WWW
November 16, 2017, 09:55:14 PM
 #7

Darik's Boot and Nuke - DBAN

can be used to securely erase data.

https://dban.org/
aplistir
Full Member
***
Offline Offline

Activity: 257
Merit: 108



View Profile
November 25, 2017, 02:22:17 PM
 #8

WHAT SHOULD I DO WITH MICROSD CARD AND USB STICK?
Please state reasons for choosing one of the options.

1. Burn 'em. It is not worth risking your BTC for 20 bucks of disposables.

2. Wipe both. If so how?

3. You can use both because the process that you described does in no way, shape or form leave a trace that a malicious party could use to restore your master private key or seed?

I would like to LEARN what happens with such drives under Linux distribution and also recycle them in order to repeat the same process for another altcoin or a smaller BTC amount that I can use as semi-cold storage.

Or you could just install the Linux with encryption ON.
Then your Linux partition on the SD or USB will be one encrypted file and after you delete it and overwrite even a small amount of the data it becomes impossible to un-encrypt. It is essentially a damaged encrypted file for anyone trying to access it.

And even if you would not destroy the data, the Linux would still be encrypted and impossible to access.

This way you wont have to throw those SD:s or USB:s away.

My Address: 121f7zb2U4g9iM4MiJTDhEzqeZGHzq5wLh
lukaexpl
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile
November 25, 2017, 07:13:00 PM
 #9

WHAT SHOULD I DO WITH MICROSD CARD AND USB STICK?
Please state reasons for choosing one of the options.

1. Burn 'em. It is not worth risking your BTC for 20 bucks of disposables.

2. Wipe both. If so how?

3. You can use both because the process that you described does in no way, shape or form leave a trace that a malicious party could use to restore your master private key or seed?

I would like to LEARN what happens with such drives under Linux distribution and also recycle them in order to repeat the same process for another altcoin or a smaller BTC amount that I can use as semi-cold storage.

Or you could just install the Linux with encryption ON.
Then your Linux partition on the SD or USB will be one encrypted file and after you delete it and overwrite even a small amount of the data it becomes impossible to un-encrypt. It is essentially a damaged encrypted file for anyone trying to access it.

And even if you would not destroy the data, the Linux would still be encrypted and impossible to access.

This way you wont have to throw those SD:s or USB:s away.

Nice idea. Did not cross my mind. Now I only have to learn how to do that.
btctousd81
Sr. Member
****
Offline Offline

Activity: 392
Merit: 252


View Profile WWW
November 26, 2017, 02:19:43 AM
 #10

if 20 bucks isnt much then burn it.,

if you still want to use it., use some 3rd part tool, to wipre data.,

what it does is, writes 0 and 1 to the usb, all over again and again., many times.,

so its impossible for some one to recover old data from usb.


lukaexpl
Full Member
***
Offline Offline

Activity: 148
Merit: 100


View Profile
November 26, 2017, 04:49:40 PM
 #11

if 20 bucks isnt much then burn it.,

if you still want to use it., use some 3rd part tool, to wipre data.,

what it does is, writes 0 and 1 to the usb, all over again and again., many times.,

so its impossible for some one to recover old data from usb.



I already burnt it, cut it, hammered it and flushed it down the toilet.
You can't believe how resilient this things are.

I was more intersted in whether there is real danger in reusing those cards or how to properly wipe them (answer: you are never really sure with flash drives and SD cards).
bob123
Hero Member
*****
Offline Offline

Activity: 686
Merit: 568



View Profile WWW
November 27, 2017, 04:03:46 PM
 #12

what it does is, writes 0 and 1 to the usb, all over again and again., many times.,
so its impossible for some one to recover old data from usb.

With USB-sticks and SD-cards you can't be too sure.
Flash memories are allocating their memory cells regarded parameters like health, .. of the individual memory cell.
In some circumstances there would be the possibility of saving the priv key to a cell which won't be alloced later on when you are deleting and overwriting
your usb stick. This could lead to parts of the private key still being accessible via forensic tool which are made for reading out memory cells specifically.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!