Bitcoin Forum
November 12, 2024, 04:34:59 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: A *realy* secure environment for Bitcoint client and private keys (wallet.dat)  (Read 2726 times)
Michael_S (OP)
Sr. Member
****
Offline Offline

Activity: 278
Merit: 251


Bitcoin-Note-and-Voucher-Printing-Empowerer


View Profile
July 03, 2011, 10:02:55 AM
Last edit: July 04, 2011, 11:29:19 PM by Michael_S
 #1

Hello together,

I have made up my mind on how to set up a really secure environment for the Bitcoin client, such that the private keys (wallet.dat) are always safe, under all conceivable scenarios of attack.

As a result, I make three concrete best-practice proposals on how to setup such systems. They all have in common that they are based on 100% open source Linux systems, and the boot medium is a Live CD (preferably), or a USB stick having no contact to another potentially insecure operating system running on the same computer.

The full concept is put together in a 23 pages PDF file that explains all the details and shows illustrations by screenshots and block diagrams.

I hope that many people here in this forum find the time to read it - hopefully it will help making the Bitcoin users more aware of potential threads, and the Bitcoin world a little safer.

The download can be found here:
http://www.woofiles.com/dl-253068-gCx93FSj-BitcoinSafeUsagev02.zip (Update: Link does not seem to work)
http://www.filedropper.com/bitcoinsafeusagev02 (Update: This Link should work)
http://www.scribd.com/doc/59238311/Bitcoin-Safe-Usage-v02 (Update: This Link should work)
--> updated version 0.3:
 http://www.filedropper.com/bitcoinsafeusagev03 (zip file with PDF and PGP signature)
 http://www.scribd.com/doc/59249642/Bitcoin-Safe-Usage-v03 (PDF only)
--> Updated version 0.4:
   PDF:  http://www.scribd.com/doc/59318844/Bitcoin-Safe-Usage-v04
   ZIP (PDF&SIG):  http://www.filedropper.com/bitcoinsafeusagev04_1


Abstract/Overview:
A Practical (and Paranoid) Guide: Setting up a Secure System for the Bitcoin Client
- keep your private keys (wallet.dat) secure – and do not loose them -

Version 0.2 (July 2011) by Michael_S (forum.bitcoin.org), OpenPGP KeyID=0xCC7E7C99, Bitcoin donations to 14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

This Guide shows how to set up a practically 100% secure computer system for the Bitcoin client.
Three concrete examples with a detailed step-by-step guide make the topic very tangible. At the core of each of these three examples is a 100% open source GNU Linux system that is booted from a Live CD or a USB stick.

bcearl
Full Member
***
Offline Offline

Activity: 168
Merit: 103



View Profile
July 03, 2011, 10:22:24 AM
 #2

You zip file seems broken.


PS: Please describe what your proposal does, what previous proposals didn't do already?

Misspelling protects against dictionary attacks NOT
Amused2death
Newbie
*
Offline Offline

Activity: 32
Merit: 0


View Profile
July 03, 2011, 10:30:22 AM
 #3

Careful lol, PDF's can contain nasty things to...not saying it does I'm just not gonna be the one to find out
dooglus
Legendary
*
Offline Offline

Activity: 2940
Merit: 1333



View Profile
July 03, 2011, 11:07:55 AM
 #4

You zip file seems broken.

I tried downloading it twice, and got the same both times - a tiny text file with an error from woofiles in it:

Code:
$ cat Bitcoin_Safe_Usage_v02.zip 
<br />
<b>Warning</b>:  fclose(): supplied argument is not a valid stream resource in <b>/srv/www/lighttpd/woofiles/includes/HTTPDownload.class.php</b> on line <b>191</b><br />

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
bcearl
Full Member
***
Offline Offline

Activity: 168
Merit: 103



View Profile
July 03, 2011, 02:32:53 PM
 #5

Careful lol, PDF's can contain nasty things to...not saying it does I'm just not gonna be the one to find out

Yeah, that's why the PDF reader of Ubuntu isn't even allowed to open a URL in a browser.

Misspelling protects against dictionary attacks NOT
blumpkinpie76
Newbie
*
Offline Offline

Activity: 26
Merit: 0


View Profile
July 03, 2011, 03:50:59 PM
 #6

having no contact to another potentially insecure operating system running on the same computer

Are you implying that Linux is not potentially insecure? That is as ignorant as the "Macs don't get viruses" statement I hear from 70 year old ladies. IMHO, Linux is a bad choice for someone who is not savvy or experienced with it. I agree that what you are proposing is a good idea, but could be disasterous for non Linux users. I look at Linux as the OS that assumes you know what you are doing. As the teacher of my first Unix class told us "Unix usually wont stop you from doing something stupid."

Not promoting Windows or any other OS (I like Linux) just poining something out.
Gladiator
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
July 03, 2011, 04:44:15 PM
 #7

As I imagine "Perfect bitcoin wall", linux is a good choice. By linux I understand bare minimum for console bitcoin client.
Linux core + bare minimum to run bitcoin + firewall that blocks everything except bitcoin client. LiveCD or USB boot, or VM(heavily encrypted HD image, encrypt ram if possible).
Password to log in, pin for every action with bitcoin.
Couple of scripts:
Send N bitcoins to hardcoded spending wallet(password to change spending wallet address)
Move bitcoins to a new wallet. Maybe send bitcoins to the same wallet but new address(will it work and do the trick?)
Maybe simple unicode GUI.

Almost impenetrable by conventional means. Especially if done without VM.
bcearl
Full Member
***
Offline Offline

Activity: 168
Merit: 103



View Profile
July 03, 2011, 04:55:14 PM
 #8

or VM(heavily encrypted HD image, encrypt ram if possible).

Most stupid statement ever!



If you don't know, shut the fuck up and don't confuse other noobs.

Misspelling protects against dictionary attacks NOT
Gladiator
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
July 03, 2011, 04:59:44 PM
 #9

Why? If you run VM it may be possible to read VM ram from outside. + Vmware has a suspend mode when it saves ram on HDD. Like hibernate on windows.
bcearl
Full Member
***
Offline Offline

Activity: 168
Merit: 103



View Profile
July 03, 2011, 05:06:13 PM
 #10

Why? If you run VM it may be possible to read VM ram from outside. + Vmware has a suspend mode when it saves ram on HDD. Like hibernate on windows.

There is nothing you can do to protect a VM against the host. That's impossible because of the very principle of VMs. You can protect against the VM guest, not the other way.

Stop telling people that bullshit, VMs are not useful for Bitcoin.

Misspelling protects against dictionary attacks NOT
bitlotto
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
July 03, 2011, 05:19:58 PM
 #11

Speaking of secure private keys...

bcearl:
Have you seen the BOTG script I whipped up. I was wondering what your opinion was? So far, the only flaw I can think of is some type of virus in the BIOS? But I'd imagine one that could spy on the terminal script would be a pretty big feat? A regular keylogger wouldn't work since the user is actually writing it down manually. I guess the really paranoid could use a new computer...
A physical device of spying on you would work too but kind of rare...

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
bcearl
Full Member
***
Offline Offline

Activity: 168
Merit: 103



View Profile
July 03, 2011, 05:26:57 PM
 #12

Speaking of secure private keys...

bcearl:
Have you seen the BOTG script I whipped up. I was wondering what your opinion was? So far, the only flaw I can think of is some type of virus in the BIOS? But I'd imagine one that could spy on the terminal script would be a pretty big feat? A regular keylogger wouldn't work since the user is actually writing it down manually. I guess the really paranoid could use a new computer...
A physical device of spying on you would work too but kind of rare...


I don't remember. If you give me a link, I will take a look.

Misspelling protects against dictionary attacks NOT
Michael_S (OP)
Sr. Member
****
Offline Offline

Activity: 278
Merit: 251


Bitcoin-Note-and-Voucher-Printing-Empowerer


View Profile
July 03, 2011, 05:34:52 PM
Last edit: July 03, 2011, 09:31:17 PM by Michael_S
 #13

Hello together,

oh, indeed it seems that the original link does not work. Sorry for that! I uploaded it to two more places - they should work fine I hope:
 http://www.filedropper.com/bitcoinsafeusagev02
 http://www.scribd.com/doc/59238311/Bitcoin-Safe-Usage-v02
--> updated version 0.3:
 http://www.filedropper.com/bitcoinsafeusagev03 (zip file with PDF and PGP signature)
 http://www.scribd.com/doc/59249642/Bitcoin-Safe-Usage-v03 (PDF only)

To some of your questions above:

  • I am not implying that Linux or open source is automatically secure by itself just because it is Linux or open source. But I am saying that if you want to set up a secure system, then using an open source system is a precondition (and you have to do it correctly of course). Because with closed source, you can never know if there are backdoors/Trojans.
  • If you are afraid that the PDF I am linking to is somehow infected, I propose you boot from a Live CD like Knoppix or Ubuntu or almost any other of today's distros *after* having unplugged all hard drive cables from your computer system, and then print out the PDF. This would be the "paranoid secure mode" that I would well respect. In this particular case, I can just ensure that the PDF is clean. I wrote it with Open Office and printed it to a PDF printer on an Ubuntu 8.04 LTS which I hope (but I am not sure of course) that it is a "clean system".
  • I do not have the illusion that any single idea in my document is totally new. Probably every single aspect has been written down already sometime somewhere. But what is probably new is that you have everything compressed in one doc. So some readers (not all of course) might have another view on the topic after having read it, or get some new ideas at least. And of course, the concrete guide line given in the paper should help to setup a secure system step by step. The interested reader may want to print it out and use it as a tutorial when setting up his/her secure system for "Bitcoin banking" (not to be confused with systems for mining).

I think everybody who wants the Bitcoin project to succeed should be interested in that the Bitcoin Client is used in a secure way by as many people as possible, to avoid news like the recent "500.000 USD theft", which is counter productive to the Bitcoin project.

Finally, we should all realize that we, the participants in this forum, have different backgrounds, different knowledge and different views of what is secure. And we should respect other opinions, even if our own is a different one, and try to give reason why he have this or that opinion.
E.g., some people think that running bitcoin client in a VMware virtual machine is a means of increasing security; I have some doubts because VMware may contain Trojans since it is closed source. Some think that a Linux distro like "linuxcoin" is a good thing. I think it may be a good thing for MINING as of today, but otherwise only a good IDEA but not a good thing as of today, because it contains lots of proprietary software that cannot be excluded to contain Trojans that spy out your wallet.dat. But maybe one day we will really have a secure and slim Live CD-based 100% open-source Linux distro that is suitable for operating the Bitcoin client quite securely. I very much hope so.

In my view, to what I know today, the best candidate for such a future Bitcoin Client Linux Live CD Distribution (not intended for mining, just intended for "Bitcoin banking"!) is a fork of the Knoppix Linux distribution, because it provides all the elements that such a Linux distribution would need, namely an open source software basis, a Live CD oriented architecture and a 256 AES encryption for the persistent user data that is saved outside of the Live CD (that's also why descriptions on setting up a system based on Knoppix takes the largest room in my PDF guide).

bitlotto
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
July 03, 2011, 05:36:45 PM
 #14



I don't remember. If you give me a link, I will take a look.
https://forum.bitcoin.org/index.php?topic=23081.0

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
jack102938
Full Member
***
Offline Offline

Activity: 141
Merit: 100



View Profile
July 03, 2011, 07:32:13 PM
 #15

Off topic but thought i'd ask...

If I uninstall Bitcoin and then re-install it, it still has my old wallet loaded... how come? Any way to stop this?
Michael_S (OP)
Sr. Member
****
Offline Offline

Activity: 278
Merit: 251


Bitcoin-Note-and-Voucher-Printing-Empowerer


View Profile
July 03, 2011, 09:21:20 PM
 #16

Hi Jack,

Your ~/.bitcoin/ directory is probably not deleted in the uninstall process. And that is the directory where the "wallet.dat" is located.

(in Windows or Mac the directory name reads different, but also something with "bitcoin" in it...)

If you remove the wallet.dat from that directory (plus the other files, which are also not needed any more), OR if you just rename the mentioned directory, and then start the Bitcoin client, it will create a brand-new wallet.dat.

Another possibility is to start the "bitcoin executable" with the command  line parameter "-datadir" to tell the bitcoin client that the data directiory should be at another location than the default one at ~/.bitcoin/

Code:
./bitcoin -datadir=/your_desired/data_directory/

I use this approach to have the data directory at a place inside an encrypted container file that is mounted by Truecrypt. When I close the bitcoin session and unmount the Truecrypt container, the wallet.dat is inside this container file and is not lying openly on the hard disk.

Michael

Michael_S (OP)
Sr. Member
****
Offline Offline

Activity: 278
Merit: 251


Bitcoin-Note-and-Voucher-Printing-Empowerer


View Profile
July 03, 2011, 09:28:55 PM
 #17

I just uploaded an updated version with some small fixes for consistency and some minor editorial changes to improve clarity.

I did this after reading through the complete document myself from the beginning to the end in one go.

Updated version 0.3:
   Zip file with PDF and PGP signature: http://www.filedropper.com/bitcoinsafeusagev03
   Just the PDF: http://www.scribd.com/doc/59249642/Bitcoin-Safe-Usage-v03

kloinko1n
Full Member
***
Offline Offline

Activity: 406
Merit: 100



View Profile
July 04, 2011, 01:42:16 AM
 #18


--> updated version 0.3:
 http://www.filedropper.com/bitcoinsafeusagev03 (zip file with PDF and PGP signature)
Link still doesn't work from here.
Well, it works, but the downloaded file still isn't a zip file.
Edit: Turns out that you have to point your browser to: your filedropper and get the file from there.


Quote
In my view, to what I know today, the best candidate for such a future Bitcoin Client Linux Live CD Distribution (not intended for mining, just intended for "Bitcoin banking"!) is a fork of the Knoppix Linux distribution, because it provides all the elements that such a Linux distribution would need, namely an open source software basis, a Live CD oriented architecture and a 256 AES encryption for the persistent user data that is saved outside of the Live CD (that's also why descriptions on setting up a system based on Knoppix takes the largest room in my PDF guide).
I'm very happy with my tiny core linux VM with bitcoin client inside. Very small, very non-conventional, so very difficult to hack.  Cool
d.james
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250

Firstbits: 12pqwk


View Profile
July 04, 2011, 05:36:48 AM
 #19

"ORealy"?? Huh

You can not roll a BitCoin, but you can rollback some. Cheesy
Roll me back: 1NxMkvbYn8o7kKCWPsnWR4FDvH7L9TJqGG
Michael_S (OP)
Sr. Member
****
Offline Offline

Activity: 278
Merit: 251


Bitcoin-Note-and-Voucher-Printing-Empowerer


View Profile
July 04, 2011, 11:28:06 PM
 #20

Updates of today: Version 0.4:
   PDF:  http://www.scribd.com/doc/59318844/Bitcoin-Safe-Usage-v04
   ZIP:  http://www.filedropper.com/bitcoinsafeusagev04_1

Now it should be flawless :-)

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!