BitVault LiveCD - Bitcoin Secure Transactions Environment

[bitlotto]

Doesn't rebooting flush the RAM? Once power is lost to the RAM it clears if I remember correctly. I remember reading an article on how these hackers wanted to get a key off of RAM but the computer was locked. They knew the KEY was in the RAM so they froze the RAM with liquid nitrogen so they could examine the RAM and find the key. They couldn't lose power to the RAM without freezing it.

[1713482611]

1713482611

[1713482611]

1713482611

[1713482611]

1713482611

[Globz]

Doesn't rebooting flush the RAM? Once power is lost to the RAM it clears if I remember correctly. I remember reading an article on how these hackers wanted to get a key off of RAM but the computer was locked. They knew the KEY was in the RAM so they froze the RAM with liquid nitrogen so they could examine the RAM and find the key. They couldn't lose power to the RAM without freezing it.

Yes, there's no way to flush the RAM without crashing your computer. You have to reboot.

[ben-abuya]

Might want to check out this distro, too. They've modified the kernel to prevent hard disk mounting and disabled network access:

https://www.privacy-cd.org/

They recommend doing a full memory test on reboot to wipe memory. I use this on a $300 netbook which I never connect to the Internet or use for anything else.

[Globz]

Its a cool distro but the goal of this LiveCD is to do transactions so we need a network access. As long as you hide your IP and that you run everything from RAM your chance of being hack by someone are lot less.

I would like some feedback from people who tried it, I know there's some stuff to improve or add so please let me know. I am currently working on sipa's bitcoin client.

[Globz]

-Added a new Bitcoin client support from coderrr : http://forum.mtgoxlive.com/showthread.php/11-Patching-The-Bitcoin-Client-To-Make-It-More-Anonymous
 - Please read this page if you wish to use this client http://www.kittybomber.com/config_guide

[casascius]

Perhaps adding a demo copy of WinHex or another suitable hex editor that can do full disk scans may be helpful for deleted/corrupted wallet recovery.  See this thread:

http://forum.bitcoin.org/index.php?topic=22697.msg285466#msg285466

[Sandoz]

Might want to check out this distro, too. They've modified the kernel to prevent hard disk mounting and disabled network access:

https://www.privacy-cd.org/

They recommend doing a full memory test on reboot to wipe memory. I use this on a $300 netbook which I never connect to the Internet or use for anything else.

I have another one: TAILS Linux (the amnesic...): http://tails.boum.org/about/index.en.html

That's is my favorite livecd as it does everything possible for anonymity... Every internet connection goes through tor by default, the memory is immediately overwritten as soon as you unplug the boot medium (someone with a gun comes in, you raise your hands and step away from the computer automatically unplugging the USB stick from which you booted and which is connected to your belt), it has a nice on-screen keyboard to defeat hardware keyloggers, provides a MAC changer for anonymity in hostile environments... And they are even so paranoid that they want to remove truecrypt support (check their site for the rationale)

They are considering to add a bitcoin client per default in the future. For me this is quite a great candidate for a paranoid BitVault distro (Thanks for NOT calling it VaultCoin)

[marcus_of_augustus]

Might want to check out this distro, too. They've modified the kernel to prevent hard disk mounting and disabled network access:

https://www.privacy-cd.org/

They recommend doing a full memory test on reboot to wipe memory. I use this on a $300 netbook which I never connect to the Internet or use for anything else.

I have another one: TAILS Linux (the amnesic...): http://tails.boum.org/about/index.en.html

That's is my favorite livecd as it does everything possible for anonymity... Every internet connection goes through tor by default, the memory is immediately overwritten as soon as you unplug the boot medium (someone with a gun comes in, you raise your hands and step away from the computer automatically unplugging the USB stick from which you booted and which is connected to your belt), it has a nice on-screen keyboard to defeat hardware keyloggers, provides a MAC changer for anonymity in hostile environments... And they are even so paranoid that they want to remove truecrypt support (check their site for the rationale)

They are considering to add a bitcoin client per default in the future. For me this is quite a great candidate for a paranoid BitVault distro (Thanks for NOT calling it VaultCoin)

sounds awesome ... there will be an immediate market for these for sure .... and has some interesting evolutionary direction possibilities also ...

[Globz]

Might want to check out this distro, too. They've modified the kernel to prevent hard disk mounting and disabled network access:

https://www.privacy-cd.org/

They recommend doing a full memory test on reboot to wipe memory. I use this on a $300 netbook which I never connect to the Internet or use for anything else.

I have another one: TAILS Linux (the amnesic...): http://tails.boum.org/about/index.en.html

That's is my favorite livecd as it does everything possible for anonymity... Every internet connection goes through tor by default, the memory is immediately overwritten as soon as you unplug the boot medium (someone with a gun comes in, you raise your hands and step away from the computer automatically unplugging the USB stick from which you booted and which is connected to your belt), it has a nice on-screen keyboard to defeat hardware keyloggers, provides a MAC changer for anonymity in hostile environments... And they are even so paranoid that they want to remove truecrypt support (check their site for the rationale)

They are considering to add a bitcoin client per default in the future. For me this is quite a great candidate for a paranoid BitVault distro (Thanks for NOT calling it VaultCoin)

Sounds like a really cool distro. If you guys have more security stuff that you would like to see implemented inside BitVault, please let me know.

[Globz]

Perhaps adding a demo copy of WinHex or another suitable hex editor that can do full disk scans may be helpful for deleted/corrupted wallet recovery.  See this thread:

http://forum.bitcoin.org/index.php?topic=22697.msg285466#msg285466

Seems like a good idea, I found this free HexEditor and you can do a search of your hard drive.

http://mh-nexus.de/en/programs.php


I will add it to BitVault.

[joepie91]

A few things I'm wondering about based on the text on the website...

With this in mind, I decided to create a Live CD based on MiniXP architecture, by using BitVault the user will not have to worry about being infected or getting spied on by someone.

How exactly (besides being a LiveCD) does it ensure that it cannot be infected, especially since it's based on Windows?

I wanted to have a user friendly approach rather than a complicated (for most people) command line interface like Linux

Where did you get the idea that Linux is a "command line interface"? Environments on Linux like GNOME and KDE are often far more userfriendly than the Windows environment, and it's possible to customize Linux distributions to such a degree that you can make it only have the necessary controls for the purpose of the OS (which, in this case, would be Bitcoin-related tasks).

Now I also took a look at the screenshots... and I see a (commandline) batch file that is used to do transactions? Now seeing as you just mentioned you wanted to avoid command line interfaces, why use a batch file?

[Globz]

A few things I'm wondering about based on the text on the website...

With this in mind, I decided to create a Live CD based on MiniXP architecture, by using BitVault the user will not have to worry about being infected or getting spied on by someone.

How exactly (besides being a LiveCD) does it ensure that it cannot be infected, especially since it's based on Windows?

I wanted to have a user friendly approach rather than a complicated (for most people) command line interface like Linux

Where did you get the idea that Linux is a "command line interface"? Environments on Linux like GNOME and KDE are often far more userfriendly than the Windows environment, and it's possible to customize Linux distributions to such a degree that you can make it only have the necessary controls for the purpose of the OS (which, in this case, would be Bitcoin-related tasks).

Now I also took a look at the screenshots... and I see a (commandline) batch file that is used to do transactions? Now seeing as you just mentioned you wanted to avoid command line interfaces, why use a batch file?

It can be infected, but you will be browsing the net anonymously and you are using firefox with no-script, Enforce HTTPS, harden Adobe Acrobat against attacks, this should help you a lot read : http://anonymous-proxy-servers.net/wiki/index.php/JonDoFox_extension_for_Firefox  Remember that you are using this LiveCD for Transactions only, you should only browse bitcoin related websites/forums to minimize the risks.


About Linux, the problem is most of the time you have to configure a lot of stuff with a command line to make it work properly on your computer, of course I know GNOME and KDE but like I said I wanted to use Windows as my first distro, I will make a Linux distro.


For the batchfile, if pressing enter is too hard for the user than I do not know what to tell you.

[joepie91]

A few things I'm wondering about based on the text on the website...

With this in mind, I decided to create a Live CD based on MiniXP architecture, by using BitVault the user will not have to worry about being infected or getting spied on by someone.

How exactly (besides being a LiveCD) does it ensure that it cannot be infected, especially since it's based on Windows?

I wanted to have a user friendly approach rather than a complicated (for most people) command line interface like Linux

Where did you get the idea that Linux is a "command line interface"? Environments on Linux like GNOME and KDE are often far more userfriendly than the Windows environment, and it's possible to customize Linux distributions to such a degree that you can make it only have the necessary controls for the purpose of the OS (which, in this case, would be Bitcoin-related tasks).

Now I also took a look at the screenshots... and I see a (commandline) batch file that is used to do transactions? Now seeing as you just mentioned you wanted to avoid command line interfaces, why use a batch file?

It can be infected, but you will be browsing the net anonymously and you are using firefox with no-script, Enforce HTTPS, harden Adobe Acrobat against attacks, this should help you a lot read : http://anonymous-proxy-servers.net/wiki/index.php/JonDoFox_extension_for_Firefox  Remember that you are using this LiveCD for Transactions only, you should only browse bitcoin related websites/forums to minimize the risks.

For the PDF reader I'd advise using Foxit Reader, both because it's a lot lighter/faster and more secure.

About Linux, the problem is most of the time you have to configure a lot of stuff with a command line to make it work properly on your computer, of course I know GNOME and KDE but like I said I wanted to use Windows as my first distro, I will make a Linux distro.

I've used SuSE (with both KDE and GNOME) for years, and never really had to use the commandline. When I did, it was usually because I *wanted* to mess around, not because something didn't work. Puppy Linux (which would be more useful for something like this) combined with IceWM gave me pretty much the same experience: no commandline needed to use it, at all. I work on (non-profit) refurbishing of computers regularly, and often use Puppy Linux on them, and never really had anything that didn't work out of the box.

For the batchfile, if pressing enter is too hard for the user than I do not know what to tell you.

I was only refering to the "commandline" thing

EDIT: Regarding KDE vs. GNOME, I'd certainly recommend GNOME for ease of use, KDE is simply too bloated and messy nowadays. For something like a simple Live CD however, IceWM would probably be the best choice.

[Globz]

A few things I'm wondering about based on the text on the website...

With this in mind, I decided to create a Live CD based on MiniXP architecture, by using BitVault the user will not have to worry about being infected or getting spied on by someone.

How exactly (besides being a LiveCD) does it ensure that it cannot be infected, especially since it's based on Windows?

I wanted to have a user friendly approach rather than a complicated (for most people) command line interface like Linux

Where did you get the idea that Linux is a "command line interface"? Environments on Linux like GNOME and KDE are often far more userfriendly than the Windows environment, and it's possible to customize Linux distributions to such a degree that you can make it only have the necessary controls for the purpose of the OS (which, in this case, would be Bitcoin-related tasks).

Now I also took a look at the screenshots... and I see a (commandline) batch file that is used to do transactions? Now seeing as you just mentioned you wanted to avoid command line interfaces, why use a batch file?

It can be infected, but you will be browsing the net anonymously and you are using firefox with no-script, Enforce HTTPS, harden Adobe Acrobat against attacks, this should help you a lot read : http://anonymous-proxy-servers.net/wiki/index.php/JonDoFox_extension_for_Firefox  Remember that you are using this LiveCD for Transactions only, you should only browse bitcoin related websites/forums to minimize the risks.

For the PDF reader I'd advise using Foxit Reader, both because it's a lot lighter/faster and more secure.

About Linux, the problem is most of the time you have to configure a lot of stuff with a command line to make it work properly on your computer, of course I know GNOME and KDE but like I said I wanted to use Windows as my first distro, I will make a Linux distro.

I've used SuSE (with both KDE and GNOME) for years, and never really had to use the commandline. When I did, it was usually because I *wanted* to mess around, not because something didn't work. Puppy Linux (which would be more useful for something like this) combined with IceWM gave me pretty much the same experience: no commandline needed to use it, at all. I work on (non-profit) refurbishing of computers regularly, and often use Puppy Linux on them, and never really had anything that didn't work out of the box.

For the batchfile, if pressing enter is too hard for the user than I do not know what to tell you.

I was only refering to the "commandline" thing

EDIT: Regarding KDE vs. GNOME, I'd certainly recommend GNOME for ease of use, KDE is simply too bloated and messy nowadays. For something like a simple Live CD however, IceWM would probably be the best choice.

Yeah I would use GNOME too, I will look into this, thanks for the advice!

[Globz]

I am currently looking for a compiled Windows version of sipa's client  or else I will try to build it under Windows.

Thanks.

[JohnDoe]

Doesn't rebooting flush the RAM? Once power is lost to the RAM it clears if I remember correctly. I remember reading an article on how these hackers wanted to get a key off of RAM but the computer was locked. They knew the KEY was in the RAM so they froze the RAM with liquid nitrogen so they could examine the RAM and find the key. They couldn't lose power to the RAM without freezing it.

So if I see some Delta Force dudes bursting through my window it would be safer to reboot instead of shutting down?

Just read this article and it seems like it doesn't make a difference:
http://www.zdnet.com/blog/security/cryogenically-frozen-ram-bypasses-all-disk-encryption-methods/900

"This same attack works without the compressed air or RAM migration if the computer is configured for USB or LAN boot. You simply put in a USB dongle and boot off that dongle or you can boot off the network. Booting off the optical drive is probably just as easy and more likely to work. Then you can dump the RAW memory contents to the USB dongle or a network share"

[netrin]

https://tails.boum.org/ is good and can run bitcoin without modification, however http://dee.su/liberte is rock solid, though would require a new bitcoin client to be compiled. And this is a must have patch for anonymity: https://forum.bitcoin.org/index.php?topic=24784.0 (also import/export for power users)

[Sandoz]

https://tails.boum.org/ is good and can run bitcoin without modification, however http://dee.su/liberte is rock solid, though would require a new bitcoin client to be compiled. And this is a must have patch for anonymity: https://forum.bitcoin.org/index.php?topic=24784.0 (also import/export for power users)

Indeed. I think both distros have the same goal. I don't know the difference very well but what I like about tails is the daemon which immediately wipes the memory as soon as you eject the cd or start the shut down sequence. But that could be ported to liberté too I guess

[netrin]

https://tails.boum.org/ is good and can run bitcoin without modification, however http://dee.su/liberte is rock solid, though would require a new bitcoin client to be compiled. And this is a must have patch for anonymity: https://forum.bitcoin.org/index.php?topic=24784.0 (also import/export for power users)

Indeed. I think both distros have the same goal. I don't know the difference very well but what I like about tails is the daemon which immediately wipes the memory as soon as you eject the cd or start the shut down sequence. But that could be ported to liberté too I guess

Liberte does that as well. Liberte is smaller, faster, and much more locked down than TAILS. Tails will let you run external applications (such as bitcoin) without reconfiguring the ISO. Liberte will not. You must pre-generate the Liberte image and it will be verified on boot. After booting into the GUI, root/sudo is not possible. I believe both encrypt the swap space. Try it. Liberte is very restrictive, but quite secure, to the point of being impractical for anything but communication.

[jerfelix]

Remember that you are using this LiveCD for Transactions only, you should only browse bitcoin related websites/forums to minimize the risks.

On the contrary, I'd think that Bitcoin virus writers will likely place their viruses on Bitcoin related websites and forums.