|
CircusPeanut
|
|
October 25, 2013, 11:37:58 PM |
|
Use windows 7. There is nothing in Windows 8 that is going to help you with Armory, and if something goes wrong you'll be wondering if it was a problem with Windows 8.
|
|
|
|
justmyname (OP)
|
|
October 26, 2013, 12:33:34 AM |
|
Use windows 7. There is nothing in Windows 8 that is going to help you with Armory, and if something goes wrong you'll be wondering if it was a problem with Windows 8.
I like windows 7. Windows 8 looks like they are trying to herd you into the behaviors they want a consumer to have. This computer is basic (1.8 GHZ) but it doesn't have all the garbage software either. Oops! It has windows 8. http://www.frys.com/product/7885449#detailed
|
|
|
|
PrintMule
|
|
October 26, 2013, 12:44:27 AM |
|
Use windows 7. There is nothing in Windows 8 that is going to help you with Armory, and if something goes wrong you'll be wondering if it was a problem with Windows 8.
I like windows 7. Windows 8 looks like they are trying to herd you into the behaviors they want a consumer to have. This computer is basic (1.8 GHZ) but it doesn't have all the garbage software either. Oops! It has windows 8. http://www.frys.com/product/7885449#detaileddon't be ridiculous, win8 is a big improvement for example when swapping from intel to amd mobo, after 2 restarts it accepts new system. Win7 failed that test. sure metro is unneded, but it's a matter of taste, and does not deserve all the bad mouthing it gets. Critique is from people who did not go further than a screenshot of metro in teh internetz. ssd handling is improved, memory handling is improved and the goddamn thing boots like a champ (which is a cheaply done hack, but still ) xp did it job, with little requirements, but it wasn't the most stable OS in the world, and when sp3 came out it was a pain when i went to win7, I rarely got some lockups and was very impressed, although I went there very reluctantly and only after sp1 now on win8 I'm yet to experience one
|
|
|
|
|
justmyname (OP)
|
|
October 26, 2013, 12:49:54 AM |
|
Use windows 7. There is nothing in Windows 8 that is going to help you with Armory, and if something goes wrong you'll be wondering if it was a problem with Windows 8.
I like windows 7. Windows 8 looks like they are trying to herd you into the behaviors they want a consumer to have. This computer is basic (1.8 GHZ) but it doesn't have all the garbage software either. Oops! It has windows 8. http://www.frys.com/product/7885449#detaileddon't be ridiculous, win8 is a big improvement for example when swapping from intel to amd mobo, after 2 restarts it accepts new system. Win7 failed that test. sure metro is unneded, but it's a matter of taste, and does not deserve all the bad mouthing it gets. Critique is from people who did not go further than a screenshot of metro in teh internetz. ssd handling is improved, memory handling is improved and the goddamn thing boots like a champ (which is a cheaply done hack, but still ) xp did it job, with little requirements, but it wasn't the most stable OS in the world, and when sp3 came out it was a pain when i went to win7, I rarely got some lockups and was very impressed, although I went there very reluctantly and only after sp1 now on win8 I'm yet to experience one Maybe I'll get windows 8 just to learn the new system. I just can't deal with getting Norton off my computer again.
|
|
|
|
DobZombie
|
|
October 26, 2013, 01:13:57 PM |
|
Four words. NO GODDAMN START BUTTON!
|
Tip Me if believe BTC1 will hit $1 Million by 2030 1DobZomBiE2gngvy6zDFKY5b76yvDbqRra
|
|
|
justmyname (OP)
|
|
October 27, 2013, 01:12:47 AM Last edit: October 27, 2013, 01:35:23 AM by justmyname |
|
Four words. NO GODDAMN START BUTTON! Too late. I bought one with Winows 8. Everything is hard to find. Totally different lay out ? What a mind screw. Eventually it might be ok as I'm slowly figuring out ways of getting things done. It's like taking your organized file cabinet and dumping it out on the floor. You have to look through every thing to find what your looking for. I guess they were going for the I pad app look?
|
|
|
|
PrintMule
|
|
October 28, 2013, 10:59:38 AM |
|
Give it a week and you'll be fine. Just delete unused tiles from start menu to make it clean and organised. I personally skip it on auto and use icons on a taskbar/desktop
If you want to go to desktop Win+D If you want to shut down - Alt+F4 from desktop with nothing in focus
On my gf's laptop - I've set the power button to shutdown, and closing lid to sleep,which is best I think.
If you miss start button too much - there's a lightweight fanmade software for that, butI don't think that's so necessary.
Funny thing - in win8.1 they have added (kinda) the start button back
and the MOST IMPORTANT combo - WIN+X (includes everything you need in 8, and even more in 8.1)
|
|
|
|
proudhon
Legendary
Offline
Activity: 2198
Merit: 1311
|
|
October 28, 2013, 07:19:32 PM |
|
You don't necessarily need a separate laptop. I've outlined it around here before, but you can create a bootable Windows 8 USB drive from the freely available Windows 8 Enterprise trial. When you setup the OS, just don't connect to any networks, and then once the OS is setup, go in and disable/uninstall all network drivers.
You can encrypt the whole USB, encrypt your user folder, and encrypt your Armory wallet (triple encryption). You could get even fancier with Trucrypt, if you want. This has the advantage of an offline wallet that can be plugged into just about any machine and booted into. Just make sure to disconnect any wired network connections before you plug it into a computer. Wifi isn't a problem because, as previously mentioned, you'll have disabled/uninstalled any Wifi drivers upon first boot and shouldn't have ever allowed the OS access to a network. Plus you can image the USB and make lots of backups. It's a much more flexible alternative to a dedicated offline computer.
|
Bitcoin Fact: the price of bitcoin will not be greater than $70k for more than 25 consecutive days at any point in the rest of recorded human history.
|
|
|
xephyr
|
|
October 28, 2013, 08:44:03 PM |
|
Give it a week and you'll be fine. Just delete unused tiles from start menu to make it clean and organised. I personally skip it on auto and use icons on a taskbar/desktop
If you want to go to desktop Win+D If you want to shut down - Alt+F4 from desktop with nothing in focus
On my gf's laptop - I've set the power button to shutdown, and closing lid to sleep,which is best I think.
If you miss start button too much - there's a lightweight fanmade software for that, butI don't think that's so necessary.
Funny thing - in win8.1 they have added (kinda) the start button back
and the MOST IMPORTANT combo - WIN+X (includes everything you need in 8, and even more in 8.1)
I hear you. I ripped Windows 8 from my offline computer and replaced with Ubuntu. Only hitch was finding a version that would install and also provide full disk encryption, finally found Ubuntu 12.04 LTS. You have to use the alternate installer if you want 12.04 with full disk encryption and Ubuntu is being a pain about making it easy to find. You have to download by torrent from http://www.ubuntu.com/download/alternative-downloads#mirrorsUbuntu works great for an Armory offline wallet and if you use the version with full disk encryption your entire computer is password protected. No need to run Armory from a Truecrypt container, but that is an option.
|
|
|
|
etotheipi
Legendary
Offline
Activity: 1428
Merit: 1093
Core Armory Developer
|
|
October 28, 2013, 11:28:26 PM |
|
Extra credit: have the offline computer encrypted using a USB key, instead of a password. Your wallet on the computer is already protected with a password, and using the same password for the disk encryption is mostly redundant (though it's better than nothing). I know it's possible to /dev/random data on a USB key, and have the bootloader use that as the FS encryption key. But it's been a long time since I've done that, so I don't remember how.
It will improve the "hardness" of the system if it is stolen, as long as you don't keep the USB key with the laptop. If they don't have the USB key, there's basically no way to even brute force the FS encryption. If the thief gets both the key and the system, well there's still the wallet password that has to be found (unless you wrote the unencrypted key data to disk; which should not happen with standard Armory operations, but it's nice to have the extra layer of protection).
If anyone has more details about doing this, I'd love to be reminded. I've been meaning to upgrade one of my offline systems to that method, but been too busy to go figure it out again.
|
|
|
|
xephyr
|
|
October 29, 2013, 01:53:32 AM |
|
I would prefer that the addresses or the amount in bitcoin in an Armory wallet should not be visible until the password is entered. I believe from a previous post I read that password protecting the addresses and balance will be an option in the new wallet upcoming. I like the idea of the USB key, a quick search found this approach - http://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfile
|
|
|
|
etotheipi
Legendary
Offline
Activity: 1428
Merit: 1093
Core Armory Developer
|
|
October 29, 2013, 02:29:50 AM |
|
I would prefer that the addresses or the amount in bitcoin in an Armory wallet should not be visible until the password is entered. I believe from a previous post I read that password protecting the addresses and balance will be an option in the new wallet upcoming. I like the idea of the USB key, a quick search found this approach - http://www.howtoforge.com/automatically-unlock-luks-encrypted-drives-with-a-keyfileDuh! Of course. I forget the people care about the public information, too. I think the full-disk encryption is still a good idea for security, but it obviously has big privacy benefits. Thanks for the link. That's close to what I used in the past, and I may use that technique for other things. However, I'm not sure if it works for full-disk/OS encryption. Can you use it with your home directory and/or OS such that the key needs to be present right after POST in order to boot? I remember having to either type a password, or insert the USB key to boot my computer. In this case, I'd want only the USB key.
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
October 29, 2013, 02:38:41 AM |
|
Thanks for the link. That's close to what I used in the past, and I may use that technique for other things. However, I'm not sure if it works for full-disk/OS encryption. Can you use it with your home directory and/or OS such that the key needs to be present right after POST in order to boot? I remember having to either type a password, or insert the USB key to boot my computer. In this case, I'd want only the USB key.
LUKS itself supports multiple key slots where each key slot could be a typed-in passphrase or a key file stored on USB, etc. If you only want one slot then just use the key file when you create the encrypted volume and don't also add a passphrase. As long as your preferred method of booting your system supports it, you can encrypt just /home or the entire disk just as easily. Personally I boot from a USB drive so that I can use LUKS on the raw block device for the hard drive, then use LVM to partition the encrypted volume. The best solution for whole disk encryption is to use Dracut as your initramfs. It can handle boot configurations of arbitrary complexity. On the other hand, I've always compiled my own kernels and such and so feel pretty comfortable customizing the low level details of the boot process. I'm not easy it would be to use Dracut with a distro like Ubuntu that doesn't expect users to mess with that kind of thing on their own.
|
|
|
|
Kyune
|
|
October 29, 2013, 06:21:03 AM |
|
I would prefer that the addresses or the amount in bitcoin in an Armory wallet should not be visible until the password is entered. I believe from a previous post I read that password protecting the addresses and balance will be an option in the new wallet upcoming.
I concur that this would be a great option to have. Any such plans, particularly with watch-only wallets? It would obviously need to be a different password that the underlying password that encrypts the full wallet.
|
BTC: 1K4VpdQXQhgmTmq68rbWhybvoRcyNHKyVP
|
|
|
Roy Badami
|
|
October 29, 2013, 09:50:58 PM |
|
Your wallet on the computer is already protected with a password, and using the same password for the disk encryption is mostly redundant (though it's better than nothing).
I disagree. It protects against problems with sensitive data getting accidentally written to disk (swap files, hibernation files, etc). I think best practice should be to use full disk encryption on the offline computer, even if Armory takes the best precautions it can to prevent such problems. I know it's possible to /dev/random data on a USB key, and have the bootloader use that as the FS encryption key. But it's been a long time since I've done that, so I don't remember how.
It will improve the "hardness" of the system if it is stolen, as long as you don't keep the USB key with the laptop. If they don't have the USB key, there's basically no way to even brute force the FS encryption. If the thief gets both the key and the system, well there's still the wallet password that has to be found (unless you wrote the unencrypted key data to disk; which should not happen with standard Armory operations, but it's nice to have the extra layer of protection).
If anyone has more details about doing this, I'd love to be reminded. I've been meaning to upgrade one of my offline systems to that method, but been too busy to go figure it out again.
If you're confident that the swap/hibernate problem is not a major problem, then surely you can solve the problem entirely within the Armory code. Just introduce an option to allow the wallet encryption key to be provided on a USB key. roy
|
|
|
|
etotheipi
Legendary
Offline
Activity: 1428
Merit: 1093
Core Armory Developer
|
|
October 29, 2013, 10:04:59 PM |
|
Your wallet on the computer is already protected with a password, and using the same password for the disk encryption is mostly redundant (though it's better than nothing).
I disagree. It protects against problems with sensitive data getting accidentally written to disk (swap files, hibernation files, etc). I think best practice should be to use full disk encryption on the offline computer, even if Armory takes the best precautions it can to prevent such problems. (1) I said "mostly" for the exact reasons you just mentioned (2) In the next post I retracted the statement because I wasn't thinking about the privacy aspect. If I thought it was totally redundant, I wouldn't be doing it myself I know it's possible to /dev/random data on a USB key, and have the bootloader use that as the FS encryption key. But it's been a long time since I've done that, so I don't remember how.
It will improve the "hardness" of the system if it is stolen, as long as you don't keep the USB key with the laptop. If they don't have the USB key, there's basically no way to even brute force the FS encryption. If the thief gets both the key and the system, well there's still the wallet password that has to be found (unless you wrote the unencrypted key data to disk; which should not happen with standard Armory operations, but it's nice to have the extra layer of protection).
If you're confident that the swap/hibernate problem is not a major problem, then surely you can solve the problem entirely within the Armory code. Just introduce an option to allow the wallet encryption key to be provided on a USB key. Many encrypted OS solutions also encrypt the swap, and doing so will disable suspend/hibernate. I recommend using that option. Alternatively, it should be possible to setup the offline system without swap. It will complain during installation about how important it is to have a swap partition, but I think it usually lets you do it anyway. Given how little resources are needed for the offline system, I wouldn't think twice about disabling swap. But I haven't actually tried this.
|
|
|
|
Kenshin
|
|
October 29, 2013, 10:14:19 PM |
|
I think for starter, forget about Windows OS. Install Linux, it is safer.
I don't see the point of full disk encryption. It takes longer to boot. I prefer using Truecrypt, and have the encryption volume instead.
|
|
|
|
Roy Badami
|
|
October 29, 2013, 10:29:41 PM |
|
Many encrypted OS solutions also encrypt the swap, and doing so will disable suspend/hibernate. I recommend using that option. Alternatively, it should be possible to setup the offline system without swap. It will complain during installation about how important it is to have a swap partition, but I think it usually lets you do it anyway. Given how little resources are needed for the offline system, I wouldn't think twice about disabling swap. But I haven't actually tried this.
Actually, I thought Windows hibernation worked fine with Truecrypt FDE. Restoring from a hibernation goes through the normal boot process, so the key is prompted and the driver loaded just like for a normal boot. Some systems are nasty, though - e.g. OS X FileVault 2 FDE caches the keys in the EFI BIOS storage before suspending. (But then FileVault 2 also really, really wants to use your account login password as the FDE passphrase, too - despite most people not using account paswords that are long enough to be ideal for FDE.) ETA: It's hard, but not impossible, to set up FileVault 2 securely. I could provide some pointers if anyone is interested. Still, can't you achieve something very close to what you want by allowing Armory to accept wallet encryption data from a USB key, and then applying FDE with a conventional passphrase? roy
|
|
|
|
|