Bitcoin Forum
October 07, 2022, 04:52:47 PM *
News: Latest Bitcoin Core release: 23.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Cold storage using encrypted, bootable DVDs with SPV wallet and seed  (Read 824 times)
Johnathan (OP)
Newbie
*
Offline Offline

Activity: 39
Merit: 0



View Profile
November 03, 2013, 09:01:30 PM
 #1

I have developed a set of scripts that allow one to take an existing Ubuntu Live DVD ISO image file, customize it, and remaster a new image with all of the contents encrypted with LUKS:

https://github.com/jmcorgan/cryptubuntu

When booting from the DVD, a passphrase is requested to mount the encrypted root filesystem with on-the-fly decryption.

There are many uses for this; consider creating data backups along with the OS and all the software necessary to interact with it.  I use it in my professional work to deliver archived milestones of development projects (with the build environment intact).  The encryption allows the DVD to contain business proprietary and confidential information on it without worrying about 3rd party access.

In the context of Bitcoin, this also allows a new sort of cold storage: By putting a SPV client with a deterministic wallet on it, you can make cheap copies that can live in different places, any of which could provide you access to your bitcoin in an emergency.  Just boot the DVD, provide the decryption passphrase, and let the SPV client download the need blockchain data, which goes into a RAM overlay.  At present this is only ~250MB or so.  With the deterministic seed, access to any of the generated addresses in the future is assured.

The DVD contents, unlike USB drives, are read only.  One may argue the longevity of recordable-DVD storage media vs. USB flash drives, but since they are so cheap to make, you can make many copies.

Since the remastering scripts can take their own output ISO images as the starting point for futher customization and encryption, I'm working on this cold storage concept by developing a plaintext image that has everything needed (Tor, Electrum, what else?), except the user's wallet data.  The ISO image would be able to then be customized by the end user by adding his wallet data to the image, and remastering it, but with encryption turned on.

Of course, this doesn't making choosing a decryption passphrase any simpler; you are essentially daring anyone who has access to the DVD to crack your password to grab your bitcoin.  So all the usual passphrase selection rules apply.  Humans don't supply much entropy.

(Disclaimer: I am not bash script proficient and I'm sure there are many ways to improve things, particularly with corner cases and error checking.  It works for me right now.)
1665161567
Hero Member
*
Offline Offline

Posts: 1665161567

View Profile Personal Message (Offline)

Ignore
1665161567
Reply with quote  #2

1665161567
Report to moderator
1665161567
Hero Member
*
Offline Offline

Posts: 1665161567

View Profile Personal Message (Offline)

Ignore
1665161567
Reply with quote  #2

1665161567
Report to moderator
1665161567
Hero Member
*
Offline Offline

Posts: 1665161567

View Profile Personal Message (Offline)

Ignore
1665161567
Reply with quote  #2

1665161567
Report to moderator
Every time a block is mined, a certain amount of BTC (called the subsidy) is created out of thin air and given to the miner. The subsidy halves every four years and will reach 0 in about 130 years.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
1665161567
Hero Member
*
Offline Offline

Posts: 1665161567

View Profile Personal Message (Offline)

Ignore
1665161567
Reply with quote  #2

1665161567
Report to moderator
1665161567
Hero Member
*
Offline Offline

Posts: 1665161567

View Profile Personal Message (Offline)

Ignore
1665161567
Reply with quote  #2

1665161567
Report to moderator
1665161567
Hero Member
*
Offline Offline

Posts: 1665161567

View Profile Personal Message (Offline)

Ignore
1665161567
Reply with quote  #2

1665161567
Report to moderator
Johnathan (OP)
Newbie
*
Offline Offline

Activity: 39
Merit: 0



View Profile
November 03, 2013, 09:21:50 PM
 #2

I'm working on this cold storage concept by developing a plaintext image that has everything needed (Tor, Electrum, what else?), except the user's wallet data.  The ISO image would be able to then be customized by the end user by adding his wallet data to the image, and remastering it, but with encryption turned on.

Of course, said master image would need to withstand scrutiny that it doesn't contain malware, won't steal your bitcoins when you boot it, etc.  I'm developing it for my own personal use; everyone else will either need to do that themselves, or have some level of trust.

The remastering scripts themselves are simple and easy to check, so as long as you start with an original ISO that you trust, you can trust the output.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!