How secure is this method of securing bitcoins? (Linux experts requested)

[go1111111]

Here is the method I plan on using to secure my bitcoins. There are two computers involved here: my Windows desktop, which is always connected to the Internet, and my laptop which I plan to use only for bitcoin stuff. Steps on my windows desktop begin with "D:", and steps on my laptop begin with "L:":

(1) D: Download Linux Mint 15 (64 bit) from http://www.linuxmint.com/edition.php?id=132 on my Windows machine
(2) D: Create a bootable USB with the above file, using http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/
(3) L: Using the above bootable USB, reformat my laptop'd HD, do a fresh install of Mint.
(4) L: Log in for the first time, connect the machine to the Internet
(5) L: Immediately run apt-get update and apt-get dist-upgrade to make sure I have all the latest versions of everything
(6) L: Run "apt-get install bitcoin-qt" and run bitcoin-qt and download the block chain
(7) L: Disconnect from the Internet
(8 ) L: Create a new encrypted wallet, creating a new password, and generate a bunch of key pairs
(9) L: Back up wallet and copy it to a USB drive that was freshly formatted on my Windows machine.
(10) W: Copy the newly created wallet to my Bitcoin-qt directory on my Windows machine
(11) W: Copy the wallet to a bunch of other USB drives and store them in different physical locations
(12) W: Give out the public keys that I generated on my Linux laptop (now visible in Bitcoin-QT on my Windows machine to anyone who wants to send me bitcoins.

Up until this point, my laptop has been completely disconnected from the Internet starting from before I encrypted my wallet. I've never typed my wallet password on any machine that has been "online".

How many bitcoins would you feel comfortable keeping in a wallet that was protected in this way (steps 1-12)?

These are the main security risks I see:

Security risk A: My password is bad, and my Windows machine is compromised so an attacker can get my wallet and crack my password. If my password is good, this isn't an issue.
Security risk B: Somehow the USB drive was compromised, either during/while I was creating the bootable image on my windows machine, or an attacker compromised my laptop between step 4-9, possibly installed a key-logger, and this key-logger was able to copy it's information onto the USB drive while I was performing step 9, and then this info was somehow sent to the attacker during/after step 10.

Regarding risk B, how likely is it that someone could penetrate a freshly installed copy of Mint via the Internet connection? Especially before I had installed the latest versions of all the packages? Should I worry about my security being significantly less before I update all my packages? And even if an attacker could infect my system, how likely is it that their virus/logger could be sophisticated enough to hop onto the USB stick around step 9 and then later be able to send my wallet password + wallet to the attacker after step 10?

Now suppose I connect my laptop to the Internet once per week for about an hour each time, after the above steps, and actually use it to send bitcoins by typing in the wallet password while connected to the Internet? This machine only has the default Mint programs plus Bitcoin-QT.

How many bitcoins would you now feel comfortable keeping in this wallet? (with the addition of the last step of connecting it to the Internet now and then).

Thanks!

[keatonatron]

What do you mean by secure?

If you just want to save your bitcoins, you don't even need to move your wallet file off the linux machine. Just create a list of addresses to send coins to.

If you want to be able to store AND send coins, a more secure way would be to use Armory's offline transaction method, where you let the Linux box sign transactions and the windows machine broadcast them.

Moving your wallet file to the Windows machine seems to negate a lot of the steps you have taken, and I'm not sure what the point would be if you never unencrypt it (without typing your password into the windows machine, windows itself can't access your wallet to make addresses, etc!)

[go1111111]

I'm mostly trying to get a sense of the probabilities involved. How likely is it that my coins will be stolen in each of the two main scenarios? (Before connecting the laptop to the Internet, and after).

Yeah, I could just write down the public addresses without using the USB stick in step 9. I would like to have the version of Bitcoin-qt on my Windows machine be able to display my total balance of all my addresses though. I assume I can't really do that unless I have the wallet there, but maybe there's a way. Maybe that convenience is not worth it.

I'm actually not that worried about an attacker having only my wallet file. I forgot to mention that I intend to keep my wallet file on Dropbox as well. My wallet password is quite amazing. Are people really worried about people being able to crack AES-256-CBC? Or do people only try to hide their wallets (or double-encrypt them with TrueCrypt) because they are concerned about their password not being terribly strong?

The idea would be that I'd make about 20 addresses initially on the Linux machine, and then when I wanted more I'd copy the latest version of the wallet file back to the Linux machine via USB, make some more, backup the wallet, then copy it to the Windows machine + Dropbox + other USBs.

EDIT: I should add that the main purpose of the above steps is to avoid key loggers. I figure as long as I have really good security around my wallet password, then it's unnecessary to go overboard trying to keep my wallet offline. Obviously doing both would be better, but there's some level of acceptable risk otherwise we'd never cross the street. As long as my risk of bitcoin theft is lower than the risk that an airplane will crash into my apartment, I can live with that.

[keatonatron]

How likely is it that my coins will be stolen in each of the two main scenarios?

Even with an unencrypted wallet just sitting on your computer, it's not very likely unless you were to draw a lot of attention to yourself or download suspicious attachments, etc.

If it takes, for example, a week for someone to hack through your firewall and into your computer, I doubt anyone would go through all that work unless they knew there was something valuable to be found. The biggest danger comes from viruses or other exploits that you can accidentally download if you visit shady websites. Just being smart pretty much eliminates that threat.

A lot of people talk about the best way to keep your coins safe, similar to what you outlined--that doesn't mean every other method is guaranteed to get your coins stolen.

You should really check out Armory. You can add an address in watch-only mode, which will let you check the balance without storing the private keys on your computer. Even if someone has direct, local access to your machine they can't spend the balance.

If you are going to store your wallet on your windows machine or even in Dropbox, that negates the added security of having a separate computer that isn't connected to the internet. But that doesn't mean it's dangerous!

It's like saying the first floor of a building is safer in a fire. If a fire never comes, higher floors are just as safe--but if a fire did come, you might be kicking yourself for not going with the first floor apartment 

My personal recommendation is to have a second computer, disconnected from the internet, to create long-term storage addresses. Don't move the wallet file, just export a list of addresses to send your coins to. For short-term/small-amount transactions, just use armory or Bitcoin-qt on your windows machine and keep your wallet encrypted. As long as you don't announce to the world "I have tons of bitcoins and this is my IP address" (i.e. paint a target on your back for hackers) or download a lot of virus-laden files (i.e. paint a target on your back for automated attacks), you should be just fine.

[go1111111]

Thanks a lot keatonatron. I'll check out Armory. I had thought of looking into it earlier, but after listening to the interview with the guy who wrote it on Let's Talk Bitcoin, I got the idea that there was some probability that I could lose my bitcoins due to some software bug (nothing against the author -- I wouldn't trust myself to write that software either). It seemed like trusting Bitcoin-QT with its large team of developers was a better bet (without having researched Armory at all).

Regarding my negating the benefit from the second computer, I added an edit to my previous post (last paragraph) describing that it's really just to avoid keyloggers. Not sure if my focus on those is misplaced.

EDIT: if anyone does have a sense of the real probabilities involved in my Linux laptop getting infected when I only have bitcoin-qt plus the default programs on it and never browse the web or do anything else with it other than use Bitcoin-QT, please let me know. I'm curious whether it's 1 in a million, 1 in a billion, etc.

[Boba]

Armory is a better solution since you can make offline transactions with it, and have a watch only installation on your online PC to initiate transactions and also watch the balance. With armory your private key is not stored on your online PC. You need to use USB stick to move data for offline transactions between them tho, so it's wise to disable USB autorun. This can be done in Windows using this nifty registry hack:

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
@="@SYS:DoesNotExist"

Copy and paste into a text file and rename it it *.reg. Then add it to windows registry. I don't know how linux handle these things tho.

[keatonatron]

EDIT: if anyone does have a sense of the real probabilities involved in my Linux laptop getting infected when I only have bitcoin-qt plus the default programs on it and never browse the web or do anything else with it other than use Bitcoin-QT, please let me know. I'm curious whether it's 1 in a million, 1 in a billion, etc.

Something has to happen once before you can calculate the probability

As far as I know, no one has ever had a keylogger put on their system when using clean install media, on a clean machine, that only connects to the internet to download and update Bitcoin-QT.

So mathmatically, the probability would be zero.

[brand_new]

I'm not sure how paranoid you are, but it seems to me that using Windows at the end of all of that would kind of damper the steps you took before that., as keatonatron said.

If you want to be extra secure, don't bother connecting the linux laptop to the web to begin with. Download all programs you want to install from another computer, then copy the files and install them on your offline computer.

[b!z]

You could be extra-paranoid, and find/buy a very cheap laptop, take out the wireless card, and use it solely for your cold wallet.

[go1111111]

Something has to happen once before you can calculate the probability

Not if you're a Bayesian

I'm not sure how paranoid you are, but it seems to me that using Windows at the end of all of that would kind of damper the steps you took before that., as keatonatron said.

I'm realizing that my general Bitcoin security philosophy may wrong. I put it in an edit above, but I'm feeling like I should probably get direct feedback on it:

My general strategy is to be extremely careful about protecting my wallet password, but to be very loose with how I protect my actual wallet file. This allows me to eliminate almost all the risk of losing access to my wallet file (since it'll be in so many places, including the cloud), while, if I do it correctly, making an attacker have to actually crack AES-256-CBC in order to steal my bitcoins.

Do people think this is a bad strategy in general, regardless of the specific steps I outlined above?

I know that it does leave me vulnerable to a single point of failure, and I might accidentally reveal the wallet password via human error at some point. But is that the only significant risk?

[justusranvier]

Buy the cheapest used laptop you can find.

Install Ubuntu on it.

Follow the Armory cold storage tutorial.

Problem solved.


Extra credit: Open up the laptop and physicality remove the WiFi adapter.

[go1111111]

My concern is that the Armory codebase has gone through a lot of recent changes, whereas the QT wallet code is more stable, and that therefore the chance that some bug in Armory will cause me to lose all my money is greater than the chance that anyone could crack my QT wallet even if I made it public.

Here's a question I recently asked to the lead Armory developer, but I'm curious to get other people's estimates:

Let's say that you had to give a wallet encrypted with Armory to the NSA, and you knew the NSA would spend their entire budget for one year on trying to crack your wallet and steal your bitcoins. All their employees would devote 100% of their time to this project, and all their computing resources would be used for this project. What's your estimate of the probability that they would succeed in stealing your bitcoins? Does that change if you were forced to create your wallet using Bitcoin-QT?