Looking for most secure cold storage laptop

[Elwar]

I am looking to buy a laptop specifically for cold storage. My #1 priority is security.

For this I have been looking at Lenovo laptops with Full Disk Encryption (FDE) hard drives and a CD-RW. And I want it to be light.

I have looked at the Lenovo X1 which is only 3 lbs but I have not seen one with a disk drive.

The reason I want a CD-RW is because I do not trust moving private keys via USB or such storage devices because of things like this http://en.wikipedia.org/wiki/Stuxnet

I want it to be light because I travel and would likely keep it with me when I travel in addition to my regular Internet connected laptop.

I'll be putting Linux on it so I do not care about the OS.

I am hesitant to use external CD writers because I am wary of USB connected devices on a secure system.

I would prefer one with good CPU and RAM because it will also be used for offline software development which I would also like to be protected.

Any thoughts/suggestions?

[1714063012]

1714063012

[1714063012]

1714063012

[1714063012]

1714063012

[MarketNeutral]

Your weakest link is yourself, as you probably know. Lenovo? A good choice. Any system Richard Stallman would use will suffice. And if you're really paranoid, make sure it predates bitcoin.

[maardein]

There are some decent encrypted USB drives as well, which need a password before you can read/write anything.

If you really want to stick with cd, you could use an external writer with eSata interface.

[Elwar]

There are some decent encrypted USB drives as well, which need a password before you can read/write anything.

If you really want to stick with cd, you could use an external writer with eSata interface.

Ya, with viruses shown to be passed via USB I do not trust it since it would have to back and forth between a network connected device and the cold storage.

[InCoinsITrust]

Whats the thing with usb devices?

[xgtele]

IronKey is a good starting point: http://www.ironkey.com/en-US/encrypted-storage-drives/250-personal.html

[escrow.ms]

If you will install Linux, why so worried about usb or malwares like stuxnet.

[MWNinja]

A Raspberry Pi does this extremely well, and has a much lower attack surface (no built in wireless hardware, such as wifi or bluetooth to attack). I've made an easy to install distribution with everything you need, check it out at bitcoinpi.org

[James222]

The best thing in my opinion would be to store them on a cheap computer that's cut off wi-fi. Or give them to a newbie and he sure won't use them! (JK)

[Elwar]

I ended up ordering a Lenovo W540 with an Opal SSD encrypted hard drive which includes a CD RW drive.

I will also be using it for code development so the extra power will be nice.

As for the Linux and USB, I'll still be using a Windows machine for the network connected side of things. I'd use a Linux machine for that too but adding yet another laptop would be a bit much (I basically live out of my suitcase).

Unfortunately the W540 isn't very light.

[InCoinsITrust]

For how much did you get it ? Where ?

[Elwar]

For how much did you get it ? Where ?

I got it for just under $2k straight from Lenovo's website. I had to contact a sales person via their online chat to get the configuration I wanted (plus they had to jump through some hoops to ship to APO).

[Malexo]

Jesus man.  a $200 used laptop off CL would have been more than enough.
Encrypt the shit out of it, unplug it and your good.
Why so many bizarre steps?

[elgreco]

^^^^^ this.

[Rawted]

Chromebook. ~$200, chromeOS (linux based), encrypted (verified boot) and updated automatically, usb/firewire/esata/hdmi ports, 8.5 hour battery life, weighs maybe 1 pound. Super fast.They make fireproof indestructible containers for them for around $150.

[xgtele]

Chromebook. ~$200, chromeOS (linux based), encrypted (verified boot) and updated automatically, usb/firewire/esata/hdmi ports, 8.5 hour battery life, weighs maybe 1 pound. Super fast.They make fireproof indestructible containers for them for around $150.

Good idea! Please tell me more about >They make fireproof indestructible containers for them for around $150.

[Zelek Uther]

A Raspberry Pi does this extremely well, and has a much lower attack surface (no built in wireless hardware, such as wifi or bluetooth to attack). I've made an easy to install distribution with everything you need, check it out at bitcoinpi.org

Raspberry Pi is what I use to generate cold storage keys. How much is a RaspPi, $40 (or less?).

[death_hawk]

They make fireproof indestructible containers for them for around $150.

I'm quite curious about this too.
Although a fire rated safe is about this price as well.

[Warren]

Jesus man.  a $200 used laptop off CL would have been more than enough.
Encrypt the shit out of it, unplug it and your good.
Why so many bizarre steps?

It depends on how many coins you have, and what percentage of your wealth those coins represent.

If you had 5,000 BTC and this represented 90% of your net worth, would you then hesitate to spend $2k on a new secure laptop in order to sleep well at night? 

[maardein]

Jesus man.  a $200 used laptop off CL would have been more than enough.
Encrypt the shit out of it, unplug it and your good.
Why so many bizarre steps?

It depends on how many coins you have, and what percentage of your wealth those coins represent.

If you had 5,000 BTC and this represented 90% of your net worth, would you then hesitate to spend $2k on a new secure laptop in order to sleep well at night? 

I agree with you I would maybe buy new as well in that case, but even then it is plain stupid to spend $2k on it. It is something often seen that people (or companies) with money tend to over spend, just to make sure they get the best. The problem here is that for cold wallet functionality you don't need a core i7, 8GB RAM, full hd display and nVidia Quadro graphics. What he could have bought was a cheap laptop, and put a hardware encrypted ssd in it (or let a company do so). This is like companies spending $400k on a new website, which actually doesn't have that much functionality at all.