What risk is there creating a cold storage on a public computer considering...

[9thsky]

1) I'm using a Linux non-persistent live USB.

2) I'm disconnecting the ethernet cable from the computer after downloading Electrum.

3) No one can see the screen.

This would be to create an Electrum wallet and fund using the unsigned method

Also...which would be more secure for the purpose of above...Linux live non-persistent USB...or...Tails?

[ranochigo]

Tails is designed for privacy primarily but you'll be better off using Tails than most of the other Linux distribution since it comes with Electrum preinstalled and you wouldn't need an internet connection in that case.

I find it insecure to do something this sensitive on a public computer. There is a possibility of a rootkit infecting the firmware of the components within the computer and/or it's BIOS so I wouldn't recommend anyone doing anything on insecure computers regardless. Most public computers locks their boot priority so I'm not sure if you would be able to boot from your USB in the first place. If possible, this should be done in a private place and on a computer that you can trust.

[pooya87]

It is best if you bought a hardware wallet if you don't have a PC to create your cold storage in safety of your own home. You can never be sure whether you are leaving anything behind or there is any "surveillance" in the public place you create your cold storage.

[topcoin360]

It is best if you bought a hardware wallet if you don't have a PC to create your cold storage in safety of your own home. You can never be sure whether you are leaving anything behind or there is any "surveillance" in the public place you create your cold storage.

It's almost the same price as a chromebook 

[Farul]

It's almost the same price as a chromebook 

if he gonna store some bitcoin in cold storage, I'm sure he is rich enough to afford it.
btw the cheapest cold storage wallet is probably Blockstream Jade, which is only 40 USD.

[BASE16]

Tails is designed for privacy primarily

This is what they would like you and everybody else to believe.
But if you dive a little bit deeper then you will come up with a different conclusion.
Tails is designed and maintained by the NSA, and is funded by the government.
Follow the money.

[9thsky]

Tails is designed for privacy primarily

This is what they would like you and everybody else to believe.
But if you dive a little bit deeper then you will come up with a different conclusion.
Tails is designed and maintained by the NSA, and is funded by the government.
Follow the money.

Source?

[NeuroticFish]

Tails is designed and maintained by the NSA, and is funded by the government.
Follow the money.

Aren't the same sources telling that ToR and also Bitcoin were created by NSA?
"Follow the money" always lead ultimately to the same source = those who are printing them  

People seem to love conspiracy theories and spreading them without any proof. I personally I'm sick and tired of them.


Now on topic: Tails may be OK and easier since it has Electrum. But I think that for OP case a hardware wallet may be less insecure, although even then I'd bring my own verified Electrum too...

[ranochigo]

This is what they would like you and everybody else to believe.
But if you dive a little bit deeper then you will come up with a different conclusion.
Tails is designed and maintained by the NSA, and is funded by the government.
Follow the money.

To delve deeper, here's the source code: https://gitlab.tails.boum.org/tails/tails.

Snowden seems to favour tails quite a bit. Unless he's currently working for the NSA, I wouldn't think he would want anything to do with Tails if what you said is true.

[bob123]

Tails is designed for privacy primarily

This is what they would like you and everybody else to believe.
But if you dive a little bit deeper then you will come up with a different conclusion.
Tails is designed and maintained by the NSA, and is funded by the government.
Follow the money.

I hope this is a joke.

People seem to love conspiracy theories and spreading them without any proof. I personally I'm sick and tired of them.

I mean, it is funny to listen to conspiracy theories. But some people are just delusional 
Weak minds are getting caught by that.

Also...which would be more secure for the purpose of above...Linux live non-persistent USB...or...Tails?

Tails is a linux distro just as others are.
It might be pre-configured for more privacy etc.. but if you keep it offline anyway, it doesn't matter.

Just make sure to verify the signature of the downloaded .iso and you are good to go.

[Dabs]

1) I'm using a Linux non-persistent live USB.

2) I'm disconnecting the ethernet cable from the computer after downloading Electrum.

3) No one can see the screen.

1. Are you sure? If it were a CD, then you know nothing can write to it. USB is usually not write protected.

2. Did you check if the wifi is turned off or bluetooth, or any other peripheral device or add-on is there? Did you check the keyboard is not a keylogger?

3. How many other people are in the room? Can you see the CCTV camera behind you that's as small as a phone camera?


Just don't do it in a public computer if at all possible unless you have no choice. If you're creating cold storage, we can assume it is for a significant amount. If it is for a life-changing amount in value, then it's worth more than the price of your own hardware. Get your own laptop or computer or tablet.

[bob123]

1. Are you sure? If it were a CD, then you know nothing can write to it. USB is usually not write protected.

There is no partition for the OS to write to.
He would need to create 2 partitions on the USB and mount the second one to be able to write to it.

So, yes, non-persistent linux distros on a USB flash drive can not write if there is no other partition which can be mounted.

You'd make sure to install a genuine distribution by verifying its signature of course.

[NeuroticFish]

1. Are you sure? If it were a CD, then you know nothing can write to it. USB is usually not write protected.

Even with CD you cannot always be sure (!).
I've had my own experience with a bootable "recovery" (antivirus) CD, I've booted from it, used it, all good, and next day I've noticed that it has left a temporary folder on my C drive (I don't remember though if it was empty or had also files).

So I'd rather check with the community than assume things.



However, overall the points are good.

[bob123]

1. Are you sure? If it were a CD, then you know nothing can write to it. USB is usually not write protected.

Even with CD you cannot always be sure (!).
I've had my own experience with a bootable "recovery" (antivirus) CD, I've booted from it, used it, all good, and next day I've noticed that it has left a temporary folder on my C drive (I don't remember though if it was empty or had also files).

I think he meant that using a CD guarantees that no files are written onto the CD.
And his assumption was, since an USB flash drive is by default not write-protected, a live distro could write files to the USB flash drive.

Obviously, any live distro can write files to a hard drive. But this requires the drive to be mounted. An AV recovery CD might do this by default, but with a proper live distro, you have to do this by hand.

[Dabs]

4. Did you use a blanket to cover your head so no one else sees what you're doing? Is the computer shielded so wireless emanations from the monitor are not captured a few feet away by some evil maid with RF scanning equipment ... Is that Johnny English or James Bond behind you?

5. Is there enough white noise that your key strokes are not recorded by audio and then translated into something readable later?

6. Did you blow up the public computer after you used it?

[bob123]

6. Did you blow up the public computer after you used it?

Ridiculous, you'll be arrested and must pay for the damage.

It's the price you have to pay for a secure cold storage generated on a publicly available and probably (or at least potentially) infected public computer.

Even tho you could buy a private computer for that price and create the cold storage at home... you wouldn't have any fun doing so!

[Porfirii]

probably (or at least potentially) infected public computer.

I'm curious: what are the real probabilities of this possibility to happen?

I use to say that it is better safe than sorry, but I have the feeling that every time someone poses a question about how to create a wallet safely we all go into the worst case scenario and take for granted that this is what is going to happen (me the first one).

Personally, and after questioning my own conventional thoughts, if I had to create it on a public computer, unless I was storing there all my savings, I think that maybe it is not necessary to be so fearful. I guess that many of us know that it is possible to infect these computers with a keylogger or whatever, but then because of ethics and self-control almost no one does it (just some script-kiddies, maybe). And if it happened, afaik, public computers are usually reset every night in order to keep them "clean", apart from other security measures.

So it is not 100% safe, ok, but could we say it is safe in the 99% of the cases? just like using condoms? yes, accidents happen but I think we keep focusing too much on them.

Please, if this reasoning is wrong, challenge it, I consider myself more a noob than any other label in this topic, but sometimes it may be good to hear an outsider's version on mostly consensual thesis like this one creating whatever on a public computer is not safe.

[ranochigo]

I'm curious: what are the real probabilities of this possibility to happen?

Public computers infected with malware is not uncommon. Even with LiveCDs, I wouldn't rule out the possibility of side channel attacks especially when everyone has access to it, a seemingly harmless USB at the back of the computer, a VGA splitter, an additional connection between the keyboard and the computer, etc. I don't consider this paranoia as you're supposed to be at least this paranoid if you have to generate a wallet that could possibly contain your entire year worth of wages.

So it is not 100% safe, ok, but could we say it is safe in the 99% of the cases? just like using condoms? yes, accidents happen but I think we keep focusing too much on them.

I don't consider public computers safe precisely because it's public. The loopholes for a bunch of vulnerabilities is unlimited. Wiping the entire OS might not be sufficient, especially if there is a persistent rootkit within the public computers. If it's public enough, then I wouldn't believe that there is a chance that it wouldn't be infected. As with your reference to condoms, I don't think that's a fair comparison at all. Small computers like Raspberry Pis are cheap and would probably give you some reassurance. If you're handling Bitcoins that you can't afford to lose, I don't think you would settle for anything less than that.

A cold storage is supposed to be secure anyways. If you consider the wallet being created as a normal wallet then I assume it's alright.

[Porfirii]

A cold storage is supposed to be secure anyways. If you consider the wallet being created as a normal wallet then I assume it's alright.

OK, this makes a lot of sense: if you create cold storage is because you want extra safety, and lacking that creating it from a public computer without further security measures makes no sense.

I now realise that my comment might make sense only when talking about a common wallet (or not, that's why I wrote it, to be challenged ).

Thank you ranochigo.

[bob123]

probably (or at least potentially) infected public computer.

I'm curious: what are the real probabilities of this possibility to happen?

It is hard to precisely answer this question, since i don't have any numbers.
There might be a study made somewhere, but i am not aware of it.

However, i personally, wouldn't ever trust a public computer to be secure. It is simply too easy to infect them. Anyone can gain access to it.

As ranochigo has mentioned, formatting the hard drive might not be enough. Root kits are horrible to deal with.
And further, anyone can gain access to the hardware. This makes it even harder (than it already is) to be sure about the integrity of the hardware.

I really wouldn't be surprised if there was a relatively high number infected (at least with key loggers).