Generating private keys on USB flash drive bootable Linux

[pawel7777]

It's advised for BTC private keys to be generated on an offline machine (that never gets connected to the internet) for maximum security. But what would be a good alternative when you don't have an offline machine?
Would it be a good idea to create USB stick bootable Linux (from a trusted source) and then access some trusted key-generator (e.g. bitaddress.org)?
Assuming the sources of Linux and bitaddress are trusted, the risk of private keys getting intercepted by any malware are pretty much only theoretical, right? Or am I missing any risks here?

[1714233583]

1714233583

[1714233583]

1714233583

[garlonicon]

But what would be a good alternative when you don't have an offline machine?

Then you should get one. One laptop with Libreboot (Open Source BIOS), some Linux, Bitcoin Core client without a chain, and then you have it. Usually, when people don't want to set up some additional offline machine, then they use hardware wallets. For me, it is easier to set up some laptop like that, because then I have full control.

Would it be a good idea to create USB stick bootable Linux (from a trusted source)

Why not, but remember that now, there is some malware that can be executed on BIOS level, and bypass your Operating System, if you have for example Intel Management Engine: https://en.wikipedia.org/wiki/Intel_Management_Engine#Ring_%E2%88%923_rootkit

and then access some trusted key-generator (e.g. bitaddress.org)?

I wouldn't call it "trusted". If you generate your keys directly on this website, then it is a bad practice. Even cloning the sources and running them on some online device from the local hard drive, instead of visiting the website, is a bit better, because then at least you will be resistant to some DNS attacks, and some similar-looking websites, where you could have some latin characters, replaced with similar Unicode glyphs from other alphabets. At least if you run things locally, you will see a long local path, like "file:///home/bitcointalk/bitaddress.org-3.3.0/bitaddress.org.html", instead of just "bitaddress.org".

the risk of private keys getting intercepted by any malware are pretty much only theoretical, right?

There are many risks, for example also related to your JavaScript random number generator from your browser, being not random enough. Also, creating a new address is one thing, but how do you want to move those coins in the future? You would need some Bitcoin wallet anyway, so why not start from that? Use Bitcoin Core, Electrum, or whatever, create your keys there, have it protected by some password, use deterministic wallet, and be in a better situation than "I generated keys with bitaddress.org, then which tool should I use next to move them?". Just use some wallet, even if you will have it on some online device, then still, it will be better than having just a JavaScript-based key generator alone, and wondering "what else I need" each time when you will need to go beyond key generation.

[vjudeu]

use deterministic wallet

True, I would add more: you can generate some master private key once, and then store only your public key on your online device. Then, you could generate new keys, without accessing your private key at all. In this situation, you would need your private key, only when you will want to move your coins. And that would be far better than having some generator, that will require you to backup each individual key separately.

Also, if you really have to use some web-based wallet, then at least use a deterministic one, like this: https://iancoleman.io/bip39/ (of course, as with bitaddress.org, you should clone it, and run locally from your hard drive, if you really need something browser-based).
Even better: in this case, you can safely generate some key with Bitcoin Core, dump your master public key, and generate new addresses that will be identical to those generated by your wallet. Also, it works for other wallets too, just choose the proper derivation path, after entering your master public key.

[blue Snow]

But what would be a good alternative when you don't have an offline machine?

Just pick or generate a binary number (0 and 1) on paper then convert it into a word (BIP39) list, then checksum it.

But, of course, you must be Math Savvy. https://armantheparman.com/dicev1/

[pawel7777]

But what would be a good alternative when you don't have an offline machine?

Then you should get one. One laptop with Libreboot (Open Source BIOS), some Linux, Bitcoin Core client without a chain, and then you have it. Usually, when people don't want to set up some additional offline machine, then they use hardware wallets. For me, it is easier to set up some laptop like that, because then I have full control.
(...)

Massive thanks for your advice. Really appreciate it.
Sure, getting offline machine would be the most sensible way, but when you don't have a spare device lying around, buying a used one just to create one address to store not very significant amount of btc seems like an overkill.
And I never understood the appeal of hard-wallets, I know they're pretty useful, but at the end of the day, you still have to trust manufacturer/distributor and their staff.

Just pick or generate a binary number (0 and 1) on paper then convert it into a word (BIP39) list, then checksum it.

But, of course, you must be Math Savvy. https://armantheparman.com/dicev1/

I was thinking about this but that's a bit outside of my comfort zone. I'd be stressing that I might have messed something up in the process and that I won't have an access to my coins.
But thanks for the link, I might play with it a little bit when I have more time.

[jaydee3839]

What about using an encrypted virtual machine, where you disconnect wifi/ethernet while the VM is launched?  Not perfect, but "better" than having it on an always connected host machine and maybe simpler than a live USB.

[ranochigo]

What about using an encrypted virtual machine, where you disconnect wifi/ethernet while the VM is launched?  Not perfect, but "better" than having it on an always connected host machine and maybe simpler than a live USB.

Live USB is an isolated environment, encrypted virtual machine with imminent disconnection from the internet doesn't qualify as being any safer than just having it connected. A lot of malwares are capable of stealing from VMs, even if it is offline. The data is just cached, RAM can still be dumped regardless. A completely isolated environment is much better in comparison and not particularly difficult with an hour of googling.

[LoyceV]

It's advised for BTC private keys to be generated on an offline machine (that never gets connected to the internet) for maximum security. But what would be a good alternative when you don't have an offline machine?

That's what I used to do: reboot from Linux Live DVD, and work offline. But it became annoying and time consuming to leave my normal system and reboot several times (for instance because of an incompatible Electrum version or too low transaction fees when signing offline). I now have a spare laptop for this, which makes it a lot easier.
The laptop doesn't have to be brand new, any cheap second hand laptop will do after you wipe it. Just make sure it has enough RAM, it's nice to be able to boot Knoppix "toram" and work without the (external) DVD drive.

True, I would add more: you can generate some master private key once, and then store only your public key on your online device. Then, you could generate new keys, without accessing your private key at all.

That introduces another risk factor: if your public key gets changed, you're funding someone else's Bitcoin addresses.

Sure, getting offline machine would be the most sensible way, but when you don't have a spare device lying around, buying a used one just to create one address to store not very significant amount of btc seems like an overkill.

The way I see it: a second hand laptop costs about the same as a new hardware wallet.

[Flexystar]

Thank for the good advices. However, it confuses me on one point and that's using the tools offline. For example, there is one bitcoin generator from the GitHub that can be used to generate the address randomly or simply you can have one click address generation. There is a notice from the developer of this tool, "you should use this tool offline for added security". Now the question is what guarantees all of us that when we use these tools offline they do not just go and upload the data that was generated? Like after getting connected with the internet at some point.

I am just raising this doubt out of the safety concern itself. With the growing programming knowledge it may happen that devs can easily implant a program like this within the address generator set to send the info once it is online.

Has there been any discussion about this?

[LoyceV]

what guarantees all of us that when we use these tools offline they do not just go and upload the data that was generated? Like after getting connected with the internet at some point.

Easy: don't ever go online again with your offline system. Always assume there's malware waiting to upload all your private keys.

Has there been any discussion about this?

Yes. It's called air-gapped for a reason. Just disabling your internet connection for a few minutes doesn't give you a cold wallet.

[ranochigo]

Thank for the good advices. However, it confuses me on one point and that's using the tools offline. For example, there is one bitcoin generator from the GitHub that can be used to generate the address randomly or simply you can have one click address generation. There is a notice from the developer of this tool, "you should use this tool offline for added security". Now the question is what guarantees all of us that when we use these tools offline they do not just go and upload the data that was generated? Like after getting connected with the internet at some point.

I am just raising this doubt out of the safety concern itself. With the growing programming knowledge it may happen that devs can easily implant a program like this within the address generator set to send the info once it is online.

Has there been any discussion about this?

The source code. If you're competent with the language, then you should be able to take a quick look at the code and see if they are uploading or interacting with the server when you're running it. However, it is not a perfect assurance as there are tons of things that has to go right for it to be perfectly safe. Using the tool offline doesn't guarantee that it is safe.

A concern that I've brought up previously is that if you're not inspecting the code and compiling it yourself, there is no assurance at the first place even if you use it offline. The entropy can be compromised and your address can be recovered without the need for you to be connected to the internet. The only good counter is just to use those that are well vetted and well-known instead of using some obscure scripts and verify the signature yourself.

[joniboini]

Now the question is what guarantees all of us that when we use these tools offline they do not just go and upload the data that was generated? Like after getting connected with the internet at some point.

Another option is to not use tools like that and stick with community-proven tools like Electrum to generate your wallet/address. I don't think you really need additional tools to randomly create a new address or wallet, to begin with. Sure, it might add extra steps, but if security is your concern I doubt you'd think that's a huge problem.

[BlackHatCoiner]

It's advised for BTC private keys to be generated on an offline machine (that never gets connected to the internet) for maximum security. But what would be a good alternative when you don't have an offline machine?

It'd go like this:

• Download, verify and install a Linux Live OS like Tails.
• Open it up and don't connect to the Internet.
• Generate the seed phrase using the pre-installed Electrum, write it down and save your master public key somewhere.
• Import the master public key and open up Tails every time you want to sign a transaction.

Another good alternative is to use multi-sig, which would mitigate further risks. The above is not ideal, there's room for improvement, but you said it has to be an online machine.

[NotATether]

what guarantees all of us that when we use these tools offline they do not just go and upload the data that was generated? Like after getting connected with the internet at some point.

Easy: don't ever go online again with your offline system. Always assume there's malware waiting to upload all your private keys.

Has there been any discussion about this?

Yes. It's called air-gapped for a reason. Just disabling your internet connection for a few minutes doesn't give you a cold wallet.

If you're on Linux, it is very easy to switch off the networking completely without burning out any hardware cards such as Etherenet or wireless, by leveraging systemd.

Code:

systemctl disable NetworkManager.service
systemctl mask NetworkManager.service

Will turn off all networking on a GUI system (on a server, the network interfaces are unmanaged, meaning you could manually bring them up or down) - it's also advisable to make sure there's no Ethernet cable plugged in and that there are no passwords for WiFi networks saved in any keyring somewhere.

On Windows, there is Safe Mode which has no networking support at all, but then again there's no reason to airgap with Windows. I'm thinking maybe MacOS has something similar.

[Flexystar]

That’s nice, I am more confused now.
So if I am generating an address, making it offline, and if I am supposed to Air-Gap the address then I’m basically making it clear those funds aren’t for my use. It’s like I should be using this technique of saving my funds as if they are gonna sir their for very long period of time. Just like making it a cold wallet.

I don’t know, basically this is similar to one of my smartphone that I use to store my funds on. It’s old so I’m not using it but having a wallet on it and it is turned off so that I can keep it safe. I only turn it on occasionally to update the app and phone software’s.

I assume it’s somehow an air-gap? I think I am safe then with my technique too.

[pawel7777]

So if I am generating an address, making it offline, and if I am supposed to Air-Gap the address then I’m basically making it clear those funds aren’t for my use. It’s like I should be using this technique of saving my funds as if they are gonna sir their for very long period of time. Just like making it a cold wallet.

Pretty much. For active use, you'd obviously need an online wallet (or hard wallet). It should still be a bit safer to generate keys offline, but if you need to transfer keys to an online wallet, that renders the air-gapping irrelevant.

I don’t know, basically this is similar to one of my smartphone that I use to store my funds on. It’s old so I’m not using it but having a wallet on it and it is turned off so that I can keep it safe. I only turn it on occasionally to update the app and phone software’s.

I assume it’s somehow an air-gap? I think I am safe then with my technique too.

Nope. As Loyce said above, if you ever connect your device to the internet (after generating keys) it's no longer air-gapped.

Also note that air-gapping is just one element of creating a secure address. Offline machine won't protect you if the random keys generator is not truly random, i.e. if keys are generated according to some pre-determined pattern, the attacker could recreate them and steal your coins.

[rat03gopoh]

if I am supposed to Air-Gap the address

Bitcoin addresses can't be airgapd, they're still recognized on the blockchain even if you never reveal them anywhere.

I’m basically making it clear those funds aren’t for my use. It’s like I should be using this technique of saving my funds as if they are gonna sir their for very long period of time. Just like making it a cold wallet.

Keeping bitcoins in a cold wallet doesn't mean it has to be long-term or only have one chance to spend at a time.
If you wanna spend some portion of your bitcoins at any time, actually you can keep your device airgapped because your first step of making transactions for this security method (another term: raw transactions) doesn't need to be connected to the internet, then you broadcast the signed raw transactions through a different device connected to the internet.
The only desktop wallet I know of that supports this method is Electrum, and it seems to support the mobile version as well https://bitcointalk.org/index.php?topic=5303860.0

I only turn it on occasionally to update the app and phone software’s.

However, knowing that you occasionally connect your device to the internet, it means your efforts are wasted maintaining that airgap wallet. And I think using the phone as an airgap device isn't recommended, because the apps that support it sometimes crash if not updated.