Bitcoin Forum
December 04, 2016, 04:15:32 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 [9]  All
  Print  
Author Topic: Improving Offline Wallets (i.e. cold-storage)  (Read 17731 times)
gokudev
Jr. Member
*
Offline Offline

Activity: 30


View Profile
April 28, 2014, 02:27:02 AM
 #161

Are there any problems with using a vpn connection instead of a usb ? What are some possible security risks?

If the VPN connection is based on OpenVPN, which uses OpenSSL by default, there would be for example the heartbleed bug, if it is not yet fixed on the machine you use.

So windows servers are not affected by this bug. Microsoft uses something called sstp to secure vpn.



It totally depends on the software used.
But in genertal, the more complex and big a system is, the more points of failure there are. And here, we have two instead of one computer, they both are online, and you have a vpn in between. Enhanced physical security may be worth it, depending on the situation. Nice to know that noone can just break in, grab a computer, and has everything he needs.

Edit:
The important part is to distinguish two designs:
- "security measures in parallel", like a chain where you only have to break the weakest link (break one of the two computers or the VPN)
- "security measures in series", like layers where you have to break through all of them (like n-of-m, on paper wallets, encrypted)

Besides that, a "safe fallback" is good. "If anything irregular happens, it all shuts down and is fine" (like full hdd encryption for example). Also, consider every single component to be compromised. A million bonus points for designing a setup where every single component may be compromised at the same time, and you still don't lose :-)

Ente

Ente

The system I am building for a project, will be responsible for transferring unsigned transactions from hot storage to cold storage, signed them and bring them back online via some api and broadcast them. The setup I have come up with is using VPN over SSTP protocol which is not affected by the heartbleed bug and 2 form authentication on azure. So the idea is everytime a user wants to either withdraw funds from cold storage or send bitcoins/altcoins and if there isnt enough coins in the hot wallet, the user would have to vpn into the cold storage and provide 2fa. Then the cold storage server will sign the transaction and send back the signed transaction to the hot storage through vpn.

 

1480868132
Hero Member
*
Offline Offline

Posts: 1480868132

View Profile Personal Message (Offline)

Ignore
1480868132
Reply with quote  #2

1480868132
Report to moderator
1480868132
Hero Member
*
Offline Offline

Posts: 1480868132

View Profile Personal Message (Offline)

Ignore
1480868132
Reply with quote  #2

1480868132
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480868132
Hero Member
*
Offline Offline

Posts: 1480868132

View Profile Personal Message (Offline)

Ignore
1480868132
Reply with quote  #2

1480868132
Report to moderator
Ente
Legendary
*
Offline Offline

Activity: 1834



View Profile
April 28, 2014, 05:09:51 PM
 #162

So the online computer has all necessary info, passwords, certificates, to connect to the 'offline' computer and have the transaction signed? With no human interaction? This sounds like a completely online system for me.
Yes, you wrote about 2FA. It might be safe when you do all of this right, including having things in mind like MITM- and replay-attacks.
The point about "cold storage", "offline computer" and "airgap", is, well, the non-connectivity to any other system besides the operator sitting in front of it ;-)

Ente
huanghq
Member
**
Offline Offline

Activity: 69


View Profile
March 06, 2015, 08:08:53 AM
 #163


I write a simple application to transfer data through air gap by QR code movies:

flipqr
https://bitcointalk.org/index.php?topic=978033.msg10676780

Pages: « 1 2 3 4 5 6 7 8 [9]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!