Bitcoin Forum
April 21, 2014, 12:12:22 PM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2  All
  Print  
Author Topic: Simplest USB stick cold storage.  (Read 1499 times)
Dan The Man
Sr. Member
****
Offline Offline

Activity: 280


View Profile

Ignore
March 29, 2012, 11:43:24 AM
 #1

What is the simplest way to get my bitcoins securely onto multiple usb sticks?

I don't want to futz around with extra operating systems or offline computers. I don't want to have to remember long passphrases. I am okay with the risk of assuming that I don't have any keyloggers on my computer at this moment. I don't need to be able to spend them anytime soon. What I want is basically a bunch of public addresses I can email to myself that I can safely send bitcoins to and have no worry of them disappearing in a computer crash or future hacking event.

Thanks.
1398082342
Hero Member
*
Offline Offline

Posts: 1398082342

View Profile Personal Message (Offline)

Ignore
1398082342
Reply with quote  #2

1398082342
Report to moderator
1398082342
Hero Member
*
Offline Offline

Posts: 1398082342

View Profile Personal Message (Offline)

Ignore
1398082342
Reply with quote  #2

1398082342
Report to moderator
Unbeatable Service & Product Support
Grab Your Miners at GAWMiners.com
Order Before April 25th to receive
Double your Hashing Power for 1 week!

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1398082342
Hero Member
*
Offline Offline

Posts: 1398082342

View Profile Personal Message (Offline)

Ignore
1398082342
Reply with quote  #2

1398082342
Report to moderator
DeathAndTaxes
Donator
Hero Member
*
Offline Offline

Activity: 966



View Profile WWW

Ignore
March 29, 2012, 11:48:25 AM
 #2

Copy the unencrypted wallet.dat to multiple usb drives.

Still you need to be wary on keylogger not just now but any point in the future you use the USB drive. 

Say you store 100,000 BTC to those private keys over the next three decades.  You plug the USB drive in 2042 for the first time.  The inject computer instantly detects an unencrypted wallet.dat circa v0.6 client and makes a copy, transfers the balance to the attackers computer all in <1 sec.

Honestly if you want offline security use offline security and forget the USB drive.

https://www.bitaddress.org

Gerald Davis  CEO, Tangible Cryptography Inc.
BitSimple. A simpler way to buy and sell bitcoins
bitdragon
Hero Member
*****
Offline Offline

Activity: 603


peace


View Profile WWW

Ignore
March 29, 2012, 11:56:35 AM
 #3

Thanks for the bitaddress.org

I saved the webpage and seem to be able to generate new addresses like that as well.
Is there any difference/safer in proceeding like that?
Is the SHA-1.......html specific to my computer?


Revalin
Hero Member
*****
Offline Offline

Activity: 700


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile

Ignore
March 29, 2012, 12:02:55 PM
 #4

+1 bitaddress.org.  Minimum futzing, paper is very reliable, and it prevents bulk-stealing your keys when you go to redeem them in the future.  You can also save a copy to USB if you want.

The sha1 f2e410251c8741ac65d29a1c6fb8ef6919b6ab8b hash is the same as everyone gets for version 1.5.  It's the sha1-sum of the actual web page itself.  This lets you verify that you have a legitimate copy of the page.  Yes, it works fine from a local copy.

Edit: More info about bitaddress here: https://www.bitaddress.org/pgpsignedmsg.txt

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
Dan The Man
Sr. Member
****
Offline Offline

Activity: 280


View Profile

Ignore
March 29, 2012, 12:14:20 PM
 #5

Has anyone been able to verify for certain that bitaddress doesn't keep any logs?
DeathAndTaxes
Donator
Hero Member
*
Offline Offline

Activity: 966



View Profile WWW

Ignore
March 29, 2012, 12:35:49 PM
 #6

Has anyone been able to verify for certain that bitaddress doesn't keep any logs?

The code doesn't send anything anywhere temporarily or otherwise, everything is done locally on the browser via javascript. 

I have looked over the code (it is just just javascript all the code is right there) and there is no communication to any server.

Still I would recommend that a user do what the the author has recommended ... save a local copy of the generation page.


1) save a local copy of the webpage from http://bitaddress.org
2) disconnect from the internet
3) generate your addresses
4) print 2+ copies (and/or encrypt a copy of output and store)
5) close browser, delete all files, and reboot
6) store your print or encrypted digital copies in multiple safe locations.

Gerald Davis  CEO, Tangible Cryptography Inc.
BitSimple. A simpler way to buy and sell bitcoins
Ente
Hero Member
*****
Offline Offline

Activity: 966



View Profile

Ignore
March 29, 2012, 12:57:27 PM
 #7

..or eject the linux-live-cd or delete the virtual machine file.

/paranoia off

Ente

ah, screw that!
/paranoia on
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile

Ignore
March 29, 2012, 01:03:31 PM
 #8

Don't forget to laminate that paper and stick it in a safe!

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
MaxSan
Sr. Member
****
Offline Offline

Activity: 363


View Profile

Ignore
March 29, 2012, 01:29:09 PM
 #9

An Ironkey is easy enough, secure enough, strong enough.

Id trust it up to atleast 5 figures. Personally.
DeathAndTaxes
Donator
Hero Member
*
Offline Offline

Activity: 966



View Profile WWW

Ignore
March 29, 2012, 01:30:23 PM
 #10

An Ironkey is easy enough, secure enough, strong enough.

Id trust it up to atleast 5 figures. Personally.

Every byte of flash ever created will eventually fail that is an absolute guarantee.

Gerald Davis  CEO, Tangible Cryptography Inc.
BitSimple. A simpler way to buy and sell bitcoins
Ente
Hero Member
*****
Offline Offline

Activity: 966



View Profile

Ignore
March 29, 2012, 02:06:18 PM
 #11

An Ironkey is easy enough, secure enough, strong enough.

Id trust it up to atleast 5 figures. Personally.

Every byte of flash ever created will eventually fail that is an absolute guarantee.

well, "eventually" is quite open, not?
But I agree, flash stands no chance to survive as long as plain (acid-free) paper written with a pen.
A laserprinter-print should work fine for several lifespans too.
Pro-mode: engrave a metal plate with the privkey. Should survive much about anything, including mould, water, fire.
Use steel for high temperature resistance, copper/brass for high corrosion resistance, silver for being cool! :-)

Ente
Phinnaeus Gage
Hero Member
*****
Offline Offline

Activity: 1050


Bitcoin: An Idea Worth Spending


View Profile WWW

Ignore
March 29, 2012, 03:06:43 PM
 #12

Quote
Say you store 100,000 BTC to those private keys over the next three decades.  You plug the USB drive in 2042 for the first time.  The inject computer instantly detects an unencrypted wallet.dat circa v0.6 client and makes a copy, transfers the balance to the attackers computer all in <1 sec.

That's, assuming of course, USB drives will still be around in 2042.



DeathAndTaxes
Donator
Hero Member
*
Offline Offline

Activity: 966



View Profile WWW

Ignore
March 29, 2012, 03:42:30 PM
 #13

USB drives may not be made anymore but USB ports will probably exist either natively or via adapters.

RS-232 (serial) has been around since the 1960s and most computers today have a serial port (if only as a MB header).  If they don't USB to serial adapters exist.

Gerald Davis  CEO, Tangible Cryptography Inc.
BitSimple. A simpler way to buy and sell bitcoins
Phinnaeus Gage
Hero Member
*****
Offline Offline

Activity: 1050


Bitcoin: An Idea Worth Spending


View Profile WWW

Ignore
March 29, 2012, 03:48:16 PM
 #14

USB drives may not be made anymore but USB ports will probably exist either natively or via adapters.

RS-232 (serial) has been around since the 1960s and most computers today have a serial port (if only as a MB header).  If they don't USB to serial adapters exist.

Got it! BTW, where would you plug it in?



DeathAndTaxes
Donator
Hero Member
*
Offline Offline

Activity: 966



View Profile WWW

Ignore
March 29, 2012, 03:51:12 PM
 #15

That port right there on the left.   I can get a lightstream to legacy USB adapter from Walmart for 3 mBTC.

Gerald Davis  CEO, Tangible Cryptography Inc.
BitSimple. A simpler way to buy and sell bitcoins
Nim
Jr. Member
*
Offline Offline

Activity: 53


View Profile

Ignore
March 29, 2012, 06:36:20 PM
 #16

Has anyone been able to verify for certain that bitaddress doesn't keep any logs?

The code doesn't send anything anywhere temporarily or otherwise, everything is done locally on the browser via javascript. 

I have looked over the code (it is just just javascript all the code is right there) and there is no communication to any server.

Still I would recommend that a user do what the the author has recommended ... save a local copy of the generation page.


1) save a local copy of the webpage from http://bitaddress.org
2) disconnect from the internet
3) generate your addresses
4) print 2+ copies (and/or encrypt a copy of output and store)
5) close browser, delete all files, and reboot
6) store your print or encrypted digital copies in multiple safe locations.

You forgot to purge the printer's memory after you print and burn a blanking document (to prevent people from looking at the next document that comes out of your laser printer with a microscope).

If you guys want to go that far into the depths of paranoia, your printer is a huge security hole that most people don't do anything about.
Stephen Gornick
Hero Member
*****
Offline Offline

Activity: 1246



View Profile WWW

Ignore
March 29, 2012, 07:05:14 PM
 #17

1) save a local copy of the webpage from http://bitaddress.org
2) disconnect from the internet
3) generate your addresses
4) print 2+ copies (and/or encrypt a copy of output and store)
5) close browser, delete all files, and reboot
6) store your print or encrypted digital copies in multiple safe locations.

You forgot to purge the printer's memory after you print and burn a blanking document (to prevent people from looking at the next document that comes out of your laser printer with a microscope).

If you guys want to go that far into the depths of paranoia, your printer is a huge security hole that most people don't do anything about.

Paranoia?  

If the system was infected with malware that does screen captures even when offline, then even your "offline paper wallet" is at risk.

Quote
Some malware families are capable of generating a screen capture with every mouse click during login, then sending the captured sequence of screens to the fraudster, where they can be sifted through visually to steal login credentials.
- http://www.technewsworld.com/story/74461.html

Also
 - http://usa.visa.com/download/merchants/key-logger-key-stroke-and-screen-capture.pdf

Now if you are storing small amounts to the paper wallet, ending up with a paper wallet created from a compromised system might be a risk you are willing to take.  But since some people are putting larger amounts or are using the wallet for long-term savings of bitcoins, they should know that doing the above only after booting from a trusted live-CD (such as an official Ubuntu release) is the significantly more secure approach.

Ente
Hero Member
*****
Offline Offline

Activity: 966



View Profile

Ignore
March 29, 2012, 09:10:38 PM
 #18

You forgot to purge the printer's memory after you print and burn a blanking document (to prevent people from looking at the next document that comes out of your laser printer with a microscope).

If you guys want to go that far into the depths of paranoia, your printer is a huge security hole that most people don't do anything about.

Whoa! Thats news to me!
I only knew about printers marking printouts with tiny yellow dots to make them uniquely identificable, and that some typewriters and needle-printers (oh, and labelprinters too!) have a printing ribbon where you can read exactly what was printed.. Talking about paranoia, huh?

Hmm.. I will have to investigate in that ghost-images on the next printout some day. Interesting. Paranoia: this reminds me on the cold-boot-attack, where you reboot a computer with your own OS (USB-drive) to read out the still readable data from the RAM, or simply pry out the RAM modules after supercooling them and read out the data on another computer..

If its that far, you probably wont like the idea to print/write the priv key, walk to a jeweller and give him that key to engrave in some metal piece. Do it quick, before Bitcoins and keys are widely recognized! :-)

Ente

 
Revalin
Hero Member
*****
Offline Offline

Activity: 700


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile

Ignore
March 30, 2012, 03:40:08 AM
 #19

I'm not a fan of IronKeys.  Just use TrueCrypt on a regular USB drive.

Inkjets are better than laser for this purpose since they don't have problems with ghost images.  Unfortunately the inks are water soluble, so make sure you laminate the pages.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile

Ignore
March 30, 2012, 05:00:44 AM
 #20

Quote
Some malware families are capable of generating a screen capture with every mouse click during login, then sending the captured sequence of screens to the fraudster, where they can be sifted through visually to steal login credentials.
- http://www.technewsworld.com/story/74461.html

Also
 - http://usa.visa.com/download/merchants/key-logger-key-stroke-and-screen-capture.pdf

Now if you are storing small amounts to the paper wallet, ending up with a paper wallet created from a compromised system might be a risk you are willing to take.  But since some people are putting larger amounts or are using the wallet for long-term savings of bitcoins, they should know that doing the above only after booting from a trusted live-CD (such as an official Ubuntu release) is the significantly more secure approach.


for this reason you might consider putting together an 'offline' computer specifically for this purpose (i.e. a computer that is never put back online). ...or use an old $50 laptop with the wifi thoroughly disabled.

once you're done with it, melt it.
Pages: [1] 2  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!