Bitcoin Forum
December 13, 2024, 07:12:53 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5]  All
  Print  
Author Topic: Is old 3.5 floppy safer than USB drive for cold storage?  (Read 5744 times)
25hashcoin
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500


View Profile
October 11, 2014, 04:32:42 AM
 #81

Many computers with built in webcam have built in wifi so if the OP is trying to avoid using USB period then he would probably not to be dealing with a computer that could have it's wifi antenna enabled (although this is serious tinfoil hat status).

Disable it in the BIOS? Or in the OS on first run? Some come with hardware switches that you can super-glue in the off position? Not really a problem.
I personally don't think it is necessary to go to these extremes (or to the extremes that CIYAM went to above) as I believe the incremental amount of security is low


It may be low, but the additional security measures are what seal off the gaps.

Bitcoin - Peer to Peer Electronic CASH
Newar
Legendary
*
Offline Offline

Activity: 1358
Merit: 1001


https://gliph.me/hUF


View Profile
October 11, 2014, 04:59:10 AM
 #82

If it is in there, in theory it can be used. Some people want to use thicker "tinfoil hats" then others. I personally don't think it is necessary to go to these extremes (or to the extremes that CIYAM went to above) as I believe the incremental amount of security is low

Only if the attacker has access to the device. At that point I wouldn't worry about USB/wifi security issues anymore. You got a bigger problem then.

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
Newar
Legendary
*
Offline Offline

Activity: 1358
Merit: 1001


https://gliph.me/hUF


View Profile
October 11, 2014, 05:01:10 AM
 #83

Most people do not send bitcoin directly from their cold storage to the address(es) they are sending to. In my experience most businesses will have a "hot wallet" that will contain a "target" amount of bitcoin. If the hot wallet gets too low then bitcoin will be transferred from their cold storage into their hot wallet. If the hot wallet starts to get too much bitcoin then the company will transfer some of the bitcoin to their cold storage

I guess it's because "most people" don't use Armory.

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
October 11, 2014, 05:23:06 AM
 #84

It's enough, for me, to live in a gated community with armed guards roaming, with CCTV all over the place. And of course, I am armed myself.

For others, it might not be enough, but usually those kinds of people have other problems and has made enemies. They are either obscenely rich, or politicians.

The head of the largest retail group in my country travels with the minimum entourage of bodyguards. You can easily disappear here, even among the locals, if you even have the slightest idea how. I mean, its not easy, but it's not difficult either.

Back to topic: Just print your wallet or private keys, put it in an envelope, and lock it up in a traditional safe or filing cabinet at home.

Eisenhower34
Legendary
*
Offline Offline

Activity: 906
Merit: 1002



View Profile
October 11, 2014, 06:16:54 AM
 #85

If it is in there, in theory it can be used. Some people want to use thicker "tinfoil hats" then others. I personally don't think it is necessary to go to these extremes (or to the extremes that CIYAM went to above) as I believe the incremental amount of security is low

Only if the attacker has access to the device. At that point I wouldn't worry about USB/wifi security issues anymore. You got a bigger problem then.
Well, in a worse case scenario, an attacker could enable the wifi + somehow capture the private key when it is unencrypted to sign a TX.

I agree that most of the vectors of attack would require physical access and a very good alternative to going crazy with tinfoil is to simply buy a safe and put your computer in your safe when you are not using it
Newar
Legendary
*
Offline Offline

Activity: 1358
Merit: 1001


https://gliph.me/hUF


View Profile
October 11, 2014, 07:02:26 AM
 #86

If it is in there, in theory it can be used. Some people want to use thicker "tinfoil hats" then others. I personally don't think it is necessary to go to these extremes (or to the extremes that CIYAM went to above) as I believe the incremental amount of security is low

Only if the attacker has access to the device. At that point I wouldn't worry about USB/wifi security issues anymore. You got a bigger problem then.
Well, in a worse case scenario, an attacker could enable the wifi + somehow capture the private key when it is unencrypted to sign a TX.

Please explain how he could enable wifi on the device without physical access to the device.



It's enough, for me, to live in a gated community with armed guards roaming, with CCTV all over the place. And of course, I am armed myself.
[...]

Sometimes the "attack" can come from unexpected angles. There was a thread the other day where a guy lost his private keys he had on his phone wallet. Turns out his kids had access to the phone and deleted the Mycelium data (but not the app) to make room for a game they wanted to play.

OTC rating | GPG keyid 1DC91318EE785FDE | Gliph: lightning bicycle tree music | Mycelium, a swift & secure Bitcoin client for Android | LocalBitcoins
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
October 11, 2014, 07:15:59 AM
Last edit: October 12, 2014, 02:20:55 AM by CIYAM
 #87

In regards to getting the WiFi card removed (and I also stuck "plug stubs" into both the Ethernet and *phone* sockets) - this was not about worrying that some criminal might get physical access to the device but instead to ensure that someone like my wife "doesn't accidentally connect it to the internet".

In fact my cold storage is not *even stored on that computer* (I use a Live OS of CIYAM Safe).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Eisenhower34
Legendary
*
Offline Offline

Activity: 906
Merit: 1002



View Profile
October 11, 2014, 06:39:16 PM
 #88

If it is in there, in theory it can be used. Some people want to use thicker "tinfoil hats" then others. I personally don't think it is necessary to go to these extremes (or to the extremes that CIYAM went to above) as I believe the incremental amount of security is low

Only if the attacker has access to the device. At that point I wouldn't worry about USB/wifi security issues anymore. You got a bigger problem then.
Well, in a worse case scenario, an attacker could enable the wifi + somehow capture the private key when it is unencrypted to sign a TX.
Please explain how he could enable wifi on the device without physical access to the device.
I am saying that they would have physical access to the device. Many bitcoin users counter the potential of someone getting physical access to their cold storage with encryption, however the private keys would need to be decrypted temporarily in order to sign a TX. 
funtotry
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


Ever wanted to run your own casino? PM me for info


View Profile
October 12, 2014, 02:19:19 AM
 #89

If it is in there, in theory it can be used. Some people want to use thicker "tinfoil hats" then others. I personally don't think it is necessary to go to these extremes (or to the extremes that CIYAM went to above) as I believe the incremental amount of security is low

Only if the attacker has access to the device. At that point I wouldn't worry about USB/wifi security issues anymore. You got a bigger problem then.
Well, in a worse case scenario, an attacker could enable the wifi + somehow capture the private key when it is unencrypted to sign a TX.
Please explain how he could enable wifi on the device without physical access to the device.
I am saying that they would have physical access to the device. Many bitcoin users counter the potential of someone getting physical access to their cold storage with encryption, however the private keys would need to be decrypted temporarily in order to sign a TX. 
You could easily prevent any potential attack on your cold storage computer by renting a large safe deposit box at your bank and storing a laptop in the safe deposit box with the battery out. Colt storage by definition should not be used very frequently so it should not be easy for even you to access. You can store an unused USB drive with the laptop in the safe deposit box. This would resolve the issue of both your wifi being compromised and that your USB drive could somehow get compromised.

sandykho47
Sr. Member
****
Offline Offline

Activity: 252
Merit: 251

Knowledge its everything


View Profile
October 12, 2014, 09:39:43 AM
 #90

For short term cold storage, CD/DVD & Secure USB (example : Iron Key) is should good enough
For long term cold storage, use best quality DVD & long term Secure USB (this is expensive)

And you might want to encrypt your cold storage file to get more secure
But, i don't reccomended 3.5 floppy because it's difficult to find the reader & i'm afraid floppy disk can working if you don't use for a long time  Sad

Kemampuanku Tidak semua orang memiliki dan dapat melakukannya . Tidak memakan kaum sendiri . dan mempunyai kode etik yang tidak masuk akal.
bf4btc
Hero Member
*****
Offline Offline

Activity: 568
Merit: 500


Smoke weed everyday!


View Profile
October 12, 2014, 11:21:29 AM
 #91

With the news on USB firmware hacks I was wondering if I should add a 3.5" floppy to my online computer to transfer from my cold storage old XP computer that already has a floppy. Would it be safer?
It really depends. If you are a business who is potentially sending bitcoin to customers (and taking money from cold storage to refill your hot wallet) then this would be a bad idea. Floppy disks and floppy drives are much less reliable then a USB drive so if it were to fail you would temporarily be unable allow your customers to receive bitcoin that it owed to them. This could cause your business to have a decreased reputation that could potentially be much more costly then having your bitcoin stolen (it is much easier to recover lost money then to recover lost reputation).

If you would be acting as an individual and would have little reason to need immediate access to your cold storage funds then yes it would be safier

████████████████████████
███████████████████████████
█████████████████████████████
██████████████████████████████
███████████████████████████████
████▄▄▄█████████████████████████
█████████████████████████████████
███████████████████████████████████
██████████████████████████████████
████████████▄▄▄▄▄▄▄████████████████
█████████████████████████████████
████████▀▀▀██████████████████████
████████████████████████████████
████████████████████████████
████▀▀▀▀████████

Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
October 12, 2014, 02:32:25 PM
 #92

It's enough, for me, to live in a gated community with armed guards roaming, with CCTV all over the place. And of course, I am armed myself.
[...]

Sometimes the "attack" can come from unexpected angles. There was a thread the other day where a guy lost his private keys he had on his phone wallet. Turns out his kids had access to the phone and deleted the Mycelium data (but not the app) to make room for a game they wanted to play.

My kids are under 3 years old. While they know how to play on the ipad mini and my phone (and have accidentally deleted apps), I don't have any coins stored there, for precisely that reason, because they keep playing Pou or Fruit Ninja or Temple Run, and keep spending all my hard earned play money.

I would probably reserve a phone unit specifically for bitcoin purposes that no one else uses, but nah, that's what my laptops are for. (full drive encrypted, so no one opens it but me.)

abercrombie
Legendary
*
Offline Offline

Activity: 1159
Merit: 1001



View Profile
October 12, 2014, 03:24:51 PM
 #93

I use 3 layers of encryption for wallets tucked away.

Bip-38 protected private addresses (steal it, it still won't work)
PGP encrypt your CSV spreadsheet
All encased in a TrueCrypt container

Rename it to something like taxes-2007.xls then make a bunch of copies.
sinip
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile WWW
October 12, 2014, 03:46:35 PM
 #94

With the news on USB firmware hacks I was wondering if I should add a 3.5" floppy to my online computer to transfer from my cold storage old XP computer that already has a floppy. Would it be safer?

yeah but why not go all the back to a 5 1/4" floppy.  Now those actually flopped.
And 5.25 floppies are actually much more durable regarding usage as storage than 3.5 floppies. Trust me, I have personal experience. Smiley Numerous 3.5 floppies would go bad for simply no reason at all, even after being left unused in a box, while 5.25 ones I have with some data on them are still usable. Provided you have working 5.25 inch floppy drive, and a PC to plug it into.. Smiley
santaClause
Full Member
***
Offline Offline

Activity: 183
Merit: 100


View Profile
October 12, 2014, 05:39:04 PM
 #95

It's enough, for me, to live in a gated community with armed guards roaming, with CCTV all over the place. And of course, I am armed myself.
[...]

Sometimes the "attack" can come from unexpected angles. There was a thread the other day where a guy lost his private keys he had on his phone wallet. Turns out his kids had access to the phone and deleted the Mycelium data (but not the app) to make room for a game they wanted to play.

My kids are under 3 years old. While they know how to play on the ipad mini and my phone (and have accidentally deleted apps), I don't have any coins stored there, for precisely that reason, because they keep playing Pou or Fruit Ninja or Temple Run, and keep spending all my hard earned play money.

I would probably reserve a phone unit specifically for bitcoin purposes that no one else uses, but nah, that's what my laptops are for. (full drive encrypted, so no one opens it but me.)
In order for this to be sufficiently secure you would need to keep your FDE password long/complex enough so that it cannot easily be guessed and is different from other passwords. Cold storage however, by definition is not used very often. Your risk is that you do not enter your password often enough so that you remember your FDE password and lose access to your computer and private key.
Armadillo
Newbie
*
Offline Offline

Activity: 33
Merit: 0


View Profile WWW
October 12, 2014, 06:08:03 PM
 #96

It seems to me that there is a greater risk in losing your wealth through the volatility of bitcoin itself than from someone stealing your coins out of cold storage. If you have a large portion of your wealth in bitcoin, a hedging strategy may add more security to your purchasing power than etching your info into a tungsten billet....just sayin.
iwillwin
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
October 12, 2014, 07:49:07 PM
 #97

Why do you think it would be safer ? I mean you must have given a thought to it as to why do you feel it would be safer ?
banders
Newbie
*
Offline Offline

Activity: 32
Merit: 0


View Profile
October 13, 2014, 02:45:31 AM
 #98

The Unpatchable Malware That Infects USBs Is Now on the Loose  http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/
vipgelsi
Legendary
*
Offline Offline

Activity: 1736
Merit: 1001


View Profile
October 13, 2014, 02:49:05 AM
 #99

I think the floppy would be safer and kinda cooler.
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
October 13, 2014, 02:53:08 AM
 #100

In order for this to be sufficiently secure you would need to keep your FDE password long/complex enough so that it cannot easily be guessed and is different from other passwords. Cold storage however, by definition is not used very often. Your risk is that you do not enter your password often enough so that you remember your FDE password and lose access to your computer and private key.

Thanks for your concern. This should not be a problem for me. I forget many things, but not my passwords. They are also usually alphanumeric and between 20 to 64 characters long. (Randomly generated.)

And of course, there is a paper backup, stored somewhere safe.

Pages: « 1 2 3 4 [5]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!