KidPoker (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
November 08, 2014, 03:57:20 PM Last edit: November 08, 2014, 04:10:09 PM by KidPoker |
|
At the moment I don't have a separate laptop for cold storage but in the meantime this is my setup.
-I disabled my wifi and adapters on my windows OS. I ran my laptop from a ubuntu 14.04 persistent live usb boot with disabled network connectivity via editing the startup applications. I already prepared a usb with a verified armory download file and inserted it into the laptop. I went down a dark rabbit hole trying to install armory on ubuntu while being disconnected from the internet. So I eventually admitted defeat and connected to the internet just once so that ubuntu could install Armory.
-I installed armory and generated a wallet. I printed out the passphrase with SecurePrint and copied the .wallet file and the watchonly.wallet file onto a usb.
-I ran my computer from windows and using Diskcryptor I encrypted the USB with AES-twofish-serpent. I installed armory and imported the watch only wallet.
So now I have an encrypted USB with my backup .wallet file. I have a 'cold storage' wallet that I run off the ubuntu persistent live boot.
I feel uneasy at just having my paper passphrase and backup usb's in my home in case there is a fire or something. Storing them elsewhere in a safety deposit box or elsewhere is not an option at the moment. Do you guys think that encrypting my .wallet file using aes encrypt/gpg4win (on top of the encryption that Armory does via the password) and storing this in google drive is safe?
Thank you for reading this.
|
|
|
|
|
|
Even if you use Bitcoin through Tor, the way transactions are handled by the network makes anonymity difficult to achieve. Do not expect your transactions to be anonymous unless you really know what you're doing.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
LiteCoinGuy
Legendary
Offline
Activity: 1148
Merit: 1010
In Satoshi I Trust
|
|
November 08, 2014, 05:06:26 PM |
|
just a short question: which amount do you want to store?
|
|
|
|
KidPoker (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
November 08, 2014, 05:10:50 PM |
|
just a short question: which amount do you want to store?
About 2000 usd worth of bitcoin and more in future.
|
|
|
|
LiteCoinGuy
Legendary
Offline
Activity: 1148
Merit: 1010
In Satoshi I Trust
|
|
November 08, 2014, 05:14:51 PM |
|
i can´t answer all questions (someone else will do this for sure) but did you have an
antivirus program (up to date + scan) firewall anti-maleware (up to date + scan)
?
these would be the first steps.
|
|
|
|
cma3
Newbie
Offline
Activity: 56
Merit: 0
|
|
November 08, 2014, 05:21:06 PM |
|
i can´t answer all questions (someone else will do this for sure) but did you have an
antivirus program (up to date + scan) firewall anti-maleware (up to date + scan)
?
these would be the first steps.
agreed. it seems that you missed the first step.. i'd include a complete wipe and defrag. Updating the system to patch level is questionable if you dont know what you are doing -- being that the initial step requires and internet connection.
|
|
|
|
KidPoker (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
November 08, 2014, 05:39:12 PM |
|
I have norton on my windows OS. But I thought the whole point of doing a live ubuntu boot was that you have a fresh OS free from all the nasty stuff?
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1225
Away on an extended break
|
|
November 08, 2014, 06:28:47 PM |
|
Yes, I would say that your setup is relatively secure. (remember to keep the encryption key/password used secure, don't name it too obviously, and more off-site backups too)
However, have you looked in multi-sig for your cold wallet needs?
|
|
|
|
axel2078
|
|
November 08, 2014, 06:29:24 PM |
|
But I thought the whole point of doing a live ubuntu boot was that you have a fresh OS free from all the nasty stuff?
Yes, that's true. The other benefit is that nothing is persistent, so whenever you are done, just remove the CD or USB drive that holds the live image and you are good, but the bigger advantage of using a live image is hiding your tracks. Think Tails OS.
|
|
|
|
KidPoker (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
November 08, 2014, 06:57:16 PM |
|
Yes, I would say that your setup is relatively secure. (remember to keep the encryption key/password used secure, don't name it too obviously, and more off-site backups too)
However, have you looked in multi-sig for your cold wallet needs?
Thanks John. Do you think uploading a backup of the .wallet file to google drive is okay? I know about multi-sig but how exactly would I use it. Would I make two wallets myself and sign off both transactions when needed? But I thought the whole point of doing a live ubuntu boot was that you have a fresh OS free from all the nasty stuff?
Yes, that's true. The other benefit is that nothing is persistent, so whenever you are done, just remove the CD or USB drive that holds the live image and you are good, but the bigger advantage of using a live image is hiding your tracks. Think Tails OS. Thanks for the reply. Actually the usb live boot is persistent to 500mb (I hope I'm saying this right). I had to because in order to keep the armory client on the usb and not deleting everytime I had to make it persistent.
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
November 10, 2014, 06:45:58 AM |
|
I've got ... just a little bit more on my online computer. My offline one has a lot more. I guess it depends on how much risk you are willing to take. But so far you go the right idea.
Did you check out the armory offline downloads?
|
|
|
|
pooya87
Legendary
Offline
Activity: 3444
Merit: 10549
|
|
November 10, 2014, 11:14:55 AM |
|
i've been thinking about doing the same thing for some time now to use as a cold storage. i think i am gonna do it now that i read this and as far as i know uploading "Encrypted" wallet backup to google drive can be safe and you can change the name and type of the file too, like changing it to "crocodile.webm"
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
KidPoker (OP)
Newbie
Offline
Activity: 14
Merit: 0
|
|
November 10, 2014, 01:27:49 PM |
|
I've got ... just a little bit more on my online computer. My offline one has a lot more. I guess it depends on how much risk you are willing to take. But so far you go the right idea.
Did you check out the armory offline downloads?
The armory offline bundle is only for ubuntu 12.04 exact. My live boot is 14.04 LTS which means I have to use the normal download. However I cannot install this without connecting to the internet so that ubuntu software centre can install the packages. This means having to connect to the internet just once which defeats the point. Same thing for any program on ubuntu. It's pissing me off to no end. i've been thinking about doing the same thing for some time now to use as a cold storage. i think i am gonna do it now that i read this and as far as i know uploading "Encrypted" wallet backup to google drive can be safe and you can change the name and type of the file too, like changing it to "crocodile.webm" How do you change the .wallet ending without fucking up the file?
|
|
|
|
Gronthaing
Legendary
Offline
Activity: 1135
Merit: 1001
|
|
November 10, 2014, 07:38:56 PM |
|
i've been thinking about doing the same thing for some time now to use as a cold storage. i think i am gonna do it now that i read this and as far as i know uploading "Encrypted" wallet backup to google drive can be safe and you can change the name and type of the file too, like changing it to "crocodile.webm" How do you change the .wallet ending without fucking up the file? He just means renaming it to something else (file name and extension), without changing the content in any way. If you then need to use it again, just give it the original name and extension first, and you should be fine.
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
November 11, 2014, 01:24:13 AM |
|
Put it in a zip or rar archive, with password. Then rename that file.
|
|
|
|
Loophole
|
|
November 11, 2014, 05:01:24 PM |
|
Is the rename step really need? Of course I know it will create another level of protection, but even if the attacker can somehow get my wallet file encrypted with a long random password in AES256, cracking the file should be practically impossible, isn't it?
|
|
|
|
John (John K.)
Global Troll-buster and
Legendary
Offline
Activity: 1288
Merit: 1225
Away on an extended break
|
|
November 11, 2014, 05:31:16 PM |
|
Yes, I would say that your setup is relatively secure. (remember to keep the encryption key/password used secure, don't name it too obviously, and more off-site backups too)
However, have you looked in multi-sig for your cold wallet needs?
Thanks John. Do you think uploading a backup of the .wallet file to google drive is okay? I know about multi-sig but how exactly would I use it. Would I make two wallets myself and sign off both transactions when needed? But I thought the whole point of doing a live ubuntu boot was that you have a fresh OS free from all the nasty stuff?
Yes, that's true. The other benefit is that nothing is persistent, so whenever you are done, just remove the CD or USB drive that holds the live image and you are good, but the bigger advantage of using a live image is hiding your tracks. Think Tails OS. Thanks for the reply. Actually the usb live boot is persistent to 500mb (I hope I'm saying this right). I had to because in order to keep the armory client on the usb and not deleting everytime I had to make it persistent. I would certainly rename and use multiple encryption systems before daring to upload it online - one of my personal favorites when I acted as an escrow is double-encrypting using Truecrypt and GPG, thus ensuring both a password and a GPG key is required before even the wallet file is revealed. As for the multi-signature system, you would generate 3 keypairs for example, and keep them stored at different locations with different backup techniques. This is more of a long term back up technique, as ideally you would change the address (and the associated keypairs) when you use the wallet for the first time.
|
|
|
|
FUR11
Sr. Member
Offline
Activity: 378
Merit: 250
FURring bitcoin up since 1762
|
|
November 11, 2014, 10:04:18 PM |
|
i can´t answer all questions (someone else will do this for sure) but did you have an
antivirus program (up to date + scan) firewall anti-maleware (up to date + scan)
?
these would be the first steps.
agreed. it seems that you missed the first step.. i'd include a complete wipe and defrag. Updating the system to patch level is questionable if you dont know what you are doing -- being that the initial step requires and internet connection. Umm, what would a defrag do in this case, this doesn't seem to make much sense. Just create a wallet on a computer running a live CD! It doesn't need the latest updates, why would it if it will never be connected to the internet!
|
|
|
|
|