Bitcoin Forum
December 13, 2017, 02:25:42 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Finally have a wallet setup after much research. Can you guys review it please.  (Read 1424 times)
KidPoker
Newbie
*
Offline Offline

Activity: 14


View Profile
November 08, 2014, 03:57:20 PM
 #1

At the moment I don't have a separate laptop for cold storage but in the meantime this is my setup.

-I disabled my wifi and adapters on my windows OS. I ran my laptop from a ubuntu 14.04 persistent live usb boot with disabled network connectivity via editing the startup applications. I already prepared a usb with a verified armory download file and inserted it into the laptop. I went down a dark rabbit hole trying to install armory on ubuntu while being disconnected from the internet. So I eventually admitted defeat and connected to the internet just once so that ubuntu could install Armory.

-I installed armory and generated a wallet. I printed out the passphrase with SecurePrint and copied the .wallet file and the watchonly.wallet file onto a usb.

-I ran my computer from windows and using Diskcryptor I encrypted the USB with AES-twofish-serpent. I installed armory and imported the watch only wallet.

So now I have an encrypted USB with my backup .wallet file. I have a 'cold storage' wallet that I run off the ubuntu persistent live boot.

I feel uneasy at just having my paper passphrase and backup usb's in my home in case there is a fire or something. Storing them elsewhere in a safety deposit box or elsewhere is not an option at the moment. Do you guys think that encrypting my .wallet file using aes encrypt/gpg4win (on top of the encryption that Armory does via the password) and storing this in google drive is safe?

Thank you for reading this.

1513131942
Hero Member
*
Offline Offline

Posts: 1513131942

View Profile Personal Message (Offline)

Ignore
1513131942
Reply with quote  #2

1513131942
Report to moderator
1513131942
Hero Member
*
Offline Offline

Posts: 1513131942

View Profile Personal Message (Offline)

Ignore
1513131942
Reply with quote  #2

1513131942
Report to moderator
1513131942
Hero Member
*
Offline Offline

Posts: 1513131942

View Profile Personal Message (Offline)

Ignore
1513131942
Reply with quote  #2

1513131942
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513131942
Hero Member
*
Offline Offline

Posts: 1513131942

View Profile Personal Message (Offline)

Ignore
1513131942
Reply with quote  #2

1513131942
Report to moderator
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148


In Satoshi I Trust


View Profile WWW
November 08, 2014, 05:06:26 PM
 #2

just a short question: which amount do you want to store?

KidPoker
Newbie
*
Offline Offline

Activity: 14


View Profile
November 08, 2014, 05:10:50 PM
 #3

just a short question: which amount do you want to store?

About 2000 usd worth of bitcoin and more in future.
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148


In Satoshi I Trust


View Profile WWW
November 08, 2014, 05:14:51 PM
 #4

i can´t answer all questions (someone else will do this for sure) but did you have an

antivirus program (up to date + scan)
firewall
anti-maleware (up to date + scan)

?


these would be the first steps.

cma3
Jr. Member
*
Offline Offline

Activity: 56


View Profile
November 08, 2014, 05:21:06 PM
 #5

i can´t answer all questions (someone else will do this for sure) but did you have an

antivirus program (up to date + scan)
firewall
anti-maleware (up to date + scan)

?


these would be the first steps.


agreed. it seems that you missed the first step.. i'd include a complete wipe and defrag. Updating the system to patch level is questionable if you dont know what you are doing -- being that the initial step requires and internet connection.
KidPoker
Newbie
*
Offline Offline

Activity: 14


View Profile
November 08, 2014, 05:39:12 PM
 #6

I have norton on my windows OS. But I thought the whole point of doing a live ubuntu boot was that you have a fresh OS free from all the nasty stuff?
John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1190


Will read PM's. Have more time lately


View Profile
November 08, 2014, 06:28:47 PM
 #7

Yes, I would say that your setup is relatively secure. (remember to keep the encryption key/password used secure, don't name it too obviously, and more off-site backups too)

However, have you looked in multi-sig for your cold wallet needs?

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

axel2078
Full Member
***
Offline Offline

Activity: 178



View Profile
November 08, 2014, 06:29:24 PM
 #8

But I thought the whole point of doing a live ubuntu boot was that you have a fresh OS free from all the nasty stuff?

Yes, that's true.  The other benefit is that nothing is persistent, so whenever you are done, just remove the CD or USB drive that holds the live image and you are good, but the bigger advantage of using a live image is hiding your tracks. Think Tails OS.
KidPoker
Newbie
*
Offline Offline

Activity: 14


View Profile
November 08, 2014, 06:57:16 PM
 #9

Yes, I would say that your setup is relatively secure. (remember to keep the encryption key/password used secure, don't name it too obviously, and more off-site backups too)

However, have you looked in multi-sig for your cold wallet needs?

Thanks John. Do you think uploading a backup of the .wallet file to google drive is okay? I know about multi-sig but how exactly would I use it. Would I make two wallets myself and sign off both transactions when needed?

But I thought the whole point of doing a live ubuntu boot was that you have a fresh OS free from all the nasty stuff?

Yes, that's true.  The other benefit is that nothing is persistent, so whenever you are done, just remove the CD or USB drive that holds the live image and you are good, but the bigger advantage of using a live image is hiding your tracks. Think Tails OS.

Thanks for the reply. Actually the usb live boot is persistent to 500mb (I hope I'm saying this right). I had to because in order to keep the armory client on the usb and not deleting everytime I had to make it persistent.
Dabs
Staff
Legendary
*
Offline Offline

Activity: 1890



View Profile
November 10, 2014, 06:45:58 AM
 #10

I've got ... just a little bit more on my online computer. My offline one has a lot more.  I guess it depends on how much risk you are willing to take. But so far you go the right idea.

Did you check out the armory offline downloads?

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
pooya87
Legendary
*
Offline Offline

Activity: 1120


Buy bitcoin they said... who listened?


View Profile
November 10, 2014, 11:14:55 AM
 #11

i've been thinking about doing the same thing for some time now to use as a cold storage. i think i am gonna do it now that i read this Cheesy

and as far as i know uploading "Encrypted" wallet backup to google drive can be safe and you can change the name and type of the file too, like changing it to "crocodile.webm" Cheesy

KidPoker
Newbie
*
Offline Offline

Activity: 14


View Profile
November 10, 2014, 01:27:49 PM
 #12

I've got ... just a little bit more on my online computer. My offline one has a lot more.  I guess it depends on how much risk you are willing to take. But so far you go the right idea.

Did you check out the armory offline downloads?

The armory offline bundle is only for ubuntu 12.04 exact. My live boot is 14.04 LTS which means I have to use the normal download. However I cannot install this without connecting to the internet so that ubuntu software centre can install the packages. This means having to connect to the internet just once which defeats the point. Same thing for any program on ubuntu. It's pissing me off to no end.

i've been thinking about doing the same thing for some time now to use as a cold storage. i think i am gonna do it now that i read this Cheesy

and as far as i know uploading "Encrypted" wallet backup to google drive can be safe and you can change the name and type of the file too, like changing it to "crocodile.webm" Cheesy

How do you change the .wallet ending without fucking up the file?
Gronthaing
Legendary
*
Offline Offline

Activity: 1128


View Profile
November 10, 2014, 07:38:56 PM
 #13

i've been thinking about doing the same thing for some time now to use as a cold storage. i think i am gonna do it now that i read this Cheesy

and as far as i know uploading "Encrypted" wallet backup to google drive can be safe and you can change the name and type of the file too, like changing it to "crocodile.webm" Cheesy

How do you change the .wallet ending without fucking up the file?

He just means renaming it to something else (file name and extension), without changing the content in any way. If you then need to use it again, just give it the original name and extension first, and you should be fine.

Dabs
Staff
Legendary
*
Offline Offline

Activity: 1890



View Profile
November 11, 2014, 01:24:13 AM
 #14

Put it in a zip or rar archive, with password. Then rename that file.

Escrow Service (Services) - GPG ID: 32AD7565, OTC ID: Dabs
All messages concerning escrow or with bitcoin addresses are GPG signed. Please verify.
CompTIA A+, Microsoft Certified Professional, MCSA: Windows 10; Windows Server 2012, MCSE: Cloud Platform and Infrastructure; Productivity; Messaging
Loophole
Hero Member
*****
Offline Offline

Activity: 621



View Profile
November 11, 2014, 05:01:24 PM
 #15

Is the rename step really need?
Of course I know it will create another level of protection, but even if the attacker can somehow get my wallet file encrypted with a long random password in AES256, cracking the file should be practically impossible, isn't it?

John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1190


Will read PM's. Have more time lately


View Profile
November 11, 2014, 05:31:16 PM
 #16

Yes, I would say that your setup is relatively secure. (remember to keep the encryption key/password used secure, don't name it too obviously, and more off-site backups too)

However, have you looked in multi-sig for your cold wallet needs?

Thanks John. Do you think uploading a backup of the .wallet file to google drive is okay? I know about multi-sig but how exactly would I use it. Would I make two wallets myself and sign off both transactions when needed?

But I thought the whole point of doing a live ubuntu boot was that you have a fresh OS free from all the nasty stuff?

Yes, that's true.  The other benefit is that nothing is persistent, so whenever you are done, just remove the CD or USB drive that holds the live image and you are good, but the bigger advantage of using a live image is hiding your tracks. Think Tails OS.

Thanks for the reply. Actually the usb live boot is persistent to 500mb (I hope I'm saying this right). I had to because in order to keep the armory client on the usb and not deleting everytime I had to make it persistent.

I would certainly rename and use multiple encryption systems before daring to upload it online - one of my personal favorites when I acted as an escrow is double-encrypting using Truecrypt and GPG, thus ensuring both a password and a GPG key is required before even the wallet file is revealed.

As for the multi-signature system, you would generate 3 keypairs for example, and keep them stored at different locations with different backup techniques. This is more of a long term back up technique, as ideally you would change the address (and the associated keypairs) when you use the wallet for the first time.

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

FUR11
Sr. Member
****
Offline Offline

Activity: 378

FURring bitcoin up since 1762


View Profile
November 11, 2014, 10:04:18 PM
 #17

i can´t answer all questions (someone else will do this for sure) but did you have an

antivirus program (up to date + scan)
firewall
anti-maleware (up to date + scan)

?


these would be the first steps.


agreed. it seems that you missed the first step.. i'd include a complete wipe and defrag. Updating the system to patch level is questionable if you dont know what you are doing -- being that the initial step requires and internet connection.

Umm, what would a defrag do in this case, this doesn't seem to make much sense. Just create a wallet on a computer running a live CD! It doesn't need the latest updates, why would it if it will never be connected to the internet!

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!