Finally have a wallet setup after much research. Can you guys review it please.

[KidPoker]

At the moment I don't have a separate laptop for cold storage but in the meantime this is my setup.

-I disabled my wifi and adapters on my windows OS. I ran my laptop from a ubuntu 14.04 persistent live usb boot with disabled network connectivity via editing the startup applications. I already prepared a usb with a verified armory download file and inserted it into the laptop. I went down a dark rabbit hole trying to install armory on ubuntu while being disconnected from the internet. So I eventually admitted defeat and connected to the internet just once so that ubuntu could install Armory.

-I installed armory and generated a wallet. I printed out the passphrase with SecurePrint and copied the .wallet file and the watchonly.wallet file onto a usb.

-I ran my computer from windows and using Diskcryptor I encrypted the USB with AES-twofish-serpent. I installed armory and imported the watch only wallet.

So now I have an encrypted USB with my backup .wallet file. I have a 'cold storage' wallet that I run off the ubuntu persistent live boot.

I feel uneasy at just having my paper passphrase and backup usb's in my home in case there is a fire or something. Storing them elsewhere in a safety deposit box or elsewhere is not an option at the moment. Do you guys think that encrypting my .wallet file using aes encrypt/gpg4win (on top of the encryption that Armory does via the password) and storing this in google drive is safe?

Thank you for reading this.

[1714789008]

1714789008

[1714789008]

1714789008

[LiteCoinGuy]

just a short question: which amount do you want to store?

[KidPoker]

just a short question: which amount do you want to store?

About 2000 usd worth of bitcoin and more in future.

[LiteCoinGuy]

i can´t answer all questions (someone else will do this for sure) but did you have an

antivirus program (up to date + scan)
firewall
anti-maleware (up to date + scan)

?


these would be the first steps.

[cma3]

i can´t answer all questions (someone else will do this for sure) but did you have an

antivirus program (up to date + scan)
firewall
anti-maleware (up to date + scan)

?


these would be the first steps.

agreed. it seems that you missed the first step.. i'd include a complete wipe and defrag. Updating the system to patch level is questionable if you dont know what you are doing -- being that the initial step requires and internet connection.

[KidPoker]

I have norton on my windows OS. But I thought the whole point of doing a live ubuntu boot was that you have a fresh OS free from all the nasty stuff?

[John (John K.)]

Yes, I would say that your setup is relatively secure. (remember to keep the encryption key/password used secure, don't name it too obviously, and more off-site backups too)

However, have you looked in multi-sig for your cold wallet needs?

[axel2078]

But I thought the whole point of doing a live ubuntu boot was that you have a fresh OS free from all the nasty stuff?

Yes, that's true.  The other benefit is that nothing is persistent, so whenever you are done, just remove the CD or USB drive that holds the live image and you are good, but the bigger advantage of using a live image is hiding your tracks. Think Tails OS.

[KidPoker]

Yes, I would say that your setup is relatively secure. (remember to keep the encryption key/password used secure, don't name it too obviously, and more off-site backups too)

However, have you looked in multi-sig for your cold wallet needs?

Thanks John. Do you think uploading a backup of the .wallet file to google drive is okay? I know about multi-sig but how exactly would I use it. Would I make two wallets myself and sign off both transactions when needed?

But I thought the whole point of doing a live ubuntu boot was that you have a fresh OS free from all the nasty stuff?

Yes, that's true.  The other benefit is that nothing is persistent, so whenever you are done, just remove the CD or USB drive that holds the live image and you are good, but the bigger advantage of using a live image is hiding your tracks. Think Tails OS.

Thanks for the reply. Actually the usb live boot is persistent to 500mb (I hope I'm saying this right). I had to because in order to keep the armory client on the usb and not deleting everytime I had to make it persistent.

[Dabs]

I've got ... just a little bit more on my online computer. My offline one has a lot more.  I guess it depends on how much risk you are willing to take. But so far you go the right idea.

Did you check out the armory offline downloads?

[pooya87]

i've been thinking about doing the same thing for some time now to use as a cold storage. i think i am gonna do it now that i read this

and as far as i know uploading "Encrypted" wallet backup to google drive can be safe and you can change the name and type of the file too, like changing it to "crocodile.webm"

[KidPoker]

I've got ... just a little bit more on my online computer. My offline one has a lot more.  I guess it depends on how much risk you are willing to take. But so far you go the right idea.

Did you check out the armory offline downloads?

The armory offline bundle is only for ubuntu 12.04 exact. My live boot is 14.04 LTS which means I have to use the normal download. However I cannot install this without connecting to the internet so that ubuntu software centre can install the packages. This means having to connect to the internet just once which defeats the point. Same thing for any program on ubuntu. It's pissing me off to no end.

i've been thinking about doing the same thing for some time now to use as a cold storage. i think i am gonna do it now that i read this

and as far as i know uploading "Encrypted" wallet backup to google drive can be safe and you can change the name and type of the file too, like changing it to "crocodile.webm"

How do you change the .wallet ending without fucking up the file?

[Gronthaing]

i've been thinking about doing the same thing for some time now to use as a cold storage. i think i am gonna do it now that i read this

and as far as i know uploading "Encrypted" wallet backup to google drive can be safe and you can change the name and type of the file too, like changing it to "crocodile.webm"

How do you change the .wallet ending without fucking up the file?

He just means renaming it to something else (file name and extension), without changing the content in any way. If you then need to use it again, just give it the original name and extension first, and you should be fine.

[Dabs]

Put it in a zip or rar archive, with password. Then rename that file.

[Loophole]

Is the rename step really need?
Of course I know it will create another level of protection, but even if the attacker can somehow get my wallet file encrypted with a long random password in AES256, cracking the file should be practically impossible, isn't it?

[John (John K.)]

Yes, I would say that your setup is relatively secure. (remember to keep the encryption key/password used secure, don't name it too obviously, and more off-site backups too)

However, have you looked in multi-sig for your cold wallet needs?

Thanks John. Do you think uploading a backup of the .wallet file to google drive is okay? I know about multi-sig but how exactly would I use it. Would I make two wallets myself and sign off both transactions when needed?

But I thought the whole point of doing a live ubuntu boot was that you have a fresh OS free from all the nasty stuff?

Yes, that's true.  The other benefit is that nothing is persistent, so whenever you are done, just remove the CD or USB drive that holds the live image and you are good, but the bigger advantage of using a live image is hiding your tracks. Think Tails OS.

Thanks for the reply. Actually the usb live boot is persistent to 500mb (I hope I'm saying this right). I had to because in order to keep the armory client on the usb and not deleting everytime I had to make it persistent.

I would certainly rename and use multiple encryption systems before daring to upload it online - one of my personal favorites when I acted as an escrow is double-encrypting using Truecrypt and GPG, thus ensuring both a password and a GPG key is required before even the wallet file is revealed.

As for the multi-signature system, you would generate 3 keypairs for example, and keep them stored at different locations with different backup techniques. This is more of a long term back up technique, as ideally you would change the address (and the associated keypairs) when you use the wallet for the first time.

[FUR11]

i can´t answer all questions (someone else will do this for sure) but did you have an

antivirus program (up to date + scan)
firewall
anti-maleware (up to date + scan)

?


these would be the first steps.

agreed. it seems that you missed the first step.. i'd include a complete wipe and defrag. Updating the system to patch level is questionable if you dont know what you are doing -- being that the initial step requires and internet connection.

Umm, what would a defrag do in this case, this doesn't seem to make much sense. Just create a wallet on a computer running a live CD! It doesn't need the latest updates, why would it if it will never be connected to the internet!