Jump to content
Guest EffinXRP

Creating a Cold Wallet Computer (under construction)

Recommended Posts

Guest EffinXRP   
Guest EffinXRP
Posted (edited)

I. Raspberry Pi - Buy your Supplies and putting it together

    a) Building the Rpi Operating System and booting it up

II. Choosing Your Operating System

III. Creating a Secure Partition

IV. Encrypting your Wallet Partition

 

Let's take a few points of data first as we develop this for the beginner

1. Because "beginner" is defined, we have to make the paranoia level low. This shall mean a wallet which is encrypted but may not require "Nuke" abilities, triple encryption or even physical keys. We can add those later in intermediate and expert levels.

2. A cold wallet is the exact same as any other wallet except that it exists on a computer that never touches the internet. Now my first problem in the beginning was "how the hell does that work?" but it is easiest explained as such:

With all digital coin transactions there are basically two "signatures" required. One of them is considered "Public" and the other one is considered "Private. The "Private" one is the baaaaaaaad one that if stolen you can say bye bye money. So a Cold Wallet has that Private signature included where as the copy of that wallet which is on a computer which is also on the internet, does not have that Private key included. So on the Internet computer you can transfer money around but you basically do not have that final authority for that transaction to go out.  It is like getting a signature from your manager to do something but he also needs to get a signature from finance or the boss to complete the request. So on that Internet computer, you can save the transaction request as a file on a USB stick. You then turn on the Cold Wallet computer which is never connected to the internet and then upload that file which is called an "Unsigned" transaction and using your wallet you can "Sign" the transaction therefore making it complete. Then you save that same file again as you have now edited it and run that USB stick back over to the internet computer and upload that same file to that wallet and then send the transaction out. Then your money is sent to its destination or "Withdrawn." I hope that is clear as it took me a while to understand it. We will go over that in more detail when we get our Wallet computer up and running.

The cold wallet computer never touches the internet because that is the ONLY way to guarantee that you do not get a wallet hunting virus, a hacker invasion or any other type of compromise that can steal that "Private Signature."

All of the parts which consist of this Cold Wallet which should be locked away are:

    a.  The wallet computer

    b.  The paper copy of the Private Key and the Restore Key

    c. The digital copy, if any, of those same keys.

I hope that this was explained well for you because when I was learning it, lots of people explained it also but I never really understood it until I built one and used it. in PART 2 I will explain how to actually build and program a COLD WALLET. I will describe 3 different setups, one with a Raspberry Pi , another with a garbage Linux computer and maybe one with Windows.  My problem with Windows is that it is so unreal unsecure that no password will save you from me getting into it. Windows is basically the victim OS that all hackers use to learn hacking simply because when demonstrating hacking methods, they tend to work easier and more often on a Windows system. So securing it will not be dependant on the operating system itself but instead another media.

 

II.

Raspberry Pi

First I shall discuss building a Micro Computer Raspberry Pi. So far RPi will only hold Bitcoins as the other wallets do not seem compatible with the ARM CPU, however this design shall leave the option open further down the road for you to use it as a Ripple or other wallet as that particular tech advances. Since wallets are simply software, they do have minimum specs required to operate. For the RPi I will be using Bitcoin Armory as the wallet but first we must build a safe machine :)

EDIT:  There are some users here that are running Ripple Wallets successfully on a Raspberry Pi which is cool as ***** for you guys. We will build a secure machine first then install these wallets :)

 

Buying your supplies:

For those whom are unfamiliar with a Raspberry Pi it is basically the simplest form of your computer in a tiny package. It is a little larger than a credit card and can technically run from batteries if you had to, but it generally plugs into the wall.  The operating system runs from an SDCARD making this package ultra small and thus easy to hide or store for a cold wallet.

There are a few versions of the Pi all the way up to 3B+ which include Wifi on the mainboard. That is significant for us as a security problem but not a severe issue as the 3B+ has more RAM and a better CPU so tends to be faster and a better choice for us. The RPi 2B has no Wifi On board so is still a good option. Just go with the 3B+ which is the most current and the better buy.

An RPi today is under $50 with the SDCard, the Pi and the power supply. So plan to spend at least that much. Best to get them from Amazon so that you can avoid the eBay clones.  You will need a power supply which is a micro USB with an output of 5v 3A. Basically do a search for Raspberry Pi 3 power supply and you should get the right one.

Next you will need a microSD card.  A Sandisk Ultra 16GB will be perfect. You can go as low as 8GB but the Ultra is important because of the speed. If you get a el'cheap-o sdcard to store your money on, it may turn out to be the most expensive sdcard of your life so don't be stingy. You should be looking at under $10 for a 16GB card.

Now this is important to know about the Raspberry Pi series. There is NO power button to turn it on and off. It comes on as soon as it gets power. In most cases that is baaaaaad as your operating system is running when you unplug it. It is very important to go through the shutdown sequence in any operating system when turning your Pi off.  There are shutdown accessories that can be bought and assembled but I would not consider that "Beginner" level tech. We can add that later if y'all like.

Next we will setup the operating system. I will tell you which one to choose and why.....

 

rpi3b.jpg

rpi3-ps.jpg

sd16.jpg

Edited by EffinXRP
Updates

Share this post


Link to post
Share on other sites
Guest EffinXRP   
Guest EffinXRP
12 minutes ago, PunishmentOfLuxury said:

This is also along the same lines:

Join forces maybe?

I want to stick along one single topic. The main problem out there is that there is too much fragmented info. SO a beginner still has no one point to start at and thus is at high risk of loosing their wallets either because of theft or because they do not know what they are doing. There are of course many different options out there. My problem as a developer is that noone knows which tool is safe as we also can not know if that tool is transmitting to the developer our keys. So you can not trust your own tools. It is like getting an ATM card from a Walmart which links to your personal bank account. The provider of that card is not your bank. What info do they have on you when they transmit your transactions?

Share this post


Link to post
Share on other sites
Guest EffinXRP   
Guest EffinXRP
Posted (edited)

Creating a BTC Cold Wallet

I. Raspberry Pi - Buy your Supplies and putting it together

    a) Building the Rpi Operating System and booting it up

II. Choosing Your Operating System

III. Creating a Secure Partition

IV. Encrypting your Wallet Partition

 

RPi3B+ Picking your operating system

 

The Raspberry Pi runs from Linux based distributions. Now do not be afraid to use Linux. It will be your best friend once you are used to it. No need for those whiny wives and girlfriends and longer when you have a Linux to love you..... So without going into too much detail we need to keep in mind, the purpose that we are doing this for and it is for a safe cold storage wallet. The main accepted Operating System for the RPi is Rasbian. You can find out much more at RaspberryPi.org where you can also download the operating systems. Rabian is based from Debian and is specifically designed to run the different ports and features of the RPi. BUT there are of course a few other operating systems that will also work. I have used Rasbian in the past and since have chosen to deviate from it and use Ubuntu Mate.

Choose 16.04.2 as your version for now and then be sure to choose the Rasberry Pi edition. In the future from this post there will be other versions which support RPi, so be sure to choose the newest.

 

EDIT: below are instructions for creating a RPi SDCARD from each operating system type. If you are using MAC/Linux then not a problem as you are using a desktop system to create a desktop system. If you are using Windows, then you have a problem as one of these step later on, you will not be able to do, but that is ok as I am going to give you the tools you need for free :) If you are using Windows, then I also want you to download either Ubuntu Mate 32 or 64 for Desktop which you can find right beside the Raspberry Pi version or ARM version. Download that one too and we will create a Live Linux DVD for you to operate from.

 

Now here is the long hard part that I will point you in the right direction but you will do well to get your answer with a little bit of Google'in.  First you will need to download that file to your computer. It will likely be a .img or a form of compressed file like zip, tz, gz or other. Each operating system is different. So once you download that file you will need to decompress it. Just right click on it to see if you have an "Extract" option which would mean that you have decompression software already installed. For MAC users that default is the Archive Utility but you also have command line.  I think Windows 10 now comes with some default software but it sure didn't used to.

Once you decompress that file to {ubuntumate}.img now is when we need to install it to the SDCard that you bought from above :).  There is no way to mess this up. It is either right or wrong. For MAC/UNIX/Linux machines you will use the terminal to write the image to the card by using dd.  Each OS has its own method of finding the Disk Name for that SDCard so make sure that you research that.  For Linux users, the name of the SDCard will be along the lines of /dev/sdb, which can be found in the termainl by typing

    sudo fdisk -l
 

which shall list all disks in your system. Stay away from any /dev/sda as that should be your main hard drive. So just forget that you even saw that one. In the Disk list is the size of each disk. Look for the one closest to the SDCard which you bought and check to see if it is anything other than /dev/sda.

For MAC users, you shall also use the terminal and enter the following:

    sudo diskutil list

which will give you the same info.

 

(Once you get the disk name then the command that you want to use will be:)

    dd if=/pathToYourIMGfile.img of=/dev/sdX

where X is the name of the SDCard, probably b or c. Or MAC will be a little different.

 

Windows, you are a different animal. Microsoft has a default software now for installing iso or img files to a SDCard. It is called Media Creation Tool. All I can say is good luck :) I have never used it before. But the mission is to burn the ISO or IMG file to SDCard. This is not the same as copying it. EDIT: BUT it is better to move to Create a Linux Live DVD with Windows, then to try to create this SDCard with a Windows System. The reason is that it is simply easier to follow the Linux instructions then to mess with Windows. Later we will need to resize a partition and Windows can not do that.

So,  Once you get that done, put the card into your RPi, connect the HDMI cable and a Keyboard/Mouse and then the power. I use a wireless USB mouse Keyboard combo. Once you connect the power, if you installed the IMG file correctly, then it should boot up. If after 45 seconds and you see nothing on the screen, then well start over :(.

 

livedesktop.png

 

If you have successful started to boot and IF you have bought the RPi3B+ with on board Wifi, then it is ok to connect this to a WiFi or Ethernet cable now as it will be useful to have some network for the installation. Later we will need to disable all of the networking to be sure that it does not accidentally connect again. But for the setup, it is ok.

After you have completed the setup by following the on screen questions you will end up on the Desktop similar to the above. It may not successfully connect to the network this time around though so just do a Reboot and it will be fine.

Now we are no where near done yet so this is not the end.

 

NEXT we will need to create our "SECURE" encrypted area where we will need to use to install all of our different crypto wallets to. THis is why we needed the 16GB SDCard or bigger, but really 16GB is plenty.

 

 

Edited by EffinXRP

Share this post


Link to post
Share on other sites
Guest EffinXRP   
Guest EffinXRP
Posted (edited)
1 hour ago, PunishmentOfLuxury said:

This is also along the same lines:

Join forces maybe?

I did check this out, but it is not "Newbie" enough. This is from the perspective that one has a little background knowledge on what an address is or even how to use a wallet. The BIGGER concern for everyone needs to be how to build a safe Cold Wallet and how to secure it. @Kakoyla wrote a nice tut on using that wallet but is for a user which is a little bit more advanced :) When I bought my first Bitcoin I reeeeeally wanted to have a cold wallet. I had a distinct advantage with being a Linux Admin and a hardware developer but I had zero understanding of Crypto Currency or even of how a wallet functions. I learned the hard way :(@Kakoyla wallet will require a web server to be installed on the Rasbian installation before it will run locally since it is HTML and web language based. Rasbian does not come with a webserver built in so the Newbie will need that too before that wallet will function. Once I finish my Wallet tutorial, It should be compatible enough for current tech and future tech whether as web language or operating system language.

Edited by EffinXRP

Share this post


Link to post
Share on other sites
Guest EffinXRP   
Guest EffinXRP
Posted (edited)

III. Creating a Secure Partition

 

I. Raspberry Pi - Buy your Supplies and putting it together

    a) Building the Rpi Operating System and booting it up

II. Choosing Your Operating System

III. Creating a Secure Partition

IV. Encrypting your Wallet Partition

 

 

In this tut, we already have our operating system up and running BUT it is not secure enough. I think that regardless of whether you chose a RPi for the Cold Computer or a Virtual Machine (later tutorial) this section will still apply. We will see.

Right now we have some security problems. Lets look at the event of theft and how the bad guy will steal your wallet. We know that the computer (Rpi or Desktop Unit or VM) never touches the internet, so we are concerned about physical theft.  Once the bad guy gets physical access to your machine, they have all the time in the world to try to break in. If I were to steal you machine, I would personally NEVER boot it up.  I would remove the Hard Drive or the SDCard and add it to my own Linux machine as an external storage and then see what I can find.

With my machines, they have NUKE capabilities meaning if you boot them up wrong, you destroy the hard drives. Just like on TV those guys have those features so that other "techies" can not break in. We come up with all sorts of ways to keep you out. For example, lets say I keep a "trap/bait" USB stick on my desk. You as the bad guy come into my office when I am not here and think that you are going to insert that stick in my computer and see what is on it. Well my computer may be "Listening" for the stick to be inserted which would start a shutdown or other operation to keep you out. There are all sorts of cool tricks that can be done. So our objective here is to simply keep your Wallet secure.

The way to keep your wallet secure is to create a highly encrypted area of the Hard Drive or the SDCard that even when stolen, can not be read. So if you loose that tiny SDCard, you still do not have to worry. Not even the NSA is getting into your Wallet. And for those of you smart guys who think you can, I invite you to try, because in the amount of time that it will take for you to open that partition and get into my wallets, I would have transferred all money out to another one. So years later when you figure it out, let me know :)

Remember when you start that computer and you must enter a username and password to get to the desktop.... forget that. It is not enough to stop me from getting to your data. That only stops me from getting to your data if I boot your specific machine, not if I boot your machine with mine :)

So, since this is a new installation of your choice of Linux OS, you will find that it only takes up less than 5GB of space on your SDCard or Hard Drive. We need that space to stay like it is and we want to remaining empty space for a shiny new wallets. If your brand new system is connected to the internet right now, it is ok. You will need it anyway. The best way is with an ethernet cable.

-----------------------------------------

Ok, now we are the part where we will want to resize the SDCARD but the problem is that we can not resize the card while it is use. This is where we must turn of the RPi and remove the SDCard and put (mount) it in our normal Desktop units. If you are using Windows, this is when you will want to use your Linux Live DVD or USB. If you are in MAC, I must add those instructions later as I am sure you can do it with the diskUtility located in /Applications/Utilities/DiskUtility. For now I will add instruction which will pertain to your Linux or Linux Live system.

If you created an Ubuntu Mate SDCard then the installation consumed your entire SDCard. THere is a lot of unused space. The OS only used 5GB at best. We want to resize the main or Root partition to the minimum and create a brand new one which is highly encrypted to hold our wallets :) So on your normal Desktop unit, jsu know that we will resize the partition. If you know how to do that then perfect. Just follow these same specs and you will be fine.

Lets say for now that you are using Linux (Hopefully Ubuntu :) ) or your Live Disk. I want you to open GParted and then find the SDCard.

 

gparted1.png

for me it was the /dev/sdb. Yours may be named different but should look generally the same, especially if you are using the 16GB sdcard that I recommended. So here in the pic above you see 2 partitions. They are color coated. The Green one is your boot partition. This is baaaaaad to play with. You no touchie that one!!! The blue one which is the largest one is called your "root" partition. That is where your operating system was installed. The Yellow shaded area are all of the files. The White area is the empty space. We want to resize that Blue partition /dev/sdb2 down so that we can create another one.

Right click on the Yellow shaded area and select "Unmount" so that you can edit it. If unmount is unavailable, then it may already be so. Now right click on that same Yellow space and select Resize or in the menu above select Partition -> Resize and you will get a window as below:

resize.png.d9ddc6c64ecb5a2fcb1448f3d9f095f0.png

 

Now in "New size(MiB): I want you to put " 8000 " not in quotes.

 

gparted-resize2.png.c61231d496e7a54a420e8927334b7c80.png

 

This will reduce that partition to 10GB leaving space enough for us should we decide to install more stuff later. Then click on the Resize Button. Now all you have done is create the task to resize. You must actually run the task by clicking on the Green Check Mark at the top.

 

gparted-creating-partition.png.24057fb690e2d48268602ad921506762.png

 

Once your Resize is complete you should see this:

 

gparted-resize-complete.png.f16866cf3a8d108e2f2174d8522c124a.png

 

See that grey space that says "unallocated" that is your brand new free space where we will creat a brand new partition called "Crypto." I must have forgot to make pictures so I will do this from the top of my fat head.  I want you to right click on that grey unallocated space and then select "New" which will open up a new partition creation window similar to the resize window. All of the numbers for the maximum space should already be filled in, so all I want ya to do is go to Label and enter Crypto as the label and then click the button in the corner which says "Add." Remember that you have only created the task to do so, we must then click the Green Check Mark above to run the task.

Once that is complete, that is it!  Now we can unmount the sdcard and then re-insert it back into our Raspberry Pi 3B+ unit and boot it up.  In the next chapter we will encrypt that partition so much so that the NSA will be asking you how you did it :)

 

 

 

Edited by EffinXRP

Share this post


Link to post
Share on other sites
Guest EffinXRP   
Guest EffinXRP
Posted (edited)

IV. Encrypting your Wallet Partition

 

I. Raspberry Pi - Buy your Supplies and putting it together

    a) Building the Rpi Operating System and booting it up

II. Choosing Your Operating System

III. Creating a Secure Partition

IV. Encrypting your Wallet Partition

 

cryptsetup

This is the cool part. In this lesson we will encrypt our wallet partition. Here is the best part of all, this will apply to either of the circumstances that I am describing in other tuts. You can use this to encrypt the partition that we resized and made available in III. or you can encrypt a brand new USB stick to be used in any LINUX system or you can use this to encrypt that partition in the Virtual Machine that I will talk about later.

Here is what I want you to consider for the best security. A password no matter how long is only as good as its User. Most user's whom create a 12-20 character Military grade password, will save that thing or write it down somewhere. WRONG. Your nice shiny password is now compromised. Let's do this. I want you to create a password combination which is made up of two parts:

1. Something that you know (PIN CODE)

2. Something that you have (YUBIKEY) or any other physical device.

A YUBIKEY is great for the 2nd half of securing anything. Read about them. I have mine setup to secure my online accounts but also to generate a really long password to combine with my PINCODE.  Now to open my wallets, you will need me PINCODE which is however long I want and the YUBIKEY which can be locked away in a separate location. I will not go through setting up a YUBIKEY with ya but I will certainly answer any questions about if for you and maybe even write about setting one up later. For now we will call the second half of your password, YUBIKEY as it is something physical.  So basically anytime that I want to use my Crypto Wallets, I must decrypt the folder with this combination:

PINCODEYUBIKEY for example a password might look like this:

123456 + LOKJUHPI)/&)(HNjN987p9iuhnjkb987gl098

where the 123456 is my pincode and the "LOKJUHPI)/&)(HNjN987p9iuhnjkb987gl098" is the password which is submitted by my YUBIKEY. Sooooo if I steal your Rasberry Pi or your entire computer or hard drive, to get into the encrypted part where your $Million wallets are located, I must find and steal your YUBIKEY too! Now I have got you right!!  WRONG. I must also know the PINCODE wchich you used as the password prefix or the first half. Your PINCODE can be anything you want I guess. I recommend at least a 6 digit length as the YUBIKEY will add another 18-32 characters. You do not need an encryption password longer than 20 as it is simply unneccessary and I think that the limit might be 32 anyway. No matter, the length of time to decrypt or guess a 20 character password is longer that any of us will live to spend your $Million wallets :( . SO now we will call the password:  PINYUBIKEY which are simply our variables representing the real password.

 

YubiKey-4-1000-2016.thumb.png.3cdb5c30662fe0a6d182aad039226d53.png      yubikey-touch-verification.jpg.1050b3d8e0003f3b46268859cec18abd.jpg

 

OK LETS DO THIS :)

Some Linux distributions do not come with cryptsetup installed. Since you are suposed to using either the Ubuntu Mate, Rasbian or hopefulls another Ubuntu or Debian version (because you are cool and know exactly what you are doing with you sophistication) we must install it. Go back to the Terminal in your system and enter this:

    sudo apt-get update

    sudo apt-get install cryptsetup

cryptsetup-install.png.cca817eac39c5796c2d745b420a35709.png

Enter your password when it asks and then it will auto install. DOn't worry about all of the complicated text that rolls by, it just looks cool :) So after that installs we are ready to go.  Here is the almost hard part:  We must get the correct name for our partition/usb stick or whatever we are going to encrypt. Getting the wrong one might be baaaaaaad. I am not sure but I do not think that it will allow you to encrypt an active partition which is my concern. I do not want you to pick the one which you are currently using, so I will give you my most professional and experienced IT advice:  Good Luck :)

In your terminal enter this:

    clear

That will clean the screen for you to see better. So now lets find the name of your card which was issued by your system. I want you to enter:

    sudo fdisk -l

THis command will list all of the partitions or hard drives/save space on your system.  If you are using a Pi then you will see a whole bunch of "RAM" parts. Ignore them.

fdisk-sdcard.png.b5698dcfd3b7e19749507d21b0045f7b.png

 

So if using a Pi this is what you should see. It may not be exactly the same so let me describe what we are looking at so that you can find your better. NOTE: If you are not sure, then get me a screen shot and send it to me.

Ok, where you see "Device" that is the name of each space. When we originally created our Pi, that list would have only had two names in it, but now there are three. the first one /dev/mmcblk0p1 is the boot partition. We know this because it is formatted with FAT322 which is listed under the "Type" and because it is only 65MB. So ignore that one. the Second one /dev/mmcblk0p2 will be your root partition or the area where your operating system has been installed. You are actively using that partition right now. The third one is the one we want in this case. Hopefully the "Size" is familiar to what we setup. But the logical reason is because Linux names them in order of creation more or less. Trust me, there are other methods of being sure but this will suffice.

If you are using a USB stick or something else to encrypt then IGNORE /dev/sda or /dev/sdaX. Any of those will be your active partitions. Yours may be something like /dev/sdb or /dev/sdc.

In our case here we will use /dev/mmcblk0p3 because that is the New Crypto partition that we just created from above. We want to harden that one. So in your terminal I want you to enter this:

 

    cryptsetup -y -v luksFormat /dev/mmcblk0p3

 

or what ever the name of your device is.

cryptsetup-luksFormat.png.18ea199c6ce45bab9a737fc354cf4631.png

 

Next you will see a very scary WARNING. That is ok, we want it to do what it is warning us about. This is where you must enter the PINYUBIKEY password to secure your partition. This must be the long hard password greater than 18 characters that saves your butt.

With a YUBIKEY if you are using it, the last character that the key automatically enters is always the RETURN so you can not put your PINCODE at the end. So here either enter your super secret password or following my recommendations, enter your PINCODE first then with the YubiKey inserted into the USB port, touch the Gold disk and it will auto type the super long password that you previously setup.

Then do it again.

cryptsetup-enterPass.png.f88ceaafb298f0fc26d50ae4e21ff432.png

 

Either hit ENTER or using the Key it will do it for you and then start the encryption process. Once complete, this space is locked, BUT at the moment we still can not using this space. We must Format the partition. Here is the Good/Bad news. If you loose this password, you will NEVER get into that partition but neither will the bad guys. Next enter in the Terminal:

    cryptsetup luksOpen /dev/mmcblk0p3 crypto

This will then ask you for that SuperSecret PINYUBIKEY password to open the partition. If you enter it correctly then it will open, but still will not be ready to use. Next we need to verify the name of our new partition called "CRYPTO" beacuse we named it in the above command. So enter:

    sudo fdisk -l

again to get your list.  YOu will see as nice long list of the partitions again but this time you should see:

    /dev/mapper/crypto is active

in that list. If you have made it this far then perfect. Almost done. Now all that is left is to give it a format so please enter this in the terminal:

    mkfs.ext4 /dev/mapper/crpto

 

    cryptsetup-mkfsext4.png.1af071da55fb9d365f60384ae937c04e.png

Once complete then we are DONE !!!. Now to mount or open this new shiny hard to use partition we can either enter a nice complicated Termainl command or even better, lets just reboot.

Once your machine has rebooted, you will either see an icon for that new partition on your Desktop, or it will be in the Files/Places menu. Just double click on it and if all is well, it will ask you for the PINYUBIKEY password to open. Now you will have a secure space to store your Wallets. Just copy or create the wallet files here. Once you either right click on that same icon and select "Unmout" or "Eject" or once you shut down, it will re-encrypt and lock again.

MountCrypted.png.05a59105485c04e2787e01f6e11d10d9.png

More to come later..................... but for you super sneaky James Bond guys, would you like to make this partition even more useable by the NSA? They can not even really get to it now, but if you chose a weak password you are screwed. There is another step that we can do that will make it impossible to even find the partition in addition to it being encrypted, but for those of you with Super paranoia or who live in a house full of Nerds, it would not hurt, but is an extreme overkill.  If you are interested, then I will add it. I call it the NUKE OPTION. Ya know when your Windows hard drive fails and it says No Hard Drive found or not readable, we are going to do that to our new Encrypted Partition on purpose, but the best part is that it is totally fixable :)

 

 

Edited by EffinXRP

Share this post


Link to post
Share on other sites
Posted (edited)
1 hour ago, EffinXRP said:

Ok I will continue this more later. Till then, go buy your YUBIKEY and think of a good PINCODE...........

 

 

 

what happens if i lose the YUBIKEY ? 

Edited by joy

Share this post


Link to post
Share on other sites
Guest EffinXRP   
Guest EffinXRP
1 minute ago, joy said:

what happens if i lose the YUBIKEY ? 

Hey Joy, actually the YubiKey can also be backed up. The same as the secret keys for your wallet, you can print the output or keys for the yubikey. You can either type in the output manually or create a clone key. I will get into that one later, but I would personally store any backups, printouts or clone keys off site not with your wallet.

Share this post


Link to post
Share on other sites
Guest EffinXRP   
Guest EffinXRP

Also keep in mind that even if you loose all of the encryption, passwords or even if your computer catches on fire, you can restore any wallet anywhere on Earth with your secret keys. So all is not lost.

Share this post


Link to post
Share on other sites
Posted (edited)

Aren't you overthinking all this?

Isn't it easier, cheaper, faster and more practical to take old laptop/netbook and install normal (x86) linux distribution on it (installation program offers you to encrypt the whole disk + home directory)?

Or even have just several copies of paper wallets (secret keys written on piece of paper)?

 

Edited by T8493

Share this post


Link to post
Share on other sites
Guest EffinXRP   
Guest EffinXRP
Posted (edited)
9 minutes ago, T8493 said:

Aren't you overthinking all this?

Isn't it easier, cheaper, faster and more practical to take old laptop/netbook and install normal (x86) linux distribution on it (installation program offers you to encrypt the whole disk + home directory)?

 

I absolutely agree however for those who are not as adept as you are and who may not have an extra computer laying around, this gives them an equivalent option for less than $50. Thank you very much for the question.

Also notice that it is "under construction" meaning I have a long way to go. Also if you properly read it then you would have seen that i will also write how to do exactly what you said in addition to creating a VM and even the same quality secured USB stick. 

Finally keep in mind that everyone including me was a noob sometime. So respect to the noobs for getting here. Now lets teach them how to do it right :) because they may not be able to go out and spend $100s on a cpu nor may they even know what specs they need. We certainly do not want them setting up a Windows system and think they are secure either.

Edited by EffinXRP

Share this post


Link to post
Share on other sites
Guest EffinXRP   
Guest EffinXRP
6 minutes ago, T8493 said:

Aren't you overthinking all this?

Isn't it easier, cheaper, faster and more practical to take old laptop/netbook and install normal (x86) linux distribution on it (installation program offers you to encrypt the whole disk + home directory)?

 

You could write a tut on exactly what you said and add it here when you are done if you like. It would be helpful for those whom do have extra equipment laying aroung to know that this is an option. Once they get that coputer up and running, they can jump to section III and created the secure space.

Share this post


Link to post
Share on other sites
Guest EffinXRP   
Guest EffinXRP
Posted (edited)

While reviewing ENCRYPTING YOUR WALLET PARTITION this morning, I decided that I want to add next, how to do the exact same thing using just a USB stick. While some of you may not have an extra computer laying around, the Raspberry Pi 3B+ is a fantastic option for a fully capable computer, but if you want the exact same security on a USB stick alone, it is absolutely possible. Even better is that if you can create it, you can run it meaning that you will not have to buy another computer of any price. Keep in mind that I am NOT creating BitCoin nor Ripple Wallets themselves. I am instructing you how to create a Secure Directory/Partition/USB/HardDrive to store those wallets on. Look at it like this, making a portable system is easier to hide then a full CPU case. So in my case I have both a USB stick and a backup RPi which are holding my wallets. So here is what I must go through and what the bad guy must go through to get my money:

1. First they must realize that I have a wallet

2. Must find my wallets on computers or other media

3. Must get into my 1 ton mechanical safe

4.  Find the YUBIKEY that contains 90% of the password

5. Know the PINCODE that contains the 10% of the password left.

6. Pick the correct USB and decrypt the partition to see the contents

7. Enter the correct password to access the wallet

So building your secure storage area to hold your wallets is extremely important to securing your money. How do you think that Mount GOX or any of those other clowns got their money taken? Other than running off with it themselves, they provided physical unencrypted access, making it easy to attain your money. The lesson is that even if your computer, USB or hard drive is stolen, your wallets are absolutely secured and to make it even better there is one more Nuclear option for advanced Users and that will involve backing up the LUKS Keys to a file and then erasing them from the disk, making your partition look as if it is severely damaged or not even exist. This is for high value wallets or group situations where physical access or the PoPo are a huge risk. It will take you at least 20 minutes to open that wallet :) It will take the bad guys NEVER :):)

Remember that it is best when creating your backups that you keep them NOT with the wallet. The last thing you want is for the bad guys to be able to skip all of your security and simply restore your wallet for you. So a recommendation. As your backups should be stored offsite, they may not be as secure or as well thought of. I recommend that you either add or subtract part of the Secret key. Perhaps even split it in half in case one half is found. Then you can keep each half in separate locations. You can even create two Secure Sticks as we are creating above and digitally store the prints and backups. Then put those in different locations.

I know it is frustrating and you are likely asking yourself, what is wrong with this guy? Why is he making things so complicated. We the reason is that as I was training to become a Penetration Specialist and as I form my own company and start taking contracts, I have found that none of us are secure. It only takes the briefest of FUps to get hacked. For example I know EVERY ONE OF YOU have a wallet :) now I can start the social engineering, trace your IP, break into this website database or even another website located on the same server and then gain access to this database. The possibilities are endless. Then if I find out that you are running Windows, it is over for you without even a fight. It is not a testament to my skills, it is a realization to how unsecure we all are and hardly know it. Did you know that a hacker can get you and your phone from a mile away by tricking your phone to connect to him/her? Once they get that done, and once you connect your phone to your computer at home to sync the newest music, you will grant access to the hacker. Oh it gets worse.

So YES I am over thinking it, because all of us have come to a similar location thereby admitting that we have money and it is stored digitally, making us all targets of anyone whom is trolling this site anonymously. So we are all targets now. The longest and hardest part of a Bad Guy's job is the recon and information collecting. We have done half of his job for him by collecting here and admitting who and what we are. Now he does not have to go out and look for us.

 

 

Edited by EffinXRP

Share this post


Link to post
Share on other sites

Man I literally bought Raspberry Pi couple of days ago and couldn't install Armory on it. Please finish your guide, it's brilliant! There are people who need it!!!!:)

 

Share this post


Link to post
Share on other sites

×