Silk Road forums
Discussion => Security => Topic started by: vlad1m1r on June 03, 2012, 11:01 pm
-
Dear all,
A poster reminded me earlier today that when you install Bitcoin software on to a USB stick, the crucial wallet.dat file itself which you need in order to view and spend your Bitcoins is actually stored on your machine. (See : https://en.bitcoin.it/wiki/Securing_your_wallet)
This can cause problems if your computer is seized or crashes. If you prefer to boot from a Live CD like TAILS to browse Silk Road and so cannot store your wallet.dat on a local machine but would rather not trust using an online e-wallet, this may also be an option for you.
As such I have put together a (hopefully!) simple step by step guide as to how to keep the QT Bitcoin client software on a USB stick entirely for people using Linux. Even if you don't ordinarily use a Live CD such as Tails or Ubuntu you might want to do so in order to set this up as it's more secure.
For newer users I would strongly recommend backing up your wallet.dat file before doing this by following the steps in the above link. You should also encrypt your USB stick using either Linux's disk utility or Truecrypt. There're plenty of guides as how to to do this online but do ask for help if you need it.
The tutorial can be downloaded from http://utovvyhaflle76gh.onion/sTORage/vlad1m1r/books/BitcoinUSB/Bitcoin%20Wallet%20tutorial%20%2D%20Vlad1m1r.txt
All constructive criticism is welcome!
V.
-
Hey, Vlad, goblin here. Any chance you can post that as an html file instead of pdf? I repeatedly hear that pdf files pose security risks, especially if accessing them via tor. Of course if this is an old wive's tale, let me know.
-
Hey, Vlad, goblin here. Any chance you can post that as an html file instead of pdf? I repeatedly hear that pdf files pose security risks, especially if accessing them via tor. Of course if this is an old wive's tale, let me know.
Hi buddy,
It's not easy for me to upload html files with images to the online storage service but for any security conscious individuals out there I have created a text only version of these instructions without the helpful pictures:
http://utovvyhaflle76gh.onion/sTORage/vlad1m1r/books/BitcoinUSB/Bitcoin%20Wallet%20tutorial%20%2D%20Vlad1m1r.txt
You're right in saying that you shouldn't open PDF files from within your Tor browser but there is no harm in using the browser to save them to an external medium and then open them from within an offline virtual machine at a later time. PDF's can contain malicious javascript as memory serves - I imagine there's a way to configure PDF readers so they don't launch script automatically but will leave that to more gifted contributors.
I would happily post guides on an onion domain but I don't have the means to run a server at my place, nor do I think is it possible to rent hosting any more - perhaps someone could set me straight on this?
V.
-
Hey, Vlad, goblin here. Any chance you can post that as an html file instead of pdf? I repeatedly hear that pdf files pose security risks, especially if accessing them via tor. Of course if this is an old wive's tale, let me know.
Hi buddy,
It's not easy for me to upload html files with images to the online storage service but for any security conscious individuals out there I have created a text only version of these instructions without the helpful pictures:
http://utovvyhaflle76gh.onion/sTORage/vlad1m1r/books/Bitcoin%20Wallet%20tutorial%20%2D%20Vlad1m1r.txt
You're right in saying that you shouldn't open PDF files from within your Tor browser but there is no harm in using the browser to save them to an external medium and then open them from within an offline virtual machine at a later time. PDF's can contain malicious javascript as memory serves - I imagine there's a way to configure PDF readers so they don't launch script automatically but will leave that to more gifted contributors.
I would happily post guides on an onion domain but I don't have the means to run a server at my place, nor do I think is it possible to rent hosting any more - perhaps someone could set me straight on this?
V.
Hi, Vlad! It is possible to get an onion site through Freedom Hosting, but you have to have what they're calling an invite code. Those are few and far between, you have to have a site for a month before you get one to give away or to sell to somebody. I have such a site, and will have a code in about two weeks; unfortunately I kinda sorta promised it to someone else. You can buy one at Black Market or sometimes on SR (rarely!).
goblin