Version 0.

5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

A Practical (and Paranoid) Guide:

Setting up a Secure System for the Bitcoin Client
- keep your private keys (wallet.dat) secure – and do not loose them Keeping them “secure” means: (1) Secure against theft (by Trojans, key loggers, or physical theft) (2) Secure against loss (by loss of the “wallet.dat” or by forgetting the password protecting it) Concerning (1): After the download of the Bitcoin client software binary file from “http://bitcoin.org/” or “http://sourceforge.net/projects/bitcoin/files/Bitcoin/”, check the integrity of the file by the SHA1 checksum. Note that on the Bitcoin download site, SHA1 checksums are not provided for Bitcoin versions before 0.3.23. Therefore Annex 2 has a list of checksums for older versions. When using your Bitcoin Client or when opening an encrypted container file containing your private keys (wallet.dat), only do so in an environment of 100% trusted open source software. Good Examples: A 100% GNU Linux trusted distribution, e.g. GNU Linux Ubuntu GNU Linux Knoppix GNU Linux Slax Bad Examples: Microsoft Windows Apple MacOS Linux with one of the following software installed: Adobe Flash plugins Web brower with Java Script (and using the Web browser) Skype Opera Browser VMware Virtual Machine/VMware Player ...or any other proprietary or non-trusted piece of software When typing the password for opening an encrypted container file that contains your private keys (wallet.dat): Never do this from within another operating system (OS) than the 100% trusted one mentioned above. After closing your Bitcoin Client session: Make sure your private keys (wallet.dat) will be saved only in encrypted form. Make sure your 100% open source trusted Operating System cannot be corrupted: Do NOT install your 100% trusted GNU Linux OS on an unencrypted hard drive partition that could be accessed (and possibly corrupted) when you boot your PC with a less trusted operating system! DO use a bootable Live CD/DVD for your 100% trusted GNU Linux System, if possible (using a Non-Re-Writable CD/DVD disc). Otherwise:

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[1 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

DO use a bootable USB stick or flash memory card that is not used for any other purpose. Preferably encrypt this USB stick completely (at least the persistent data part for your user settings and installed programs, but if possible also the system section) Despite encryption, make sure nobody else can have physical access to this bootable flash memory and modify it (note that at least the boot section can never be protected by encryption and therefore is never 100% secure against modification, in contrast to a Live CD/DVD). Do not use your “Bitcoin-Operating-System” for any other purposes than simply running the Bitcoin client, because other applications might contain errors that make them vulnerable e.g. to buffer overflows that might corrupt your system. Examples: Do NOT surf the internet with any web browser (some web pages may contain malicious code that could affect your system even without Java/JavaScript or Flash. For example, certain malicious *.jpg files can cause buffer overflows and thereby attack your system. Do not use an email client (same reason – malicious emails could provoke buffer overflows) Do not run your “100% secure GNU Linux System” inside a Virtual Machine using VMware. Since VMware itself is proprietary closed source software, it may contain backdoors and could possibly access any data inside your guest system! Finally, for all kinds of encryptions (container files, system partitions, etc.): Use SAFE passwords respecting the “Password Guidelines” that can be found at the end of this document in the chapter “Summary and Recommendations”. This is particularly important for the encrypted private keys (wallet.dat) that you are going to upload to external internet servers (“to the cloud”) to protect yourself against loss of these keys in case of hardware failures or physical theft or damage. Use only 100% open source software, no proprietary software. This is also true for the encryption software itself! Use encryption software that employs keys with no less than 256 bits, which is today's state of the art (e.g. 256 bit AES). Concerning (2): Make multiple copies of your private keys (wallet.dat) after(!) you have encrypted them(!), and upload them to various external internet servers (“the cloud”). Do this after every session with the Bitcoin client when you do any outgoing payments, because this may cause the Bitcoin client to generate new private keys that are not yet part of your last backup of the “wallet.dat”. And again: Make sure you do not forget the password(s)!

The following pages give three “best practice” examples on how to setup such a secure system (certain basic experience with Linux is recommended, but deep expert knowledge is not required):
Example 1: Knoppix 5.3.1/5.1.1 with Live DVD/Live CD and Truecrypt: Most secure solution, but Bitcoin clients 0.3.22 to 0.3.24 do not run (0.3.21 does run). Example 2: Ubuntu 10.04.2 with bootable USB stick and Truecrypt: Full Bitcoin client compatibility and nicest user interface. However, all Linux system data [but not Bitcoin data] is saved to the USB stick in unencrypted form. Example 3: Knoppic 6.4.4 with bootable USB stick and Truecrypt: Full Bitcoin client compatibility and good user interface. Moreover, persistent user data is stored to the USB stick with 256 bit AES encryption. However, the Linux system data itself (=original files from the CD) is saved to the USB stick in unencrypted form.
Bitcoin donations welcome: 14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR [2 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

Best Practice Example 1: Linux Knoppix 5.3.1 Live DVD (or Knoppix 5.1.1 Live CD)
[Download: http://www.kernel.org/pub/dist/knoppix] [Restrictions: Bitcoin version 0.3.21 for Linux works, but versions 0.3.22 to 0.3.24 do not work on Knoppix 5.3.1] [Note: I checked all this with Knoppix 5.3.1 DVD – but should be the same with Knoppix 5.1.1 CD] Note ahead: Unfortunately, the solution of this “Example 1” (i.e. using a Live DVD/CD in combination with an encrypted image file that saves persistently all user data and system modifications) does not work with the latest Knoppix releases 6.x (up to 6.4.4). Therefore, this “Example 1” is explained for the older Knoppix release 5.3.1/5.1.1. Your secure system will consist of: Knoppix Live DVD (or Live CD) - burn the downloaded ISO image to DVD/CD (but do not use a Re-Writable medium!) Truecrypt software (version 7.0a) will be installed on top of Knoppix (the Truecrypt software License is similar to the GNU license and also 100% open source) Ca. 4 GByte of memory space on a hard disk OR external flash memory medium (e.g. USB stick). This memory will later contain: The file “knoppix.img” of 200 MB: It contains all the persistent user settings and system modifications (e.g. installed software) done on top of the Knoppix Live DVD/Live CD. A Truecrypt container file of ca. 4 GB (this size includes some margin, currently only ca. 600 MB are needed to save the Bitcoin block chain for one's own wallet). This container will include the Bitcoin executable file “bitcoin” as well as the Bitcoin client's data directory which contains the “wallet.dat” and the blockchain. A Truecrypt container file of 1 MB. It simply contains a copy of the file “wallet.dat” which includes all your private keys. Copies of this very strongly encrypted container file should be uploaded to “the internet cloud” (i.e. to various internet servers like web spaces, dropbox, internet email inboxes, etc.) For your convenience: An UNencrypted plain text file “myBitcoinAddresses.txt” where you copy your own Bitcoin addresses (looking like the one in the footnote of this paper). You can later access this text file from your “normal daily-use operating system” where you might run a second, less secured, instance of the Bicoin client (with a different wallet.dat of course!). This second client shall contain only a relatively small amount of Bitcoins (BTCs). If the BTCs on this account grow too big, you can simply transfer some BTCs to your “safe” address by using one of the addresses in “myBitcoinAddresses.txt”! System Setup: Setup is quite straight forward. After having burned the downloaded *.iso image to DVD/CD (for security reasons, do NOT use a re-writable medium) and having booted from Knoppix Live DVD/CD the first time, you will create a so-called “persistent image file” (knoppix.img) [the word “image” has nothing to do here with “picture”!] that will contain all your user settings. In that way you will have the “feeling” of a normal system, even when using a Live DVD/CD. The screenshot below shows how to create such a permanent KNOPPIX-image file via the “Knoppix penguin menu”.

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[3 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

The rest of the procedure is interactive, just select the desired hard drive and choose to create an encrypted image file when you are asked about this (encryption method will be the very secure 256 bit AES). Concerning the size of this image file, the minimum of 200 MB should be sufficient (note you shall not do anything with this system other than using the Bitcoin client, so no big memory space for user settings and new software is required!). Use a SAFE password, of course, even though this will later just protect your personal settings and Linux system modifications, not directly your Bitcoin keys. Next time you boot from the Live DVD/CD, you may want to enter the “cheatcode” “knoppix home=scan” a the boot prompt to have Knoppix use the image file. If you don't do this, Knoppix will still search for “knoppix.img” and then ask you whether to use it. However, if you do not react to this query within 20 seconds, it will start without using it, and you would have to re-boot again for another try. The following steps are the same for Examples 1, 2 and 3 in this guide: Next you download the “truecrypt-7.0a-setup-x86.tar.gz” file (in case of 32 bit Linux), from here “http://www.truecrypt.org/downloads”, unpack it and start the executable. This will install Truecrypt on your system. Afterwards, perhaps you want to customize your Linux desktop by creating an appropriate icon that links to “/usr/bin/truecrypt” etc. Now you can start creating the appropriate container files with Truecrypt: One 4 GB file (e.g. “myBitcoinOperationalSpace.tc”) and one 1 MB file (e.g. “myBitcoinWalletSafeStorage.tc”). For Example 1 (Knoppix 5.3.1/5.1.1) the proposal is to locate these files at the same point as “knoppix.img”. Use a VERY safe password (i.e. passphrase) here, but be sure not to forget it!!! Now you mount the large (4 GB) container file in the Truecrypt GUI window, the proposal is to mount it always in Truecrypt's 1st slot, so the mounting point will be “/media/truecrypt1/”. Of course you also have to get the Bitcoin client itself from “http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.21/bitcoin-0.3.21-linux.tar.gz/ download”. From this file “Bitcoin-0.3.21-linux.tar.gz” you need to extract only the executable file “bitcoin”, nothing else (either the “bin/32/” or “/bin/64/” variant depending on your system). [Note that the newer Bitcoin versions 0.3.22 to 0.3.24 do NOT work on Knoppix 5.3.1/5.1.1] Next you put the following two files to these locations and create a directory as follows: The Bitcoin client executable file. /media/truecrypt1/bitcoin /media/truecrypt1/btc_start Create this file as explained below. /media/truecrypt1/myDataDir/ Create this new directory, using exactly this name “myDataDir”. Make sure that both “bitcoin” and “btc_start” have the executable flag set in the Linux file system. The shell command would be “chmod a+x b*” to make all files in the current directory executable whose filenames start with “b”. Or you can set the executable flag in the file manager via right-click on the file “Properties” ... Finally you can double-click “btc_start” (or make a link at the desktop to it and double-click that desktop icon) to start the Bitcoin client.

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[4 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

NOTE: The file “btc_start” is a very simple Linux shell script that starts the Bitcoin client with an appropriate command line parameter, such that it will use the data directory “myDataDir” inside the location of your Truecrypt container, and not the default location “~/.bitcoin”. This is essential, because it makes sure that at no point in time your privat keys (wallet.dat) will ever be written to any unencrypted storage space of your system. You can create the file “btc_start” with a simple text editor, just copy-paste the following text exactly like this:
#!/bin/bash # Get the absolute path of THIS script file: ThisPathAbs="$(dirname "$(readlink -f ${BASH_SOURCE[0]})")" # Get the relative path of THIS script file: ThisPathRel=`dirname $0` # Call the Bitcoin client and put the data in the subdirectory "myDataDir": `$ThisPathRel/Bitcoin -datadir="$ThisPathAbs/myDataDir"` &

Once you have started the Bitcoin client, it will immediately create various files in the directory “/media/truecrypt1/myDataDir/”. One of these files is “wallet.dat”. Now you should manually create addresses in the Bitcoin client - I propose about 10 addresses or so for now. Then you may want to copy-paste them to a new text file (e.g. “myBitcoinAddresses.txt”) that I propose to locate at the same location where the two *.tc Truecrypt container files and the “knoppix.img” file are located. At some point in time you close the Bitcoin client. Then you mount the other, smaller 1 MB Truecrypt container file to slot 2, such that you get a directory “/media/truecrypt2/”. You copy the file “wallet.dat” from “/media/truecrypt1/myDataDir/wallet.dat” to “/media/truecrypt2/wallet.dat”. Now you can dismount both container files in the Truecrypt GUI window, and you can (and should) make multiple copies of your 1 MB container file “myBitcoinWalletSafeStorage.tc” and upload it to many different locations in the internet cloud. The following illustration summarizes the final system setup with Knoppix 5.3.1/5.1.1 at a glance:

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[5 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

Final System Setup: Knoppix 5.3.1/5.1.1 with Live DVD/CD:

PC with Knoppix 5.3.1 Live DVD (or 5.1.1 Live CD) (using a "Write-Once" DVD/CD, but NOT a Re-Writable DVD/CD)
has access to

Hard Drive or USB Stick or other NON-Encrypted Storage Medium * knoppix.img [200 MB] (256 bit AES encrypted by Knoppix) * myBitcoinOperationalSpace.tc [4 GB] (strongly encrypted by Truecrypt)
Contains all "persistent" user settings/modifications of the Knoppix 5.3.1/5.1.1 Live system

/media/truecrypt1/... .../bitcoin (ver. 0.3.22 & 23 do NOT work) .../btc_start .../myDataDir/wallet.dat .../myDataDir/<other files> copy manually /media/truecrypt2/wallet.dat

* myBitcoinWalletSafeStorage.tc [1 MB] (strongly encrypted by Truecrypt) * myBitcoinAddresses.txt (UNencrypted, intentionally)

... 14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR ... etc.

Read access (for making backups of container file)

Read access (for sending BTCs to these addresses)

Insecure Operating System – e.g. MS Windows/MacOS/insecure Linux * Virus X – ad libitum * Trojan Y – ad libitum * Malware Z – ad libitum

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[6 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

Best Practice Example 2: Ubuntu 10.04.2 LTS Bootable USB Stick
(1 GB possible, 4 GB recommended)
[Download: http://releases.ubuntu.com/lucid/ubuntu-10.04.2-desktop-i386.iso, or more generally http://releases.ubuntu.com/lucid/] [Restrictions: None. All of the Bitcoin versions 0.3.21, 0.3.23 and 0.3.24 for Linux have been verified to work properly. The system setup is similar to Example 1: Your secure system will consist of: Bootable USB stick containing the Ubuntu 10.04 LTS system Software Truecrypt 7.0a (like in Example 1) is installed on top (also on this USB stick) Additionally ca. 3 to 4 GB of hard disk/flash memory space, or some extra space on the same USB stick, for a Truecrypt container file of ca. 3-4 GB size. Some small (ca. 1 MB) hard disk or flash memory space outside this USB stick, to store another 1 MB Truecrypt container file and an UNencrypted plain text file “myBitcoinAddresses.txt”. PROs and CONs relative to Example 1: PROs: Compatible with both older and newer versions of the Linux Bitcoin client. Also works on systems without CD/DVD drive, e.g. netbooks. CONs: Contents of the USB stick are not encrypted, including... ...system files (boot section, kernel, all original DVD/CD files) ...persistent user data (e.g. installed software like Truecrypt) This means that theoretically somebody (or another infected system) having access to the USB stick could compromise its contents, e.g. by installing a Trojan by modifying some files without your knowledge. Then, next time you boot from the USB stick and open a Truecrypt container file, your private keys (wallet.dat) can be read by this Trojan. Note that in Example 1 this cannot happen, because the contents of the Live DVD/CD cannot be modified physically (unless the optical disc is re-writable), and also the “knoppix.img” image file is strongly encrypted and therefore cannot be changed without the owner noticing this (that image file would not function any more if it was manipulated). System Setup: Setup is quite straight forward. Download ISO image suitable to your computer hardware (e.g. see link above). Burn ISO image to a CD Boot from this CD Create a bootable USB stick with the USB-creator tool that comes along with the Ubuntu Live CD. In the menu select System Administration Startup Disk Creator, see screenshot below. In this process, just make sure that you select the right device and do not delete your hard disk.

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[7 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

Inside this USB creator tool, first delete the complete USB stick, to have a “clean basis”. For the amount of persistent space to allocate, select 200 MB, this should be enough, for the same reason as for Knoppix 5.3.1 in Example 1: Only few changes are supposed to be done on this system, because it shall only be used for running the Bitcoin client. Shut down PC, remove CD, boot from USB stick (make sure that booting from USB is activated in the BIOS of your computer). The rest of the system setup is the same as what is described for Example 1, i.e. installing Truecrypt, creating the two *.tc container files and populating them with the appropriate files like bitcoin executable, btc_start shell script and myDataDir subdirectory. Note: The USB stick is now formated in FAT32 and it contains one partition only. There are various files and directories on the stick, amongst others a ca. 200 MB file called “casper-rw” which serves the same purpose as “knoppix.img” in Example 1, namely to store persistently all user settings and system modifications relative to the original Live CD. Note however that this file is not encrypted. All these files take up ca. 900 MB of space on the USB stick. The rest is still free and could optionally be used to store these files, that in Example 1 have been stored to an extra medium: myBitcoinOperationalSpace.tc ca. 3-4 GB Truecrypt container file myBitcoinWalletSafeStorage.tc 1 MB Truecrypt container file myBitcoinAddresses.txt UNencrypted plain text file However, for security reasons it is advised to store the last two of these files not (or at least not exclusively) on this USB stick but on a separate storage medium (hard disk or a second flash memory device)! The reason for this is that you will probably later access these files from another, more insecure system (like “your daily working PC”) in order to read the Bitcoin addresses or to backup/upload the 1 MB container file to the internet cloud. But you should not expose your unencrypted USB stick's system and persistent user data files to that insecure system to avoid any potential corruption. Hence, these two files shall be stored outside this USB stick. If your bootable USB stick has only 2 GB (or 1 GB), you may prefer to (or you have to) store also the 4 GB file to an external place, just like in Example 1. The following illustration summarizes the final system setup with Ubuntu 10.04.2 LTS at a glance:

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[8 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

Final System Setup: Ubuntu 10.04.2 LTS on USB Stick:

PC with bootable USB Stick with Ubuntu 10.04.2 LTS * System Files from CD [700 MB] (not encrypted, unfortunately) * <USB>/casper-rw [200 MB] (not encrypted, unfortunately)
STOP! No access to the USB stick! Contains all "persistent" user settings/modifications of the Ubuntu 10.04.2 LTS Live system has access to

Same USB Stick [or below's other Non-Encrypted Storage Medium] * myBitcoinOperationalSpace.tc [3-4 GB] (strongly encrypted by Truecrypt)
/media/truecrypt1/... .../bitcoin .../btc_start .../myDataDir/wallet.dat .../myDataDir/<other files>

Other Non-Encrypted Storage Medium (Hard Disk or Flash Medium) * myBitcoinWalletSafeStorage.tc [1 MB] (strongly encrypted by Truecrypt) * myBitcoinAddresses.txt (UNencrypted, intentionally)
copy manually /media/truecrypt2/wallet.dat

... 14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR ... etc.

Read access (for making backups of container file)

Read access (for sending BTCs to these addresses)

Insecure Operating System – e.g. MS Windows/MacOS/insecure Linux * Virus X – ad libitum * Trojan Y – ad libitum * Malware Z – ad libitum

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[9 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

Best Practice Example 3: Knoppix 6.4.4 Bootable USB Stick
(1 GB possible, 4 GB recommended)
[Download: http://www.kernel.org/pub/dist/knoppix] [Restrictions: None. All of the Bitcoin versions 0.3.21, 0.3.23 and 0.3.24 for Linux have been verified to work properly. Note ahead: An even further improvement that renders this system almost as secure as Example 1 (i.e. secure against manipulation of the USB stick's system files from another operating system or from somebody who has physical access to the stick) is given in Annex 3 as “Example 3+”. The system setup is similar to Example 1, the system architecture is the same as in Example 2: Your secure system will consist of: Bootable USB stick containing the Knoppix 6.4.4 system Software Truecrypt 7.0a (like in Example 1 or 2) is installed on top (also on this USB stick) Additionally ca. 3 to 4 GB of hard disk/flash memory space, or some extra space on the same USB stick, for a Truecrypt container file of ca. 3-4 GB size. Some small (ca. 1 MB) hard disk or flash memory space outside this USB stick, to store another 1 MB Truecrypt container file and an UNencrypted plain text file “myBitcoinAddresses.txt”. PROs and CONs relative to Examples 1 or 2: PROs: Compatible with both older and newer versions of the Linux Bitcoin client (like Example 2). Also works on systems without CD/DVD drive, e.g. netbooks (like Example 2). The persistent image file is encrypted like in Example 1, and not unencrypted like in Example 2. CONs: System files (boot section, kernel, i.e. all original CD files) are unencrypted like in Example 2, and as opposed to Example 1, where they are inherently safe against manipulation because they are physically burned on a DVD/CD. System Setup: Setup is quite straight forward. Download ISO image suitable to your computer hardware (e.g. see link above) and language preference (English or German). Burn ISO image to a CD Boot from this CD Execute the program “flash-knoppix” either from the console or by starting it via the menu: “Settings” “KNOPPIX install to Flash Disk” (see screenshot below). This will initiate a short interactive dialog to create a bootable USB stick. In this process, just make sure you select the right device and do not delete your hard disk!

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[10 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

At one point of the dialog you have the choice between either completely deleting the whole USB stick (=”yes”), or just copying the Knoppix Live CD files to your USB stick (=”no”). Select “yes”. Shut down PC, remove CD and boot from USB stick (make sure that booting from USB is activated in the BIOS of your computer). If booting fails: See Annex 1 for failure handling/workaround to fix this. Then go on: During this first boot process from USB stick you will be asked about the amount of persistent space to allocate on the USB stick. The minimum of 200 MB shall be enough, for the same reason as in Examples 1 and 2: Only few changes are supposed to be done on this system, because it shall only be used for running the Bitcoin client. Afterwards you will be asked if you want to encrypt this file that contains the persistent settings. Select “yes” for encryption and choose a safe password. A strong 256 bit AES key will be used for encryption. The rest of the system setup is the same as what is described for Example 1, i.e. installing Truecrypt, creating the two *.tc container files and populating them with the appropriate files like bitcoin executable, btc_start shell script and myDataDir subdirectory. Note: The USB stick is now formated in FAT32 and it contains one partition only (like in Example 2). There is one file “./ldlinux.sys” and two directories (“./boot/” and “./KNOPPIX/”) containing various further files, amongst others the 200 MB strongly encrypted file “./KNOPPIX/knoppix-data.aes” which serves the same purpose as “casper-rw” or “knoppix.img” in Examples 1 and 2 respectively, namely to store persistently all user settings and system modifications relative to the original Live CD for a “seemless” user experience. All these files take up ca. 900 MB of space on the USB stick. The rest is still free and could optionally be used to store these files, that in Example 1 have been stored to an extra medium: myBitcoinOperationalSpace.tc ca. 3-4 GB Truecrypt container file myBitcoinWalletSafeStorage.tc 1 MB Truecrypt container file myBitcoinAddresses.txt UNencrypted plain text file However, just like explained in Example 2, for security reasons it is advised to store the last two of these files not (or at least not exclusively) on this USB stick but on a separate storage medium (hard disk or a second flash memory device)! The reason for this is that you will probably later access these files from another, more insecure system (like “your daily working PC”) in order to read the Bitcoin addresses or to backup/upload the 1 MB container file to the internet cloud. But you should not expose your unencrypted USB stick's system and persistent user data files to that insecure system to avoid any potential corruption. Hence, these two files shall be stored outside this USB stick. If your bootable USB stick has only 2 GB (or 1 GB), you may prefer to (or you have to) store also the 4 GB file to an external place, just like in Example 1. The following illustration summarizes the final system setup with Knoppix 6.4.4 at a glance:
Bitcoin donations welcome: 14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR [11 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

Final System Setup: Knoppix 6.4.4 on USB Stick:

PC with bootable USB Stick with Knoppix 6.4.4 * System Files from CD [700 MB] (not encrypted, unfortunately) * <USB>/KNOPPIX/knoppix-data.aes [200 MB] (256 bit AES encrypted by Knoppix)
STOP! No access to the USB stick! Contains all "persistent" user settings/modifications of the Knoppix 6.4.4 Live system

has access to

Same USB Stick [or below's other Non-Encrypted Storage Medium] * myBitcoinOperationalSpace.tc [3-4 GB] (strongly encrypted by Truecrypt)
/media/truecrypt1/... .../bitcoin .../btc_start .../myDataDir/wallet.dat .../myDataDir/<other files>

Other Non-Encrypted Storage Medium (Hard Disk or Flash Medium) * myBitcoinWalletSafeStorage.tc [1 MB] (strongly encrypted by Truecrypt) * myBitcoinAddresses.txt (UNencrypted, intentionally)
copy manually /media/truecrypt2/wallet.dat

... 14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR ... etc.

Read access (for making backups of container file)

Read access (for sending BTCs to these addresses)

Insecure Operating System – e.g. MS Windows/MacOS/insecure Linux * Virus X – ad libitum * Trojan Y – ad libitum * Malware Z – ad libitum

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[12 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

Summary and Recommendations
Some best practice examples have been given. Now the question is: “Which is the best way to go in my case?” The answer: If you want ultimate security such that you are safe even if another person has physical access to your system medium (Live DVD/CD or bootable USB stick), go after Example 1 (Knoppix 5.3.1/5.1.1 Live DVD/CD). Disadvantage: The most recent Bitcoin client version (0.3.22 to 0.3.24) will not work, but you should also be able to work with Bitcoin client version 0.3.21 for all future, because the Bitcoin protcol can never change by design. If you are really sure that your system medium (bootable USB stick) is safe against physical access by another skilled person, you can go for a bootable USB stick according to Example 2 (Ubuntu 10.04.2 LTS) or Example 3 (Knoppix 6.4.4). Advantages: Compatibility, Versatility, Comfort: All currently known Bitcoin client versions up to 0.3.24 work well (for future Bitcoin versions' compatibility Knoppix 6.4.4 might be of advantage over Ubuntu 10.04.2 LTS as being the later release with the newer kernel – 2.6.36 as opposed to 2.6.32). It also works for computers without DVD/CD drive, e.g. netbooks. The boot process is faster than with a Live DVD/CD (but even with Example 1's Live DVD the boot and system speed is well acceptable). Disadvantages: Security: Both Ubuntu 10.04.2 LTS and Knoppix 6.4.4 solutions have the system data (i.e. the original data from the Live CD) stored on the USB stick in UNencrypted form. This means that, theoretically, somebody who has physical access to this USB stick could modify this system data by implanting a Trojan without your knowledge and put the USB stick back to where it was. Then next time you take this stick, boot from it and start your Bitcoin client session, the Trojan could read your private keys (wallet.dat) and send them to the attacker without you realizing this. In this respect, Knoppix 6.4.4 is slightly more secure than Ubuntu 10.04.2, because Knoppix stores at least the persistent user data in encrypted form, such that this part cannot be altered systematically without knowledge of the password. In contrast, Ubuntu also stores the persistent user data in UNencrypted form on the stick, such that the attacker could also modify this data for implanting a Trojan (e.g. by modifying the “truecrypt” binary file). So at least the chances that somebody with physical access to the bootable USB stick implants a Trojan into the system behind your back are a bit lower with the Knoppix 6.4.4 system than with the Ubuntu 10.04.2 LTS system. And: The Knoppix 6.4.4 USB system can be made even more secure, meeting almost the security level of the Live DVD/CD solution (Example 1), by employing the enhancements of Annex 3, where a solution referred to as “Example 3+” is proposed! Finally remember the PASSWORD GUIDELINES: All the above is in vain if you do not use secure and safe passwords!!! This means, the password (actually a better name is “passphrase”) should be... Not Crackable, i.e. sufficiently long and complex (including special characters and numbers), minimum 25 characters recommended, but also safe against dictionary attacks (for example “Antidisestablishmentarian123” or “Disestablishment_Orthographically” are weak passwords despite their length) Not Guessable by any other person who knows you well. A bad example is this password containing commonly known private data: “Maximilian 3.11.2006 Laura 5.7.2009”. Not FORGETTABLE by yourself – this is at least equally important!
Bitcoin donations welcome: 14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR [13 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

Annex 1: Workaround if Knoppix 6.4.4 USB Stick does not boot
In my case (i.e. for two very different 2 GB USB sticks), the PC did not boot from the USB stick after I had created the (allegedly) bootable USB stick with “flash-knoppix” from Knoppix 6.4.4 as described in Example 3. Apparently, the master boot record (MBR) was written to the USB stick by “flash-knoppix” in a way “unsuitable” for my PC. However, all the Knoppix files (“./ldlinux.sys”, “./KNOPPIX/<various_files>” and “./boot/<various_files>”) were copied to the USB stick correctly. However, the corresponding procedure with Ubuntu 10.04.2 LTS (acc. to Example 2) was successful and the same USB stick became bootable very well. This proves that in general my system (PC and USB stick hardware) was able to boot from a USB stick. If this combination also applies to you, you will probably succeed in creating a bootable Knoppix 6.4.4 USB stick by following the steps below. I found out that the following workaround yields a Knoppix 6.4.4 bootable USB stick, after having tried to create a bootable Knoppix 6.4.4 USB stick unsuccessfully acc. to Example 3: Boot the PC with the Ubuntu 10.04.2 LTS Live CD from Example 2. Plug in the USB stick. Save all Knoppix 6.4.4 files from the USB stick (i.e. (“./ldlinux.sys”, “./KNOPPIX/<various_files>” and “./boot/<various_files>”) to “another place”, e.g. to the hard disk, while keeping the directory structure intact. Most easily, you may want to use Ubuntu's default file manger (“nautilus”) for this. Create a Ubuntu bootable USB stick in the way as described in Example 2, but do not create persistent user memory this time (can be deselected by setting active the radio button at the very bottom of the GUI window). Shut down the PC. Unplug the USB stick. Now boot the PC from the Knoppix 6.4.4 Live CD. This is important! This step appears overly complicated, but the following copy-operation did not yield the desired result [=bootable Knoppix USB stick] when doing it within the Ubuntu 10.04.2 LTS system! Plug in the USB stick. Open a window of Knoppix' default file manger (“pcmanfm”) and locate the USB stick. Delete all data from the USB stick via the file manager. Also select “Menu View Show hidden files” and delete also the hidden files on the USB stick. (Note: Of course the MBR that has been written by Ubuntu just before cannot be deleted by this operation, and this is exactly what we want, to have a really bootable USB stick at the end.) Open a second window of the file manger and find the location where you had copied all the Knoppix data in bullet #3 above. Copy all this content from this directory back to the USB stick by drag&drop or by copy&paste. Do this in the following order: First the file “ldlinux.sys”, Second the directory “boot/” with all its contents, Third the directory “KNOPPIX/” with all its contents (the third step may take a few minutes to complete because of the amount of data). Close all file manager windows. Shut down the PC. Done. Now it should be possible to boot Knoppix 6.4.4 with this USB stick, and you can continue with the rest of the descriptions of Example 3.
Bitcoin donations welcome: 14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR [14 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

Annex 2: SHA1 Checksums...
... for Linux Bitcoin Client Files:
Originally downloaded files:
6b3e3edb3cc0a167166ace9f18e20f191415d560 5c73031ee872884e741a3cd77d50732b7168f127 54254cba039b02a2f49fdc98b8fe820d0fd4e410 19a53c245f2a96de4f12264b8c2980adf85a814e d7a34e1151dedfba5af1bf7496ed041f5b4955e5 4909c17a1cc025c6f6c88d036f0b487c51c510f6 *bitcoin-0.3.19-linux.tar.gz *bitcoin-0.3.20.2-linux.tar.gz *bitcoin-0.3.21-linux.tar.gz *bitcoin-0.3.22-linux.tar.gz *bitcoin-0.3.23-linux.tar.gz *bitcoin-0.3.24-linux.tar.gz

Binary executable files “bitcoin” (here manually renamed to include version number and target hardware):
c408a6fd08acde909c762bf63ac50f07bbd79a99 1692bc6ac635ad4a27e690ee5d9320b9273e9ceb 314456baba43ca0ab5aee1e5131d9087378650c3 9eb4834cbc12072c565e6b9a125321607b1141e9 6bfc4fedd369df2b6185c7e35a5ba24cff98c234 6d91de0410f1c6574db6f0e404e6effa62201874 7ffc121f4a190ee34676e30562bdd9224e6d5306 f30e6dd8771effef27355e2588dcfbce5d03cdd0 0a33f90785f6d7b1aaf79bee82fb321adbec5c31 9cae07b9e2117ec18c82f4bef14d7e0356301701 dad6a97d927bcbd2c38bbcefe08932472fbab13c 95c31c9fc96198e08024b1701fd1570c68a70c60 *bitcoin_0-3-19_32bit *bitcoin_0-3-19_64bit *bitcoin_0-3-20-2_32bit *bitcoin_0-3-20-2_64bit *bitcoin_0-3-21_32bit *bitcoin_0-3-21_64bit *bitcoin_0-3-22_32bit *bitcoin_0-3-22_64bit *bitcoin_0-3-23_32bit *bitcoin_0-3-23_64bit *bitcoin_0-3-24_32bit *bitcoin_0-3-24_64bit

... for other Software Downloaded in the Context of this Guide:
Downloaded Knoppix 6.4.4 CD English ISO Image:
104f9e9e4c70642c236b5519d65cf2988bce6bb2 *KNOPPIX_V6.4.4CD-2011-01-30-EN.iso

Downloaded Knoppix 6.4.4 CD German ISO Image:
2b5c23533ebad4261bd874c51a1a551a95a21696 *KNOPPIX_V6.4.4CD-2011-01-30-DE.iso

Downloaded truecrypt-7.0a-setup-x86.tar.gz:
7a6b79da5b661034c4eaa292cf409939d58168d3 *truecrypt-7.0a-setup-x86.tar.gz

Truecrypt installer (executable):
cc3cb3239c758bd75b76d357842db3a502f69c90 *truecrypt-7.0a-setup-x86

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[15 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

Annex 3: Enhanced Best Practice Example “3+”: Knoppix 6.4.4 Bootable USB Stick
almost as secure as with a Live DVD/CD
The improvement to the solution of “Example 3” is achieved in the following way: Create a small 500 kB Truecrypt container file preferably directly on your USB stick and name it “ChecksumVerification.tc”: “/mnt-system/ChecksumVerification.tc” After mounting this container to “/media/truecrypt3/”, you populate it with the following files:
/media/truecrypt3/sha1sum_owncopy /media/truecrypt3/sha1sums_knoppix644usb_critical.txt /media/truecrypt3/sha1sums_knoppix644usb_uncritical.txt /media/truecrypt3/sha1sums_dummy.txt /media/truecrypt3/sha1sum_check_knoppix644usb.sh /media/truecrypt3/file_existence_check.sh

These files are characterized as follows (and are fully specified on the following pages): “sha1sum_owncopy”: This is simply a copy of the file “/usr/bin/sha1sum” on your system. So you just copy it to the indicated location inside the Truecrypt container and rename it. “sha1sums_knoppix644usb_critical.txt”: This text file contains a list of SHA1 checksums for all “critical” Knoppix 6.4.4 system files that reside on the USB stick. These are files that have been copied from the Knoppix Live CD when the USB stick was created and are crucial for the functioning of the operating system (or the boot process). “sha1sums_knoppix644usb_uncritical.txt”: Similarly, this list corresponds to files that have also been copied from the Live CD, but these are not critical, i.e. it is impossible to implant a Trojan (stealing your Bitcoin private keys) into the system by only modifying these files. “sha1sums_dummy.txt”: This very short text file is also defined below. “sha1sum_check_knoppix644usb.sh”: This is an executable shell script file also to be created with a text editor. Its contents are given below. Make sure it has the executable flag set in the Linux file system (e.g. with the file manager via right-click on the file “Properties” ...). “file_existence_check.sh”: Another shell script specified below. Moreover, for your convenience you create two Desktop icons by creating the text files “mount_sha1_container.desktop” and “knoppix_sha1_check.desktop” (with contents as specified below) like this: In the File Manager On the left window side select “Desktop” On the right window side rightclick the empty space context menu New Blank File ...
/home/knoppix/Desktop/mount_sha1_container.desktop /home/knoppix/Desktop/knoppix_sha1_check.desktop

After having created all these files, you only need two extra double-clicks just after each start-up: Double-click the icon “Mount SHA1 Container”, enter its password, then double-click the icon “Knoppix SHA1 Check”. This will start the check and inform you if the system is corrupted or clean. Remember: Always perform this check directly after booting, i.e. BEFORE mounting one of the Bitcoin related Truecrypt containers! Mind that the password for “ChecksumVerification.tc” shall be different from the passwords of the Bitcoin related Truecrypt container files!!! In this way, any corruption of system data would now become visible by the SHA1 checksums, such that you can (and should) decide not to type the password for opening your Bitcoin related Truecrypt container files if the checksum test fails ( corrupted system = key logger? Trojan? ...).
Bitcoin donations welcome: 14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR [16 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

Annex 3.1: Desktop Files
File://home/knoppix/Desktop/mount_sha1_container.desktop
[Desktop Entry] Name=Mount SHA1 Container Exec=truecrypt /mnt-system/ChecksumVerification.tc /media/truecrypt3 Icon=truecrypt Type=Application

File://home/knoppix/Desktop/knoppix_sha1_check.desktop
[Desktop Entry] Name=Knoppix SHA1 Check Exec=/media/truecrypt3/sha1sum_check_knoppix644usb.sh Icon=lxterminal Type=Application

Annex 3.2: SHA1 Checksum Files
File://media/truecrypt3/sha1sums_knoppix644usb_uncritical.txt (for the English version of the Knoppix 6.4.4 CD)
59b6526a7b1fd5d2e8fb4a047dd5ad3785f1b58d eff1e6009cde3cdc445b25cc0b69e8c3f249a8cd 4c07e66ed05fbb4011a76a2ef0ca7c50eb8c1f3f 3a6979d9af4ea8c21af2e406baad7854b316b5df 573431af090e175231509b80bb4953a49a5a8d24 6b5960039d0407a3b3c77fddc2efc85c31befb52 1dd5c3ea70a32db0a3593a9ce05a23a81c441864 0794431f9dbfb5908ebb39ffab9fc6c64db167ec 1277b725e0ebca59af4f2a1532fdff18850b90d9 8ef8c849eca5a570395b0dc587a94d998acf1125 031b7bb6488bf86123a0ace8dd37ab7c9249317d 952916a373c399d16b9f536f6e8c7a067aeba917 45a173f224be7fad9afd213c0143c032bcea274f e79418fa56c0199da83db4b5b902323b6d40d9c1 9f8659b5321990f9f592754156e13bfdeb16ed50 4917ef8981a9062f1a64d81bf2f29aad6c0a6804 7edea2650a3dc9b8218107cf4c55dcd74b76e15a 466a91c5fd5d345bb19d1c9419d9bd0734583151 */mnt-system/boot/syslinux/boot.msg */mnt-system/boot/syslinux/f2 */mnt-system/boot/syslinux/f3 */mnt-system/boot/syslinux/german.kbd */mnt-system/boot/syslinux/syslinux.cfg */mnt-system/KNOPPIX/background.png */mnt-system/KNOPPIX/background.README.txt */mnt-system/KNOPPIX/index_de.html */mnt-system/KNOPPIX/index_en.html */mnt-system/KNOPPIX/index_es.html */mnt-system/KNOPPIX/index_fr.html */mnt-system/KNOPPIX/index_it.html */mnt-system/KNOPPIX/knoppix-cheatcodes.txt */mnt-system/KNOPPIX/knoppix-logo-medium.png */mnt-system/KNOPPIX/knoppix-logo-small.png */mnt-system/KNOPPIX/LICENSE.txt */mnt-system/KNOPPIX/README_Security.txt */mnt-system/KNOPPIX/SOURCES.txt

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[17 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

File://media/truecrypt3/sha1sums_knoppix644usb_uncritical.txt (for the German version of the Knoppix 6.4.4 CD)
59b6526a7b1fd5d2e8fb4a047dd5ad3785f1b58d 16c983dd8ff10a57c4cd734eabeb073f702ed7d5 f188a356f1f242dc1ecfa2478145499c22f7aa07 3a6979d9af4ea8c21af2e406baad7854b316b5df 3d4c255518be7d6ddc5bb340b41c1eed5b5ab071 6b5960039d0407a3b3c77fddc2efc85c31befb52 1dd5c3ea70a32db0a3593a9ce05a23a81c441864 0794431f9dbfb5908ebb39ffab9fc6c64db167ec 1277b725e0ebca59af4f2a1532fdff18850b90d9 8ef8c849eca5a570395b0dc587a94d998acf1125 031b7bb6488bf86123a0ace8dd37ab7c9249317d 952916a373c399d16b9f536f6e8c7a067aeba917 45a173f224be7fad9afd213c0143c032bcea274f e79418fa56c0199da83db4b5b902323b6d40d9c1 9f8659b5321990f9f592754156e13bfdeb16ed50 4917ef8981a9062f1a64d81bf2f29aad6c0a6804 7edea2650a3dc9b8218107cf4c55dcd74b76e15a 466a91c5fd5d345bb19d1c9419d9bd0734583151 */mnt-system/boot/syslinux/boot.msg */mnt-system/boot/syslinux/f2 */mnt-system/boot/syslinux/f3 */mnt-system/boot/syslinux/german.kbd */mnt-system/boot/syslinux/syslinux.cfg */mnt-system/KNOPPIX/background.png */mnt-system/KNOPPIX/background.README.txt */mnt-system/KNOPPIX/index_de.html */mnt-system/KNOPPIX/index_en.html */mnt-system/KNOPPIX/index_es.html */mnt-system/KNOPPIX/index_fr.html */mnt-system/KNOPPIX/index_it.html */mnt-system/KNOPPIX/knoppix-cheatcodes.txt */mnt-system/KNOPPIX/knoppix-logo-medium.png */mnt-system/KNOPPIX/knoppix-logo-small.png */mnt-system/KNOPPIX/LICENSE.txt */mnt-system/KNOPPIX/README_Security.txt */mnt-system/KNOPPIX/SOURCES.txt

File://media/truecrypt3/sha1sums_knoppix644usb_critical.txt
a27858f5178462afd11d5c8ae9bff1106658d07c b21c7034c3e80dbecd14bf210fe0af872a547138 b5ff7af6b4bc9104c349acf99940a0353c4b94c4 8090e0e2ca937d062782bdce1234c6ecbf862979 f08e1a0b0f907cb2556e4391f64ba6dca9f6250b 6782abfa3ecf899028bd01e14e53f0760a08d40b 53017a3189cd6fd566eee1e78612a64ec6c6b85b b3235556ffe7da2735e4c6a1e0245557925d2f09 */mnt-system/boot/syslinux/balder.img */mnt-system/boot/syslinux/linux */mnt-system/boot/syslinux/linux64 */mnt-system/boot/syslinux/logo.16 */mnt-system/boot/syslinux/memdisk */mnt-system/boot/syslinux/memtest */mnt-system/boot/syslinux/minirt.gz */mnt-system/KNOPPIX/KNOPPIX

File://media/truecrypt3/sha1sums_dummy.txt
1234567890abcdef1234567890abcdef12345678 *file_existence_check.sh

Annex 3.3: Shell Scripts
File://media/truecrypt3/file_existence_check.sh
#!/bin/bash if ! [ -f $1 ]; then echo "--> ERROR: File \"$1\" does NOT exists!" exit 1 fi exit 0

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[18 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

File://media/truecrypt3/sha1sum_check_knoppix644usb.sh
#!/bin/bash tty -s if (($? != 0)); then # Default size of the terminal window: #lxterminal -e "$0" # larger terminal window - recommended: lxterminal --geometry=80x35 -e "$0" # Even larger terminal window: #lxterminal --geometry=120x49 -e "$0" exit fi # The code above checks if the scipt is already running in a terminal window. # If not, it opens a terminal window and executes the script there. root_path_of_usb_stick=/mnt-system current_path=/media/truecrypt3 cd $current_path # ------------------------------------------------------------------------# First of all, we make some file existence checks. # If the files do not exist, an sha1sum check is not possible anyway. echo "Part 1: Checking existence of important files" echo "---------------------------------------------" cnt=0 ./file_existence_check.sh $root_path_of_usb_stick/ldlinux.sys a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ] ./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/balder.img a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ] ./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/linux a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ] ./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/linux64 a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ] ./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/logo.16 a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ] ./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/memdisk a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ] ./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/memtest a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ] ./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/minirt.gz a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ] ./file_existence_check.sh $root_path_of_usb_stick/KNOPPIX/KNOPPIX a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ] if (( $cnt > 0 )); then echo "*****************************************************************" echo "ERROR: $cnt essential file(s) could not be found." echo . . . .Therefore, the SHA1 checksum test is not possible. echo . . . .The script is aborted at this point. echo echo . . . .Consider modifying the variable \"root_path_of_usb_stick\"

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[19 of 25]

Version 0.5 (August 2011)
echo echo echo echo echo echo echo echo echo echo echo echo echo read exit

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

. . . .inside the file \"sha1sum_check_knoppix644usb.sh\". . . . .Then also adapt the paths correspondingly in the files . . . .\"sha1sums_knoppix644usb_critical.txt\" and . . . .\"sha1sums_knoppix644usb_uncritical.txt\". "*****************************************************************" ' _____ _ _ ' ' | ___|_ _(_) |_ _ _ __ ___ ' ' | |_ / _` | | | | | |' "'"'__/ _ \ ' ' | _| (_| | | | |_| | | | __/ ' ' |_| \__,_|_|_|\__,_|_| \___| ' "------- Press <ENTER> key to quit -------"

$cnt fi # ------------------------------------------------------------------------echo Done. echo # Specify the ASCII files containing the lists of SHA1 checksums: sha1sum_List_uncritical=sha1sums_knoppix644usb_uncritical.txt sha1sum_List_critical=sha1sums_knoppix644usb_critical.txt # Check system files on the USB stick for integrity # (those files created at creation of the bootable USB stick): echo "Part 2: Checking the uncritical KNOPPIX system files..." echo "-------------------------------------------------------" `./sha1sum_owncopy -c --status $sha1sum_List_uncritical` ErrorCode_2=$? echo Done. echo echo "Part 3: Checking the critical KNOPPIX system files (takes a bit longer...)" echo "--------------------------------------------------------------------------" `./sha1sum_owncopy -c --status $sha1sum_List_critical` ErrorCode_3=$? echo Done. echo echo "Part 4: Checking the file \"ldlinux.sys\":" echo "----------------------------------------" ErrorCode_4a=0 ErrorCode_4b=0 ./file_existence_check.sh sha1sums_ldlinux-sys.txt a=$? if (( $a !=0 )); then echo " The SHA1 checksum file does not exist yet." echo " This is NORMAL if you run this check for the first time!" echo "--> Now creating the checksum file for future reference..." `./sha1sum_owncopy -b $root_path_of_usb_stick/ldlinux.sys > sha1sums_ldlinux-sys.txt` ErrorCode_4a=$? else `./sha1sum_owncopy -c --status sha1sums_ldlinux-sys.txt`

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[20 of 25]

Version 0.5 (August 2011)
ErrorCode_4b=$? fi echo Done.

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

# -------------------------------------------------------------# ----- Check Uncritical Errors: ------------------------------# -------------------------------------------------------------if (($ErrorCode_2 != 0)); then echo echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++" echo "Warning: Some files have been changed, but these" echo " files are uncritical for system integrity." echo " Your system is not really in danger, but you" echo " should know why some files were modified." echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++" echo Here are the details: ./sha1sum_owncopy -w -c $sha1sum_List_uncritical echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++" echo ' __ __ _ ' echo ' / / /\ \ \__ _ _ __ _ __ (_)_ __ __ _ ' echo ' \ \/ \/ / _` | '"'"'__| '"'"'_ \| | '"'"'_ \ / _` | ' echo ' \ /\ / (_| | | | | | | | | | | (_| | ' echo ' \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | ' echo ' |___/ ' fi # -----------------------------------------------------------# ----- Case of no Checksum Error at all: -------------------# -----------------------------------------------------------if (($ErrorCode_3 == 0)) && (($ErrorCode_4b == 0)) && (($ErrorCode_2 == 0)); then echo echo "-------------------------------------------------------------" echo "Check passed! All system files are the original system files." echo "Everything is OK, your system files are clean!" echo "-------------------------------------------------------------" echo ' ____ ' echo ' / ___| _ _ ___ ___ ___ ___ ___ ' echo ' \___ \| | | |/ __/ __/ _ \/ __/ __|' echo ' ___) | |_| | (_| (_| __/\__ \__ \' echo ' |____/ \__,_|\___\___\___||___/___/' fi # ----------------------------------------------# ----- File creation error: -------------------# ----------------------------------------------if (($ErrorCode_4a != 0)); then echo echo "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++" echo 'Warning: Could not write the file' echo ' "'$current_path/sha1sums_ldlinux-sys.txt'"' echo ' 'Check if you have write access to '"'$current_path/'"' echo echo ' At next system start up it will not be possible to' echo ' check the integrity of the file' echo ' ''"'$root_path_of_usb_stick/ldlinux.sys'"'

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[21 of 25]

Version 0.5 (August 2011)
echo echo echo echo echo echo echo fi

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

"++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++" ' __ __ _ ' ' / / /\ \ \__ _ _ __ _ __ (_)_ __ __ _ ' ' \ \/ \/ / _` | '"'"'__| '"'"'_ \| | '"'"'_ \ / _` | ' ' \ /\ / (_| | | | | | | | | | | (_| | ' ' \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | ' ' |___/ '

# -----------------------------------------------------------# ----- Check Critical Errors: ------------------------------# -----------------------------------------------------------if (($ErrorCode_4b != 0)); then # Critical erorrors have occured: echo echo "*********************************************" echo "***** A L E R T !!! SERIOUS WARNING!!! *****" echo "*********************************************" echo The file \"ldlinux.sys\" was modified! echo This file is needed during the boot process. echo The file can be different on different USB echo sticks, but should remain unchanged on one echo such boot medium. echo You should know why this checksum failure echo happened. Your system might be at risk. echo "*********************************************" echo Here are the details: ./sha1sum_owncopy -w -c sha1sums_ldlinux-sys.txt echo "*********************************************" echo ' _____ _ _ ' echo ' | ___|_ _(_) |_ _ _ __ ___ ' echo ' | |_ / _` | | | | | |' "'"'__/ _ \ ' echo ' | _| (_| | | | |_| | | | __/ ' echo ' |_| \__,_|_|_|\__,_|_| \___| ' fi if (($ErrorCode_3 != 0)); then # Critical erorrors have occured: echo echo "**************************************************" echo "***** A L E R T !!! VERY SERIOUS WARNING!!! *****" echo "**************************************************" echo Important system files have been modified! echo Your system might be corrupted! echo Use it at your own risk! echo "**************************************************" echo Here are the details: ./sha1sum_owncopy -w -c $sha1sum_List_critical echo "**************************************************" echo ' _____ _ _ ' echo ' | ___|_ _(_) |_ _ _ __ ___ ' echo ' | |_ / _` | | | | | |' "'"'__/ _ \ ' echo ' | _| (_| | | | |_| | | | __/ ' echo ' |_| \__,_|_|_|\__,_|_| \___| ' fi

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[22 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

# ---------------------------------------------------------# ----- SPECIAL EXTRA CHECK: ------------------------------# ---------------------------------------------------------if (($ErrorCode_2 == 0)) && (($ErrorCode_3 == 0)) && (($ErrorCode_4b == 0)); then # Check if the "sha1sum" file is able to generate bad checksums in the first place: `./sha1sum_owncopy -w -c --status sha1sums_dummy.txt` ErrorCode_Dummy=$? if (($ErrorCode_Dummy == 0)); then echo echo echo "*************************************************" echo "***** ALERT! SHA1 Checksum Malfunctioning! ******" echo "*************************************************" echo 'The checksum function produces "good" results even' echo 'if the checksum is definitely "bad"!' echo This means you cannot trust above good checksum echo results for the system files! echo ...Something is going fundamentally wrong here! echo This means that your system might be corrupted! echo Use it at your own risk! echo "*************************************************" echo Here are the details echo "(the following SHOULD give a BAD checksum):" ./sha1sum_owncopy -w -c sha1sums_dummy.txt echo "*************************************************" echo ' _____ _ _ ' echo ' | ___|_ _(_) |_ _ _ __ ___ ' echo ' | |_ / _` | | | | | |' "'"'__/ _ \ ' echo ' | _| (_| | | | |_| | | | __/ ' echo ' |_| \__,_|_|_|\__,_|_| \___| ' fi fi echo echo "------- Press <ENTER> key to quit -------" read

The following illustration summarizes the final system setup with Knoppix 6.4.4 on a bootable USB stick, when including the mechanisms introduced in this annex to allow discovering a corruption of the USB stick's system files:

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[23 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

PC with bootable USB Stick with Knoppix 6.4.4 * System Files from CD [700 MB] (not encrypted, unfortunately)
verify integrity by SHA1 checksums

* <USB>/KNOPPIX/knoppix-data.aes [200 MB] (256 bit AES encrypted by Knoppix)

Contains all "persistent" user settings/modifications of the Knoppix 6.4.4 Live system

* <USB>/ChecksumVerification.tc /media/truecrypt3/... [0.5 MB] .../sha1sum_owncopy (strongly encrypted by Truecrypt) .../file_existence_check.sh
password = can be the same as for "knoppix-data.aes", but shall be different from the 4GB and 1MB file !!!
.../sha1sum_check_knoppix644usb.sh .../sha1sums_dummy.txt .../sha1sums_knoppix644usb_critical.txt .../sha1sums_knoppix644usb_uncritical.txt

has access to

Same USB Stick [or below's other Non-Encrypted Storage Medium] * myBitcoinOperationalSpace.tc [3-4 GB] (strongly encrypted by Truecrypt)
/media/truecrypt1/... .../bitcoin .../btc_start .../myDataDir/wallet.dat .../myDataDir/<other files>

Other Non-Encrypted Storage Medium (Hard Disk or Flash Medium) * myBitcoinWalletSafeStorage.tc [1 MB] (strongly encrypted by Truecrypt) * myBitcoinAddresses.txt (UNencrypted, intentionally)
copy manually /media/truecrypt2/wallet.dat
... 14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR ... etc.

Actually, all these files could be now located on the USB stick in this variant. Because, if the insecure operating system (see bottom of the figure) had corrupted the system files, this would now be discovered before it can do any harm to your Bitcoin private keys.

Read access (for making backups of container file)

Read access (for sending BTCs to these addresses)

Insecure Operating System – e.g. MS Windows/MacOS/insecure Linux * Virus X – ad libitum * Trojan Y – ad libitum * Malware Z – ad libitum

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[24 of 25]

Version 0.5 (August 2011)

by Michael_S (forum.bitcoin.org)

OpenPGP KeyID=0xCC7E7C99

Version History of this Document
0.1 0.2 0.3 0.4 First version Clarified for “Example 3+” (Annex 3) that there is no strict need any more to keep the bootable USB stick away from a potentially insecure & infected operating system. After cross-reading the complete document: Removal of some remaining inconsistencies, minor re-phrasings to improve readability, addition of this version history. For Example 3+, correction of the script file “sha1sum_check_knoppix644usb.sh” and the SHA1 list “sha1sums_knoppix644usb_critical.txt”: Removed “ldlinux.sys” from the list of critical files, because it is not bit-exact the same for different USB sticks, but it remains unchanged once the USB stick has been created. Therefore, an extra reference checksum file is generated when the shell script runs the first time, and from that moment on it will also be checked together with the other files every time the script is run. For Example 3+, it is now proposed to put “ChecksumVerification.tc” directly to the root directory of the USB stick, the final block diagram was modified accordingly. Moreover, an additional *.desktop file was added to make the use of the SHA1 sum check extremely convenient for daily use - just two double clicks on two desktop icons are required. The text in “Annex 3” was modified to take these changes into account. Moreover, minor editorial modifications and corrections of typos. Update to take into account bitcoin client version 0.3.24 in this document.

0.5

Bitcoin donations welcome:

14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR

[25 of 25]

Sign up to vote on this title
UsefulNot useful