The recent rise of crypto valuations has spawned a new generation of millionaires. Consequently, this has also created many opportunities for hackers to steal the new found wealth.
In this post I will outline 2 methods you can use to secure your coins.
Get yourself a Trezor
Trezor is a fantastic piece of technology that will make your life much easier. Trezor is a hardware wallet, and all transactions are signed on it, which means that if someone hacks your computer, they can't steal your coins.
By far the best feature on Trezor is the way it generates private keys, by combining 2 seeds.
There is one seed key generated by Trezor on setup, and this key is securely enclaved on Trezors chipset.
The second seed is a password - any password. Every password combination will thus generate a new unique private key(s), which means that you could have unlimited number of wallets. This is especially good for traveling. For example, if you're asked to unlock your trezor at US customs, you could use a password that unlocks your wallet with 5 BTC. But you could also have a wallet with 100,000 BTC, and nobody could find it, or prove that such wallet exists.
Unfortunately, Trezor only supports a few coins (Bitcoin, Dash, ETH, Monero). To deal with other coins, we need to build our own, general purpose trezor-like computer.
Build your own Trezor
First, we need some hardware. I am a big fan of old Thinkpad laptops, and you can probably get a used T61 for less than 50 EUR.
The next step is air-gapping. We want to perform some surgery on it, to ensure that this computer will not be able to connect to the internet ever again.
Additionally, I think its a good idea to remove the hard drive and any other storage medium that could enable non intentional data persistence.
I have recently performed this for a friend on a T61, and it is fairly easy. The dial-up modem / ethernet card, and the wifi card are located under the keyboard. I have also removed the hard drive.
My OS of choice is Tails. The reason for this is that Tails is n00b friendly - it won't let you shoot yourself in the foot, while being super easy to use. Tails disables persistence by default. The OS filesystem is read-only, and all new userspace files will be lost on reboot.
Tails has an option of creating a LUKS encrypted partition to enable persistence. It also ships with KeePassX, Bitcoin Electrum wallet and some other nifty tools. This allows us to stack encrypted layers, with different encryption algorithms and keys.
Encrypted FS (Persistent Volume) + Encrypted Bitcoin Wallet
or
Encrypted FS (Persistent Volume) + Encrypted KeePassX DB storing our private keys
.
The important thing to remember is that we should only ever mount our encrypted persistent storage from the air-gapped machine. To be safe, just don't plug the Tails USB key into any other device - ever.
Generating new wallets
Each coin has its own wallet software and tools. We need to get these tools on our air-gapped machine. We can do this trough an additional USB stick, mounted in read-only mode (don't forget to wipe it before plugging into networked pc), or a DVD rom (read-only medium) for the super paranoid.
Once the keys are generated, we store them in our Encrypted Persistent Volume.
Here is an example Steem (Python) script to generate Steem Keys. You can use the public keys from the newly generated keypairs to create a new Steem account, or replace keys on an existing account.
from steembase.account import PasswordKey
account_name = 'furion'
password = 'super secret and reasonably complex password'
posting_key = PasswordKey(account_name, password, role="posting")
active_key = PasswordKey(account_name, password, role="active")
owner_key = PasswordKey(account_name, password, role="owner")
memo_key = PasswordKey(account_name, password, role="memo")
Signing Transactions
We can also use the wallet software to sign the transactions on our air-gapped machine, and then broadcast these transactions on our regular machine - thus never exposing our private keys.
For Steem (Python), see steempy sign and steempy broadcast commands.
References
Trezor - https://trezor.io/
Thinkpad T61 - http://www.notebookreview.com/notebookreview/lenovo-thinkpad-t61-review/
KeePassX - https://www.keepassx.org/screenshots
Tails - https://tails.boum.org/
Steem (Python) - http://steem.readthedocs.io/en/latest/
"Build our own, general purpose trezor-like computer." would have been a better title
Will correct my flag if this is improved.
(and take down my comment vote)
Very good post BTW, Big fan of the Ledger nano S lately, One good reason to build your own air-gapped wallet is that off the shelf hardware are not aimed at storing cryptocurrencies so are not targetted as much - if at all.
I like the Nano S because tampering is apparently cryptogrphically detectable.
Why do you think you have the right to interfere with other people's payouts just because they didn't tickle your balls just right?
Yes, you think this post isn't making enough? then buy more SP and vote on it.
Is the Tails OS stored on USB key? Make sure You do a backup of it, especially of Encrypted Bitcoin Wallet or KeePass DB file. The USB drives can crash at the least expected moment :\
Backup onto encrypted USB keys, and give them to friends and family perhaps.
You should consider multi-sig perhaps glacier protocol to mitigate trust issues. BTC is gonna be worth betraying friends and family for some people.
Thanks, I actually have a ThinkPad and the necessary hardware laying around and a lot of dvds for backup (soon it will probably be like having a 5. 25 floppy tho). Great post sir.
buy a tresor check
build one wow!
sent this post to hubby
thank you
"KeePassX"
Awesome program, everyone should be using it.
A nice looking alternative for Keepass would be "Keeweb". It is available for any OS, open source, 100% compatible with the .kdbx file format, can additionally sync with many cloud storages and has a really good UI. https://keeweb.info
Agree!! From many months ago.
https://steemit.com/steemit/@gikitiki/usine-keepass-to-secure-your-wallet-with-strong-passwords
I will use it
I will check on that one.
Thank you for this knowledge. I literally had no idea until you said this so thank you
This is awesome! I know what I'm doing this weekend
me 2
gonna buy a Trezor ^^
Do you know of a good way to use the Trezor to unlock the USB on the air-gap computer?
I am not aware of any practical solutions at this time.
Afaik, with LUKS, you can have multiple keyphrases. So you could have your regular password, as well as a password that is deterministically generated by the Trezor.
Unfortunately I am not familiar with implementation details, or available API's on the Trezor, but the existence of projects like TPM make it seem doable.
Perhaps @xeroc would know better, as he has done some work with integrating Steem and Trezor already.
I have some FUSE same code but it did not work nicely .. lol .. Edit utilities go crazy with temp files, renames, and even links. They really work hard to not overwrite your file until they know they can write to disk (understandable). But this complicates the fuse bindings, then have to work just right. I have gotten partly there with example code but that still needs work.
I just finished a command-line utility you might find useful.
https://www.npmjs.com/package/trez
It will work, I think it is just a matter of finding or making a script that does this.
The API allows for a confirmed or unconfirmed encrypt and decrypt of any data. Software could encrypt a strong but relatively small decryption key and ask you to decrypt it when unlocking a drive etc..
It would work nicely with the FUSE file system where private keys could go into different files that could be confirmed on the Trezor separately when you try to open them and re-encrypt when they are saved.
Will this work for coins on exchanges that have not got wallets?
Even if you are using an exchange with wallet, you should always store a majority of your coins in a hard wallet for ultimate safety.
Keep your money safe my friends
I did something similar with an old Dell netbook years ago, but now I just use Trezor and Ledger wallets. Lazy in my advancing age... awesome write up, thank you!
Wouldn't it be better to use a Raspberry Pi. It would then be more portable and if you get a Pi 2 instead of a 3 you don't have to worry about internet since it had no wireless card. Also you could easily add an OLED display to it and program it to make it able to show transactions and wallet addresses
I don't think so. rPI2 + oled display + all the peripherals required would cost more than an old thinkpad. Also its a lot slower and less convenient to use. Also, you might not be able to compile certain wallets for ARM.
Great guide friend.. Thank you for sharing your efforts here with us..
But honestly wouldn't it be better to invest a bit of money to get a pre built one?
Although its a great idea if you are feeling crafty 💡 :)
Much love and happy steeming
-Goldie
AWESOME!!!
What an incredibly powerful post to share the potency of TREZOR design with us and teach us how to do this ourselves. Can't thank you enough! Good for us all.
All for one and one for all! Namaste :)
Fantastic post. Putting this on my to-do list. Thanks so much! Please follow, I have some amazing posts coming up, trying to build my audience for a while first. THANKS!!!! WOOOOOOT!!!!
: )
Thanks for the tutorial. I struggled to get Tails booting on my iMac so rather went the Ubuntu root. Probably not as secure as Tails but still better than Windows or MacOS I guess :)
What's the best place to buy a T61? Ledger Nano S and Trezor are on back order so this would be the nest best thing. I would like to be able to safely store the wallets of the little coins all in one place.
Good post! Upvoted!
But one small correction, Trezor doesn't support Monero, but Zcash
This post received a 18% upvote from @randowhale thanks to @furion! For more information, click here!
Nice job under post!
Qué buena información me interesa mucho
Thanks for sharing this information about securing our wallets.. this is going help many of us in protecting our coins.
I'm about to buy a Trezor. My biggest question entrusting my coin to it is what happens if the internals of the Trezor are rendered unusable from static shock, EMP a house fire etc? Would the wallets become unrecoverable?
I'm mostly curious if you can export the private keys or does it only give you the 12 word brain wallet? If so is the brain wallet useless if the internal seed is lost?
Thanks in advance!
Edit: I checked Trezor's FAQ and it's possible to recover to a new Trezor or other compatible wallet using the 24 word brain key.
No you can write a sentence or a group of words on a piece of paper and with that recover the Trezor. But please verify that, it has been a while.
Nice post, let us vote and follow @svtechnik @coreyou
Congratulations @furion!
Your post was mentioned in my hit parade in the following categories:
i think you should do a video so you can help all us noob so we can build our own.... it would help alot of us... great post @furion
This is a fantastic way to ensure your wallet is safe! Thanks!
WOAH! Pretty AWESOME!
Could you do one with ledger nano s? There are so many people buying them that it is nearly impossible to get. Great article!
Nice post. Useful.
p.s almost had your bank card in the pic.
Good idea but not exactly transport friendly, won't fit into pocket, it would be an extra laptop on airflights,and it would weigh a lot more than a Trezor.
I'm sure it works though. Great post.
hello
Great post. I have an old net book I could re purpose. Time to do some more reading.
On another note. What about an android device?
Thanks for this post and all of this info, great work
Do you know if there are plans for the trezor to support other coins? Or do you think "trezor" like things will eventually come onto the market that will be able to facilitate all/new cryptos?
Interesting
Great post !!!
Thanks for sharing @furion
Nice one @mcekworo
Hope u homma apply what u learnt
Really very interesting as a tutorial. Personally I think buying a smaller one
steem post
Very Cool!
meep
fancy seeing you here! meep.
meep
yes!
meep
I just saw an advertisement for Trezor and they said it was open source, to see that he was doing exactly what he was supposed to do, they also mentioned that you can build yourself one if you do not like their accent :))))
I have fuck all chance of doing this as I am a computard.
Key management is HUGE and needs to be talked about more.
Private key generating on an air gapped net neutered laptop, then also using said laptop to sign transactions offline? Priceless.
I feel like this is a little out of my depths, but I plan on giving this a second look over just to remember all the great advice. As a newbie, this stuff is incredibly fascinating/valuable to me.
Thank you for your post it is very interesting
Ah man, I wish I was a bit more techsavvy. This looks great and exactly what one needs.
I just wish this stuff was way less complicated. How do we ever get a billion people on board with bitcoin wallets with stuff like this making it sound like you need an engineering degree just to secure it.
Exactly. I agree. I am a visual fx artist, wrangling data for years, always studying and upgrading, constantly learning. My brain eats this stuff for lunch. But try to help the girl at the checkout counter by telling her to look into bitcoin gets you very strange reactions. We need a bigger boat!
Great tutorial. Will try..
Holy Shit this is awesome Ive been wanting to do this. excellent information! Now I can have my own bank.
Thanks a lot for sharing! I wasn`t aware that you can create your own hardware wallet.
Thanks man, definitely going to be looking into this some more, my previous online trading account has actually been hacked and emptied once.
interesting post !