Posted on

How to safely connect cold storage offline wallet to your online wallet

USB keys or SD cards are one way, but I dislike using USB drives because they are an unacceptable infection vector for my cold storage machine.  USB, SD cards or any block storage introduces drivers and firmware which may be suspect and or may contain malware that you copy unknowingly or that gets launched automatically (reference: https://www.us-cert.gov/sites/default/files/publications/RisksOfPortableDevices.pdf)

What to do, then?

These laptops have a wired ethernet port.  I can connect them back-to-back and simply have a static IP configured on both machines.

Enable the SSH server on the online machine with the following command:

sudo apt-get install -y openssh-server

Then go to the network menu, select Edit Connections, select Wired Connection 1 and hit Edit.  Go to the IPv4 Settings tab and set Method to ‘Shared to other computers’.  You can now hit Save and then Close.

Go back to the Network menu and select ‘Connection Information’ and note the IPv4 IP Address of Wired Connection 1.  This is the IP address you will connect to from the cold storage machine.

Connect the two machines together with an ethernet cable.

Use FileZilla to connect to the IP address of your online host.

You can now safely drag and drop files between the two hosts.

Posted on

The $180 Bitcoin Wallet I got at Target

Problem: Need offline/cold storage for our coins

Solution: AMD-based HP CloudBook laptop at Target for $180

Why AMD? Many Intel CPUs have vPro techology baked in – which has a nasty security hole allowing remote IP KVM to be enabled, allowing for keystroke logging that is simply unacceptable on our wallet machine.

They come with Windows 10 Home preinstalled, which we go ahead and log into and download the following things:

Opera Browser: http://opera.com

Install the opera browser, go into settings and turn on VPN in the Privacy and Security section

Xubuntu ISO image:
http://torrent.ubuntu.com/xubuntu/releases/xenial/release/desktop/xubuntu-16.04.3-desktop-amd64.iso.torrent

Rufus USB image writer: https://rufus.akeo.ie

Run rufus after downloading, select the Xubuntu ISO image you downloaded before rufus and write it to a 4GB-32GB USB stick (preferably a USB 3.0 one)

Reboot and keep tapping Esc to go into the BIOS

Find the boot order, move USB devices above the built-in SSD in the boot order and reboot.

Install Xubuntu, enabling disk and LVM encryption when you get to that point in the install. Pick a password you will not forget.

Once Xubuntu is installed and you are logged in, connect to the internet, open a terminal and do the following to bring the system up to date:

sudo apt-get update
sudo apt-get upgrade -y
reboot
sudo apt-get autoremove

Go through the power settings and enable suspend on lid close and shutdown on reaching critical battery levels.

Firefox is installed already, use it to download and install Opera. I have had better luck downloading the file and installing it in the terminal rather than using the GUI software manager. The command to install manually is:

sudo dpkg -i <packagename>.deb

You will find it in your /home/<username>/Downloads folder

And that’s how we turned a $180 cloudbook into a whole-disk-encrypted hardware eCoin wallet.

Start installing your favorite wallets. Our next post will cover installing and configuring Electrum.