Silk Road forums
Discussion => Security => Topic started by: bvb on August 01, 2012, 11:20 am
-
I'm pretty new to this and would appreciate your thoughts on my setup.
I have a hidden truecrypt volume set up on a USB key. In this volume there is:
* Bitcoin client
* TorBrowser Bundle
* GPG Keychain Access (rest of GPG Tools is installed on main HDD)
* secring.gpg file (symlink)
* wallet.dat (symlink)
* text file containing passwords etc.
Ideally I'd like to use a USB and boot into Tails - but I've not been able to get this working on my Mid 2011 iMac. I used a Tails VM to create a Tails USB, installed rEFIt, restarted a couple of times, selected Tux from the rEFIt menu but would just get a 'No bootable device -- insert boot disk and press any key' message.
Is it worth trying to get Tails (or similar) working or is my truecrypt setup described above sufficiently secure to protect a SR buyer?
Thank you for your time.
-
Did you manage to get Bitcoin running fully portable on the USB key? I couldn't do this on the Mac, the data directory still remained on the main HDD.
EDIT: the data directory only contains the blockchain, so no actual sensitive information.
Here are some things I'd think about:
-Check to find out where the bitcoin data directory is
-Be aware that if it is on your main HDD (and so is GPG), then you'd have some explaining to do
-Connect the bitcoin client through TOR (easy to do with the browser bundle)
-Ensure the outer truecrypt volume looks 'real' i.e., has some sensitive data in it like scans of personal documents, your tax records etc.
-Ensure your passwords are good
-Hide your USB stick well
And finally, what you're doing is all good stuff to protect against your Mac being examined, but remember none of this protects you from investigation via your source of BTC. In other words, ensure it is as hard as possible to link yourself to your BTC exchanges and transactions.
-
No I couldn't figure out how to get Bitcoin running fully portable on the USB key ... I spent ages trying to do so but with no luck. So there is still the data at ~/Library/Application\ Support/Bitcoin/ but the wallet.dat file has been moved to the USB and a symlink left in its place. Same goes for GPG - there are still numerous files at /Users/xxxxxxx/.gnupg/ - I've just moved secring.gpg to the USB.
I don't have my Bitcoin client connected through TOR. I tried to do this but whenever I selected the 'Connect through SOCKS4 proxy' option the client would not be able to connect.
I originally dumped a bunch of random files in the outer truecrypt but tax records etc. are a good idea. I've got strong passwords and the USB stick is hidden well.
I've only made one BTC purchase and did that via cash deposit at a bank.
Appreciate your help - thanks.
-
If you have files and directories floating around your harddrive (even if you delete them), that's no bueno.
Can you boot from a Tails disc? Just do that...and save files to the encrypted USB drive. Less convient than a bootable USB drive, but so what? Easier to hide/destroy a USB stick than it is to wipe or destroy your harddrive, right?
I've been playing around with bitcoin saving onto a USB stick. Search my posts for what I've learned. Also, you can download most of the blockchain independtly of bitcoin. See: bitcointalk.org/index.php?PHPSESSID=dbb8f75612ef709e78ca0d1766752b65&topic=51456.0
-
you should definitely try to get the LiveUSB running on your system.
even though the following thread is about windows, I have a strong suspicion that MAC does something similar:
http://dkn255hz262ypmii.onion/index.php?topic=33359.msg380977#msg380977
And I think that the following PDF might help you get it working: (WARNING: Clearnet link)
http://lunarts-studio.com.br/file_hosting/2011_imac_ubuntu_12.04.pdf
this part, in particular, is of importance:
"You cannot properly use the mac default EFI system without running Super Grub 2 Disk once to enter the ubuntu OS you installed."
if you could list the specs of your machine I might be able to help you further (cpu type for example)
But I think that you might just be better off if you just get a dirt-cheap computer from yesteryear and set it up as a linux box, dedicated to SR purposes. I have found that the old dell laptops from the 90s work great for this and they tend to cost less than $100. If you look hard enough you can usually find one for around 50 buck on Craigslist.
I know that it can be fun to tinker with shit like this and make things work in ways that they weren't designed too. but what your trying to do is like trying to turn a pair of golf cleats into a pair of running shoes.
-
Option 2: Dual boot Mac and Win set up
Copy across Mac HD to USB drive.
Reformat
Reinstall MAC OS
Using DiskUtility partition the drive
Use Boot camp to set up dual boot
Install windows on the 2nd partition
Install Truecrypt for Windows and use the full partition encryption
-
If you have files and directories floating around your harddrive (even if you delete them), that's no bueno.
Can you boot from a Tails disc? Just do that...and save files to the encrypted USB drive. Less convient than a bootable USB drive, but so what? Easier to hide/destroy a USB stick than it is to wipe or destroy your harddrive, right?
I know I shouldn't have those files/directories on my harddrive, but at the same time I want to believe it will be okay as GPG and Bitcoin aren't illegal ...
Haven't tried booting from a Tails disc as I don't have any DVDs here at the moment. I did find a blank CD-R but sadly Tails is just over 700MB. I'll grab a blank DVD sometime soon at set this up - it seems like it will be the simplest option.
Do you use Truecrypt in Tails to encrypt the USB drive? Looks like it is being phased out: (CLEARNET: https://tails.boum.org/doc/encryption_and_privacy/truecrypt/index.en.html )
I've been playing around with bitcoin saving onto a USB stick. Search my posts for what I've learned. Also, you can download most of the blockchain independtly of bitcoin. See: bitcointalk.org/index.php?PHPSESSID=dbb8f75612ef709e78ca0d1766752b65&topic=51456.0
I wish it wasn't so complicated! I'm surprised there isn't something like Tails available that includes bitcoin. What are your thoughts on Strongcoin? I've been thinking about using that and the Tails DVD but will have to look into it more first.
if you could list the specs of your machine I might be able to help you further (cpu type for example)
Thank you. I've spent half the day trying to figure this out!
Processor: 3.4 GHz Intel Core i7
Graphics: AMD Radeon HD 6970M 2048 MB
OS: Mac OS X 10.7.4
Can this be done? Appreciate your assistance.
Option 2: Dual boot Mac and Win set up
Thanks for the suggestion ... but I'm confused. How would booting into Windows help me run Tails?
I feel as though I am missing something really obvious here.
Thanks again everyone for your help. I really appreciate it.
-
I got a couple links for you
first off: If you have access to a linux system (you could do it in a VM), it may be easier to make the live usb following these directions:
http://mac.linux.be/phpBB3/viewtopic.php?f=2&t=88
Secondly: you may have better luck doing an EFI-mode boot as mentioned in the 3rd comment of this post:
https://tails.boum.org/forum/Boot_fails_from_usb_thumb_drive_on_Macbook_Pro/
Third: it may be easier to create a dual-boot with tails and use this link for info on making the rEFIt work with that:
http://www.pumpedupgeek.com/2012/05/linux-for-mac-help-refit-no-bootable.html
And finally, since you have had success with making a hidden volume and setting up a VM (I assume on the same MAC) then why don't you just put the VM image in a hidden volume as well and use the VM to access SR. then you would have no trace on your machine outside of that hidden volume on the USB.
But in the end I still suggest that you get an old crappy computer from the 90s era and dedicate it to SR. it is infinitely easier to set up and much more secure IMHO
-
Thank you DrGonzoII - I spent last night working through the directions you linked to but have unfortunately not gotten it working (although I have learnt a lot about Linux!)
I've considered your suggestion of picking up an old laptop and dedicating it to SR but would prefer not to spend the $$$'s!
The VM idea is a good one however I was under the impression there were security issues when using Tails inside a VM (?)
-
I don't use VMs very often so I could be wrong. but I think that the biggest danger would be if mac does any kind of surveillance on its users like windows 7 is doing.
anyone else care to expound upon this?
And did you manage to make any leeway at all with any of those links?
-
Yeah I made some leeway ... got past the "no bootable device" error and got "missing operating system" or something like that instead.
-
well that's a small step in the right direction.
the top answer in this link might assist you. If not, than check out all of the links in the other various answers:
http://askubuntu.com/questions/10561/how-to-install-on-a-macbook-air-3-2-without-an-external-cd-drive
and it also might help if you could make a grub livecd that will boot and than use that to boot the LiveUSB.
-
I might be mising something but I think that the main advantage of the USB is the data persistence option.
when you get the missing operating system issue is it on a mac as well or a PC?
-
the ability to eject the disk shouldn't be too surprising when you consider that the entire OS is loaded into your ram.
But you should load the tails disc and see if you can't clone the system to a usb drive (after you have gone through the proper formatting steps to make it mac-compatable LiveUSB) this may help as I have had odd issues disappear from a conky tails usb after cloning the system.
as for making the mac a dedicated SR machine.......this is probably one the hardest routes you can take, mostly because of all the anti-FOSS CockBlocking that apple does on hardware and software levels. there is just so much proprietary crap that needs to be modified or overridden.
but if you can specify your specs, I MIGHT be able to offer some assistance