External links

• ↪ Slax download
• ↪ Slax modules

Security

General Security Rules

There are four major rules about bitcoin wallet security:

1. Always protect your wallet with a strong password. This way, it will take very long before an attacker that has access to your wallet will be able to use it. That delay will give you time to move your coins to a safe place.
2. Never let anyone else access your wallet. Even if your wallet is protected with a very strong password, that password will not hold forever. With enough time an attacker will eventually find out your password and spend your coins. To prevent that, you must not disclose your wallet either. This also includes to not store the wallet in any kind of cloud storage as Dropbox, Google Drive, etc.
3. Never use the wallet on an untrusted computer. In this case, untrusted means both hardware and software. There exist small hardware devices that can be attached between keyboard and computer and that record your passwords. But in most cases, computers become insecure because of malicious software, e.g. viruses or trojan horses. Any computer that is not administrated by you should be considered insecure. Also any computer that is used for daily work like Internet browsing is to be considered insecure. This is the reason I created BTC Vault, so you can at least trust the software on the computer.
4. Always keep a backup of your wallet. Even if no attacker steals your coins, they can be lost for you if you lose access to your wallet. This does not mean that you should store your wallet file in a cloud storage where someone else might possibly access it. With the electrum bitcoin client it is enough to backup the master key called "seed" as long as you did not import any other private keys:
   • You can print it out and store it in a safe place.
   • You can encrypt it and store it on another safe computer or on a usb stick.
   • You can use steganography to hide it in an image file.

BTC Vault Specific Rules

There are some rules that specificly apply to BTC Vault:

• If you install BTC Vault on a writable medium like a USB stick, make sure that you shut down the computer before plugging the stick in and unplug the stick before starting your normal operating system in order to protect the stick from malware on your computer.
• If you start BTC Vault from a read-only medium like a CD, you must only create wallets on writable media and not in your home folder as that is lost when the systems shuts down. BTC Vault tries to detect this and will not allow to create or use wallets on temporary memory-based storage, but in case this detection fails you should always have a backup.

Checking BTC Vault Security

For your security it is important that you not only trust me that BTC Vault is secure but check that it actually is and nobody (including me) messed with the files you are using.
No matter whether you are using the CD image or a USB stick you can make sure that your files are secure with the following steps:

• BTC Vault is built upon the Slax Live-CD, so all files on your device should match those of the Slax distribution version 7.0.8 (2013-03-29). You can do that quickly using the diff utility.
  Example:
  • Copy the contents of the original and your copy of BTC Vault into folders called original and btcvault.
  • Compare the contents of those folders with the following command:

    $ diff -r original btcvault
    Only in btcvault/slax: 1188-python.sb
    Only in btcvault/slax: 2354-sip.sb
    Only in btcvault/slax: 2356-pyqt.sb
    Only in btcvault/slax: 2235-p7zip.sb
    Only in btcvault/slax: 2993-openjdk6.sb
    Only in btcvault/slax: 473-dbus-python.sb
    Only in btcvault/slax: 9997-multibit.sb
    Only in btcvault/slax: 9998-electrum.sb
    Only in btcvault/slax: 9999-btcvault.sb
    

  • The output should be similar to this. It must not include any lines that say that files differ.
• All the Slax modules except 9999-btcvault.sb can be downloaded from the Website and compared. Also the build scripts can be downloaded (either from Slax or from BTCVault homepage), checked and executed to build new modules (that can be compared to the ones you possess).
  Example:
  • Download the build script for 9998-electrum.sb called electrum.SlaxBuild to a Slax system from the BTCVault homepage.
  • Check the contents of that script in a text editor and make sure that it fetches original sources and that the commands to build the module are not inserting something malicious.
  • Build the module from that build script by executing it on the command line. The module will be located in a file named electrum.sb.
  • Compare the contents of the BTC Vault module to the one you just created:

    $ unsquashfs -d btcvault_module 9998-electrum.sb
    [...]
    $ unsquashfs -d rebuilt_module electrum.sb
    [...]
    $ diff -r btcvault_module rebuilt_module
    
    

  • The last command must not report any changes to the files.
• The file 9999-btcvault.sb contains all BTC Vault specific changes to Slax. Those changes are not many, so you can just unpack that module using the unsquashfs command and check the contents manually.

Check by Proxy

If these steps are too complicated for you, and you trust someone else who checked the files you can compare your version to the one he checked using the following command:

$ find slax -type f -exec md5sum \{\} \; | sort -k 2

This command will output a list of hashes of all files on you CD or USB stick. If they match, the contents are identical.

Copyright (c) 2013, Dennis Schwerdel, schwerdel+bitcoin-at-googlemail.com
Donations accepted: 16ydq3vUMwHwKycG2r7YZePMkT5GdTTCvK
Template provided by: DesignsByDarren.com