Bitcoin Safe Usage v04

8/6/2019 Bitcoin Safe Usage v04

1/25

Version 0.4 (July 2011) by Michael_S (forum.bitcoin.org) OpenPGP KeyID=0xCC7E7C99

A Practical (and Paranoid) Guide:

Setting up a Secure System for the Bitcoin Client- keep your private keys (wallet.dat) secure and do not loose them -

Keeping them secure means:(1) Secure against theft (by Trojans, key loggers, or physical theft)

(2) Secure against loss (by loss of the wallet.dat or by forgetting the password protecting it)

Concerning (1):

After the download of the Bitcoin client software binary file from http://bitcoin.org/ orhttp://sourceforge.net/projects/bitcoin/files/Bitcoin/ , check the integrity of the file by theSHA1 checksum. Note that on the Bitcoin download site, SHA1 checksums are not provided forBitcoin versions before 0.3.23. Therefore Annex 2 has a list of checksums for older versions.

When using your Bitcoin Client or when opening an encrypted container file containing yourprivate keys (wallet.dat), only do so in an environment of 100% trusted open source software.

Good Examples:

A 100% GNU Linux trusted distribution, e.g.

GNU Linux Ubuntu

GNU Linux Knoppix

GNU Linux Slax

Bad Examples:

Microsoft Windows

Apple MacOS

Linux with one of the following software installed:

Adobe Flash plugins

Web brower with Java Script (and using the Web browser)

Skype

Opera Browser

VMware Virtual Machine/VMware Player

...or any other proprietary or non-trusted piece of software

When typing the password for opening an encrypted container file that contains your private

keys (wallet.dat): Never do this from within another operating system (OS) than the 100% trusted one

mentioned above.

After closing your Bitcoin Client session:

Make sure your private keys (wallet.dat) will be saved only in encrypted form.

Make sure your 100% open source trusted Operating System cannot be corrupted:

Do NOT install your 100% trusted GNU Linux OS on an unencrypted hard drive partitionthat could be accessed (and possibly corrupted) when you boot your PC with a less trusted

operating system! DO use a bootable Live CD/DVD for your 100% trusted GNU Linux System, if possible (using

a Non-Re-Writable CD/DVD disc). Otherwise:

Bitcoin donations welcome: 14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR [1 of 25]


2/25


DO use a bootable USB stick or flash memory card that is not used for any other purpose.

Preferably encrypt this USB stick completely (at least the persistent data part for youruser settings and installed programs, but if possible also the system section)

Despite encryption, make sure nobody else can have physical access to this bootableflash memory and modify it (note that at least the boot section can never be protected byencryption and therefore is never 100% secure against modification, in contrast to a Live

CD/DVD). Do not use your Bitcoin-Operating-System for any other purposes than simply running the

Bitcoin client. Because other applications might containing errors that make them vulnerablee.g. to buffer overflows, that might corrupt your system. Examples:

Do NOT surf the internet with any web browser (some web pages may contain maliciouscode that could affect your system even without Java/JavaScript or Flash. For example,certain malicious *.jpg files can cause buffer overflows and thereby attack your system.

Do not use an email client (same reason malicious emails could provoke bufferoverflows)

Do not run your 100% secure GNU Linux System inside a Virtual Machine using VMware.Since VMware itself is proprietary closed source software, it may contain backdoors andcould possibly access any data inside your guest system!

Finally, for all kinds of encryptions (container files, system partitions, etc.):

Use SAFE passwords respecting the Password Guidelines that can be found at the end ofthis document in the chapter Summary and Recommendations.

This is particularly important for the encrypted private keys (wallet.dat) that you aregoing to upload to external internet servers (to the cloud) to protect yourself againstloss of these keys in case of hardware failures or physical theft or damage.

Use only 100% open source software, no proprietary software. This is also true for theencryption software itself!

Use encryption software that employs keys with no less than 256 bits, which is today's stateof the art (e.g. 256 bit AES).

Concerning (2):

Make multiple copies of your private keys (wallet.dat) after(!) you have encrypted them(!), andupload them to various external internet servers (the cloud). Do this after every session withthe Bitcoin client when you do any outgoing payments, because this may cause the Bitcoin clientto generate new private keys that are not yet part of your last backup of the wallet.dat.

And again: Make sure you do not forget the password(s)!

The following pages give three best practice examples on how to setupsuch a secure system(certain basic experience with Linux is recommended, but deep expertknowledge is not required):

Example 1: Knoppix 5.3.1/5.1.1 with Live DVD/Live CD and Truecrypt:

Most secure solution, but Bitcoin clients 0.3.22 and 0.3.23 do not run (0.3.21 does run).

Example 2: Ubuntu 10.04.2 with bootable USB stickand Truecrypt:

Full Bitcoin client compatibility and nicest user interface. However, all Linux system data[but not Bitcoin data] is saved to the USB stick in unencrypted form.

Example 3: Knoppic 6.4.4 with bootable USB stickand Truecrypt:

Full Bitcoin client compatibility and good user interface. Moreover, persistent user data isstored to the USB stick with 256 bit AES encryption. However, the Linux system dataitself (=original files from the CD) is saved to the USB stick in unencrypted form.



3/25


Best Practice Example 1:

Linux Knoppix 5.3.1 Live DVD (or Knoppix 5.1.1 Live CD)[Download: http://www.kernel.org/pub/dist/knoppix]

[Restrictions: Bitcoin version 0.3.21 for Linux works, but versions 0.3.22 and 0.3.23 do not workon Knoppix 5.3.1]

[Note: I checked all this with Knoppix 5.3.1 DVD but should be the same with Knoppix 5.1.1 CD]

Note ahead: Unfortunately, the solution of this Example 1 (i.e. using a Live DVD/CD incombination with an encrypted image file that saves persistently all user data and systemmodifications) does not work with the latest Knoppix releases 6.x (up to 6.4.4). Therefore,this Example 1 is explained for the older Knoppix release 5.3.1/5.1.1.

Your secure system will consist of:

Knoppix Live DVD (or Live CD) - burn the downloaded ISO image to DVD/CD (but do not use aRe-Writable medium!)

Truecrypt software (version 7.0a) will be installed on top of Knoppix (the Truecrypt softwareLicense is similar to the GNU license and also 100% open source)

Ca. 4 GByte of memory space on a hard disk OR external flash memory medium (e.g. USBstick). This memory will later contain:

The file knoppix.img of200 MB: It contains all the persistent user settings and systemmodifications (e.g. installed software) done on top of the Knoppix Live DVD/Live CD.

ATruecrypt container file of ca. 4 GB (this size includes some margin, currently only ca.600 MB are needed to save the Bitcoin block chain for one's own wallet). This container willinclude the Bitcoin executable file bitcoin as well as the Bitcoin client's data directory

which contains the wallet.dat and the blockchain.

ATruecrypt container file of1 MB. It simply contains a copy of the file wallet.dat whichincludes all your private keys. Copies of this very strongly encrypted container file should beuploaded to the internet cloud (i.e. to various internet servers like web spaces, dropbox,internet email inboxes, etc.)

For your convenience: An UNencrypted plain text file myBitcoinAddresses.txt whereyou copy your own Bitcoin addresses (looking like the one in the footnote of this paper). Youcan later access this text file from your normal daily-use operating system where youmight run a second, less secured, instance of the Bicoin client (with a different wallet.dat ofcourse!). This second client shall contain only a relatively small amount of Bitcoins (BTCs).If the BTCs on this account grow too big, you can simply transfer some BTCs to your safeaddress by using one of the addresses in myBitcoinAddresses.txt!

System Setup:

Setup is quite straight forward.

After having burned the downloaded *.iso image to DVD/CD (for security reasons, do NOT use are-writable medium) and having booted from Knoppix Live DVD/CD the first time, you willcreate a so-called persistent image file (knoppix.img) [the word image has nothing to dohere with picture!] that will contain all your user settings. In that way you will have thefeeling of a normal system, even when using a Live DVD/CD. The screenshot below showshow to create such a permanent KNOPPIX-image file via the Knoppix penguin menu.



4/25


The rest of the procedure is interactive, just select the desired hard drive and choose to create anencrypted image file when you are asked about this (encryption method will be the very secure 256bit AES). Concerning the size of this image file, the minimum of 200 MB should be sufficient (note

you shall not do anything with this system other than using the Bitcoin client, so no big memoryspace for user settings and new software is required!). Use a SAFE password, of course, even thoughthis will later just protect your personal settings and Linux system modifications, not directly yourBitcoin keys.

Next time you boot from the Live DVD/CD, you may want to enter the cheatcode knoppixhome=scan a the boot prompt to have Knoppix use the image file. If you don't do this,Knoppix will still search for knoppix.img and then ask you whether to use it. However, if

you do not react to this query within 20 seconds, it will start without using it, and youwould have to re-boot again for another try.

The following steps are thesame for Examples 1, 2 and 3 in this guide:

Next you download the truecrypt-7.0a-setup-x86.tar.gz file (in case of 32 bit Linux), from herehttp://www.truecrypt.org/downloads, unpack it and start the executable. This will installTruecrypt on your system. Afterwards, perhaps you want to customize your Linux desktop by

creating an appropriate icon that links to /usr/bin/truecrypt etc. Now you can start creating the appropriate container files with Truecrypt: One 4 GB file (e.g.

myBitcoinOperationalSpace.tc) and one 1 MB file (e.g. myBitcoinWalletSafeStorage.tc).For Example 1 (Knoppix 5.3.1/5.1.1) the proposal is to locate these files at the same point asknoppix.img. Use a VERY safe password (i.e. passphrase) here, but be sure not to forget it!!!

Now you mount the large (4 GB) container file in the Truecrypt GUI window, the proposal is tomount it always in Truecrypt's 1st slot, so the mounting point will be /media/truecrypt1/.

Of course you also have to get the Bitcoin client itself fromhttp://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.21/bitcoin-0.3.21-linux.tar.gz/download. From this file Bitcoin-0.3.21-linux.tar.gz you need to extract only the executablefile bitcoin, nothing else (either the bin/32/ or /bin/64/ variant depending on yoursystem). [Note that the newer Bitcoin versions 0.3.22 or 0.3.23 do NOT work on Knoppix5.3.1/5.1.1]

Next you put the following two files to these locations and create a directoryas follows:/media/truecrypt1/bitcoin The Bitcoin client executable file./media/truecrypt1/btc_start Create this file as explained below./media/truecrypt1/myDataDir/ Create this new directory, using

exactly this name myDataDir.

Make sure that both bitcoin and btc_start have the executable flag set in the Linux filesystem. The shell command would be chmod a+x b* to make all files in the currentdirectory executable whose filenames start with b. Or you can set the executable flag in the

file manager

via right-click on the file Properties ... Finally you can double-click btc_start (or make a link at the desktop to it and double-click that

desktop icon) to start the Bitcoin client.



5/25


NOTE: The file btc_start is a very simple Linux shell script that starts the Bitcoin client with anappropriate command line parameter, such that it will use the data directory myDataDir inside thelocation of your Truecrypt container, and not the default location ~/.bitcoin. This is essential,because it makes sure that at no point in time your privat keys (wallet.dat) will ever be written toany unencrypted storage space of your system. You can create the file btc_start with a simple text

editor, just copy-paste the following text exactly like this:

#!/bin/bash

# Get the absolute path of THIS script file:

ThisPathAbs="$(dirname "$(readlink -f ${BASH_SOURCE[0]})")"

# Get the relative path of THIS script file:

ThisPathRel=`dirname $0`

# Call the Bitcoin client and put the data in the subdirectory "myDataDir":

`$ThisPathRel/Bitcoin -datadir="$ThisPathAbs/myDataDir"` &

Once you have started the Bitcoin client, it will immediately create various files in the directory/media/truecrypt1/myDataDir/. One of these files is wallet.dat.

Now you should manually create addresses in the Bitcoin client - I propose about 10 addressesor so for now. Then you may want to copy-paste them to a new text file (e.g.myBitcoinAddresses.txt) that I propose to locate at the same location where the two*.tc Truecrypt container files and the knoppix.img file are located.

At some point in time you close the Bitcoin client.

Then you mount the other, smaller 1 MB Truecrypt container file to slot 2, such that you get adirectory /media/truecrypt2/. You copy the file wallet.dat from/media/truecrypt1/myDataDir/wallet.dat to/media/truecrypt2/wallet.dat.

Now you can dismount both container files in the Truecrypt GUI window, and you can (andshould) make multiple copies of your 1 MB container filemyBitcoinWalletSafeStorage.tc and upload it to many different locations in theinternet cloud.

The following illustration summarizes the final system setup with Knoppix 5.3.1/5.1.1 at a glance:



6/25


Final System Setup: Knoppix 5.3.1/5.1.1 with Live DVD/CD:


PC with Knoppix 5.3.1 Live DVD (or 5.1.1 Live CD)

(using a "Write-Once" DVD/CD, but NOT a Re-Writable DVD/CD)

Insecure Operating System e.g. MS Windows/MacOS/insecure Linux

Hard Drive or USB Stick or other NON-Encrypted Storage Medium

has access to

* knoppix.img[200 MB]

(256 bit AES encrypted by Knoppix)

/media/truecrypt1/....../bitcoin (ver. 0.3.22 & 23 do NOT work).../btc_start.../myDataDir/wallet.dat.../myDataDir/

copy manually

/media/truecrypt2/wallet.dat

* myBitcoinOperationalSpace.tc[4 GB]

(strongly encrypted by Truecrypt)

* myBitcoinWalletSafeStorage.tc[1 MB]


* myBitcoinAddresses.txt(UNencrypted, intentionally)

Contains all "persistent" usersettings/modifications of theKnoppix 5.3.1/5.1.1 Live system

...14ajM1BHY7E8GJ4DGGvtFFGmE15hSSSRJR...etc.

Read access(for sending BTCs to these addresses)

* Virus X ad libitum

* Trojan Y ad libitum

* Malware Z ad libitum

Read access(for making backups of container file)


7/25



Ubuntu 10.04.2 LTS Bootable USB Stick(1 GB possible, 4 GB recommended)

[Download: http://releases.ubuntu.com/lucid/ubuntu-10.04.2-desktop-i386.iso , or more generallyhttp://releases.ubuntu.com/lucid/]

[Restrictions: None. Both Bitcoin versions 0.3.21 and 0.3.23 for Linux have been verified to work.

The system setup is similar to Example 1:


Bootable USB stick containing the Ubuntu 10.04 LTS system

Software Truecrypt7.0a (like in Example 1) is installed on top (also on this USB stick)

Additionally ca. 3 to 4 GB of hard disk/flash memory space, or some extra space on the sameUSB stick, for a Truecrypt container file of ca. 3-4 GB size.

Some small (ca. 1 MB) hard disk or flash memory space outside this USB stick, to store another1 MB Truecrypt container file and an UNencrypted plain text file myBitcoinAddresses.txt.

PROs and CONs relative to Example 1:

PROs:

Compatible with both older and newer versions of the Linux Bitcoin client.

Also works on systems without CD/DVD drive, e.g. netbooks.

CONs:

Contents of the USB stick are not encrypted, including... ...system files (boot section, kernel, all original DVD/CD files)

...persistent user data (e.g. installed software like Truecrypt)

This means that theoretically somebody (or another infected system) having access to the USBstick could compromise its contents, e.g. by installing a Trojan by modifying some files without

your knowledge. Then, next time you boot from the USB stick and open a Truecrypt containerfile, your private keys (wallet.dat) can be read by this Trojan.

Note that in Example 1 this cannot happen, because the contents of the Live DVD/CD cannot bemodified physically (unless the optical disc is re-writable), and also the knoppix.img imagefile is strongly encrypted and therefore cannot be changed without the owner noticing this (that

image file would not function any more if it was manipulated).

System Setup:


Download ISO image suitable to your computer hardware (e.g. see link above).

Burn ISO image to a CD

Boot from this CD

Create a bootable USB stick with the USB-creator tool that comes along with the Ubuntu Live CD. In the menu select System Administration Startup Disk Creator, see screenshot below.

In this process, just make sure that you select the right device and do not delete your hard disk.



8/25


Inside this USB creator tool, first delete the complete USB stick, to have a clean basis.

For the amount of persistent space to allocate, select 200 MB, this should be enough, for thesame reason as for Knoppix 5.3.1 in Example 1: Only few changes are supposed to be doneon this system, because it shall only be used for running the Bitcoin client.

Shut down PC, remove CD, boot from USB stick (make sure that booting from USB is activatedin the BIOS of your computer).

The rest of the system setup is the same as what is described for Example 1, i.e. installingTruecrypt, creating the two *.tc container files and populating them with the appropriate fileslike bitcoin executable, btc_start shell script and myDataDir subdirectory.

Note: The USB stick is now formated in FAT32 and it contains one partition only. There are variousfiles and directories on the stick, amongst others a ca. 200 MB file called casper-rw whichserves the same purpose as knoppix.img in Example 1, namely to store persistently all usersettings and system modifications relative to the original Live CD. Note however that this file is notencrypted.

All these files take up ca. 900 MB of space on the USB stick. The rest is still free and couldoptionally be used to store these files, that in Example 1 have been stored to an extra medium:

myBitcoinOperationalSpace.tc ca. 3-4 GB Truecrypt container file

myBitcoinWalletSafeStorage.tc 1 MB Truecrypt container file

myBitcoinAddresses.txt UNencrypted plain text file

However, for security reasons it is advised to store the last two of these files not (or at least notexclusively) on this USB stick but on a separate storage medium (hard disk or a second flashmemory device)!

The reason for this is that you will probably later access these files from another, moreinsecure system (like your daily working PC) in order to read the Bitcoin addresses or tobackup/upload the 1 MB container file to the internet cloud. But you should not expose yourunencrypted USB stick's system and persistent user data files to that insecure system toavoid any potential corruption. Hence, these two files shall be stored outside this USB stick.

If your bootable USB stick has only 2 GB (or 1 GB), you may prefer to (or you have to) store alsothe 4 GB file to an external place, just like in Example 1.

The following illustration summarizes the final system setup with Ubuntu 10.04.2 LTS at a glance:



9/25


Final System Setup: Ubuntu 10.04.2 LTS on USB Stick:


STOP! No access to the USB stick!

Other Non-Encrypted Storage Medium (Hard Disk or Flash Medium)

Same USB Stick [or below's other Non-Encrypted Storage Medium]


PC with bootable USB Stick with Ubuntu 10.04.2 LTS

has access to

* /casper-rw[200 MB]

(not encrypted, unfortunately)


/media/truecrypt1/....../bitcoin.../btc_start.../myDataDir/wallet.dat.../myDataDir/

* myBitcoinOperationalSpace.tc[3-4 GB]




* System Files from CD[700 MB]


Contains all "persistent" usersettings/modifications of theUbuntu 10.04.2 LTS Live system






Read access

(for sending BTCs to these addresses)Read access

(for making backups of container file)

copy manually


10/25



Knoppix 6.4.4 Bootable USB Stick(1 GB possible, 4 GB recommended)

[Download: http://www.kernel.org/pub/dist/knoppix]

[Restrictions: None. Both Bitcoin versions 0.3.21 and 0.3.23 for Linux have been verified to work.

Note ahead: An even further improvement that renders this system almost as secure as Example 1(i.e. secure against manipulation of the USB stick's system files from another operating systemor from somebody who has physical access to the stick) is given in Annex 3 as Example 3+.

The system setup is similar to Example 1, the system architecture is the same as in Example 2:


Bootable USB stick containing the Knoppix 6.4.4 system

Software Truecrypt7.0a (like in Example 1 or 2) is installed on top (also on this USB stick)

Additionally ca. 3 to 4 GB of hard disk/flash memory space, or some extra space on the sameUSB stick, for a Truecrypt container file of ca. 3-4 GB size.

Some small (ca. 1 MB) hard disk or flash memory space outside this USB stick, to store another1 MB Truecrypt container file and an UNencrypted plain text file myBitcoinAddresses.txt.

PROs and CONs relative to Examples 1 or 2:

PROs:

Compatible with both older and newer versions of the Linux Bitcoin client (like Example 2).

Also works on systems without CD/DVD drive, e.g. netbooks (like Example 2).

The persistent image file is encrypted like in Example 1, and not unencrypted like in Example 2.

CONs:

System files (boot section, kernel, i.e. all original CD files) are unencrypted like in Example 2,and as opposed to Example 1, where they are inherently safe against manipulation because theyare physically burned on a DVD/CD.

System Setup:


Download ISO image suitable to your computer hardware (e.g. see link above) and languagepreference (English or German).

Burn ISO image to a CD

Boot from this CD

Execute the program flash-knoppix either from the console or by starting it via the menu:Settings KNOPPIX install to Flash Disk (see screenshot below). This will initiate a short

interactive dialog to create a bootable USB stick. In this process, just make sure you select theright device and do not delete your hard disk!



11/25


At one point of the dialog you have the choice between either completely deleting the wholeUSB stick (=yes), or just copying the Knoppix Live CD files to your USB stick (=no).Select yes.

Shut down PC, remove CD and boot from USB stick (make sure that booting from USB isactivated in the BIOS of your computer).

If booting fails: See Annex 1 for failure handling/workaround to fix this. Then go on:

During this first boot process from USB stick you will be asked about the amount of persistentspace to allocate on the USB stick. The minimum of 200 MB shall be enough, for the samereason as in Examples 1 and 2: Only few changes are supposed to be done on this system,because it shall only be used for running the Bitcoin client.

Afterwards you will be asked if you want to encrypt this file that contains the persistent settings.Select yes for encryption and choose a safe password. A strong 256 bit AES key will be usedfor encryption.

The rest of the system setup is the same as what is described for Example 1, i.e. installingTruecrypt, creating the two *.tc container files and populating them with the appropriate fileslike bitcoin executable, btc_start shell script and myDataDir subdirectory.

Note: The USB stick is now formated in FAT32 and it contains one partition only (like in Example2). There is one file ./ldlinux.sys and two directories (./boot/ and ./KNOPPIX/)containing various further files, amongst others the 200 MB strongly encrypted file./KNOPPIX/knoppix-data.aes which serves the same purpose as casper-rw orknoppix.img in Examples 1 and 2 respectively, namely to store persistently all user settings andsystem modifications relative to the original Live CD for a seemless user experience.

All these files take up ca. 900 MB of space on the USB stick. The rest is still free and couldoptionally be used to store these files, that in Example 1 have been stored to an extra medium:

myBitcoinOperationalSpace.tc ca. 3-4 GB Truecrypt container file

myBitcoinWalletSafeStorage.tc 1 MB Truecrypt container file myBitcoinAddresses.txt UNencrypted plain text file

However, just like explained in Example 2, for security reasons it is advised to store the last two ofthese files not (or at least not exclusively) on this USB stick but on a separate storage medium (harddisk or a second flash memory device)!

The reason for this is that you will probably later access these files from another, moreinsecure system (like your daily working PC) in order to read the Bitcoin addresses or tobackup/upload the 1 MB container file to the internet cloud. But you should not expose yourunencrypted USB stick's system and persistent user data files to that insecure system toavoid any potential corruption. Hence, these two files shall be stored outside this USB stick.

If your bootable USB stick has only 2 GB (or 1 GB), you may prefer to (or you have to) store also

the 4 GB file to an external place, just like in Example 1.

The following illustration summarizes the final system setup with Knoppix 6.4.4 at a glance:



12/25


Final System Setup: Knoppix 6.4.4 on USB Stick:





PC with bootable USB Stick with Knoppix 6.4.4

has access to

* /KNOPPIX/knoppix-data.aes[200 MB]










Contains all "persistent" usersettings/modifications of theKnoppix 6.4.4 Live system








copy manually

STOP! No access to the USB stick!


13/25


Summary and Recommendations

Some best practice examples have been given. Now the question is:

Which is the best way to go in my case?

The answer:

If you want ultimate security such that you are safe even if another person has physical access toyour system medium (Live DVD/CD or bootable USB stick), go after Example 1 (Knoppix5.3.1/5.1.1 Live DVD/CD).

Disadvantage: The most recent Bitcoin client version (0.3.22 and 0.3.23) will not work, but you should also be able to work with Bitcoin client version 0.3.21 for all future, because the Bitcoin protcol can never change by design.

If you are really sure that your system medium (bootable USB stick) is safe against physicalaccess by another skilled person, you can go for a bootable USB stick according to Example 2(Ubuntu 10.04.2 LTS) or Example 3 (Knoppix 6.4.4).

Advantages: Compatibility, Versatility, Comfort:

All currently known Bitcoin client versions up to 0.3.23 work well (for future Bitcoinversions' compatibilityKnoppix 6.4.4 might be of advantage over Ubuntu 10.04.2 LTSas being the later release with the newer kernel 2.6.36 as opposed to 2.6.32).

It also works for computers without DVD/CD drive, e.g. netbooks.

The boot process is faster than with a Live DVD/CD(but even with Example 1's Live DVD the boot and system speed is well acceptable).

Disadvantages: Security:

Both Ubuntu 10.04.2 LTS and Knoppix 6.4.4 solutions have the system data (i.e. theoriginal data from the Live CD) stored on the USB stick in UNencrypted form. Thismeans that, theoretically, somebody who hasphysical access to this USB stick couldmodify this system data by implanting a Trojan without your knowledge and put the USBstick back to where it was. Then next time you take this stick, boot from it and start

your Bitcoin client session, the Trojan could read your private keys (wallet.dat) and sendthem to the attacker without you realizing this.

In this respect, Knoppix 6.4.4 is slightly more secure than Ubuntu 10.04.2, becauseKnoppix stores at least the persistent user data in encrypted form, such that this partcannot be altered systematically without knowledge of the password. In contrast, Ubuntualso stores the persistent user data in UNencrypted form on the stick, such that theattacker could also modify this data for implanting a Trojan (e.g. by modifying thetruecrypt binary file). So at least the chances that somebody with physical access to thebootable USB stick implants a Trojan into the system behind your back are a bit lower

with the Knoppix 6.4.4 system than with the Ubuntu 10.04.2 LTS system.And: The Knoppix 6.4.4 USB system can be made even more secure, meeting almostthe security level of the Live DVD/CD solution (Example 1), by employing theenhancements of Annex 3, where a solution referred to as Example 3+ is proposed!

Finally remember the PASSWORD GUIDELINES:

All the above is in vain if you do not use secure and safe passwords!!!This means, the password (actually a better name is passphrase) should be...

Not Crackable, i.e. sufficiently long and complex (including special characters andnumbers), minimum 25 characters recommended, but also safe against dictionary attacks(for example Antidisestablishmentarian123 or Disestablishment_Orthographically are

weak passwords despite their length)

Not Guessable by any other person who knows you well. A bad example is this passwordcontaining commonly known private data: Maximilian 3.11.2006 Laura 5.7.2009.

Not FORGETTABLE by yourself this is at least equally important!



14/25


Annex 1: Workaround if Knoppix 6.4.4 USB Stick does not boot

In my case (i.e. for two very different 2 GB USB sticks), the PC did not boot from the USB stick afterI had created the (allegedly) bootable USB stick with flash-knoppix from Knoppix 6.4.4 asdescribed in Example 3. Apparently, the master boot record (MBR) was written to the USB stick byflash-knoppix in a way unsuitable for my PC. However, all the Knoppix files(./ldlinux.sys, ./KNOPPIX/ and ./boot/)

were copied to the USB stick correctly.

However, the corresponding procedure with Ubuntu 10.04.2 LTS (acc. to Example 2) was successfuland the same USB stick became bootable very well. This proves that in general my system (PC andUSB stick hardware) was able to boot from a USB stick.

If this combination also applies to you, you will probably succeed in creating a bootable Knoppix6.4.4 USB stick by following the steps below.

I found out that the following workaround yields a Knoppix 6.4.4 bootable USB stick, after having

tried to create a bootable Knoppix 6.4.4 USB stick unsuccessfully acc. to Example 3: Boot the PC with the Ubuntu 10.04.2 LTS Live CD from Example 2.

Plug in the USB stick.

Save all Knoppix 6.4.4 files from the USB stick (i.e. (./ldlinux.sys,./KNOPPIX/ and ./boot/) to another place, e.g. to thehard disk, while keeping the directory structure intact. Most easily, you may want to useUbuntu's default file manger (nautilus) for this.

Create a Ubuntu bootable USB stick in the way as described in Example 2, but do not createpersistent user memory this time (can be deselected by setting active the radio button at the

very bottom of the GUI window).

Shut down the PC.

Unplug the USB stick.

Now boot the PC from the Knoppix 6.4.4 Live CD. This is important! This step appears overlycomplicated, but the following copy-operation did not yield the desired result [=bootableKnoppix USB stick] when doing it within the Ubuntu 10.04.2 LTS system!

Plug in the USB stick.

Open a window of Knoppix' default file manger (pcmanfm) and locate the USB stick.

Delete all data from the USB stick via the file manager. Also select Menu View Show hiddenfiles and delete also the hidden files on the USB stick. (Note: Of course the MBR that has been

written by Ubuntu just before cannot be deleted by this operation, and this is exactly what wewant, to have a really bootable USB stick at the end.)

Open a second window of the file manger and find the location where you had copied all theKnoppix data in bullet #3 above.

Copy all this content from this directory back to the USB stick by drag&drop or by copy&paste.Do this in the following order:

First the file ldlinux.sys,

Second the directory boot/ with all its contents,

Third the directory KNOPPIX/ with all its contents(the third step may take a few minutes to complete because of the amount of data).

Close all file manager windows.

Shut down the PC.

Done. Now it should be possible to boot Knoppix 6.4.4 with this USB stick, and you can continuewith the rest of the descriptions of Example 3.



15/25


Annex 2: SHA1 Checksums...

... for Linux Bitcoin Client Files:

Originally downloaded files:

6b3e3edb3cc0a167166ace9f18e20f191415d560 *bitcoin-0.3.19-linux.tar.gz

5c73031ee872884e741a3cd77d50732b7168f127 *bitcoin-0.3.20.2-linux.tar.gz

54254cba039b02a2f49fdc98b8fe820d0fd4e410 *bitcoin-0.3.21-linux.tar.gz

19a53c245f2a96de4f12264b8c2980adf85a814e *bitcoin-0.3.22-linux.tar.gz

d7a34e1151dedfba5af1bf7496ed041f5b4955e5 *bitcoin-0.3.23-linux.tar.gz

Binary executable files bitcoin (here manually renamed to include version number and targethardware):

c408a6fd08acde909c762bf63ac50f07bbd79a99 *bitcoin_0-3-19_32bit

1692bc6ac635ad4a27e690ee5d9320b9273e9ceb *bitcoin_0-3-19_64bit

314456baba43ca0ab5aee1e5131d9087378650c3 *bitcoin_0-3-20-2_32bit

9eb4834cbc12072c565e6b9a125321607b1141e9 *bitcoin_0-3-20-2_64bit

6bfc4fedd369df2b6185c7e35a5ba24cff98c234 *bitcoin_0-3-21_32bit

6d91de0410f1c6574db6f0e404e6effa62201874 *bitcoin_0-3-21_64bit

7ffc121f4a190ee34676e30562bdd9224e6d5306 *bitcoin_0-3-22_32bit

f30e6dd8771effef27355e2588dcfbce5d03cdd0 *bitcoin_0-3-22_64bit

0a33f90785f6d7b1aaf79bee82fb321adbec5c31 *bitcoin_0-3-23_32bit

9cae07b9e2117ec18c82f4bef14d7e0356301701 *bitcoin_0-3-23_64bit

Binary executable files bitcoind:

(-- not provided here due to lack of time --)

... for other Software Downloaded in the Context of this Guide:

Downloaded Knoppix 6.4.4 CD English ISO Image:

104f9e9e4c70642c236b5519d65cf2988bce6bb2 *KNOPPIX_V6.4.4CD-2011-01-30-EN.iso

Downloaded Knoppix 6.4.4 CD German ISO Image:

2b5c23533ebad4261bd874c51a1a551a95a21696 *KNOPPIX_V6.4.4CD-2011-01-30-DE.iso

Downloaded truecrypt-7.0a-setup-x86.tar.gz:

7a6b79da5b661034c4eaa292cf409939d58168d3 *truecrypt-7.0a-setup-x86.tar.gz

Truecrypt installer (executable):

cc3cb3239c758bd75b76d357842db3a502f69c90 *truecrypt-7.0a-setup-x86



16/25


Annex 3: Enhanced Best Practice Example 3+:

Knoppix 6.4.4 Bootable USB Stick almost as secure as with a Live DVD/CD

The improvement to the solution of Example 3 is achieved in the following way:

Create a small 500 kB Truecrypt container file preferably directly on your USB stick and name itChecksumVerification.tc: /mnt-system/ChecksumVerification.tc

After mounting this container to /media/truecrypt3/, you populate it with the following files:

/media/truecrypt3/sha1sum_owncopy

/media/truecrypt3/sha1sums_knoppix644usb_critical.txt

/media/truecrypt3/sha1sums_knoppix644usb_uncritical.txt

/media/truecrypt3/sha1sums_dummy.txt

/media/truecrypt3/sha1sum_check_knoppix644usb.sh

/media/truecrypt3/file_existence_check.sh

These files are characterized as follows (and are fully specified on the following pages): sha1sum_owncopy: This is simply a copy of the file /usr/bin/sha1sum on your system.

So you just copy it to the indicated location inside the Truecrypt container and rename it.

sha1sums_knoppix644usb_critical.txt: This text file contains a list of SHA1

checksums for all critical Knoppix 6.4.4 system files that reside on the USB stick. These arefiles that have been copied from the Knoppix Live CD when the USB stick was created and arecrucial for the functioning of the operating system (or the boot process).

sha1sums_knoppix644usb_uncritical.txt: Similarly, this list corresponds to files thathave also been copied from the Live CD, but these are not critical, i.e. it is impossible to implanta Trojan (stealing your Bitcoin private keys) into the system by only modifying these files.

sha1sums_dummy.txt: This very short text file is also defined below. sha1sum_check_knoppix644usb.sh: This is an executable shell script file also to be

created with a text editor. Its contents are given below. Make sure it has the executable flag setin the Linux file system (e.g. with the file manager via right-click on the file Properties ...).

file_existence_check.sh: Another shell script specified below.

Moreover, for your convenience you create two Desktop icons by creating the text filesmount_sha1_container.desktop and knoppix_sha1_check.desktop (with contents asspecified below) like this:

In the File Manager On the left window side select Desktop On the right window side right- click the empty space context menu New Blank File ...

/home/knoppix/Desktop/mount_sha1_container.desktop

/home/knoppix/Desktop/knoppix_sha1_check.desktop

After having created all these files, you only need two extra double-clicks just after each start-up:Double-click the icon Mount SHA1 Container, enter its password, then double-click the iconKnoppix SHA1 Check. This will start the check and inform you if the system is corrupted or clean.

Remember:Alwaysperform this check directly after booting, i.e. BEFORE mounting one of theBitcoin related Truecrypt containers! Mind that the password for ChecksumVerification.tcshall be different from the passwords of the Bitcoin related Truecrypt container files!!!

In this way, any corruption of system data would now become visible by the SHA1 checksums, suchthat you can (and should) decide not to type the password for opening your Bitcoin related

Truecrypt container files if the checksum test fails ( corrupted system = key logger? Trojan? ...).



17/25


Annex 3.1: Desktop Files

File://home/knoppix/Desktop/mount_sha1_container.desktop

[Desktop Entry]

Name=Mount SHA1 Container

Exec=truecrypt /mnt-system/ChecksumVerification.tc /media/truecrypt3Icon=truecrypt

Type=Application

File://home/knoppix/Desktop/knoppix_sha1_check.desktop

[Desktop Entry]

Name=Knoppix SHA1 Check

Exec=/media/truecrypt3/sha1sum_check_knoppix644usb.sh

Icon=lxterminal

Type=Application

Annex 3.2: SHA1 Checksum Files

File://media/truecrypt3/sha1sums_knoppix644usb_uncritical.txt

(for the English version of the Knoppix 6.4.4 CD)

59b6526a7b1fd5d2e8fb4a047dd5ad3785f1b58d */mnt-system/boot/syslinux/boot.msg

eff1e6009cde3cdc445b25cc0b69e8c3f249a8cd */mnt-system/boot/syslinux/f2

4c07e66ed05fbb4011a76a2ef0ca7c50eb8c1f3f */mnt-system/boot/syslinux/f3

3a6979d9af4ea8c21af2e406baad7854b316b5df */mnt-system/boot/syslinux/german.kbd

573431af090e175231509b80bb4953a49a5a8d24 */mnt-system/boot/syslinux/syslinux.cfg

6b5960039d0407a3b3c77fddc2efc85c31befb52 */mnt-system/KNOPPIX/background.png

1dd5c3ea70a32db0a3593a9ce05a23a81c441864 */mnt-system/KNOPPIX/background.README.txt

0794431f9dbfb5908ebb39ffab9fc6c64db167ec */mnt-system/KNOPPIX/index_de.html

1277b725e0ebca59af4f2a1532fdff18850b90d9 */mnt-system/KNOPPIX/index_en.html

8ef8c849eca5a570395b0dc587a94d998acf1125 */mnt-system/KNOPPIX/index_es.html

031b7bb6488bf86123a0ace8dd37ab7c9249317d */mnt-system/KNOPPIX/index_fr.html

952916a373c399d16b9f536f6e8c7a067aeba917 */mnt-system/KNOPPIX/index_it.html

45a173f224be7fad9afd213c0143c032bcea274f */mnt-system/KNOPPIX/knoppix-cheatcodes.txt

e79418fa56c0199da83db4b5b902323b6d40d9c1 */mnt-system/KNOPPIX/knoppix-logo-medium.png

9f8659b5321990f9f592754156e13bfdeb16ed50 */mnt-system/KNOPPIX/knoppix-logo-small.png

4917ef8981a9062f1a64d81bf2f29aad6c0a6804 */mnt-system/KNOPPIX/LICENSE.txt

7edea2650a3dc9b8218107cf4c55dcd74b76e15a */mnt-system/KNOPPIX/README_Security.txt

466a91c5fd5d345bb19d1c9419d9bd0734583151 */mnt-system/KNOPPIX/SOURCES.txt



18/25


File://media/truecrypt3/sha1sums_knoppix644usb_uncritical.txt

(for the German version of the Knoppix 6.4.4 CD)

59b6526a7b1fd5d2e8fb4a047dd5ad3785f1b58d */mnt-system/boot/syslinux/boot.msg

16c983dd8ff10a57c4cd734eabeb073f702ed7d5 */mnt-system/boot/syslinux/f2

f188a356f1f242dc1ecfa2478145499c22f7aa07 */mnt-system/boot/syslinux/f33a6979d9af4ea8c21af2e406baad7854b316b5df */mnt-system/boot/syslinux/german.kbd

3d4c255518be7d6ddc5bb340b41c1eed5b5ab071 */mnt-system/boot/syslinux/syslinux.cfg

6b5960039d0407a3b3c77fddc2efc85c31befb52 */mnt-system/KNOPPIX/background.png

1dd5c3ea70a32db0a3593a9ce05a23a81c441864 */mnt-system/KNOPPIX/background.README.txt

0794431f9dbfb5908ebb39ffab9fc6c64db167ec */mnt-system/KNOPPIX/index_de.html

1277b725e0ebca59af4f2a1532fdff18850b90d9 */mnt-system/KNOPPIX/index_en.html

8ef8c849eca5a570395b0dc587a94d998acf1125 */mnt-system/KNOPPIX/index_es.html

031b7bb6488bf86123a0ace8dd37ab7c9249317d */mnt-system/KNOPPIX/index_fr.html

952916a373c399d16b9f536f6e8c7a067aeba917 */mnt-system/KNOPPIX/index_it.html

45a173f224be7fad9afd213c0143c032bcea274f */mnt-system/KNOPPIX/knoppix-cheatcodes.txt

e79418fa56c0199da83db4b5b902323b6d40d9c1 */mnt-system/KNOPPIX/knoppix-logo-medium.png

9f8659b5321990f9f592754156e13bfdeb16ed50 */mnt-system/KNOPPIX/knoppix-logo-small.png

4917ef8981a9062f1a64d81bf2f29aad6c0a6804 */mnt-system/KNOPPIX/LICENSE.txt

7edea2650a3dc9b8218107cf4c55dcd74b76e15a */mnt-system/KNOPPIX/README_Security.txt

466a91c5fd5d345bb19d1c9419d9bd0734583151 */mnt-system/KNOPPIX/SOURCES.txt

File://media/truecrypt3/sha1sums_knoppix644usb_critical.txt

a27858f5178462afd11d5c8ae9bff1106658d07c */mnt-system/boot/syslinux/balder.img

b21c7034c3e80dbecd14bf210fe0af872a547138 */mnt-system/boot/syslinux/linux

b5ff7af6b4bc9104c349acf99940a0353c4b94c4 */mnt-system/boot/syslinux/linux64

8090e0e2ca937d062782bdce1234c6ecbf862979 */mnt-system/boot/syslinux/logo.16f08e1a0b0f907cb2556e4391f64ba6dca9f6250b */mnt-system/boot/syslinux/memdisk

6782abfa3ecf899028bd01e14e53f0760a08d40b */mnt-system/boot/syslinux/memtest

53017a3189cd6fd566eee1e78612a64ec6c6b85b */mnt-system/boot/syslinux/minirt.gz

b3235556ffe7da2735e4c6a1e0245557925d2f09 */mnt-system/KNOPPIX/KNOPPIX

File://media/truecrypt3/sha1sums_dummy.txt

1234567890abcdef1234567890abcdef12345678 *file_existence_check.sh

Annex 3.3: Shell Scripts

File://media/truecrypt3/file_existence_check.sh

#!/bin/bash

if ! [ -f $1 ]; then

echo "--> ERROR: File \"$1\" does NOT exists!"

exit 1

fi

exit 0



19/25


File://media/truecrypt3/sha1sum_check_knoppix644usb.sh

#!/bin/bash

tty -s

if (($? != 0)); then

# Default size of the terminal window:

#lxterminal -e "$0"

# larger terminal window - recommended:

lxterminal --geometry=80x35 -e "$0"

# Even larger terminal window:

#lxterminal --geometry=120x49 -e "$0"

exit

fi

# The code above checks if the scipt is already running in a terminal window.

# If not, it opens a terminal window and executes the script there.

root_path_of_usb_stick=/mnt-system

current_path=/media/truecrypt3

cd $current_path

# -------------------------------------------------------------------------

# First of all, we make some file existence checks.

# If the files do not exist, an sha1sum check is not possible anyway.

echo "Part 1: Checking existence of important files"

echo "---------------------------------------------"

cnt=0

./file_existence_check.sh $root_path_of_usb_stick/ldlinux.sysa=$? ; cnt=$[ $cnt + $(( $a != 0 )) ]

./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/balder.img

a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ]

./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/linux

a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ]

./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/linux64

a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ]

./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/logo.16

a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ]

./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/memdisk

a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ]./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/memtest

a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ]

./file_existence_check.sh $root_path_of_usb_stick/boot/syslinux/minirt.gz

a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ]

./file_existence_check.sh $root_path_of_usb_stick/KNOPPIX/KNOPPIX

a=$? ; cnt=$[ $cnt + $(( $a != 0 )) ]

if (( $cnt > 0 )); then

echo "*****************************************************************"

echo "ERROR: $cnt essential file(s) could not be found."

echo . . . .Therefore, the SHA1 checksum test is not possible.echo . . . .The script is aborted at this point.

echo

echo . . . .Consider modifying the variable \"root_path_of_usb_stick\"



20/25


echo . . . .inside the file \"sha1sum_check_knoppix644usb.sh\".

echo

echo . . . .Then also adapt the paths correspondingly in the files

echo . . . .\"sha1sums_knoppix644usb_critical.txt\" and

echo . . . .\"sha1sums_knoppix644usb_uncritical.txt\".

echo "*****************************************************************"

echo ' _____ _ _ '

echo ' | ___|_ _(_) |_ _ _ __ ___ '

echo ' | |_ / _` | | | | | |' "'"'__/ _ \ '

echo ' | _| (_| | | | |_| | | | __/ '

echo ' |_| \__,_|_|_|\__,_|_| \___| '

echo

echo "------- Press key to quit -------"

read

exit $cnt

fi

# -------------------------------------------------------------------------

echo Done.

echo

# Specify the ASCII files containing the lists of SHA1 checksums:

sha1sum_List_uncritical=sha1sums_knoppix644usb_uncritical.txt

sha1sum_List_critical=sha1sums_knoppix644usb_critical.txt

# Check system files on the USB stick for integrity

# (those files created at creation of the bootable USB stick):

echo "Part 2: Checking the uncritical KNOPPIX system files..."

echo "-------------------------------------------------------"

`./sha1sum_owncopy -c --status $sha1sum_List_uncritical`ErrorCode_2=$?

echo Done.

echo

echo "Part 3: Checking the critical KNOPPIX system files (takes a bit longer...)"

echo "--------------------------------------------------------------------------"

`./sha1sum_owncopy -c --status $sha1sum_List_critical`

ErrorCode_3=$?

echo Done.

echo

echo "Part 4: Checking the file \"ldlinux.sys\":"

echo "----------------------------------------"

ErrorCode_4a=0

ErrorCode_4b=0

./file_existence_check.sh sha1sums_ldlinux-sys.txt

a=$?

if (( $a !=0 )); then

echo " The SHA1 checksum file does not exist yet."

echo " This is NORMAL if you run this check for the first time!"

echo "--> Now creating the checksum file for future reference..."

`./sha1sum_owncopy -b $root_path_of_usb_stick/ldlinux.sys > sha1sums_ldlinux-sys.txt`

ErrorCode_4a=$?

else

`./sha1sum_owncopy -c --status sha1sums_ldlinux-sys.txt`



21/25


ErrorCode_4b=$?

fi

echo Done.

# --------------------------------------------------------------

# ----- Check Uncritical Errors: -------------------------------

# --------------------------------------------------------------

if (($ErrorCode_2 != 0)); then

echo

echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++"

echo "Warning: Some files have been changed, but these"

echo " files are uncritical for system integrity."

echo " Your system is not really in danger, but you"

echo " should know why some files were modified."

echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++"

echo Here are the details:

./sha1sum_owncopy -w -c $sha1sum_List_uncritical

echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++"

echo ' __ __ _ 'echo ' / / /\ \ \__ _ _ __ _ __ (_)_ __ __ _ '

echo ' \ \/ \/ / _` | '"'"'__| '"'"'_ \| | '"'"'_ \ / _` | '

echo ' \ /\ / (_| | | | | | | | | | | (_| | '

echo ' \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | '

echo ' |___/ '

fi

# ------------------------------------------------------------

# ----- Case of no Checksum Error at all: --------------------

# ------------------------------------------------------------

if (($ErrorCode_3 == 0)) && (($ErrorCode_4b == 0)) && (($ErrorCode_2 == 0)); thenecho

echo "-------------------------------------------------------------"

echo "Check passed! All system files are the original system files."

echo "Everything is OK, your system files are clean!"

echo "-------------------------------------------------------------"

echo ' ____ '

echo ' / ___| _ _ ___ ___ ___ ___ ___ '

echo ' \___ \| | | |/ __/ __/ _ \/ __/ __|'

echo ' ___) | |_| | (_| (_| __/\__ \__ \'

echo ' |____/ \__,_|\___\___\___||___/___/'

fi

# -----------------------------------------------

# ----- File creation error: --------------------

# -----------------------------------------------

if (($ErrorCode_4a != 0)); then

echo

echo "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"

echo 'Warning: Could not write the file'

echo ' "'$current_path/sha1sums_ldlinux-sys.txt'"'

echo ' 'Check if you have write access to '"'$current_path/'"'

echo

echo ' At next system start up it will not be possible to'

echo ' check the integrity of the file'

echo ' ''"'$root_path_of_usb_stick/ldlinux.sys'"'



22/25


echo "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"

echo ' __ __ _ '

echo ' / / /\ \ \__ _ _ __ _ __ (_)_ __ __ _ '

echo ' \ \/ \/ / _` | '"'"'__| '"'"'_ \| | '"'"'_ \ / _` | '

echo ' \ /\ / (_| | | | | | | | | | | (_| | '

echo ' \/ \/ \__,_|_| |_| |_|_|_| |_|\__, | '

echo ' |___/ '

fi

# ------------------------------------------------------------

# ----- Check Critical Errors: -------------------------------

# ------------------------------------------------------------

if (($ErrorCode_4b != 0)); then

# Critical erorrors have occured:

echo

echo "*********************************************"

echo "***** A L E R T !!! SERIOUS WARNING!!! *****"

echo "*********************************************"

echo The file \"ldlinux.sys\" was modified!echo This file is needed during the boot process.

echo The file can be different on different USB

echo sticks, but should remain unchanged on one

echo such boot medium.

echo You should know why this checksum failure

echo happened. Your system might be at risk.

echo "*********************************************"


./sha1sum_owncopy -w -c sha1sums_ldlinux-sys.txt

echo "*********************************************"

echo ' _____ _ _ 'echo ' | ___|_ _(_) |_ _ _ __ ___ '

echo ' | |_ / _` | | | | | |' "'"'__/ _ \ '

echo ' | _| (_| | | | |_| | | | __/ '

echo ' |_| \__,_|_|_|\__,_|_| \___| '

fi

if (($ErrorCode_3 != 0)); then

# Critical erorrors have occured:

echo

echo "**************************************************"

echo "***** A L E R T !!! VERY SERIOUS WARNING!!! *****"echo "**************************************************"

echo Important system files have been modified!

echo Your system might be corrupted!

echo Use it at your own risk!

echo "**************************************************"


./sha1sum_owncopy -w -c $sha1sum_List_critical

echo "**************************************************"

echo ' _____ _ _ '

echo ' | ___|_ _(_) |_ _ _ __ ___ '

echo ' | |_ / _` | | | | | |' "'"'__/ _ \ '

echo ' | _| (_| | | | |_| | | | __/ '

echo ' |_| \__,_|_|_|\__,_|_| \___| '

fi



23/25


# ----------------------------------------------------------

# ----- SPECIAL EXTRA CHECK: -------------------------------

# ----------------------------------------------------------

if (($ErrorCode_2 == 0)) && (($ErrorCode_3 == 0)) && (($ErrorCode_4b == 0)); then

# Check if the "sha1sum" file is able to generate bad checksums in the first place:

`./sha1sum_owncopy -w -c --status sha1sums_dummy.txt`

ErrorCode_Dummy=$?

if (($ErrorCode_Dummy == 0)); then

echo

echo

echo "*************************************************"

echo "***** ALERT! SHA1 Checksum Malfunctioning! ******"

echo "*************************************************"

echo 'The checksum function produces "good" results even'

echo 'if the checksum is definitely "bad"!'

echo This means you cannot trust above good checksum

echo results for the system files!

echo ...Something is going fundamentally wrong here!echo This means that your system might be corrupted!

echo Use it at your own risk!

echo "*************************************************"

echo Here are the details

echo "(the following SHOULD give a BAD checksum):"

./sha1sum_owncopy -w -c sha1sums_dummy.txt

echo "*************************************************"

echo ' _____ _ _ '

echo ' | ___|_ _(_) |_ _ _ __ ___ '

echo ' | |_ / _` | | | | | |' "'"'__/ _ \ '

echo ' | _| (_| | | | |_| | | | __/ 'echo ' |_| \__,_|_|_|\__,_|_| \___| '

fi

fi

echo

echo "------- Press key to quit -------"

read

The following illustration summarizes the final system setup with Knoppix 6.4.4 on a bootable USBstick, when including the mechanisms introduced in this annex to allow discovering a corruption ofthe USB stick's system files:



24/25






PC with bootable USB Stick with Knoppix 6.4.4

has access to

* /KNOPPIX/knoppix-data.aes[200 MB]










Contains all "persistent" usersettings/modifications of theKnoppix 6.4.4 Live system








copy manually

* /ChecksumVerification.tc[0.5 MB]


password = same as forknoppix-data.aes, but differentfrom the 4GB and 1MB file !!!

/media/truecrypt3/....../sha1sum_owncopy.../file_existence_check.sh.../sha1sum_check_knoppix644usb.sh.../sha1sums_dummy.txt.../sha1sums_knoppix644usb_critical.txt.../sha1sums_knoppix644usb_uncritical.txt

verify integrity by SHA1 checksums

Actually,

all these

files could

be now

located on

the USB

stick in this

variant.

Because, if

the inse-

cure ope-rating sys-

tem (see

bottom of

the figure)

had cor-

rupted the

system

files, this

would now

be disco-

vered be-fore it can

do any

harm to

your

Bitcoin

private

keys.


25/25


Version History of this Document

0.1 First version

0.2 Clarified for Example 3+ (Annex 3) that there is no strict need any more to keep the

bootable USB stick away from a potentially insecure & infected operating system.0.3 After cross-reading the complete document: Removal of some remaining inconsistencies,

minor re-phrasings to improve readability, addition of this version history.

0.4 For Example 3+, correction of the script file sha1sum_check_knoppix644usb.sh and theSHA1 list sha1sums_knoppix644usb_critical.txt: Removed ldlinux.sys from the list ofcritical files, because it is not bit-exact the same for different USB sticks, but it remainsunchanged once the USB stick has been created. Therefore, an extra reference checksum file isgenerated when the shell script runs the first time, and from that moment on it will also bechecked together with the other files every time the script is run.

For Example 3+, it is now proposed to put ChecksumVerification.tc directly to the rootdirectory of the USB stick, the final block diagram was modified accordingly. Moreover, an

additional *.desktop file was added to make the use of the SHA1 sum check extremelyconvenient for daily use - just two double clicks on two desktop icons are required.

The text in Annex 3 was modified to take these changes into account.

Moreover, minor editorial modifications and corrections of typos.

Documents

Bitcoin Safe Usage v04