Protecting your bitcoin with BitKey
Transferring Funds to Other People
The wallet stored in Blue is the only one that contains the private key material, and thus it is the only one that can sign transactions. In other words: You need to use the Blue wallet for making payments. However, since you cannot attach Blue to Internet-enabled systems, you cannot use the wallet directly. The procedure for making a transaction is cumbersome, inconvenient, and very safe.
In order to make a transaction, you must generate an unsigned transaction in your Unsafe machine using the wallet in Black (Figure 3), open the Send tab, and fill in the payment form. Hit Send and then save the unsigned transaction to a file. You may transfer this file to the Safe machine that has access to the Blue device using any means you find convenient. A third disposable flash drive is often the most convenient option. Run Electrum in Safe and go to Tools | Load Transaction | From File. Hit Sign and save your signed transaction to a file. Transfer this file to the Unsafe machine. Finally, on the Unsafe box, use Electrum, and select Tools | Load Transaction | From File in order to load your signed transaction. Hit Broadcast. Congratulations, your payment has just been sent to the Bitcoin network!
Other Tools
BitKey also includes two utilities for creating paper wallets [5]:
Paper wallets are pieces of paper that contain a primary private and public key. The idea is that you can print and store a paper wallet in a safe location far from malware. Papers wallets are an alternative to the cold-online and cold-offline computer combination. The use of paper wallets is usually discouraged because it is extremely easy to lose the access to your coins if you make any mistake. Please, don't use paper wallets unless you understand their ins and outs. BitAddress offers instructions for the proper use of paper wallets if you are really interested in using them. Please, read the instructions carefully, and see the box entitled "Mistakes that Destroy your Money."
Mistakes that Destroy your Money
When you first create a Bitcoin wallet in any format and with any software, it creates a public-private key pair. This key pair is associated with a Bitcoin address that you use to receive funds.
The process followed when sending a payment, however, involves the creation of multiple sub-keys that have the main key pair as a master. Bitcoin clients track your account balance by tracking the input and output associated with your address.
For example, if you create an address and then Jack and Adam send you 1 bitcoin and 2 bitcoin each, your client will know that you have an input worth 1 bitcoin and another input worth 2 bitcoin. If you try to send 1.5 bitcoin to Adam one day later, your client will take the 2 bitcoin input, split it in two parts, send 1.5 bitcoin to Adam, and send the change (0.5 bitcoin) back to you. Your wallet software will send the change to a phantom address, that is, it will create a key pair attached to a new dynamically generated address and send the change to it.
The rationale for creating this change address is that it makes it harder for a hostile entity to track your transfers than just delivering the change to your main Bitcoin address. Each time you deliver a payment, a phantom address and a corresponding key pair are generated in the background. Since Bitcoin clients do this task automatically, the user is protected from the complexities of this method.
Problems occur when a user loses the key pairs that allow access to the money delivered to the user's own change addresses. If you create a paper wallet and money is delivered to it, all the inputs will be associated with your main address. If you later load this paper wallet in a software Bitcoin client and then make some payments, this program will generate multiple change addresses and key pairs that won't exist in the paper wallet at all. These change addresses will receive part of your funds. If you destroy the software wallet, you may lose all the funds associated with the change addresses.
Many people used to create a paper wallet in order to keep their main keys offline. They would then load the main key pair into a software wallet, make payments, and delete the software wallet in order to prevent it from being stolen by malware. The problem with this approach was that these users lost their access to the money associated with change addresses when they deleted their keys!
To get started with BitAddress, launch it from the BitKey desktop. Move your pointer randomly over the screen in order to obtain enough entropy for generating your Bitcoin address (Figure 4). A public-private key pair will be created and displayed on the screen, along with QR codes, in a printer friendly format. You may wish to print this paper, note your Bitcoin address down, and lock the paper wallet in a safe location. Treat this wallet as a piggy-bank. You may tell people to send money to you by giving your Bitcoin address to them. When you need to access your funds, import the private key of the paper wallet into any conventional Bitcoin client, spend all the funds, and destroy the paper. In theory, once you have imported the paper wallet into a regular Bitcoin client, you could treat it as you would treat any regular software wallet. However, once the private keys are imported in an Internet-enabled computer, they are exposed to potential compromise, and the common recommendation is to use all the funds up at once and discard the wallet forever. Reusing a spent paper wallet is dangerous, and money loss is more likely than not if you try. Look online for more on the dangers of address reuse [8].
Also included with BitKey is WarpWallet, a utility for creating brainwallets [9]. A brainwallet is an easy-to-remember passphrase that can be fed to a brainwallet program in order to create a public and private Bitcoin key pair. The algorithm is deterministic – the same passphrase always generates the same key pair. The theory is that you can keep the passphrase in your head and avoid placing your Bitcoin keys on a computer until you really need to. When you need to access your money, you use the passphrase and WarpWallet to generate the keys and then import the private key into a regular Bitcoin program. Once imported, these wallets are similar to paper wallets and the same principles apply. As with paper wallets, brainwallets are dangerous, so use them with care.
Launch WarpWallet from the bar. Feed the program with a very secure passphrase, and provide it with your email address in order to generate the salt (Figure 5). The salt is extremely important, because unsalted brainwallets are considered extremely insecure (see the box entitled "Unsalted Brainwallets"). WarpWallet will generate and display a public-private key pair. Note the public address down and close the program. As with paper wallets, a brainwallet is a piggy bank. You can receive payments to your public address. When you are ready to spend the money, fire up WarpWallet, feed it with your passphrase and email address, and note down the private key that is generated. Import that private key into your Bitcoin client as before. Spend all the money at once! Brainwallets suffer drawbacks similar to paper wallets, so don't reuse your brainwallet address. (I know I have already mentioned the dangers of reusing addresses, but trust me, it is important.)
Unsalted Brainwallets
Brainwallets that are generated without salt are vulnerable to cracking using rainbow tables and other advanced cracking methods. Bots are known to exist that patrol the blockchain, searching for vulnerable brainwallets, cracking them, and stealing all their funds. If you really want to use a brainwallet, make sure the brainwallet program you use is salting the hashes. Otherwise, you risk giving away your money to automated thieves.
For maximum security, it is better to perform the wallet generation in cold-offline mode for both brainwallets and paper wallets and to load the private keys in hot-online mode just when you are going to spend them.
Finally, BitKey includes a password strength analyzer called zxcvbn (Figure 6). This tool uses advanced analysis to determine if a password or passphrase is safe.
What BitKey Lacks
BitKey is a useful solution for people who wish to be very proactive about protecting their Bitcoin wallets; however, it is not without shortcomings.
The main problem is that you won't find much official documentation about how to implement BitKey and integrate it into your secure procedures. The most useful instructions are in an article written by Liraz Siri on the TurnKey site [10]. (BitKey was created by core developers with the TurnKey Linux project.)
The version of Electrum included with BitKey lacks a QR scanner. QR is a very useful way of importing unsigned transactions and keys into Electrum. The fact that the version included in BitKey lacks a QR scanner means the user must type the keys into Electrum, instead of letting the webcam do the task.
International users will notice the lack of a documented boot code that lets you select a keyboard layout at boot time, such as you will find in Knoppix. With BitKey, you boot straight into an English keyboard layout. If you need another layout, you will have to switch it manually with setxkbmap
from a terminal emulator.
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Canonical Bumps LTS Support to 12 years
If you're worried that your Ubuntu LTS release won't be supported long enough to last, Canonical has a surprise for you in the form of 12 years of security coverage.
-
Fedora 40 Beta Released Soon
With the official release of Fedora 40 coming in April, it's almost time to download the beta and see what's new.
-
New Pentesting Distribution to Compete with Kali Linux
SnoopGod is now available for your testing needs
-
Juno Computers Launches Another Linux Laptop
If you're looking for a powerhouse laptop that runs Ubuntu, the Juno Computers Neptune 17 v6 should be on your radar.
-
ZorinOS 17.1 Released, Includes Improved Windows App Support
If you need or desire to run Windows applications on Linux, there's one distribution intent on making that easier for you and its new release further improves that feature.
-
Linux Market Share Surpasses 4% for the First Time
Look out Windows and macOS, Linux is on the rise and has even topped ChromeOS to become the fourth most widely used OS around the globe.
-
KDE’s Plasma 6 Officially Available
KDE’s Plasma 6.0 "Megarelease" has happened, and it's brimming with new features, polish, and performance.
-
Latest Version of Tails Unleashed
Tails 6.0 is based on Debian 12 and includes GNOME 43.
-
KDE Announces New Slimbook V with Plenty of Power and KDE’s Plasma 6
If you're a fan of KDE Plasma, you'll be thrilled to hear they've announced a new Slimbook with an AMD CPU and the latest version of KDE Plasma desktop.
-
Monthly Sponsorship Includes Early Access to elementary OS 8
If you want to get a glimpse of what's in the pipeline for elementary OS 8, just set up a monthly sponsorship to help fund its continued existence.