You are viewing a single comment's thread from:

RE: Tomshwom's Advanced Crypto Security Guide (Part 3) - Creating a Secure Wallet

in #cryptocurrency7 years ago (edited)

Really great guide. I followed the steps and it worked fine until I came to the point where I should test MEW in off-line state. Unfortunately, only text and codes shows up on a white background in the Tor browser, it was not possible to generate wallet/keys either.
I've used 'etherwallet-v3.10.7.3.zip', kept the folder structure and activated index.html. I have also tried some earlier MEW versions, and have experimented with different settings in Tor, e.g. allowing 3rd party cookies, nothing seems to help. Any ideas what went wrong?
I'm using Tails v.3.3 with Tor v.7.0.10.
I have a screenshot from Tor, but not sure how to add.

Sort:  

This seems to be something that happened recently with Tor. The Tor Browser persistent volume isn't getting the right permissions in AppGuard so it's not processing CSS. See https://trac.torproject.org/projects/tor/ticket/24243. I still haven't found a solid answer to this, but I think an older version of Tails (without getting updates) will fix things.

Tails v3.2 is bundled with Tor 7.0.6, which does not have the defect mentioned in the ticket linked above, and therefore is usable with local web content. It can be acquired here:
https://web.archive.org/web/20171103181439/https://tails.boum.org/torrents/files/tails-amd64-3.2.torrent

Tails 3.4. is out. Maybe it solves the problem.

Unfortunately, Tails`s 3.4 Tor is not work as well as Tails 3.3. Only 3.2 is working ok!

Tails 3.5 was released on Jan 23, has anyone tried using it? Does TOR work there?

Tested Tails 3.5, but unfortunately same problem exists with TOR. Also tested Tails 3.6, released March 13, same problem again! I've not tested Tails 3.6.1.
I spent some time on this and came up with a suitable workaround. Simply find a portable browser app for Linux and copy it into the Persistent Volume. Just run it from there and open up the MyEtherWallet index.html. I used the Firefox Appimage located here: https://www.linux-apps.com/p/1168996/
Works great! Hope this helps.

Hello Tom, thanks for the guide. The whole point of it is to not go online with Tails. What do you think of "Discreete Linux"?

https://www.privacy-cd.org/

"Discreete Linux is an isolated offline working environment. Discreete Linux considers a reliable and permanent separation of the data and cryptographic keys to be protected from non-trustworthy networks as an indispensable safety line against targeted "Advanced Persistent Threats". Therefore the support for network hardware of all kinds has been removed from the system kernel of Discreete Linux. This is not only important as a protection against the intrusion of Trojan Software, but also for downstream security lines"

Any offline OS will suffice, but they need to be run natively, not in a VM on an online host. I like Tails for the amnesic aspect, which helps guarantee that no malware is present on the system. It is also documented well and has a lot of tools in place that make it a nice option for crypto.

Alright. Another question concerning the guide: You worte to always physically disconnect the internet, e.g. by turning off the router. Wouldn't it be more easy to completely disable the network deamon of Tails? On quora I read " If you really get paranoid go into /etc/init.d subdirectories and disable start of the internet daemon xinitd to assure that nothing can ever connect to you." I couldn't find this daemon on Tails, tough. Do you have any idea?

Physical disconnection is a partial move towards total black-box conditions, like inside a Faraday cage where no electrical emissions are leaking out. Ideally, this is how you'd want to generate/access private keys if you're doing so electronically.

Disabling the device drivers themselves on something like Linux is a valid solution for keeping info from leaking off of that system, but on a phone or other less open-source systems you can potentially still be connected even when wifi is turned off.

Additionally, you don't really want Alexa listening while you recite your mnemonic phrase aloud while verifying it, or your smart phone to be pointed at the screen/keyboard while sensitive info is being used. We surround ourselves with top-quality surveillance equipment, and the privacy-minded person will take all the steps (even ones that can be argued to be excessive) to protect themselves & their most valuable information.

Thank you! Yes, this seems to explain the problem. I will try find a older version of Tails.

i'm so tired of TAILS. they try so hard to be the most private OS ever that you literally can't use anything on it with the exception of stuff designed to run on tails. which is like, monero wallet and thats it.

I guess you missed the use case described in the article above that you have now commented on. If you don't have a use for Tails, maybe just don't use it?