Bitcoin Forum

delete

This is a very good offer I understand that you need to create a newbie account to protect your true account here,this is good for altcoin admin and company I might get your service in the future as I am not using my bitcoin wallet much ,have bookmarked this page..

you are providing bitcoin security advices but you don't have any reputed and trust here. and your account is also a newbie.
may I ask you for any type of proof and reference of your legitimacy?

That is good, but if you dont use your bitcoin wallet that doesnt mean it's safely stored. Even if you dont open your wallet it could still be in danger.


You just have to take my word for that, I could provide proof but I would rather not because it can hurt my privacy.First 2 consultations are free, so if you are not satisfied with my advices you can just give me negative reputation.

I just want to help people secure their bitcoins because the amount of thefts recently are staggering, and I am expert in this field so I wish to provide my expertise as a service.

Obviously I won't ask people to install shady .exe files, that will not happen. You can describe your security concerns as much or little as you are comfortable and I will try to work with that. We can communicate on a need to know basis, we dont have to trust eachother.

If you dont trust me at all, open TOR and create a newbie account and PM me with that. I will have no way of knowing who you are.

I can take a vouch.
Do it in public, to get your service started.

I have a paper wallet, printed offline with bitaddress.org. Advice me!

Alright here is my first impression analysis of Bitaddress and your setup:

1) Bitaddress.org

Vulnerability #1:  Javascript is known to have bad RNG and all sorts of bugs that may or may not be patched. Especially browser based javascript is so bad, that I don't even keep up with it. They use window.SecureRandom instead of Math.Random() which is a custom CSPRNG library, little better but, I doubt it gives you really good security given the structure of the javascript language and the bloat from the browsers.

Vulnerability #2:  If you use it with Chrome or other closed source browser, then its worse

2) Handling the private key

Did you generate the key offline on a safe machine? If not, then its a problem.
Did you securely wiped the hard-disk/flash memory after creating the private key? If not, then its a problem.
Did you securely wiped the wiped the printers memory after printing it out? If not, then its a problem.
Did you added extra encryption to the paper you printed out, in case a thief see's it and steals it? For example printing out an encrypted version of the key, so that even if somebody gets physical access to it, cannot decrypt it without password.

---

My advices:

Drop the javascript nonsense and generate the private key with electrum on an offline PC with linux on it. And wipe all persistent memory after done (ex: RAM, printer memory, hard disk, flash drive ,etc)

Consider at least steganography for paper wallets, hiding the private key inside pictures. Printing out trivial pictures that has your private key hidden it it, it less obvious for thiefs and easier to hide.

https://en.wikipedia.org/wiki/Steganography#Printed
http://www.jjtc.com/Security/stegtools.htm

---

We could go deeper, but these are my immediate advices.

My own simple advise to keeping your Bitcoin safe is gather sizeable amount of Bitcoin sell and convert it to your local currency then use it to acquire something tangible. Whatever, security apparatus put in place it still has an element of vulnerability which is awaiting exploitation in this era of hacking. Losing some money due to increase in price is better than losing all due to hacking... My opinion though...

Also only 4 posts and 1 is a bump the other 1 is the thread started so only 2 left. 2 used for what ? Not answering any questions even. I can't take this person seriously. If he doesn't want to be called a scammer he should hae though clearly about doing this to eliminate and doubts. The OP has not even addressed your issue. I wouldn't go near this with a 6+ sword xD

For writing security advises you do not need to have 4 posts , it could be your first post but if you want to make some sort of economical gain from this you do need to be at least hero member on this forum to make money of something like this .

There are million dollars worth of companies out there who get hacked , if they hacked there is nothing stopping a normal person to get hacked as well. As long as the coin is on hot wallet and not cold wallet there is no way you can't get hacked.

Those companies clearly have bad security practices, as I said I am an expert in security, I would offer my services to them as well if they would hire me.

I can prove my expertise, that is why I give out 2 free vouches.

You are a Newbie. You claim to be Expert. Bitaddress.org is one of the most trusted sites. Proof they're not secure and their random is not good. Recreate my private keys for me!

Most people use closed source OS too.

Who made you think that RAM is a persistent memory? and flash?? WTF?

Don't be a idiot, use GNU/kFreeBSD or GNU/Linux-libre..

JS is known to be full of problems and everyone in the security field says it sucks as hell, I will go with the Electrum option..

I don't understand why people are saying his service cannot work if he is not atleast a high ranked member of the forum..

In my opinion, TS is showing he has a lot of knowledge regarding security and is also giving a lot of advise on how to securily and privately contact him. In addition, he says he will never ask for private keys and stuff. There is no risk in getting the advise..

Imo, deserves a chance to show it is indeed a serious service.

TS: What are your thoughts on using a Trezor device is combination with electrum? And how about the mytrezor website? How secure would it be to hold a relatively large amount of coins on a internet connected pc with this setup?