Bitcoin Forum

Quote from the TrueCrypt documentation:

http://www.truecrypt.org/docs/?s=security-requirements-and-precautions

and especially from the malware section:



A lot of people here are just telling the noobs: "I have TrueCrypy, everything is secure." That's just not true. And it is even worse: The very fact that TrueCrypt appears to be a click-here-click-there-I-am-secure-now tool gives people a feeling of security they don't have. Like any security tool, TrueCrypt is worthless unless you are aware what exactly it does.

For the task of protecting wallets I would go even further and say that TrueCrypt is not a appropriate solution. For this application it is almost as bloated as VMs.
If you want to encrypt wallet files for backups, use GPG.
If you want to protect the wallet file from being stolen from your disk, use encrypted folders of the kind that your operating system provides. But don't expect it to be protected against malware while in use. Everything you have access to, the malware you catch has access to, too. It will protect you against people who steal your computer, but it will not protect you against malware.

PS:
Just to prevent misunderstanding: In my opinion you can do whatever you like to. But stop making such strong claims misleading people who understand less then you do.

PPS:
Maybe we need a security subforum.

Another important detail for the task of protecting wallets:


An attacker can set you wallet to a previous state without even decrypting your TrueCrypt disk:


http://www.truecrypt.org/docs/authenticity-and-integrity

How do we use GPG to encrypt the wallet file?  I use ubuntu 10.04

please read http://forum.bitcoin.org/index.php?topic=16266.0

How do you guys spect GPG to be malware-proof?
If your system is compromised , it doesn't matter what tools you use on top of it.

ex-actly.
and nowdays bookits in mobo/video frimware is quite common, let alone mbr things and stealth rootkits.

Of course, security is a process. The means taking steps to protect the operating system and not using a BTC-handling computer to browse for pr0n. Having said that, we also need good tools to protect the data at rest or in transit. GPG is as trustworthy as any crypto tool can be to protect data at rest.

I never said that GPG protects against malware.


It allows you to store backups on insecure machines, but it does not allow you to decrypt anywhere but on a secure machine, of course.

Why not simply use 7zip to create a archive of your wallet.dat with a password? 7zip does use 256-bit AES to encrypt the content of the archive, same as truecrypt. Just choose a strong password, and you'll be fine.

If the 7z AES implementation is good, this should work well, too.

And I really have a stupid cracking tool, the one I already linked, one of the first Google matches. It really calls "7z" each time.

I tried that out. It's rather slow. So I made a couple of quick hacks (http://code.google.com/p/popen-noshell/) to it and increased its speed threefold. It's possible to make it even faster, though it would take much more work.

99% of getting hacked is the wide open blatantly unsecured data.  encrypting your data in what ever means you should choose is the theme here.  In fact, i would not rely on one single encryption alone, but using an encryption pyramid where your data is independently encrypted multiple times via different means to be absolutely secure.  Especially when were talking about enough money for a down payment on a house.   For example, have an encrypted home directory where you store your truecrypt container.  When you email the truecrypt container off of your secure home directory for backup purposes, encrypt that container with gpg.  Of course the best advise is to not have more coins then you can afford to lose in one wallet. 

Yes, encryption protects data storage. And multiple encryption tools avoid flaws in a single one of them.

But encryption does not protect data while it is processed, for example by the bitcoin software. That's just impossible.

A special user account or a dedicated machine is protected against malware on your regular user account. But that has nothing to do with encrytion, but with policy enforcement.

Ugh. How exactly does one set up a clean PC, and keep it that way then? I take more precautions than probably 98% of the general population but I'm positive that's not enough.

You need proper hardware. Unfortunately most hardware is crap and you don't know which products are good before you buy them.

For example a motherboard just needs a single hardware switch that disables the possibility of firmware/BIOS updates. If you can do that, you can start looking for the software you want to run.