Title: [HowTo] Secure your currently unencrypted wallet (Windows) Post by: InstaGx on June 17, 2011, 10:08:49 AM So, you followed all the tutorials and now your wallet.db is safely encrypted in a Truecrypt volume.
But once a day you start the Bitcoin client to keep track of transactions and catch up with the blockchain. While you're doing this your Truecrypt volume is mounted and the wallet.dat decrypted and accessible by all malicious applications on your computer. To conquer the most simple attack to your wallet, the complete search for any wallets on all mounted partitions, you can make use of user rights management on Windows. Here's how: Note: The Truecrypt volume has to be NTFS formated in order to work with this tutorial. 1.) Start lusrmgr.msc.
2.) Navigate to your Bitcoin client datadir (e.g. your mounted Truecrypt volume)
3.) Configure your Bitcoin client to start as the new user.
Quote start runas /noprofile /env /user:yournewuser "bitcoin.exe -datadir=%cd%\data" Adjust the bold text to your environment.4.) Everything should work now.
Title: Re: [HowTo] Secure your currently unencrypted wallet (Windows) Post by: Ajego on June 17, 2011, 10:12:23 AM wouldn't it be easier to boot a live-CD/live-USB and 'update' your wallet over this system?
Title: Re: [HowTo] Secure your currently unencrypted wallet (Windows) Post by: InstaGx on June 17, 2011, 10:18:58 AM wouldn't it be easier to boot a live-CD/live-USB and 'update' your wallet over this system? Most likely yes. But it's always nice to have an alternative. There are a lot of users out there that will always use their Windows main system to manage their wallets. This way they can live a bit more secure. Title: Re: [HowTo] Secure your currently unencrypted wallet (Windows) Post by: bcearl on June 17, 2011, 09:02:06 PM But once a day you start the Bitcoin client to keep track of transactions and catch up with the blockchain. While you're doing this your Truecrypt volume is mounted and the wallet.dat decrypted and accessible by all malicious applications on your computer. At least you got that point right -- but that makes the advice pretty useless. Better install a second computer or secondary/live system or a second user account with encrypted personal data. You need to enforce policy as much as you need encryption to end up with a useful and secure setup. Title: Re: [HowTo] Secure your currently unencrypted wallet (Windows) Post by: VillageChump on June 17, 2011, 09:46:37 PM
Title: Re: [HowTo] Secure your currently unencrypted wallet (Windows) Post by: bcearl on June 17, 2011, 10:13:09 PM
Even worse advice. http://forum.bitcoin.org/index.php?topic=15052.20 |