Bitcoin Forum

I read this answer on another forum.  What do you think?

"Depends how paranoid you are. Many do but if you reallly want to be safe then according to the bitcoin wiki:

Using Dropbox to back up your Bitcoin data is not recommended as doing so introduces the following security concerns:

Dropbox stores your encryption key (meaning that a disgruntled Dropbox employee or an > attacker who gained access to the system could decrypt your Dropbox data and steal your bitcoins)

The Dropbox client only needs a password for the first login. After it authenticates once, the server assigns it a token which it uses to show that, at one time, its user knew the password rather than sending the actual password (meaning that if you ever use the Dropbox client on another PC, that PC's users can access your Dropbox - even if you change your password - and can steal your bitcoins or get a virus that will steal your bitcoins).

For these reasons, an alternative that always uses password authentication such as Wuala should be used. Wuala's servers do not store your encryption key and the program authenticates with the password each time it is started.

Whether you use Dropbox as your backup or not, it is advised to use what Steve Gibson calls "pre-Internet encryption" which means to use some form of encryption on your files before you back them up, in case an attacker gains access to that backup. Make sure to pick a password that is memorable but secure.

The only file you need to back up is "wallet.dat" which can be done one of two ways. To make a copy of the wallet.dat file, ensure that Bitcoin is closed and copy this file somewhere else. The other way is to use the backupwallet JSON-RPC command to back up without shutting down Bitcoin.

Once a copy has been made, encrypt it, and put it in two or more safe locations. Consider the risk due to theft, fire, or natural disaster in proportion to the value of bitcoins stored in the wallet."

I wouldn't trust it.  I believe all items, when transferred, are encrypted, but a back door is always a possible route, especially when drugs and CP and terrorism is involved.

Its safe if the download link is never gave to anyone

I personally wouldn't do it, but if you are uploading an encrypted wallet with not many coins you *should* be fine.

Better put it in a small truecrypt container before uploading.

That's the right way to go about it.

encrypt the wallet.dat - then encrypt the file with 3rd party encryption software and that can go to online storage.

In theory, BTSync would probably be a better solution. Less people with access to the files (i.e. decentralized). Same concept as Dropbox, just without the central server, and uses a passkey just to sync (extra layer never hurts). That said, I use both, but I wouldn't put anything sensitive on Dropbox.

http://labs.bittorrent.com/experiments/sync.html

For max. security you could scramble the file before uploading it: http://www.alldataright.com/file-scrambler/screenshots.html

I think its not safe. I its safer on gmail  added with strong password.

I suggest you put your wallet on a USB as well on your computer. The more backups you have the safer.

Dropbox is safe, if you put a password on the file.

As you wrote: Depends how paranoid you are.

Encrypt your wallet and you should be fine

It's probably fine if you've already encrypted it, but it's better to just print a paper backup in my opinion.  Two people can keep a secret if one of them is dead.

I wouldn't keep it in dropbox, even encrypted.

Stick it on a USB key (encrypted) and keep it in a safety deposit box, or in a relative's safe.

Or for long term storage make a really good brain wallet involving a salt, a complex phrase, and a personal identification number (like drivers license). Salt should be at least 8 characters, dozen preferred.

I zip mine up and then rename the zip.  Most clowns don't know what they are doing when they try to steal.  They will do searches only.

Well, there's a wallet just begging to be stolen.

why not keep it in a windows skydrive account?

I suggest you to keep your encrypted wallet on encrypted USB stick in the safe. It is the most secure way when nobody can get even your encrypted wallet.

You can try with Bitcasa, since the files are encrypted on your PC instead of their servers and then the encrypted data is uploaded to their servers.

As long as you have encrypted the wallet file using TrueCrypt (strong password + locally stored key file), you should be fine backing it up to the cloud (DropBox, GMail or any similar alternatives).

If anyone manage to get hold of the file (from the cloud), and they are prepared to bruteforce your password, they still need the key file (which is not stored anywhere near the cloud, and only you know its exact location).

Should be safe ...

How easy is it, really, to bruteforce a truecrypt file when the password is 35 characters long? Is bruteforce the only way? It seems like dropbox would be okay if your file is encrypted properly and doesn't stand out. If you name it something random like "charset.dll" or something, who would really spend that much time on it?

Better yet, hide it in a folder with some program that already has a bunch of .dll or .dat files, so it looks like it's just one of the require components  8)

IIRC 8 chars take more than a life-time.

Truecrypt? LOL ... it can be cracked in no time with some Radeon GPUs:
http://hashcat.net/forum/thread-2301.html (http://hashcat.net/forum/thread-2301.html)

Seems like a shitty encryption if it's that easy.

The safest will be to keep your backup wallet in an offline USB drive.

...in a safe, sunken in the deepest ocean.

I guess it was a short password to prove it is working, as it was done in 40 seconds with two 6990.
This is only the beginning, the programmer has speed up the whirlpool hashing now by 58% and yet to work on cascaded modes.
But the times where Truecrypt was secure will be surely over soon, when you now can hack every windows password with a 25 GPU cluster (10x HD 7970, 4x HD 5970 (dual GPU), 3x HD 6990 (dual GPU), 1x HD 5870):
http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/ (http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/)

Guess you can hack everything if you want to and have good equipment sooner or later.

Yeah.. it's gonna take 72 years to crack a 8 letter alphanumeric password.

Then it's not so shitty after all, is it? I'm a noob in encryption, anyone got any counter arguments?

PBKDF2-HMAC-SHA512 / AES: 95 kHash/s
PBKDF2-HMAC-RipeMD160 boot-mode / AES: 451 kHash/s

OK, RipeMD took 40 seconds, SHA512 is 5 times slower, so it will take 10 minutes. Let's guess it was a simple password, it would take much longer with a better SHA512 password. But then remember it was just two HD6990. Let's see what we can do with a Cluster of 25 Titans: 25 x 163.0 kH/s = 4075 kHash/s. Or with a cluster of 25 HD7970: 25 x 233.0 kH/s = 5825 kHash/s.

You also have to take into consideration that you don't have to find the exact passphrase for pasword cracking, you just have to find a combination of symbols that gives you the exact same hash. d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592 is the SHA256 hash of "The quick brown fox jumps over the lazy dog". So "a!kL07gS1" might give you the same hash (it is just an example, it doesn't have the same hash) and you could decrypt the file with that as well. So what can you do for more security is either using a hashfunktion that generates a longer hash (07e547d9586f6a73f73fbac0435ed76951218fb7d0c8d788a309d785436bbb642e93a252a954f23 912547d1e8a3b5ed6e1bfd7097821233fa0538f3db854fee6 is the SHA512 hash of "The quick brown fox jumps over the lazy dog") or using an slow algorythm like blowfish. But with more hashing power the time needed to solve even those puzzles gets shorter. Just imagine what you could do with the 138 Thash/s SHA256 hashpower that the bitcoin network currently has LOL. Sure not much people here would have the money to build a cluster of 200 Titan, HD7970 or Xeon Phi just to crack some passwords, but it's no problem for the secret services (Do I hear Prism or GCHQ? ;)) or some criminal organisations to do this.

Thanks for the link, I was looking if hashcat had been used for anything besides password hashes, but hadn't found this.

Well, it's just bruteforcing passphrases. For every character you add to the passphrase length, you change the difficulty of bruteforcing quite a lot. Let me demonstrate


OK, lets imagine. [source: http://calc.opensecurityresearch.com/ ]

Bruteforcing SHA256 at 138 terahash/s when key length is.. (oh, I just checked: according to blockchain.info the hashrate is today 174 terahash/s)
8: less than a second (lowercase alphanumeric) | 1 second (mixed alphanumeric)
9: less than a second | 1 minute 39 seconds
10: 27 seconds | 1 hour 43 minutes
11: 16 minutes | 4 days
12: 10 hours | 275 days
13: 15 days | 47 years
20: 3 billion years | 164 trillion years
256 lowercase alphanumeric characters (SHA256 hash):  ???

So keep your passphrases long. I suppose to maximize key strength one could hash the passphrase before using any standard truecrypt algorithm. It's rather likely that an attacker would attempt to bruteforce against a known hashing algorithm (or a sequence of them), so that's one more hindrance.

This a Bad Idea. The file's internal metadata (which is what anyone searching for a needle in a stack of needles will be looking at) will be a dead giveaway. Renaming a file with a different extension will not conceal it at all, and may actually make it even more conspicuous with tools that automatically flag files whose filename extension doesn't match the internal metadata. Security through obscurity doesn't work at all.

It depends on how thorough the hacker is.

Do we know what a truecrypt file's metadata contains?

I would assume it doesn't have any, for the obvious security reasons. Yes, you could immediately know the file doesn't match its extension, but if that's the case you could throw in a bunch of red herrings as well! Take a random jpg, encrypt it with 40 different passwords and put them all in the same place. They'd have a 1 in 41 chance of choosing the right file to start with.

For the JPG's you could use embarrassing party photos, which provides motivation for the encryption, but no value to the hacker--so they would assume all the files are the same and there is no reason to keep cracking them.

The most important thing is probably keeping a low profile AND hiding your stuff. No one's going to look very hard if they don't suspect something is there.

My wallet.dat is encrypted via the Bitcoin-QT and then put inside an an encrypted rar archive. Both passwords are 190 bits according to KeePass (30 characters long mixture).

Why is that not secure if I put it on Dropbox?

you can put your truecrypted wallet to any filehoster you want. mh, why not torrent it? :D

it's safe.

Because I know it's there now?
No, you have some strength with that system. Even if someone got the wallet you have a long time to move the coins out of it.

But I I will never find out if someone have a copy of my wallet.dat.

I think it should be safe, i personally use google drive as i use my google account for a lot of stuff.

I will use both (Dropbox and Google Drive) :)