Bitcoin Forum

Hey everyone, I've heard a lot of speculation recently about which wallet to use and whether it's best to use an online wallet or a static software wallet hosted on my personal computer.

I want to keep my coins as safe as the next person and would like you to voice your opinion on what you think is best to use and for which reasons. Any help is more than appreciated, apologies in advance if this thread has already been created (I have searched beforehand).

Kindest regards,
- Twipple

Read up about Armory cold storage, safest method!

The consensus seems to be Bitcoin-QT wallet and paper wallets.  

Long-time trusted exchanges would be the next safest (but beware of people having trouble getting things out of Mt. Gox).

And don't use fly-by-night online wallets by small developers (such as Inputs.IO), as these are almost always "hacked" eventually.  (Who knows if they just take all the coins?)

And whatever you do, don't make a "brain wallet".

Rely on the least amount of software possible to generate your paper wallets. Do not rely on less than necessary software because that would coincide with broken or wrongly implemented crypto algorithms.

Yes.

No.

Bitcoin-Qt has numerous problems, such as random key generation which invalidates your backups after every 100 transactions, and no support for cold storage. Every time you spend your bitcoins with Bitcoin-Qt you potentially expose your private keys to malware on your PC.

Armory + paper wallet

I'm very sure there is support for cold storage wen using bitcoin-qt, and you don't need the -qt at all. I take that you know about raw transactions, signing, and so on ?

Armory!

It actually runs Bitcoin-Qt in the background and adds a whole bunch of extra security features.

http://bitcoinarmory.com/about/using-our-wallet/

Raw transactions are the last thing anyone should be recommending to non-experts.

As far as regular users are concerned, Bitcoin-Qt doesn't support offline transactions.

Once installed the Armory warns users it is a Beta version and will not guarantee lost coins due to software failure.

Does Armory sit on top of Bitcoind (ie RPC), or does Armory include a re-write of the Bitcoin crypto fundamentals?

Are there any concerns with Armory primarily being developed by a single person?

Someone forgot this...
http://farm3.staticflickr.com/2324/2264426714_0d9f1c10c6.jpg

please explain.

I expect he is talking about the key pool, which by default is set to 100. After you have you used 100 addresses, another 100 are generated and then you need a new backup to keep up with these new addresses. This default value can be configured, and can be set to values much higher than that. This is not a issue at all as people should be making backups much more often than that.

https://en.bitcoin.it/wiki/Change

Bitcoin-Qt generates 100 addresses at a time and stores them in wallet.dat. After you've performed 100 interactions (spend or receipts of coins), it generates a new batch.

When this happens, your old wallet.dat backup is no longer sufficient because it does not contain the new keys.

Deterministic wallets, such as Armory, do not have this problem.

Please tell me you don't have anything to do with software development. Your ideas on end-user usability are a danger to yourself and others.

ah, I see..

Well I make a weekly backup of the .dat file anyway

Can you keep your baseless opinions to yourself ?

So you think Armory is user friendly ? This is a brand new category of user friendliness to me, as it requires more than 8gb of ram to run, older and not so cheap computers that can be used for actual safe cold storage are immediately ruled out. Can you be clear why you think I'm a danger to myself ? Making backups more often is bad ? Oh dear. Do you create keys for cold storage in online computers ? Oh dear.

Paranoid mode On: Bitcoin-QT password protected wallet in Linux on a TrueCrypt partition

That is not paranoid at all, it should be the default operation mode for all the bitcoin users. Encrypting the wallet is the basic stuff and a must. Truecrypt partition complements that well, good reminder.

Ok, so what is paranoid mode then? For true security maniacs?

I heard cold storage is best.

We have just added a paranoid mode to NoBrainr, to generate strong cold storage addresses without relying on the system RNG at all :)

You need to start with a computer that never got to meet the Internet and never will while acting as cold storage. Look at what inputs.io did and do all differently (couldn't resist, sorry).

And end by throwing out the computer and keeping the keys in your memory...


Never mind, I wasn't among their clients  ;D

If you're storing lots of coins long term, paper wallets with digital backups. Armory is also good, I bough an old laptop for about £50 to run armory on. I haven't had any problems with QT but I wouldn't consider it safe storage - just convenient.

Ah to buy an extra computer, which is never connected to the internet. Very user friendly? What's wrong with a brain wallet? I generated with a safe password a bitcoin address and store that address with private key in an text file in an truecrypt container on an USB (on 2 USBs) - with the downloaded bitaddress.org.html.

What I did:
- downloaded bitaddress.org.html
- shut down internet connection
- think about a good, strong password, which is easy to remember (first letters of your all time favarite song)
- download and install Truecrypt,and create container with same password
- create with bitaddress.org and password an address
- store the private and public key in an textfile and get it in the container
- store this container with bitadress.org.html on two different USB
- paranoid: shut down pc and start new to delete everything out of the memory

I don't know Amory, so I can't trust it to 100%. For me that is secure enough.

But let's face it. 99% of lost coins is not the product of a thief. But it is a mistake or you forget something. The best option would be a paper wallet. Because: What if you forget or what if you die?

Be very careful choosing a passphrase for your brainwallet. People are running very comprehensive brute force attacks on potential brainwallets.

http://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/

Please. This is extremely insecure. Attackers are using huge databases including any song titles, initials, lyrics, or exotic poems that you might think of.  If you really want to go with a "brainwallet" make sure to generate one with provably sufficient entropy. How do you do that?

Use NoBrainr, for instance: only 30 lines of code so very easy to review, very robust, and runs 100% locally.

Main thread is at https://bitcointalk.org/index.php?topic=308972.0

Electrum cold storage.

http://electrum.org/tutorials.html#offline-mpk

Oh but that uses raw transactions, people around here have claimed that users can't ever use that and I'm an idiot for suggesting it.

I will just retrieve my coins while in Heaven. I see no problem there.

I use electrum for my hot wallet, and a text document with the public key for my savings with the priv key in a truecrypt volume stored on the cloud and on my NAS. Password to it is hidden in my folder of financial documents.

Hey good hints there, can you also give the name of this folder of financial documents ? Is it HIDDEN_PASSWORD_FINANCIAL_DOCS_DONT_LOOK ?

People are ignorant. And then newbie goes and sends 30 BTCs to Inputs.io (http://www.reddit.com/r/Bitcoin/comments/1q3rpp/tradefortress_stole_30_of_my_btc/). True for small amounts/daily use blockchain.info wallet with 2FA is just fine. But  risking over 30 BTC online (inputsio WTF  ). Or on a probably infected PC ???

Raw tx? What's so hard about saving file  to USB > go to/reboot to offline Ubuntu > open file > click > save > go back to online PC > click. Done.

Its a piece of paper in a physical folder. Not a folder on my computer aha.

Hm sorry, I have no idea about the use of your tool. What will I do with this pass phrase? How will I get the private key from this? Would u reommend such a tool to a non programmer?


I aware that attackers could use big databases with lyrics and that stuff. But if I use the first letters of my favorite song:
- how many words do I use? Ok, between 10 and 20 seems reasonable. factor 10
- where do I start? It depends, how "intelligent" this database is. Can it say, where the chorus begins? Or verses? Factor 5. (some songs have no Chorus)
- at least 2 numbers + another sign (example: first number -> number of members of the band, second: year of appearance backwards, separated by two pipes ): factor 1000

Just to be more safe: use the letters backwards, or add to every letter one in the alphabet.

-> this is a more than secure password. But feel free to use your favorite scene in a movie to do this ;)

But why would you put yourself to that risk when you can use something like Diceware? Humans suck at choosing passwords!

http://world.std.com/~reinhold/diceware.html (http://world.std.com/~reinhold/diceware.html)

moderate is being disingenuous.

Electrum has a feature they call raw transactions (which is similar to Armory's offline transactions), but it's not the same as Bitcoin-Qt's support for raw transactions via RPC.

disingenuous ??

You seem to think GUIs are somehow magical. It cannot be different from what the standard client does, otherwise the network would reject the transaction. Look at https://github.com/spesmilo/electrum/blob/master/docs/offline_wallets for an example using electrum but without a GUI, why do you insist so much in calling me names ?

I'd been starting to get a bit panicky over storage too. At the moment I still want access to some coins. I've set what I consider to be a pretty strong password and I'm using multibit on a mac. I presume multibit is reasonably good?

Putting in computer is equally unsave if one is not good with computer.... inputs.io have lots of reputation :)

Not sure if that was a joke or not, you might want to look up what's going with that scamice (scam + service, nice eh?) you mention.

Here are the steps for the safest wallet in the world :)

Address creation:
1. Go to www.bitaddress.org using firefox, make browser offline or unplug the cord/stop the wifi, generate a bitcoin address/private key
2. Encrypt private key using AES and a long phrase which you should memorize, store encrypted data somewhere safe, google docs with 2-factor is safe enough.
3. Create a wallet on blockchain.info, import bitcoin address into blockchain.info but don't import private key

Transactions:
1. Whenever you need to transfer fund go to command line and decrypt aes encrypted key using openssl or go to http://www.everpassword.com/aes-encryptor and decrypt in offline mode.
2. go to blockchain.info, go offline, click send money when asked for private key enter it, create raw transaction, copy it and paste it to https://blockchain.info/pushtx

You can use it from anywhere if you think there are no keyloggers else to be safer use a linux machine(vm) and don't install anything on it except firefox.

Comments are welcome if anybody disagrees?

Feel free to donate some btc to me using this method.

Why are so sure? I mean about Heaven, lol...

bump.

Multiple devs work on Bitcoin-QT. Is Armory a re-write? Is there any concern with Armory?

Can Armory off-line mode be used with media other than USB flash drives? Using a new USB flash drive for each tx could get costly as I would only consider their use in one direction.

Can Bitcoin-QT somehow spend inputs without the full blockchain? I would like to use Bitcoin-QT in off-line mode to generate an address. I would then move some coins to this address. At a later date, is there a way to get the transactions into this off-line PC (ie via CD) and have Bitcoin-QT generate a tx? I could then burn the tx to a CD for broadcast.

 I would do every step on Ubuntu 12.04 LTS Live CD.

Very insecure (stopped reading further, lol). It may very well be a fishing site. Much more secure to compile vanitygen from source (at first auditing the code, of course) and use it for generating (taking all other ordinary measures of securing your pc like plugging off, etc)

Not insecure, I missed a critical step here, generate private key yourself using any combinations of sha256, and use bitaddress.org just to get address and key in proper format, I don't think how can a fishing site not connected to internet can screw at that stage.

Piece o'cake! It would save the keys in cookies and after you plug your connection in again... Don't trust no sites whether connected or not!!!

And that is the reason why i don't want to use it, while my hands are itching though.

Newbie is brain dead at this point. :D

Back to my my original advice. It's clickety click click: http://electrum.org/tutorials.html#offline-mpk

The code is open source in the page and is tested by many people. There is absolutely no security problem. Especially this site is well known. All this other software option I never heard of.
https://bitcointalk.org/index.php?topic=43496.0


@bizz

Look here http://en.wikipedia.org/wiki/Phishing#Website_forgery
I'm not even saying that the site itself (however legit) can be hacked (sooner or later it will happen)

 

;D Did you even click the link? Diceware is no software. It's just a list of words and you use simple dice (yes offline dice lol) to pick random words. You don't even have to use that word list. Nothing is safer for picking pass-phrases. Not any kind of computer or software.

Edit: If worried about forgetting it, you can write it down (in stone/metal maybe?) & split pass-phrase into 3 pieces and bury it in different locations. Not only it's cool (hidden treasure) it's also healthy as probably you'll spend weeks digging trying to find all the pieces.  ;D

So they insist a ton about how secure they are but once their sofware is installed they basically said "There may be some problems, not our business, good luck LOL"?

That's very weird. Or maybe it's funny.

Right, because there is a wallet out there that guarantees lost coins due to software failure.

Well this is interesting:

This paper wallet contains 0.1125 BTC and is BIP 0038 password-protected by only 3 characters. Good luck!
http://www.reddit.com/r/Bitcoin/comments/1q5wu7/this_paper_wallet_contains_01125_btc_and_is_bip

https://i.imgur.com/9GVwXAi.png

Submitted 6 hours ago. Coins are still there.

"If something doesn't work, it is not our fault. If it does, it is"

theres no safest wallet if its online , save it in paper or your computer !

Diceware is not online nor offline wallet and has nothing to do with bitcoin itself. Diceware is not even online password generator (although there are some).

Diceware is a method to pick a strong pass phrase completely offline and completely random!

Using ordinary dice, pen and paper.

And still better in your head!!!

Just make sure you don't get into an accident, or get old, or do something to forget it. ;)

Boot to the Head (http://www.youtube.com/watch?v=vFldBVWFgWo)

But no one will ever suspect you of anything!
Unless they finally get into your head... ;D

Imagine demetia sets in and you remember that you own coins worth millions, but you cannot recall the pass phrase.

 :o

Just fancy you begin to recall passwords forgotten in your youth... :o
Though I doubt Bitcoin will live up to that, so in any case it won't matter

How safe would a on-line wallet be if the only open port was 8333?

This. I'm a huge fan of diceware.

EDIT: Just found this little tool that uses diceware to paper/brainwallets:
https://bitcointalk.org/index.php?topic=308972.0

It is impossible to say. It is not even known from your post where this port is open (client or server). All online wallets are insecure by definition, period

Are you silly enough to reconnect just then and open a site in non-incognito mode?

Me?! :o
It was not my scheme, lol ;D

Ok, I thought a programm would pick out words :)
I'm aware that pass phrasses are safe and good passwords but I think I have a hard time remembering it. I have now made 4 addresses. Some with words that make sense for me. The most important thing will be that it is sufficient long. So at least 20 letters which gives at least 20^36 entropy (I don't use capital letters who does?).

And now I also printed it and put it into a safe of a person which is reliable.(in the case I forget or pass away)

Sorry, that's 36^20, not 20^36 - which is still strong enough, assuming characters are picked randomly. If not, I would expect a hack sooner or later. Just a friendly heads-up.

That is not true.  Running offline you don't have the blockchain and you are only signing transactions.  It only uses a small amount of memory and old computers are find for cold storage.  I loaded Lubuntu on an old laptop.

I did not read the whole thread, but saw a couple of joke answers to this. The truly paranoid will avoid Truecrypt because of the weird license. I am not sure how much encryption actually increases your security. If you decide to encrypt your wallets, you still have to store the (high entropy) pass-phrase somewhere.

The first thing to realize is that you are guarding against two equally devastating losses of Bitcoin: theft and losing the private key. Copying the private key and storing it in a remote location will guard against the second risk, but may increase the first risk. If one location gets raided by police or thieves, it may give you time to spend the compromised coins first, but I would not count on that fact. For Bitcoin there is no deposit insurance to replace your coins in the event of fire: so you really should consider geographically separate storage locations.

If you want to back up to more than 2 locations, consider encrypting the wallet, then splitting the key with Shamir's Secret Sharing Scheme (https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing). If one location is destroyed or compromised (or added), you would regenerate the keys at the remaining locations.

I think it is unrealistic to have a machine that never touched the Internet: but once used as a offline wallet generator, should never touch the Internet again (unless carefully wiped). This implies disconnecting the network, wireless cards, as well as any microphones and sound-cards. If the OS you are using supports autorun, disable it.  I recommend choosing a generic live CD you hope does not have a compromised random number generator. You should try to copy all of the tools you need over to the machine when you are initially setting it up: because introducing code later is always a risk.

When printing your paper wallet, try to choose a printer that is as "dumb" as possible. That means no network (wired or wireless). Hard-drives storing every printed document are also a no-no. For printing my vanity addresses, I used a dot-matrix printer with about 32kB of RAM. That RAM gets cleared when the printer is powered off. Newer computers lack the necessary parallel ports though :P

I should write a guide on how to set up a "secure computer" and post it on my web-site. My only worry is that the NSA or CSEC will then know how to work around my precautions :P

PS: Don't trust hardware random number generators: run their output trough AES (in CBC mode) with a long key that you then delete.
Note: "high entropy" means never published. The "common crawl" dataset (Text of the Internet!) is about 81TB and freely available on Amazon Web Services (still need to pay Amazon to process it though).


Those are published on the internet. since most people probably don't have over 5 favorite songs, we are talking 50 bits of entropy, max. Over 64 is better, over 80 should be good, 128 is secure. To guarantee entropy, pass-phrases should be randomly generated.

edit I mis-read that as "first letter of your all time favorite songs." Make that 20 bits of entropy (max, or about 125,000 songs with 32 variations).


This does not protect against forgotten pass-phrase unless the key is simple enough that it does not protect against wallet theft.

I think for anyone with a few coins "on hand" it's a bit overkill... ;D

Though who knows how much those coins will be priced for in a few years! 8)

The wallet .dat is very much like Del boys butterfly it's designed to keep you on your toe's, one false move or slip of the hand from the uninitiated and pfffft gone for good of course I speak as an idiot who needs an idiot proof wallet. 
This chap here lost 9000btc in 2010 worth over 3 million dollars today https://bitcointalk.org/index.php?topic=782.0

http://i846.photobucket.com/albums/ab22/1973mb1973/84fb7d378d5d0a829739f68d76bb2452_zps070870ef.jpg

Until the day comes when you forget it somehow!..
The safest wallet for small amounts would be blockchain.
Just make a paper wallet aswell!

There are ways of recording your keys that are less likely to attract attention.  One would be using musical notation.  A full size piano keyboard contains 88 keys, which is more than enough for Base58 encoding.  And the typical entry-level digital keyboard today is 5 octaves, or 60 keys, which is just enough for Base58 encoding.  But a musical keyboard is not even required.  It can all be done from a computer.

One way (and there are other ways) of mapping a Bitcoin private key to musical notation would be:
http://i40.tinypic.com/2m7g9ix.png
It does not use upper case I, upper case O, the number 0, or lower case l
Since a typical uncompressed private key starts with 5, it corresponds nicely to a lower E on the treble clef.

And here is a private key in music notation:
http://i43.tinypic.com/2i03bs5.png
It could be output and recorded in audio format (it is easy to do so), rather than notation, and the note durations could be changed to make it more musical and less mechanical.

Done using MuseScore
http://musescore.org/en

And there are other encoding methods available  :)

If these type of things make you dizzy, don't try it.

You won't if it's worth (no pun intended) to be remembered, lol!  8)
Anyway, if this day nevertheless comes, I strongly doubt it will ever bother you... ;D

Though your heirs may have a butthurt! ;D

Could the keys be saved as knocks? 8)
So, when Bitcoin is finally outlawed, we could keep going some form of trade in jail... ;D