Bitcoin Forum

Hi guys,

First of all I'm really a noob regarding computer language, softwares etc. I discovered bitcoin couple months ago and I bought a few of them. I registered at blockchaininfo.com and that is where they are right now. At the time I wasn't even aware that bitcoin-qt existed and I thought online wallets were the only way to go. But now that ive read a few topics here, and bitcoin prices are up, I'm considering incresing my security. Also I'm always tempted to sell but deep inside I just wanna buy and hold so I wanna make it difficult to move them coins. What is the procedure to move those bitcoins from blockchain.info to an offline wallet? I read that article https://bitcointalk.org/index.php?topic=17240.2480 . Is that still a good way to do it? I bought a 5$ unbuntu live-cd on ebay and I may try that. I don't have any old pc at hand  so a way to do it without storing them into a computer would be the best for me. I also installed and syncronized Bitcoin-qt because I'm aware that it could be part of the process to a more secure wallet.

That's what I know for now.. Those thoughts are all unclear though and I don't know where to start, so if some of you tech savy guys could point out the best threads on the subject or where I should start, it would be verry appreciated.

Also I speak french so it makes it even tougher to be clear.

Thanks

Edit
To sumarize I would like a wallet where I never log in to avoid malwares and keyloggers, and where there is not information about it on my computer, like the private keys etc. I would only send bitcoins from time to time to that address. No spending.

Sure ok. So ill give you a description of the most secure way to do it. Well go right to the james bond level.

• Hover over this url https://bitaddress.org (https://bitaddress.org) look in the bottom left corner of the screen to make sure it is honest
• Right click on that url and click save link as. Save it to a usb drive or something like that
• Boot ubuntu from your live cd (DO NOT CONNECT TO THE INTERNET)
• copy the bitaddress.org.htm file that you saved on your usb drive to your desktop
• open the bitaddress.org.htm file from your desktop
• go to the print paper wallet tab
• connect your pc to your printer using a usb cable and print the paper wallets (not wifi)
• (optional for extra security) clear your printer cache
• restart your computer
• send bitcoins to the address on your paper wallets in w/e denomination you like
• (recommended) laminate your paper wallets

Cool that sounds simple! The only thing is I didn't receive my ubuntu live-Cd yet. But I'll do that as soon as I receive it! After I send the coins to that address, will there be some way so see if the funds were received?

just make it yourself then, its super simple. If you have a 32 bit machine than download this iso http://www.ubuntu.com/start-download?distro=desktop&bits=32&release=lts (http://www.ubuntu.com/start-download?distro=desktop&bits=32&release=lts) If you have is 64 bit machine than use this link http://www.ubuntu.com/start-download?distro=desktop&bits=64&release=lts (http://www.ubuntu.com/start-download?distro=desktop&bits=64&release=lts) These are image files so just use a standard cd/dvd burning program to create an image disk using one of these two iso's. And thats it you have an ubuntu image disk.

What about on a mac?

Cool but I think I'll wait for my cd, just to make myself believe that I didnt pay 5$ for nothing lol. Anyway I have 2 way authentification and strong passwords on blockchain.info so I should be alright by then. So I'll be super secure with that? Like that's a good way to keep bitcoins furing 5 years and avoid any risks of stealing if you protect the private key etc? Because that's what I'll do. Also nevermind for the part where I ask how I'll be able to see the funds, on bitadress I just saw you only have to paste the address on the blockchain.

One last thing, any risk of bitaddress at some point trying to steal coins from the address they generated?

Thank you very much for the answers I love that site.

I would never trust a live cd that I didn't burn myself or bought directly from the ubuntu store:

http://shop.canonical.com/product_info.php?products_id=976

i thought about that also but then i thought, if he boots from the disk and makes is keypairs and then reboots his computer back to its normal partition without ever connecting to the internet, it should be fine for that purpose.

That's what I bought: http://www.ebay.com/itm/180886304621?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1439.l2649

Two last questions:
1- I saw a topic, where the guy generated a key from bitaddress and when he was about to send coins he discovered it was already an address and it had 50btc on it so he could have access to them. I think the post was old though and it's really possible that the bug was fixed. Could that be an issue?

2- I tought about setting a brainwallet for my keys. What you think is better? Setting a really hard passphrase or just printing out normal keys and hiding them in safe?

Oh and one last thing :D . When I shut down my computer and restart it, will ubuntu still be running or will I be able to keep using windows as before?

Thanks

sounds like hes full of crap to me. it asks you to move your mouse around at the start inorder to seed entropy, so then for there to be an address collision like that i think he would have had to seed it with the exact same mouse inputs, which seems astronomically unlikely.


brainwallets are the best way to go in my opinion but you have to know how to make a good password and that takes some knowledge. Even a long password may still be broken if it is not a good password. And even a good password thats short may still be broken. Infact you could type in an entire paragraph from a book and it would probably be broken by someone using an algorythm that searched google for known literary phrases.

you have to understand that with brainwallets if someone is trying crack brain-wallets they are simultaneously trying to crack everyones on earth. This means that it can potentially be a lot more profitable to invest resources in cracking brainwallets than any one persons password for something.

So with that being said, if you decide to go the brain-wallet route this is how you do it:

First make a high entropy password. http://www.random.org/passwords/ can help with that. Write this down and store safely in multiple locations. give a copy to your grandma, hide a copy under the rug, but make sure it never becomes part of the public record. This part will protect you from brute forcers who are not targeting anyone in particular but all of the brainwallets in the world at the same time.

second make a medium entropy password. this is something that uses a real sentence with real words so that it is easy to remember but will never be part of the public record. For example "my pet gorilla snorts lemon powder when she thinks about her blue hair" its syntactically sound but semantically ridiculous. this part you NEVER write down or tell anyone about ever. it must only exist in your brain. this part will help to protect you against the brute forcers but also against someone who obtains the key you wrote down. so think like if the cops raided your house or something and got the high entropy password you got from random.com that key wouldnt be enough since you have this in your brain.

for the last part add something from the public record. things from the public used by themselves make very bad brainwallet passwords BUT in conjunction with things that are off the public record they can add a lot of security for almost no cost to your memory, since you dont have to remember the words themselves only where they are located. So for example you may take a common book and turn to a random page and use a short paragraph. now you may not remember what the words were exactly but you remember what book it was and about where it was in the book and what the paragraph was about and you can easily find it again.

Anyway i highly recommend this method and i highly recommend that in addition to writing down the high entropy password you work diligently on committing it to memory just incase. If you can do it right this is definitely the best way to store your btc because this way NO one can ever take them away from you. the government can take EVERYTHING away from you, your house, your bank accounts, your life savings, the contents of your safe, your clothes, they can even examine your rectum, and lock you in solitary confinement, and you will STILL be filthy rich, even after all of that. This is, more than anything, what makes bitcoins so valuable to me. You can have TRULY sovereign wealth even in a statist paradigm where the government has its slimy tentacles on every other aspect of our lives.

yep it will run it on your ram rather than your hard drive. just dont install it.

unless the key pair was already produced by the creator of the disk image and presented to him as fresh

theoretically possible. in practice though he has a better chance of being killed by a rogue meteor. ;D

perhaps, but if we are going to be paranoid...

No. If he's booting from a malicious CD/DVD then all sorts of things could happen. Some scenarios:

- Malware gets installed on his hard drive.

- The random number generator on the DVD is such that it produces deterministic numbers that the malware author can predict. Meaning any private keys you generate could also be generated by the malware author and he could steal your coins.


Ideally when you get the DVD you should do a md5sum to confirm it is the same as

c4f4c7a0d03945b78e23d3aa4ce127dc *ubuntu-12.04.3-desktop-i386.iso

http://releases.ubuntu.com/precise/MD5SUMS


1. Personally I would not use bitaddress. IMO it is better to use bitcoin-qt or electrum. Both will require some fiddling though but more secure.

2. Electrum. Brainwallets where you pick your own passphrase are a VERY BAD idea. Electrum will generate a truly random 12 word passphrase.

You will get windows after the restart. But if you have linux swap partitions Ubuntu may write to them.

Ok thanks will do to verify my ubuntu CD.

Damn your making me unsure of the way I was going to proceed lol. Then what would be the way to make a paper wallet with bitcoin-qt for savings that would be risk-free vs malware and keyloggers, that I would create offline? And that I would just hide in different places? If it's too long to explain just maybe give me a couple links about the subject?

Thank you

just check the hash of your disk before you use it and then follow the steps in the bulleted list in post #2. it doesn't get much safer than that.

So I should stick to your plan?  :P

Seems like a really good plan to me indeed.

The only thing that makes me paranoid, and it could happen with bitcoin-qt or whatever I guess, is the scenario that at one point in time in the upcoming years, somebody will create the same address I have and get my bitcoins. I know there is a shitload of characters and letters in those keys, but there is also a shit load of addresses being generated, and if bitcoin becomes mainstream, that shitload will be multiplied by 100 and the risk of generating same addresses will increase as well?

Maybe I'm completely wrong too I'm a noob regarding bitcoin technicals.

what jojo said ;D

I dont really understand the first paragraph because I'm french and vocabulary and concept is a little bit tough, but I understand the rest and it sure is convincing lol. So basically there is no way 2 addresses would be generaing twice? Before computer are made of other things than matter.. loll

But what about that post https://bitcointalk.org/index.php?topic=254489.0 and reply number 7 ... That's basically why I posted my paranoid post on generating same addresses.

not impossible, but vanishingly unlikely, probably an elaborate troll...and by "probably" I mean 99.9999999999999999999 I'm getting tired of pushing 9 %

I read the rest and you are right lol. I'm convinced now!

The linked post is from 2011, and is not very good. It includes complicated steps that are more likely to result in you losing bitcoins.

There are two strong ways to store your bitcoins:

• On a securely generated offline paper wallet (for savings)
• On a dedicated secure computer only used for Bitcoin running Bitcoin-Qt

Notice I did not say virtual machine, web wallet, copy your wallet all over the place, etc.

Here is how I would configure this secure dedicated bitcoin computer:

Get a desktop PC, it doesn't have to be anything special. Use a hash-verified ISO Linux distribution CD or DVD image (kubuntu 13.10 32 bit is a good choice). When installing, wipe and create a manageable partition, such as 100GB, on that computer and install the OS. Choose the option to encrypt your whole hard drive, and create a user name, both using a strong and long password you will not forget.

Now, get the official binary of Bitcoin-Qt, download it from the http://sourceforge.net/projects/bitcoin/files/Bitcoin/ official repository. Verify the expected hash or signature of this file independently on a normal computer or with communication with others vs your copy. I'll help you out here:
Now set up your wallet securely. First create the ~\.bitcoin directory yourself, and put a bitcoin.conf file there, with these options to lock it down and make a more secure wallet backup:


Run bitcoin, and encrypt your wallet with a different password than the above you also won't forget. Let it catch up on the blockchain (days).

Now, we must backup that wallet securely. We are talking about "your house burns down", "your computer is stolen" securely. You must never store the backup wallet.dat on any computer or device that will touch the internet besides your wallet PC; buy a new flash drive for this, or burn a CD from your secure computer. Restart your computer before creating a backup to ensure Bitcoin is not running or accessing the wallet.dat.

You must also backup the passwords for both the hard drive encryption and username, along with the password of the wallet. Too many people have forgotten their passwords and lost coins. As you created these, you should be able to write them down. Paper password backups should be stored securely (think safety deposit box), and separately from the secure PC or location of wallet.dat backup media.

Advanced Level: TEST YOUR BACKUP

Send your new secure PC wallet 0.001 BTC and see that it gets there. Great? Now wipe the hard drive and do it all again! Okay, that's extreme, but imagine the hard drive dies and you must restore your wallet - it must work. Plug in a different cheap hard drive and do all the steps above to install the OS; then restore your wallet backup and spend your test bitcoins. Your backups must work. After verifying that you were able to re-create the OS and restore your backup to spend bitcoins, the second hard drive can be another type of backup you can store securely, or if not, you should wipe it with manufacturer's "erase disk" utilities.

i really don't understand the part about not letting your backup wallets touch the internet. If its well encrypted on a computer with a fresh linux install, no additional software and every port locked down except 8333, how on earth could anyone ever unlock your wallet? you should be able to post it publicly here on the forums with bold letters "this is my wallet" and have 0 concern. I scatter copies of my backup wallet over the internet like seeds to the wind. That just seems smart to me, but maybe I'm missing something.

Wallets don't start out encrypted, instructions must not give bad advice to those who haven't encrypted their wallet or have a wallet with previously-unencrypted addresses in them.

Good security relies on something-only-you-have + something-only-you-know. You don't want to reduce that to something-only-you-and-I-have + a-password-only-you-know-that-could-be-your-reused-hackackable-password.