Bitcoin Forum

Currently I have my BTC, LTC, NMC, PPC, and XPM in each of the clients on my Linux computer.  This worries me because if my computer is physically stolen, I would lose access to my coins permanently.  I've read about the various procedures for protecting coins from online attackers, but right now I'd like to protect my coins in the event my computer is stolen.  Should encrypting and backing up each wallet to a series of safe computers somewhere accomplish this?  It's OK if one of the backups is stolen since the backed up wallet is encrypted, right?

The procedure for this in the *-qt clients seems to be Encrypt Wallet and Backup Wallet, and for multibit it seems to be Add Password and Export Private Keys.  Is that correct?

Do that but put them in a encfs file, rar file or truecrypt. Then publish publicly

I've encrypted each wallet and backed them up.

If the password I use to encrypt my wallets is compromised or otherwise deemed non-secure at some point, do I need to hunt down and delete all backed up copies which used that password?

Why is /home/user/MultiBit/multibit.key only 132 bytes when the wallet backups from all of the other clients are over 50 KB?

Multibit asks me if I want to password-protect the exported file when I Export Private Keys.  Is that redundant if I've already added a password via Add Password?

Add all the passwords you can, different ones. Double or triple rar.

Also no hunting, simply sweep into new wallet.

If the password is deemed non-secure, and the wallet (private key) that is protected by that password could be available to leaks, then your only choice is to transfer all the BTC from that compromised address to a new, secure one.

If you know the wallet that is protected by that password is still secure on your machine, then you only need to change to a more secure password.

MultiBit separates the private key from other wallet data (which may include transactions, balance, etc.) Only the private key is needed to completely restore a wallet.

No. If the private key is exported without a password, then you'll have the encrypted copy in the wallet, and an unencrypted copy in the multibit.key file.

When you export a private key from MultiBit, you choose to add a password or not depending on what you will do with that file. If you will be transferring it over a network, then you should choose a password. However, if you are merely sending it directly to a printer, you can save it without a password, as long as you make sure it is securely deleted after you have printed it. Then store the printout in a safe.

Mycelium is another client I use that has a unique method of backing up. It creates a PDF file with encrypted private key(s) and displays the (secure) encryption password on the screen only. After you print the PDF file, you write the password on the printout with a pen, then store it in a safe. This method ensures that anyone who intercepts the printout before you have it will be unable to use it without the password that is only shown on the screen of your smartphone.

I'm just wondering about your computer. Is it a desktop? Is it a laptop?

When you talk about physical theft, it brings to mind physical security and access to where you actually have your computer.

In any case, you need redundant encrypted backups as theft is only one problem, and probably not your biggest problem. If some disaster hits, you've got it covered. And regardless, as soon as you can, you should sweep all your coins to a new wallet after anything happens.

Hard drive failure is the biggest threat. I'd recommend encrypted DVD, and flash disks in several locations, as well as at least one paperwallet hidden somewhere

What if you back up your private keys along with the rest of your system backups which are then versioned via rdiff-backup?  I would think you'd have to delete all remnants of your private keys from your versioned backups in case they are compromised in the future and used with your non-secure password?  I'm not sure if rdiff-backup will do that but hopefully.



But on *-qt clients, if the wallet is encrypted with a password then the exported wallet will also be encrypted?

Can anyone confirm the above two things for me?

I also noticed the following:

http://bitcoin.org/en/secure-your-wallet



Are these both non-issues with Multibit and the *-qt wallets?

yes, please dont store all coins on that pc  :-\ !

Multibit might be an issue. Qt and armory are seeded

Modern hard drives are not realistically susceptible to a full fledged crash.
At a software/os level hdd issues can occur, usually due to improper shutdowns.

First of all, I would suggest hdd encryption on the system you are using for offline storage.
That will protect the bitcoins/wallets.

Having a hidden/possibly encrypted private key in paper form would be wise.
You can store a private key with some extra encryption.
Do not disclose how the printed key is encrypted and run it through various algorithms.
Only you would you would how-to decrypt the paper copy and to a observer of the paper it would like nonsense.
It should be pretty darn safe.
You would be able to decrypt and transfer LONG before a thief could.

Why encrypt the hard drive to protect the wallet when only the wallet itself needs to be encrypted which is done via the client?

Encrypted wallets (by the client) do not protect privacy. They only protect the private keys. The bitcoin addresses are still in the open.

If you encrypt your hard drive, no one sees anything.

I would argue strenuously against this assertion. If employed indefinitely, every HDD will fail. Every. Damn. One.

Here is a simple solution that I use:

Place the encrypted wallet into an encrypted RAR/ZIP file protected by a strong passphrase. Put one copy of the file in a safe deposit box (USB drive) and the another copy on some online cloud storage or webmail account. Use a non-obvious name for the file.

Delete all other copies of the wallet. You can optionally do a DoD 3 wipe of the disk that held the wallet.

If it is a savings wallet, you can continue send BTC to the receiving address(es) in the wallet and check the balance on Blockchain.info.

If you ever restore the wallet to spend BTC, make sure to update all the cold backups so that you capture all the change addresses.

This worries me.  So if I back up my private key and continue to use my wallet, the backed-up private key does not back up my entire balance at some point?

I have my pc setup with 2x hard drives in a raid mirror , if one drive fails(and hard drives all fail at some point) I put another in and it rebuilds the image. I also backup my wallet .dat files to a USB stick and hide in case pc is stolen

Depends on your client. If you re using electrum or armory, you re ok.

Harddrive faillure odds are bigger than theft. So backup your wallet on 2 USB sticks to be sure.

Just plain untrue, if we look at burglaries for 2011.
http://www.bjs.gov/content/pub/pdf/hb9411.pdf
If we look purely at portable electronics stolen that year 978,700.
There is about 2 personal electronics stolen each minute(This is in the U.S. only).

Even if we sampled every person with a post 2000 hdd (including all countries).
We would get nowhere near 2 hdd crashes per minute.


Backing up on USB Sticks is still wise.
Backing up in general is wise.
If you are incredibly sure of your encryption you could do a usenet backup.

Do you mean encrypting the dvd completely or a simple openssl aes file encription would be ok?

Use a Millenium DVD

What is true:

1. Hard drives fail.
2. USB flash memory fail.
3. Anything physical gets stolen.
4. Anything physical decays, rots, or deteriorates.
5. Human error (yourself, or others) can destroy your media.

Eventually.

Backup backup backup. Different media. Different locations.

Encrypt so no one else can read it.

Backup so you can find it in case you lose the first one.

To confirm, I'm not OK if I'm using multibit?  That's enough to get me to switch away from multibit.

What about the QT clients for the altcoins?  Do they have this deficiency?

I encrypted mine with the client, then encrypted the wallet.dat and emailed it to myself.

You should also save a paper backup, unencrypted, with information explaining what it is, in a safe deposit box so that your heirs can have your bitcoin when you die.