Bitcoin Forum

The Bitcoin block chain is trustless in the sense that it's automatically secure. What about Bitcoin wallets? Can't they make fraud payments with the users' bitcoins? If someone installs an insincere Bitcoin wallet then it can start paying bitcoins to some other Bitcoin address than what the user has intended. Or?

It's possible you could download a client that someone has modified or compiled to steal your coins so that's why it's a good idea to only download them from secure/trusted sources. You could test out any new client or pc by sennding a small amount there and if it gets stolen straight away you know it's not safe.

It is probably a good idea to check the md5 hash for wallets. Even then if the site itself were to be compromised the attacker could just change that as well. I think it is a serious concern though.  hilariousandco suggestion might be the safest bet. I started off dealing with extremely small amounts so it wasn't a huge concern at the time for me.

Most bitcoin wallets are open source. This means that anyone is able to inspect the code of the wallet to ensure that these types of attacks could not happen.

typical geek answer. so this is what you would reply with if your grandma asked the question, just before she went and downloaded a wallet from a website she never personally heard of but had been told by a friend to go there...

Checking the MD5 really just ensures that the file is the right size (data has not been lost/corrupted) and integrity maintained after download. Potentially, an attacker who hacks the site or executes a MITM attack could change the MD5 checksum to match the compromised file.

I prefer a PGP signature. MultiBit provides this, for instance.

Even if the code itself is open source, what guarantees me that the build I'm getting was not compiled from a modified source which will take coins away? Especially on phone apps. I have no way to prove that the source code matches the app I see on Google Play or App Store?

Depends on the wallet.

Sometimes I wish I could change my username to CptObvious.

This is why I would rely only on a PGP signature. In theory, it can only be generated by the owner of the corresponding private key. So if you trust the developer (of say, Multibit or Electrum), the signature verifies the integrity of the file and shows that the key owner vouches for the file contents. That's pretty much as good as it gets.

This is possible and has been done.

Fraudulent wallets?  Certainly.


Absolutely.

This is why it is important to be careful about ANY software that you install on your computer (not just bitcoin software).  It is entirely possible that you could install non-bitcoin software that has bitcoin wallet stealing programming hidden in it.  Install some "free game" that some friend on Facebook tells you about, and the next time that you log into your wallet, poof all your bitcoins are gone.

A similar problem could happen with for example web browsers. In practice for desktops the vast majority of people use one of the established browsers such as Internet Explorer, Google Chrome, Firefox, Safari or Opera. These browsers are sincere, unless someone downloads and installs a hacked version. And for mobile devices the situation is similar although a few less known web browsers are available there.

For Bitcoin something similar could happen, that only a few big and trusted Bitcoin wallets would be used in practice if Bitcoin becomes really huge and mainstream.

Still, the trustless innovation in Bitcoin is revolutionizing and it would be good to have that even for the wallets.

Recap:

a) Download from trusted source
b) Check MD5 hash
c) Check PGP signature (if available?)
d) Have your wallet in a dedicated PC, used exclusively for this usage (come on you stingy BTCers... playing holder of the future of the world economy and not willing to spend 100 bucks in a basic system?)
e) Encrypt wallet

With this I would feel quite safe... There are evil wizards around tho... physically disconnect LAN cable when not in use for paranoia users.

Eth.

Short answer:  no.

Long answer:  if the wallet is running on an offline machine in a faraday cage then yes

PGP signature is a must for me. but i'm a stickler for security. this is also the reason why i miss out on all the altcoin pumps -- don't trust the developers or the software. :(

i agree -- i just think it's important to make sure you're getting the file that the developer intends. as another poster pointed out, an attack on the developer's site/man-in-the-middle attack could put you at risk if you don't confirm with a PGP signature.

Good point too, recap updated:

a) Download a well known, often used wallet from trusted source
b) Check MD5 hash
c) Check PGP signature
d) Have your wallet in a dedicated PC, used exclusively for this usage (come on you stingy BTCers... playing holder of the future of the world economy and not willing to spend 100 bucks in a basic system?)
e) Encrypt wallet
f) Physically disconnect LAN cable when not in use for paranoia users.
g) Faraday cage... wait, wouldn't this also screw the HDD? :D

Eth.

Many malware apps are smart enough to go dormant when the network is off and will reactivate when it comes back.

For 40$, you could make a dedicated raspberry pi wallet entirely offline.
Download the official OS Image. Add the required packages. Then disconnect from the network forever. Install the rest from official tar balls. Create an encrypted wallet and you are good to go.

For backups, take a picture of the qr code from an old phone with no SIM card. Check that they can be decoded. Save to several micro SD. Hide them. Then wipe your phone. I hope that it's good enough.

This, I cannot stress how important it is to make sure that you are getting the version that the developer intended and not one that has been placed there with malicious intent thanks to some security hole on the site. The best thing would be to go through every line of code for the open source program and understand what each does, but this requires both a shit ton of time and a knowledge that a majority of people lack.

This is an important step to take if you truly want to be paranoid about your wallet. This would only prevent an attack if an attacker was able to get control over the domain, but not the dev's private PGP key, and the public PGP key is found somewhere outside of the domain. If a user finds the dev's public PGP key on the same website/domain that they are downloading the file from then the attacker could simply change the PGP key listed and sign a message saying that their (malicious) download is the most up to date and correct one.

Well, it seems that at some point you will need to trust someone or something.
But to minimize the problem of replaced PGP keys, I would publish my public key in all my public profiles I have.

I think a better way for most users would simply be to search the forums for reports of incorrect code being on a particular wallet. There will enviably be people that will check the PGP key and check the source code to make sure everything is "on the up and up" and if not will report it. This would be much simpler for the less technically inclined. 

Online wallets may be unsafe, yes. If you don't possess the private key for your bitcoin's addresses, you basically don't own them. All you've got is an IOU...

<---Critical information there. Always check your source and verify the signature.

The problem is, exploits can go on for some time before they are noticed. In the meantime, everyone downloading the file and not verifying the signature is at great risk.

This is true, however people will often report when they lose bitcoin as you likely see often on these forums and on reddit (if you read reddit) when people lose their bitcoin. I would think that if there was some kind of exploit on say Multibit for example that the community would be able to make this conclusion quickly when a lot of people report loosing their coins when using multibit.

EDIT: the more technological inclined should still check the PGP signature and the source code on github for any issues, and when something is not right should report it and make it public.

Excellent advice given in this thread.

I would like to add that large amounts of coins should be put into
cold storage wallet to begin with, and only transferred out
of cold storage using an offline-signed transaction.

The same thing could be said about apps or any other software out there.

So true.

so final recap:

a) Download a well known, often used wallet from trusted source
b) Check MD5 hash
c) Check PGP signature
d) Have your wallet in a dedicated PC, used exclusively for this usage (come on you stingy BTCers... playing holder of the future of the world economy and not willing to spend 100 bucks in a basic system?)
e) Encrypt wallet
f) Backup, backup, backup
g) Physically disconnect LAN cable when not in use for paranoia users.
h) Faraday cage... checked, will not damage your HDD in any way and will protect from random NKorea EMPs :D

Please feel free to bring more suggestions in for the ultimate safe-wallet-procedure

Eth.

I believe original poster suggesting the Faraday cage didn't have in mind the protection of your equipment from the EMP, it's for protecting the electromagnetic spilling from your equipment being read outside of the building you are in. There are claims that there is equipment which can read the state of your screen from the car parked in front of your building. I won't mention USB keyloggers which send all your keystrokes to remote C&C servers, just waiting for the attacker's WiFi hotspot to appear on the horizon while he drives by your house. You've protected your machine from being opened while you are out of house and USB keylogger inserted directly on the motherboard, right? Right?!?

Generate your own address using the guide below on an offline computer without network card or network card drivers:

http://www.righto.com/2014/02/bitcoins-hard-way-using-raw-bitcoin.html

Live boot to an OS offline and use any wallet to generate a key or vanity Generator, backup the keys on a piece of paper, or to a USB drive after you encrypt the files containing the keys with PGP. If you don't want to live boot, be offline and just make sure too format the computer you used to generate the keys with while its offline before it ever goes back online or destroy the hard drive that generated the keys and buy a new one.

Hehe, a keylogger still requires some code to be executed inside the computer, about the equipment that can read your screen... Didn't know about it, interesting.

Still, faraday cages at affordable prices and with Alienware logo engraved seems like a business with future!

Eth.

I see we've entered the realms of unreasonably high security measures again... Reminds of this recent xkcd:
http://imgs.xkcd.com/comics/security.png (http://xkcd.com/538/ (http://xkcd.com/538/))

Wrong! No software or drivers required, here's a simpler model which can not be mounted inside the laptop or computer case, so it's easily observable, and doesn't have it's own WiFi:
https://www.keelog.com/usb_hardware_keylogger.html (https://www.keelog.com/usb_hardware_keylogger.html)
More sophisticated models may be in the computer next to you  ;D

Edit:
Here's the WiFi version, 0.23BTC on Amazon:
https://www.keelog.com/wifi_hardware_keylogger.html (https://www.keelog.com/wifi_hardware_keylogger.html)

I can't find now the "inside the case" version, but Google is your friend.

Re:  bitcoin the "hard way"...  here is a "medium way"
solution:

Just wrote this python script:

https://bitcointalk.org/index.php?topic=694521.new#new

It is compatible with the Electrum wallet (my favorite wallet).
Basically, it is a stand-alone python script that will generate
your seed and addresses for you.

Once you use it to generate your seed, you can use Electrum
normally (OFFLINE -- you should ALWAYS be cold storage for any serious
amounts)... and you can verify the addresses generated to ensure the
seed was generated properly and that everything checks out,
with the added security of seeing the code first hand that
generates the random seed.

- Because the script is small, you can easily review it yourself, quickly,
  so backdoors cannot be hidden in the source code.

- Because you run it from source, there is no danger of running
  a malicious executable

- User friendly for slightly technical users

 

Ok maybe this is a bit off topic but I want to ask, when using a non Bitcoin Core wallet like Electrum (i've only used Bitcoin Core ever), can I use my wallet.dat file with Electrum and I will get the up to date balance and payment history plus all of my recieving/sending addresses on there?

I think wallet.dat files may be importable across wallets but
it is not guaranteed to work, may require special commands
or procedures, and may not preserve all of your history.
 
Also, if you import addresses into a deterministic wallet
like Electrum, those addresses wouldn't be derived from the
master seed, and therefore are not automatically backed up
or restorable from seed.

Legit, I say I don't trust exchanges but I always end up leaving the coins there because basically lazyness and not wanting to miss good opportunities in the alt coin market.

This seems like a pain in the ass to me. I'll stil to Bitcoin Core for now. I think they should work on full wallet.dat portability as one of the main priorities.

I'm not positive about the accuracy of my statement. 

I wonder if Bitcoin could be updated to use public user IDs on the block chain. For example Twitter usernames. Then the need for private Bitcoin addresses is removed and the bitcoins always securely stored on the block chain with the unencrypted usernames.

As for anonymity, simply choose a Twitter username like @AnonBitcoinUser.

Yes. It depends more on if you make rational decesions or not.

What rational decision is? Because I can't imagine one if we are talking about bitcoins.

A)  not going to happen.
B)  would be bad for anonymity because now you have 1 username for many addresses
C)  for what purpose/benefit?

I agree that this would make no sense. It would also make it so that the block chain would not be secured cryptographically but rather with some central authority that houses all of the passwords.

If your wallet.dat is password protected, the software would have to wait until you typed in your password before it can do anything.

If you want to be public, register at http://keybase.io (http://keybase.io) and add your face to the BTC address.

Yeah, one of the main aspects of Bitcoin is, after all, that there are effectively no accounts. The addresses are one part of a crypto pair and that's it. Extending the whole system with changeable names or something is another application and may or may not be implemented on top of the system we're currently employing. Namecoin?