|
No funny joke yet.
PS: My girlfriend actually likes bitcoin, but her father was upset that I introduced her to it. Fortunately her father is a mathematician, so it took me only three lines of email to get him totally fascinated about bitcoin.
|
|
|
|
They get included eventually. Don't worry.
"Eventually" would mean a security flaw. If it is not included, the money sender can never be sure whether someday somebody will use the transaction he signed to take money. |
|
|
|
|
I don't use any drugs but caffeine, but I think that certain drugs should be legalized (and strongly regulated).
|
|
|
|
How do you guys spect GPG to be malware-proof?
If your system is compromised , it doesn't matter what tools you use on top of it.
ex-actly. and nowdays bookits in mobo/video frimware is quite common, let alone mbr things and stealth rootkits. Ugh. How exactly does one set up a clean PC, and keep it that way then? I take more precautions than probably 98% of the general population but I'm positive that's not enough. You need proper hardware. Unfortunately most hardware is crap and you don't know which products are good before you buy them. For example a motherboard just needs a single hardware switch that disables the possibility of firmware/BIOS updates. If you can do that, you can start looking for the software you want to run. |
|
|
|
In the case of ext3 file systems, the above disclaimer applies (and
shred is thus of limited effectiveness) only in data=journal mode,
which journals file data in addition to just metadata. In both the
data=ordered (default) and data=writeback modes, shred works as usual.
Ext3 journaling modes can be changed by adding the data=something
option to the mount options for a particular file system in the
/etc/fstab file, as documented in the mount man page (man mount).
In addition, file system backups and remote mirrors may contain copies
of the file that cannot be removed, and that will allow a shredded file
to be recovered later.
Since data=ordered is the default then what's the problem? It's the default of the file system creation tools. It not the default of any serious linux distro. On todays drive dimensions that would make file system checks after violent system shutdowns take decades. |
|
|
|
so this is good news for the guy that used the shred command on his wallet?
As far as I'm concerned, this is the only reason why I opened up this thread.  What? You? It was me! But yes, that was an inspiration. Not because he destroyed his wallet, but because people seem to have told him that deleting with shred is all you need. |
|
|
|
I probably missed the thread where TrueCrypt was shown to be useless. Can you describe why? is it simply that as soon as you mount an encrypted volume its contents become vulnerable?
AND, can you please give an overview of proper security measures one can take (without becoming a security expert)?
Because people ignore that TrueCrypt is no easier than any other encryption method. You can easily setup something, but it's not trivial to ensure that it is secure. http://forum.bitcoin.org/index.php?topic=16246.0 |
|
|
|
Why?
That's not shred's fault. shred is just from another millenium. Modern operating systems use modern file systems, that don't store files at a fixed place any more. That has a lot of reasons that reach from performance improvement to better error correction after system crashes.
When you use shred on these filesystems (anything more modern than FAT and ext2), shred will write random data to the file - but that does not actually hit the disk at the spot where the file used to be. The original data of the file may survive that. For more details see the man page quotes below.
If you're using a solid state disk, even FAT or ext2 won't make shred useful. SSD's do lots of stuff underneath the filesystem to speed things up and for wear leveling, so even if the filesystem things it is overwriting the file it probably isn't. (On the bright side, many SSD's are agressive about reclaiming deleted blocks, so if your OS deletes it instead of moving it to a trash directory, it will get overwritten quickly.) Same is true for magnetic disks. But that a different issue, that's on the hardware level. That's only relevant if somebody gets your drive. The problem I was talking about is that there remains data that is accessible via software. |
|
|
|
Well according to the manual it does work in ext4 except in data=journal mode, so most Linux users should be alright then, no?
No. Journal is the essential feature that makes the advantage of ext3/4 over ext2. If you disable that, the only remainig difference is details like maximum file size. You have a slow old file system then. |
|
|
|
After the bullshit advice that security noobs give here all the time about VMs and TrueCrypt, this time I will discuss shred. Problem:Destroying wallet.dat files with shred does not work. Why?That's not shred's fault. shred is just from another millenium. Modern operating systems use modern file systems, that don't store files at a fixed place any more. That has a lot of reasons that reach from performance improvement to better error correction after system crashes. When you use shred on these filesystems (anything more modern than FAT and ext2), shred will write random data to the file - but that does not actually hit the disk at the spot where the file used to be. The original data of the file may survive that. For more details see the man page quotes below. What does work?shred is still useful - for example if you wipe out entire drives before creating new filesystems. If you don't want to wipe out your whole disk every time, you have to choose between a prehistoric file system or cryptography (which is not trivial). Read the f****ing manual!CAUTION: Note that shred relies on a very important assumption: that
the file system overwrites data in place. This is the traditional way
to do things, but many modern file system designs do not satisfy this
assumption. The following are examples of file systems on which shred
is not effective, or is not guaranteed to be effective in all file sys‐
tem modes:
* log-structured or journaled file systems, such as those supplied with
AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
* file systems that write redundant data and carry on even if some
writes fail, such as RAID-based file systems
* file systems that make snapshots, such as Network Appliance's NFS
server
* file systems that cache in temporary locations, such as NFS version 3
clients
* compressed file systems
In the case of ext3 file systems, the above disclaimer applies (and
shred is thus of limited effectiveness) only in data=journal mode,
which journals file data in addition to just metadata. In both the
data=ordered (default) and data=writeback modes, shred works as usual.
Ext3 journaling modes can be changed by adding the data=something
option to the mount options for a particular file system in the
/etc/fstab file, as documented in the mount man page (man mount).
In addition, file system backups and remote mirrors may contain copies
of the file that cannot be removed, and that will allow a shredded file
to be recovered later.
GNU shred manual from Ubuntu 11.04 |
|
|
|
|
Linux shred does not work on file level. That's a prehistoric tool. Stop using the filesystem with the wallets on it immediately. Scan the whole partition for wallet-like patterns after that.
|
|
|
|
|
Does Bitcoin-specific USB drive mean Bitcoin stealing malware included?
|
|
|
|
But once a day you start the Bitcoin client to keep track of transactions and catch up with the blockchain.
While you're doing this your Truecrypt volume is mounted and the wallet.dat decrypted and accessible by all malicious applications on your computer.
At least you got that point right -- but that makes the advice pretty useless. Better install a second computer or secondary/live system or a second user account with encrypted personal data. You need to enforce policy as much as you need encryption to end up with a useful and secure setup. |
|
|
|
Or even if they do use so called 'strong password' they'll easily get cracked by a GPU based password cracking program. These days even 11 to 20 character length password aren't safe.
Bullshit. 12 charakters are save, if you use different types of characters and don't use dictionary words. |
|
|
|
You don't know anything about encryption. Encryption is a tool. You need a concept and policies to use it. Who cares that it is encrypted, it is not you who has the key! |
|
|
|
|
Whats the justification for the concept of inheritance in the first place?
|
|
|
|
Promoting USB memory sticks with a linux OS and a bitcoin wallet is better idea.
You have two wallets, the day to day one in your normal computer and the "rich" one, with most of your funds in the USB. When you want to transfer funds from the "rich" wallet you turn off the computer, insert the USB and turn on the computer so it loads the OS from the USB. Then you transfer the funds, close the computer and remove the USB.
No. USB sticks are phenomenally likely to break or corrupt your data. Or get stolen, lost etc. You got cryptography and error correction for that purpose. A single USB would be not enough, of course. |
|
|
|
Every miner is a Bitcoin employee that claims their contributed value through their share of the Bitcoin currency.
Fortunately not true. Everybody has about the same vote independent* of BTC assets. *) At least in principle. I practice, people with more money could get more computing power. But that doesn't require to be consisting of BTC. So Bill Gates could make a higher vote then all of us, even if he doesn't have a single bitcoin. The analogy falls apart when it comes to the shares of computing power but in terms of product/assets it's intact. But if assets don't mean anything, it is more like being customer than stock holder. It is like two persons eating different amount of hamburgers at McDonald's. That doesn't make them share holders of the company. |
|
|
|
I would accept taking the loss and learning your lesson.
Can we let these drama threads die, please?
Riiiiight...such wonderful advice. How easy for you to say. Calm down. 1. You put your keys on Dropbox - that alone deserves learning a lesson! 2. You didn't invest money $500k of hard work. You just lost your jackpod. I see. The old "hate the early miner" issue...so be it. The dropbox thing is way more important. For me it is obviously like putting $500k of cash in a locker at a public swimming pool. |
|
|
|
|
Show Posts
