My first thought was "Do I really want to trust a guy named Houdini?  My Bitcoins are about to have a disappearing act!"

But seriously, good advice!  There was another thread today that told how to create an offline wallet / vault for your valuables.  I highly recommend reading that, too.

http://forum.bitcoin.org/index.php?topic=17292.0;all

Sorry, yes, I have mentioned a few times that a printed copy of wallet.dat would be attractive to me.  But let me explain:

First, the valuable part of wallet.dat is the key pairs. 
Second, Bitcoin creates 100 Bitcoin Addresses to start with, and each time you perform a transaction, your wallet gets a little bigger.  You'll create more keypairs, and therefore more size.

What I was trying to say is that you can create a virgin wallet, and print the important parts of THAT.  Specifically, the key pairs necessary to reactivate ONE bitcoin Address (not 100).

That set of information is relatively small - I believe significantly less than 1000 characters.  It could easily be printed and stored on one page.  Even a virgin wallet file with the 100 key pairs is only about 16K.

My logic with this was to create a "vault" for your long term storage.  It would be used for deposit only, until someday when you want to retrieve it all.  The paper would be a fail-safe, if all media failed (imagine you store your wallet.dat file in a safe deposit box, and the renter next to you stores a large magnet!)   Paper has some advantages.

The next question is, though, what do you do with this paper in the event you need to recover.  I believe it would be relatively trivial to write a program to recreate a valid wallet file given the piece of paper, but I haven't proven that yet.  I also believe that if I had 100K tied up in my ability to perform that task, I'd get it done!  (especially since the Bitcoin software is open source, and the file format is documented.)

Here's all the stuff that's in a "loaded" wallet.dat file.  That's why I think you want a "virgin" file (and you really only need 1 address's keypairs):

    your keypairs for each addresses
    transactions done from/to your addresses
    user preferences
    default key
    reserve keys
    accounts
    a version number
    Key pool

See why it gets huge?

OK, I lied a little in my description of how it occurred, in the interest of simplification.  I actually created the wallet.dat file on LinuxCoin, using the version of Bitcoin that's on their 0.2a release.  Given that it came out on May 6, I don't think that my wallet.dat file was created on 0.3.23 of Bitcoin.

However, the rest of my story is pretty accurate, and the software that I tried loading the wallet.dat file onto was 0.3.23.  Well, it was downloaded today (as the latest release), so I am pretty certain that's the version number, although I am not in a position to check.

Why even connect to the net at all?  You can create a "vault" wallet file on a disconnected PC, store the wallet file in a real safe, and send bitcoins from your minimal wallet to your "vault" Bitcoin Address anytime you want.

Years from now, when you need to access your savings, retrieve the wallet file from the safe.  Once the whole blockchain is loaded, your coins will be waiting for you.

Not quite, unless he declared the Bitcoin gain, in which case, it's a wash.

@aiwk171-

Excellent guide, and I especially appreciate the crossed out words.

The only thing I did differently was:
1.  Download LinuxCoin, which is a "Live CD" that includes Bitcoin
2.  Install LinuxCoin while you are disconnected from the internet.  This way there's no chance someone will hack you during the minutes it takes to complete this procedure.
3.  Fire up your PC running LinuxCoin, start up Bitcoin, and create your wallet file.
4.  EXIT Bitcoin
5.  Dump your wallet file to multiple mediums, including CD, USB key, and maybe even paper.

My wallet.dat file was 16K, so a lot of hex to re-key in later (in an emergency situation), but really you only need less than 1K of the file: your public and private keys to enable the one Bitcoin Address to work. 1K of hex isn't impossible to type in.  I may write a quick python script to pull out the critical few bits from wallet.dat, as an emergency+emergency backup.  Of course, a QR code would be nice, but too much work for the emergency+emergency backup!

The only reason I really like paper is because I am thinking 50 years down the road, when someone pulls out my safe-deposit box.  I'm afraid electronic media might be in jeopardy.

Don't forget to include instructions for your next-of-kin.  It's possible that they will find the disks, and not realize the potential value stored on them (especially if it's in the next year or two, before digital currency really is wide-spread).

---

And, for everyone who is too lazy or not technical enough to do all this, the alternative is to find a Linux geek who you REALLY Trust to execute these steps for you.

If you ARE the Linux geek who can follow these instructions, I encourage you to offer your service to others.  Once you fire up your Live CD, create a few of these "vaults" for your non-technical friends.

---

Also, note that if you make regular deposits to this account, you can check the status of them at any time on Blockexplorer.com, and see that your deposit was made.  You can also sort of verify the balance at any time, and make sure no one is stealing your Savings account. 

@Joan-
Hmm, boy, you are right.  The code seems to be there.  Here it is, along with my notes in bold:


    CBlockIndex *pindexRescan = pindexBest;                  # Set two values to be EQUAL
    if (GetBoolArg("-rescan"))
        pindexRescan = pindexGenesisBlock;
    else
    {
        CWalletDB walletdb;
        CBlockLocator locator;
        if (walletdb.ReadBestBlock(locator))                      # Some conditional *
            pindexRescan = locator.GetBlockIndex();            # Conditionally set one of the values to something else
    }
    if (pindexBest != pindexRescan)                                # Check to see if the two values are EQUAL
    {
        printf("Rescanning last %i blocks (from block %i)...\n", pindexBest->nHeight - pindexRescan->nHeight, pindexRescan->nHeight);
        nStart = GetTimeMillis();
        ScanForWalletTransactions(pindexRescan);
        printf(" rescan %15"PRI64d"ms\n", GetTimeMillis() - nStart);
    }


So, my deductive skills tell me that the conditional marked with a "*" is not True for me. 
In other words, walletdb.ReadBestBlock(locator) is False when you are using a new wallet.
And it's true when you use an old used wallet (as you did in your experiment).

This is just a guess.  What do you think?  I'm all for squashing bugs when it comes to our money!


THANK YOU dacoinminster!

If you've been messing with your wallet.dat file, and "lose" a bitcoin in the process, this tip might help you out.  (This is probably old news for the long timers, but I think this might benefit someone!)

If you start bitcoin with the -rescan option, the block chain is rescanned looking for any bitcoin transactions that pertain to your current wallet.  So make sure you try that!


Here's what I did to lose, and subsequently find, a bitcoin.

 1. I've been running my client program, where I have say 50 Bitcoins.
 2. I ended my client program
 3. I backed up my wallet.dat file, and then renamed it to wallet_50btc.dat
 4. Start the client program, and generate a fresh new wallet with a new wallet ID, new private keys, etc. 
 5. Copy my new Bitcoin Address to notepad
 6. Terminate the client program
 7. Rename wallet.dat to wallet_0btc.dat
 8. Rename wallet_50.dat to wallet.dat
 9. Start the client program.  All looks good, I have 50 Bitcoins.
 10. Pay 1 BTC to my new Bitcoin Address that I had copied to notepad.
 11. Wait for at least 1 confirmation.  (I wanted to make sure that I got my change!). Now my balance is 1 less, i.e. 49 BTC.
 12. Terminate the client program.
 13. Rename wallet.dat to wallet_49btc.dat
 14. Rename wallet_0btc.dat to wallet.dat
 15. Start the client.  The wallet is empty.  Where'd the 1 BTC go?

 (The answer is that it's in a block that was already received and processed (in step 11), and so Bitcoin isn't going to process it again, unless instructed to.  They aren't really lost, they're hidden in the Block Chain, and your client program isn't going to go look for them, unless you tell it to.  The client program thinks it has already processed all those old blocks.)

 To re-find the lost coin:
 16. terminate the client.
 17. run the client with -rescan option.  After processing all the blocks, the 1 BTC shows up in the client.

Hopefully this helps someone find some lost Bitcoins.  If so, I'll gladly accept a cut!
Reference: https://en.bitcoin.it/wiki/Running_Bitcoin

I'm anxious to give LinuxCoin a try.  Here's what I am seeing:


I boot the ISO from CD, and get a splash screen that says LinucCoin (not LinuxCoin).  OK minor typo, no biggie, but just thought I'd point it out to show that I am trying!

Then it stays on the splash screen, telling me to press enter or tab.  After about 15 keystrokes, which seem to do nothing, then every keystroke beeps.  I'm stuck on the splash screen.

Any quick tips?  Or do I need to (gasp) read the documentation?

Edit:  I think the issue is the CPU (since this kernel requires an x86-64 CPU, and I was trying to boot on an old machine just for experimentation.  Time to try it on a "real" CPU.)

Nothing under 4 letters is cheap while in Beta. 
Once again, it's a deterrent, during Beta.

As I mentioned earlier, I pre-registered over 10,000 for freebies.

Thanks for the feedback. 
I see that you are relatively new to the forums (user number 17000 or so). 

What you may have missed is that I gave away short name registrations to all registered forum users whose names conformed to my naming constraints.  I used the list of forum users which was about 11000 users at the time.

I put the .1 BTC obstacle in place purely as a deterrent to keep people from registering a few hundred shortnames each, and it has worked.  Trust me, there's a plan here, including many more features.  Making .1 BTC off of shortnames wouldn't be a very good living - it's just a deterrent.

I'll probably grab the next 10,000 forum users' names one of these days - I've been reluctant to do that, since the forums are so slow lately - they don't need me to slow them down any!

1. I use django's auth module, which uses salted hash passwords.  See https://docs.djangoproject.com/en/dev/topics/auth/

2. I have a plan for 2-factor id, but wasn't planning on integrating Last Pass or Yubikey (not in the current plan).  I was thinking more along the lines of allowing users to "lock" their page, and the only way to change it is to unlock it, and the only way to unlock it is through additional authentication.  The easiest implementation would be to email the user an "unlock key"  to the email address that I have on file, that's good for an hour.  Not exactly 2-factor authentication - more like double security with 1-factor - requiring the hacker to have to have guessed the password on my system, as well as hacking the user's email system.

There are several weaknesses in the security right now, but #1 above,  isn't one of them.  Basically, you need to trust:

-  me  (I can be lying, above.  I may actually store the passwords in plaintext and post them on a bulletin board in Times Square.  You just don't know.  Also, I can change your wallet ID at any time, regardless of how I store passwords; it's just a SQL database!)
-  the security of my system (if someone hacks my database, or physically hacks the system in person, no matter what measures I have in place for user security, all bets are off)
-  the security measures I put in place (such as my plan on #2)
-  A bunch of stuff between you and me - network / middle men.
-  Basic user security (do you have a good password, for instance.  I have few requirements here).


Right now, there are many potential attack vectors, and no system is perfect.  But if the system gets popular, you can bet I'll be adding additional layers.

Without providing a roadmap for hackers, I can tell you that it's not a perfect system now.  I'll be taking steps that I feel are appropriate based on the popularity of the service.  The ones that come to mind immediately are: 

-  SSL
-  Account Lock-out on too many bad passwords
-  "locking" mechanism mentioned above
-  notification of users when their page changes
-  random verification of pages from an external source (to monitor for unexpected changes)

---

There are a lot of people (including you) who put their Wallet ID in their signature of their posts.  These people are essentially trusting the forum managers, the forum software itself, the server that the software is running on, etc.  It seems a hacker can come in a change all those ID's to their own, and no one would notice.

I'm thinking that I need to manage security so that I stay at least a step ahead of forum signatures.  I am not aiming for "Bank level security" at this point.  I do know something about security, as I have consulted with fortune 500 companies on their system security, and have given numerous presentations and papers on system security, and even acted as an expert witness in a reasonably highly publicized court case regarding matters of security.  One paper that I co-authored is (last time I checked) a foot note in Wikipedia on a Security-related article (on phishing for passwords, of all things!)

So I hope you find this somewhat comforting.

I did a search, and I see 25 listings that are out there, 24 of which seem to be for Bitcoins:
http://shop.ebay.com/i.html?_nkw=bitcoins&_sacat=0&_odkw=bitcois&_osacat=0&_trksid=p3286.c0.m270.l1313

So maybe you were just doing something wrong.  Learn from the ones that are being successful.
(or maybe these haven't yet been deleted...)

Is that a good thing or a bad thing?

You should change the title of this thread to "Vote on the name of our Podcast" or something like that.

Can you modify your website so that the price of Bitcoins only goes up?

This worries me a bit, about Mt. Gox:
To meet the definition of an MSB, a person must conduct more than $1,000 in business with one person in one or more transactions (in one category of activity listed above) on any one day. A business is an MSB for each activity for which it meets this threshold. However, there is one exception. No activity threshold applies to the definition of money transmitter. A person that engages as a business in the transfer of funds is a money transmitter and an MSB, regardless of the amount of transfer activity.  (see http://www.fincen.gov/financial_institutions/msb/pdf/FinCENfactsheet.pdf )

I hope they are a registered MSB!

$51/BTC  A record?

http://cgi.ebay.com/5-Bitcoin-BTC-Bitcoins-/320710734019?pt=LH_DefaultDomain_0&hash=item4aabd970c3

yes, but orders can be cancelled at the last minute.

And once again, I'll repeat that there's a substantial difference between betting that you don't have a virus twice - once at storage time and once at retrieval time - and betting that you won't EVER have a virus between today and the date the funds are needed.

I edited my original post, above, to reflect this.  Please read it over, and critique it.