how about simply printing out the .dat file and storing it in a fireproof safe. at least then its long term safe storage of your wallet.
Sure, the idea already came up somewhere. But two things: 1. It would have to be shortened considerably, which is possible I think. Right now it would give you a few hundred pages. 2. Have fun typing it in when you want to use your coins. (So a few sheets of 2D barcodes might make more sense) 3. Tell this to a noobie and he will end up with a sheet of paper with the word "wallet.dat" printed on it. And he will then complain loudly to you if it doesn't allow him to access his bitcoins  |
|
|
|
when u boot from a live cd, how is it that you can install a copy of Bitcoin with a new wallet that doesn't touch RAM? if it does, isn't that an opportunity for a trojan to detect your wallet?
Well of course it touches RAM, but the point is, that your liveCD is clean like a virgin, so there shouldn't be any chance for a trojan to interfere with your system. Really? One needs to download and install a separate OS to have a safe wallet?
That is going to turn those people down who don't know about computers
I would have thought that the bitcoin community had come up with an easier alternative,
let alone making it safe to use bitcoins by default.
Well, I guess I just have to download Ubuntu, I hope thought that there will be more simple alternatives in the future.
Sure, there are simpler alternatives. See the wiki (link in the article) for another secure setup. My aim was to obtain 100% security, which is in no way necessary for everybody. And yes, if you're using Windows for serious business, you really shouldn't. But that holds true in general. Oh and, I didn't say "install", just boot a liveCD from an USB-stick, its quite fast. |
|
|
|
It is more of an accident that bitcoin got so much media attention in version 0.3.2x - the number should explain everything.
Well, to be fair, that's actually the traditional way opensource programs usually do their numbering: total understatement. If it was a commercial program, you bet they would be at least at version 3 right now. |
|
|
|
Can't the wallet.dat be encrypted already? (password when starting the bitcoin client...)
As has been said elsewhere, this wouldn't work, since the client has to somehow decrypt the file in order to use it. Decryption => a decrypted copy is stored in RAM => a clever program can find and copy it. So this would be rather dangerous, since it would give users a false sense of security, prompting them to be even more careless. I know lots of users are whining right now and blaming the devs for not including encryption, but this is simply the truth of the matter. |
|
|
|
|
Alex, I think you're wrong. You can send anything you want to a given bitcoin address, I mean otherwise the network would have to refuse a certain transaction. That's just not the case. Maybe you're confusing this with how the client behaves?
Let me say this again: You may do the following: put your wallet.dat in a safe, delete/shred any local copies, use a different account to transfer coins to it and do this as long as you please. Nothing will make it generate new addresses, that's the job of the client. Your wallet is just the _key_ to a number of addresses.
And true, you can and should use blockexplorer.com, so you'll have an oversight over what's happening on your safety account.
|
|
|
|
But in theory the client could make the transaction offline by writing it to a transaction file. You could then transport that file to an online computer and send it to the network from there.
Ooh, that would be tits! |
|
|
|
There appears to be a little more to the wallet's key handling than I had thought. There are a couple posts in another thread that make it sound like every time you send BitCoin from your wallet, the client uses a new "hidden" receiving address for any remainder. If I send you 4btc but my only coin is worth 5btc, 1btc is sent back to me at a new 'change' address. So it sounds like receiving BitCoin does not require either usage or backup of your wallet (it can stay offline and hidden in a safe), but every so many times of sending BitCoin (~100?) will require replacing the backup due to new "change" keys. Nope, that would be strange and impractical. And probably not even possible to implement. So transfer as many coins as you'd like to your preferred address, nothing is going to go wrong. The whole thing with the generation of new addresses is simply a mechanism in the _client_ in order to gain further anonymity. And thanks a million everybody for answering questions! |
|
|
|
I have a question, if someone happens to know, and sorry if this was already asked.
Can someone sniff both your public and private key off the network? Can someone explain technically if this is possible?
What I mean is, even if your computer has NO malware on it, is it possible for someone to intercept the keys and then use them?
No. Interception is impossible, simply because the whole concept of a private key implies that it will _never_ have to leave your PC. It's just used to generate a signature if you will, which then "proves" to the network that you are allowed to make a transaction from address X. |
|
|
|
aral: So you're saying burning CDs is too tedious, better buy a netbook and use that as medium? And do you specifically require a crappy one?  Why are you taking the piss? I have just made your idea way more convenient.  Instead of booting up off a liveCD (which IS slow) then installing bitcoin and waiting for the download, you can just fire up the netbook. You can make a script that burns an encrypted wallet copy as well, do whatever you want, it's waiting there for next time you need it. When you've finished the transaction you just stow the netbook in the safe again. If I had 25k BTC I would probably do this. I think it makes a whole lot of sense. Don't sweat, I like taking the piss. Just yanking your chain... My initial point was, that you don't need to access your wallet.dat in order to transfer funds to it, so as long as you're in piggybank-mode, a tiny SDcard in a safe seems the least error-prone way. But you're right of course. If you can store a netbook safely somewhere and trust its hardware will remain intact it'll work. Just never, ever install any programs in userspace. And of course, see that you never use sudo for anything you're not 100% sure about. So thanks for your contribution (Ugh, that's me being nice, I hate myself already). |
|
|
|
+1 for you jerfelix aral: So you're saying burning CDs is too tedious, better buy a netbook and use that as medium? And do you specifically require a crappy one? |
|
|
|
How does a keylogger get installed on a live cd?
See my link in the guide. Not only are there physical keyloggers which you usually put between the keyboard an the USB-port, but there are ways to remotely monitor what you're typing. |
|
|
|
|
bcearl: Your setup seems quite the sensible thing to do. It's actually the method recommended by the wiki, and right now I can't think of any reason why this shouldn't be very secure. Especially if you never run any programs when logged in as the secure user.
However, the problem of keylogging (physically) still exists, as your password is the point of entry for any attacker. Other than that, you'll be completely fine.
Edit: Actually, the weak point is the login password, just wanted to clarify that (If I'm correct in assuming that your home directory is decrypted as soon as you log in. At least in RAM.). Also, scusi for the double post.
|
|
|
|
|
Thanks for the sticky, and thanks for the corrections. Keep it up. 10 spelling mistakes corrected and I will personally invent a new swearword and post it here.
|
|
|
|
I'll have a look at both, promised. I have to run now though, I'll be back later. |
|
|
|
Next, he deleted the wallet, because he thought it had already been backed up, when in actual fact only the first address had been.
Oh snap. Good to know though, and yes, the wallet only contains the addresses already generated at the time the file was backed up. I will refrain from mentioning this in the guide though, since 1: I advise against using the wallet you just backed up, 2: with the 10 fresh addresses generated, this shouldn't happen anymore, 3: I'm trying to keep it simple and hope not to confuse anybody. As Confucius says: Confusion is the death of non-confusion (and oversight) |
|
|
|
Careful what version of Bitcoin you use! Some versions will display multiple addresses but the private keys won't be made till you do a transaction and have it open for a while!!! Someone did something similar, where they sent some to the first address as a test then saw it worked then send the rest to the second address. Deleted everything only to go back and see that he lost his BTC!!
I did not know that. Are you sure, it's not just one of the occasions where --rescan would have done the trick? What version was it? Wow. My sincere thanks. I'll PM you in case I make any relevant additions to the text. Glad that you took out the emoticions, they look dumb in plain text Also, feel free to delete the address mentioned at the bottom, that way it won't come across quite as desperately And you may want to delete the mention about "comments" |
|
|
|
Brainslug: Seems to kinda-work, but always be careful with overly complicated schemes: the possibilities for making an error are simply much bigger. Also, it seems a little tedious. Plus there is the physical security of your notebook. If you don't encrypt the partition, it will be open to anyone getting his hands on your machine. Thank you for your work!
I aim to please. Happy that you like it. |
|
|
|
If you prefer to not encrypt the files to avoid remembering passwords, you won't be secure, unless you make a physical backup of the media holding your money and then put that backup in a vault (at your house or in a bank).
Actually, you could do a weekly trip to the bank and put your wallet.dat on a memory stick in a safety box. Assuming that you have that many BTCs to protect.
NO!! Encryption is not some magic thingamajawb that protects you from all evil. Let me clarify: A _backup_ is of absolutely NO USE. So your weekly trip doesn't accomplish anything if the very same file has been on your main operating system. This is a dangerous fallacy, hence my analogy with "keys" instead of "wallets". Again: that would be like making a copy of your safe-key every week and putting that in the vault. It has to be a new, untainted address, in conjunction with the wallet.dat that you deposit. Actually, this is way more convenient, since you don't have to access your bank vault at all. You just deposit/sent the coins into the right addresses. |
|
|
|
For the same reasons that you made this post, I just created a small program that generates bitcoin addresses and saves the keypair as an encrypted wallet file. It's basically a tool for the overly paranoid, since it doesn't create any unencrypted intermediate files and doesn't require the full bitcoin client just to generate an address. It also generates just 1 address, so it's impossible for somebody to steal your keys from an "old backup". https://github.com/vegard/mkbtcaddrGreat, you rock. Nice to see some progress by the community. If encryption is what you prefer, these kind of tools are perfect. Want to bundle it into a liveCD? In my experience, it's quite trivial to do. encryption is good but i thin k you have to increase all of them
Wat |
|
|
|
|
+1, I got it now. AES is actually secure enough, that it'll be safe forever provided mathematics don't completely vanish and the laws of physics still apply (and your key-length is sufficient).
Still, I prefer not to encrypt the file, since the passphrases either have to be written down or remembered, both of which aren't exactly ideal (Think brain hemorrhage, which I definitely plan to get one of these days).
Also, newbs can barely handle Ubuntu.
|
|
|
|
|
Show Posts
