|
"Virtual" sounds like not real. Like virtual realities, or Linden Dollars and WoW dold.
"Digital" is a much better word, like digital audio and video, or digital signatures that are used for transactions.
I think that is an important difference that affects the public perception of bitcoin a lot.
|
|
|
|
|
Those "new bitcoin forum" spam is way more annoying than "sell sell sell" messages.
|
|
|
|
It seems weird that a CPU is more powerful than a GPU yet my 5870 can get 400Mhash/s were my i7 930 @ 4.2Ghz only gets 5Mhash/s  Does it seem weird that an aircraft carrier is more powerful than a car, but a car is way faster on motorways? |
|
|
|
It's not like I'm putting the file in a public or shared folder? Actually, Dropbox had bugs that actually made it one. You could access files of other Dropbox users by just knowing the hash. |
|
|
|
I think your idea is awesome. But as mentioned not secure enough. In addition to encryption you may want to rename the file that is plausibly encrypted. Maybe bankloan or divorce. Then dont tell what service you are storing this file on. Just say a remote/cloud service. Lastly, copy to flashdrive and store a copy somewhere other than in your home.
Now your 5000 BTC are *safe.
I do it very similarly. On Linux I type: tar -c .bitcoin/wallet.dat | gpg -c > $FILENAME - The tar command makes an archive (which keeps the name and path of the file that is backed up). - The gpg command encrypts with an symmetric algorithm, asking for a password (in case of wallet files I enter a pretty strong password). - The filename can be anything. Then I store the encrypted backup at places with high reliability, e.g. university computers I have access to. You can store it anywhere, it's only a few kilobytes. |
|
|
|
|
Yeah, I think the claim that bitcoin is anonymous is a huge overstatement that shouldn't be made.
You can - if you are aware how bitcoin works - have a lot of privacy. And even when you just use bitcoin without thinking about it, you have more privacy than with paypal. But it's not true that it is anonymous, which is in my opinion an absolute thing. Nothing is "a little anonymous". Something is anonymous or not. Bitcoin is not.
EDIT: long posting short:
What I want to say: Bitcoin does not force you to release your identity. But it does not protect it automatically either.
|
|
|
|
Use Truecrypt and create a small (1MB?) encrypted (with good password) volume file. Then, move wallet.dat into it. Keep this volume container file (e.g. wallet.tc) on Dropbox or Sugarsync or everwhere.
If you just want to encrypt some files for backup, why not use GPG? TrueCrypt looks bloated for that purpose. |
|
|
|
|
They should totally have their own bitcoin addresses published.
I see no point in having a third party in between - it just makes it more risky.
|
|
|
|
|
That's the most stupid thing you could do.
1. The wallet is sacred. Everybody, who has access to the wallet, can spend your coins. The wallet is the only thing you have to keep private, and you failed ...
2. Dropbox is evil.
3. Dropbox is known to be insecure.
|
|
|
|
Yes. Has a lot of advantages, also technically - gives them a maintenance window t take down the site / update the programs withint incured downtime.
Adhering to FOREX trading hours (23 hours / day, 6 days a week) or CME GROUP hours (15 minute downtime per day, weekends off) means more planned stability. And, as I said, a window for handling maintenance.
Absolutely not. We don't play by old economy rules. Make sense. Let's ignore reality and live ina a fantasy world. Yes, you DO play by old economic rules. You also play by standard IT rules which LOVE planned downtime. 24/7 is extremely hard to maintain for anything not a joke website (mt gox still is there - joke website - wait until you see real volume, options etc.). Plus somehow Bitcoins dont live in a fancy fantasy world - exchagne against funds requires funds available, and as the OP pointed out, lots of the non-bitcoiin infrastructure shuts down on weekends. The rules of the old trade markets are the fantasy world. The economy does not sleep at weekend. |
|
|
|
The exchange rate is horrible though. The pound is way stronger than the dollar at the moment but somehow you get less bitcoins for pounds which makes no sense. Im hoping to find a place to sell stuff for bitcoins for now. But the thing is im American I only live here to be with my wife. So im hoping soon i'll be able to buy in dollars for the better rates. Im just trying to get started WITHOUT getting jacked on those terrible exchange rates.  Maybe the real banks overestimate the worth of your pound? |
|
|
|
|
Most newbie spam is new threads with stupid questions. Maybe it is necessary that you need 50 postings before you could start your own threads.
But is it the same with answers to a existing thread? I don't think so.
|
|
|
|
Whatever happened to the concept of layering your security? If using a VM provides adds some level of isolation between potential malware and the Bitcoin wallet then it would certainly be beneficial to use it as part of an overall solution. You shouldn't discard it just because it is not 100% "impenetrable" (Are you looking for a Maginot Line-type solution?). Other steps can and should be taken to protect the host, other VM's, the local network, etc. You may argue that this is just obscurity, but in the real world throwing an additional roadblock is usually all that it takes to prevent the success of a potential attack.
It protects only in one direction: It protectes the host from the guest. Not the other way around! But many people here use it the other way around. That does not work, it's just a little obscurity (which you could also have by renaming files). Little Conclusion:The title is not "stop using VMs", but "stop telling people that VMs do magic". If you know what you do, you can get some protection with VMs, as some people here do. But if you tell people, they will just install VMs (wasting ressources), and think they are secure, which they are not. For example you could set up a VM full operating system based full disk encryption. That would protect the system while it is not running. When it is running, there is no more protection from the host. You can use that setup securely if you are fully aware of that facts. But most people just aren't, especially those who just listen to your security advice. You have the same effect with my Ubuntu user account setup. While the special user is logged out, there is no way to access the private keys. They are encrypted (and never stored anywhere else). And it has a lot of advantages: - It is way less a waste of ressouces. - Login and logout are much faster than booting a VM. (Hibernating a VM would mean to store private information in swap space.) So there is a smaller time window for attackers. - Even while the special user is logged in there is no way for other user's software to manipulate unless they really crack the operating system. (Opposed to that the VM is run by a user, thus the user's software can do anything with it.) |
|
|
|
|
Bump. I am still interested in stories, how other people do it.
Maybe if we collected enough, we could even write a recommended security guideline and some tutorials.
Are there people managing large amounts of bitcoins on Windows or Mac machines? What do you do to protect your coins?
|
|
|
|
Just want to make sure that no one else does what I've done so that malware will never be written to target my bitcoin.
You can do that. But don't tell people - especially unexperienced users - that this is security. If we seriously want to get a situation, where most of the users have some security, we have to think about solid ways. A savings wallet with password-protected private keys can be understood by a lot of users -- even those who don't know much about IT. |
|
|
|
|
I think the limit is just to high. Now we are supposed to write 50 postings in the newbies section? How could you rate the user's quality by these?
|
|
|
|
Just want to make sure that no one else does what I've done so that malware will never be written to target my bitcoin.
We aren't in the 90's any more. Malware today is made from components and individually designed for each target. Nobody would do that for a spam box, but when they got your bitcoins, it's a total win. |
|
|
|
as i asked above, wouldn't confining your browsing to the VM go a long way to protecting your wallet on the host?
Yes, it would help. I would use a VM that doesn't try to do fancy optimization like using hardware virtualization or x86-to-x86 translation. A simple, "pure" VM has less opportunities for its programmers to screw up and introduce security holes. Maybe QEmu?Do as little as possible outside of a VM, and have Bitcoin running either outside all VMs or in a separate VM from your browsing/email/whatever. Also, see my thread about Qubes: http://forum.bitcoin.org/index.php?topic=11837.0;topicseenYou seem to be talking about emulators as opposed to VMs. That's even more waste, and emulation software is even more likely to have vulnerabilities than hardware virtualization. |
|
|
|
I agree. For one thing it relies on encryption and a public log. Encryption can be broken and with bitcoins as is, you can't force new encryption standards on old bitcoins. As for the public log, if someone branches from it or introduces their own log then we loose credibility of the currency.
Bitcoins is a good proof of concept, but I think the concept will be taken over and improved upon by companies who don't respect the same level of anonymity that Bitcoins and Tor promote.
One could just hash the whole old block chain with a new algorithm, the question is how we establish it to be accepted by the peers and transforming it into a new block chain. |
|
|
|
|
There are no more design decisions to make. The protocol is established, the network won't accept changes.
But the client software needs a lot of development, it is missing pretty much every feature one could imagine. Usability and security of wallet management is still bad.
|
|
|
|
|
Show Posts
