stolen coins

[Fiora]

how do you even begin to start cracking into wallets?

[Feneusens]

Using a long password is by far the best security.

[DrG]

Using a long password is by far the best security.

More important that the entropy (length) of a password is the exclusivity of the passphrase.  If you use the same password of JO98h%$&hkCD43SD on every website you visit, the hacker simply needs to hack into any retail website you used the passphrase on and now he has your email and passphrase.

You can use crappy passwords on most every site, for you Bitcoins use a passphrase you don't use anywhere else.

[Chemistry1988]

Using a long password is by far the best security.

A long password doesn't equal to a strong password.
"abcdefghijklmnopqrstuvwxyz" is long but is not as good as "%1Q&wc8r9!S8".

Also, if you have malware on your computer, your password will get compromised as soon as you set it up...

[DrG]

Using a long password is by far the best security.

A long password doesn't equal to a strong password.
"abcdefghijklmnopqrstuvwxyz" is long but is not as good as "%1Q&wc8r9!S8".

Also, if you have malware on your computer, your password will get compromised as soon as you set it up...

That's only true if you're assuming the attacker would only use roman alphabet dictionary for the attack.  This first password you noted "abcdefghijklmnopqrstuvwxyz" while having a smaller dictionary is significantly longer to have a much higher entropy.

Ideally if you're going to use long passwords, just jumble some words together and flip one word backwards (radio in this case) like "froghitbananaeschewnineteenpinkcamelotoidar" - even a dictionary based attack would take years if it had to try to guess 1 or more words backwards.

Remember - if you make it too hard to remember you will lose those coins for good.  Search for all the people who came on here posting that they can't remember their password or they must have miskeyed a word - it's sad.

[ajareselde]

how do you even begin to start cracking into wallets?

same way you bruteforce into anything, you can use
bruteforce - trying every combination and lenght
dictionary - trying every pass(word) that is located in dictionary file
rainbowtable- pre-hashed attempt that increases speed insanely, but also takes insane amount of time to initialy create one.

if you use combination of lowercase,uppercase and symbols, and use like 10 chars, i doubt anyone could break it, but even with that applied, you cant be fooligh and write password somewhere on your computer (in a .txt file or something) because attacker will probably search for that first.

[minerpumpkin]

Go to https://www.bitaddress.org  and turn off your internet, then generate a new address, and print multiple copies of it to store into safe places.

If you connect the device you're using for this to the Internet after creating your wallet, you're not better of than before, because a backdoor program or a keylogger could still have captured your private key.

[bitkilo]

I thought i was worried about security before reading the post on this thread, now im fucking paranoid, as soon as 1 person mentions a safe way 2 store coins some1 else said they could steal it easy. Can any1 point me 2 a thread on security that is going 2 work. Thanks.

[minerpumpkin]

I thought i was worried about security before reading the post on this thread, now im fucking paranoid, as soon as 1 person mentions a safe way 2 store coins some1 else said they could steal it easy. Can any1 point me 2 a thread on security that is going 2 work. Thanks.

Now you've got to be paranoid that people claiming to show you a safe way of creating such a safe cold wallet won't actually lure you into a trap where they can easily access your coins! 

[DrG]

I thought i was worried about security before reading the post on this thread, now im fucking paranoid, as soon as 1 person mentions a safe way 2 store coins some1 else said they could steal it easy. Can any1 point me 2 a thread on security that is going 2 work. Thanks.

Armory has a step by step guide for how to make an offline cold storage wallet:
https://bitcoinarmory.com/about/using-our-wallet/

[Simon8x]

I thought i was worried about security before reading the post on this thread, now im fucking paranoid, as soon as 1 person mentions a safe way 2 store coins some1 else said they could steal it easy. Can any1 point me 2 a thread on security that is going 2 work. Thanks.

Disconnect your pc from the Internet, and then generate an offline wallet (no Internet connection afterwards) or a paper wallet (with BIP38 encryption).
Your wallet would be immune to all hacking and malware.

[minerpumpkin]

I thought i was worried about security before reading the post on this thread, now im fucking paranoid, as soon as 1 person mentions a safe way 2 store coins some1 else said they could steal it easy. Can any1 point me 2 a thread on security that is going 2 work. Thanks.

Disconnect your pc from the Internet, and then generate an offline wallet (no Internet connection afterwards) or a paper wallet (with BIP38 encryption).
Your wallet would be immune to all hacking and malware.

Not if you re-connect that computer again afterwards. Geez, that's such an important fact to the whole idea that many people just leave out!

[troisky]

Most stolen wallet cases ive heard is just huge mistakes.

[kittycatbtc]

It's pointless to have coins in your phone. brb lose phone, lose your money.

[shogdite]

Yeah I would never leave a sizeable amount of btc on a phone / online wallet, way too many risks involved.

I've already had a few btc stolen so I made a point of brushing up on my security, offline paper wallets are the way forward 

[elliwilli]

Like everyone else is saying, storing your BTC on a phone is not the greatest of ideas.
I would switch to a more secure wallet that is not as easy to compromise such as blockchain or Armory.

[InwardContour]

Just make a true cold storage wallet using a linux live cd without internet connection and copying the wallets on different usb drives.
Place them in some different locations, there's no need for passwords.

[minerpumpkin]

Just make a true cold storage wallet using a linux live cd without internet connection and copying the wallets on different usb drives.
Place them in some different locations, there's no need for passwords.

Do they contain the whole key? If yes: What if someone gets access to one of the flash drives? If no: What if one gets corrupted/stolen/lost in a fire, etc...?

[Crossbow376]

Just make a true cold storage wallet using a linux live cd without internet connection and copying the wallets on different usb drives.
Place them in some different locations, there's no need for passwords.

Do they contain the whole key? If yes: What if someone gets access to one of the flash drives? If no: What if one gets corrupted/stolen/lost in a fire, etc...?

If yes: The wallet should be encrypted with a strong password, which makes brute-forcing highly improbable.
If no: He could use m-of-n multisig address, and put all those backups in different places so that it is highly unlikely to have a few of them destroyed at the same time.