Bitcoin Forum
October 16, 2017, 11:46:15 PM *
News: Latest stable version of Bitcoin Core: 0.15.0.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Poll
Question: Have you ever had coins stolen from your local (non-paper, non-brain, just standard) wallet?
Yes - 2 (2.5%)
No - 77 (97.5%)
Total Voters: 78

Pages: [1] 2 »  All
  Print  
Author Topic: How secure is Bitcoin-qt wallet?  (Read 3817 times)
SuperHakka
Full Member
***
Offline Offline

Activity: 196



View Profile
October 16, 2012, 09:17:47 AM
 #1

I'm trying to ascertain empirically how secure the bitcoin-qt local wallet is. Forget the brain wallets and paper wallets for now. From the amount of paranoia on these forums, a newbie would think that bitcoin thefts are a high risk event that happens to every other user.

'First they ignore you. Then they laugh at you. Then they attack you. Then you win.' - Mohandas Gandhi
"Whenever I'm about to do something, I think, 'Would an idiot do this?' and if he would, I do not do that thing." - Dwight Schrute
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1508197575
Hero Member
*
Offline Offline

Posts: 1508197575

View Profile Personal Message (Offline)

Ignore
1508197575
Reply with quote  #2

1508197575
Report to moderator
1508197575
Hero Member
*
Offline Offline

Posts: 1508197575

View Profile Personal Message (Offline)

Ignore
1508197575
Reply with quote  #2

1508197575
Report to moderator
knight22
Legendary
*
Offline Offline

Activity: 1358


--------------->¿?


View Profile
October 16, 2012, 03:34:25 PM
 #2

If bitcoin-qt would not be secure, people would not be here working on developing bitcoin…

BladeMcCool
Member
**
Offline Offline

Activity: 83


View Profile
October 16, 2012, 03:39:59 PM
 #3

i find that after turning on wallet encryption i have relative peace of mind.
couple things are that the encrypted wallet still exposes the public keys that the wallet contains encrypted private keys for, and if you have a compromised system to begin with with a keylogger or something nasty like that all the password protected encryption in the world won't help. but if you can maintain a clean (malware-wise) system, and are not TOO worried about the long arm of the law possibly implicating you as party to a bitcoin transaction (*gasp*) through evidence found on your disks, then that simple builtin wallet encryption should be adequate safety for every day use.
Raoul Duke
aka psy
Legendary
*
Offline Offline

Activity: 1456



View Profile
October 16, 2012, 03:42:53 PM
 #4

Bitcoin-qt is as secure as the person using it.
The weak link is always between the chair and the computer, as someone else so eloquently described it. Grin

fornit
Hero Member
*****
Offline Offline

Activity: 989


View Profile
October 16, 2012, 04:20:26 PM
 #5

right now, even a non-expert can secure his bitcoins with bitcoin-qt in a way that only a specialized malware or someone with direct access to the computer can aquire your bitcoins, and even then only if you transfer bitcoins in the time frame the computer is compromised.

for comparison, with versions up to 0.3.x any person or program that could copy wallet.dat had your bitcoins.  there was no way to secure your bitcoins and run the client at the same time at all. plus for backups you needed to know the location of the wallet.dat and encrypt the backup manually.

SuperHakka
Full Member
***
Offline Offline

Activity: 196



View Profile
October 16, 2012, 04:20:32 PM
 #6

If the case is as the previous two posts by psy and BladeMcCool is the state of play, then bitcoin will never achieve mass adoption. I am asking you to put yourself in the shoes of Joseph Blythe-Smith, who has no idea what a computer virus is but wants to try out what this bitcoin malarky is all about. Without people like him, all bitcoin ever will be is just a way of passing fancy encrypted messages from one computer geek to the other techno-nerd. What kind of market is that. You guys comprehend where I am coming from?

'First they ignore you. Then they laugh at you. Then they attack you. Then you win.' - Mohandas Gandhi
"Whenever I'm about to do something, I think, 'Would an idiot do this?' and if he would, I do not do that thing." - Dwight Schrute
BladeMcCool
Member
**
Offline Offline

Activity: 83


View Profile
October 16, 2012, 04:47:37 PM
 #7

If the case is as the previous two posts by psy and BladeMcCool is the state of play, then bitcoin will never achieve mass adoption. I am asking you to put yourself in the shoes of Joseph Blythe-Smith, who has no idea what a computer virus is but wants to try out what this bitcoin malarky is all about. Without people like him, all bitcoin ever will be is just a way of passing fancy encrypted messages from one computer geek to the other techno-nerd. What kind of market is that. You guys comprehend where I am coming from?

Things take time. Revisit this issue in 5 years and see how things have developed. I don't really care that the adoption rate is slow right now. The scarcity of bitcoins and the fact that I'm not the only person who wants them is going to be enough to give them some value until something with the bitcoin network is fundamentally broken. Right now 99% of people have never even heard of Bitcoin, and I'm starting to tire of explaining to to people unless they show a genuine interest. IMO bitcoin will rule the world but probably not for at least 10 or 20 years.
MysteryMiner
Legendary
*
Offline Offline

Activity: 910



View Profile
October 16, 2012, 05:08:05 PM
 #8

Bitcoin-qt is as secure as the person using it.
The weak link is always between the chair and the computer, as someone else so eloquently described it. Grin
True, the weakest link in Bitcoin security setup is thermal grease applied between chair and monitor.
Quote
i find that after turning on wallet encryption i have relative peace of mind.
Wallet encryption will be useless if you will launch malware on your computer. Encryption helps only against the simplest forms of malware who have no keylogger or remote access. It was designed to counter the first proof-of-concept code that just copied the wallet.dat on remote FTP server.

1LEaxxAh1LKFUvDKYVhiMEVAHRM7K5o7cF
fornit
Hero Member
*****
Offline Offline

Activity: 989


View Profile
October 16, 2012, 05:21:54 PM
 #9

that being said, there is a lot of "simple" malware around. you can just modify any existing malware to search&copy wallet.dat in a minute.
plus now you have a chance to find the malware before you make your next transaction.

the security for non-geeks has already increased considerably. offline wallets with armory are not that hard to setup either, if you really need the extra security. if you compare that to the situation in early 2011, its already vastly improved. of course, its not perfect. but security for non-experts will always be far from perfect.

MysteryMiner
Legendary
*
Offline Offline

Activity: 910



View Profile
October 16, 2012, 05:35:54 PM
 #10

Somewhat true but the false sense of security with very little actual security is bad thing. Better be paranoid what you run on your computer

1LEaxxAh1LKFUvDKYVhiMEVAHRM7K5o7cF
GernMiester
Sr. Member
****
Offline Offline

Activity: 285


View Profile
October 16, 2012, 05:43:48 PM
 #11

As good as the idiot hammering on the keys...
BTC is far beyond the clueless idiots who use most computers. BTC put another nail in its own coffin with ASIC.
The specialized hardware means most people will NEVER EVER even bother look at BTC.
fornit
Hero Member
*****
Offline Offline

Activity: 989


View Profile
October 16, 2012, 05:47:59 PM
 #12

every sense of security or danger is "false" unless you actually know the exact threats you are (still) exposed to. thats something a layman will never have. so whats the point of being paranoid? wasting your time protecting yourself from nonexistent threats is no better than wasting your time recovering from existing threats. so assess how much you could lose and decide if becoming an expert is worth the time. otherwise just go with the reasonable standard security.

MysteryMiner
Legendary
*
Offline Offline

Activity: 910



View Profile
October 16, 2012, 06:03:24 PM
 #13

Quote
BTC is far beyond the clueless idiots who use most computers.
This is true. Retards must be forbidden from using computers. At least in past they were unable to use them because DOS command line interface was the natural filter.
Quote
BTC put another nail in its own coffin with ASIC.
Not true at all. First the ASIC from BFL is a scam, they never deliver. Secondly the selling point of Bitcoins are the Silk Road and similar sites, not the mining. I also could not mine reasonable amount of BTC using my GPU, it is not affecting how I use Bitcoins.
Quote
every sense of security or danger is "false" unless you actually know the exact threats you are (still) exposed to. thats something a layman will never have so whats the point of being paranoid?
Then they must be cautious of running anything that have .exe extension. Back in year 2001 I was asked to install Winamp because people were afraid from running Setup.exe because they would not know what will happen and it might break something. Now every retard runs exe files between relapses from epileptic coma.

1LEaxxAh1LKFUvDKYVhiMEVAHRM7K5o7cF
BladeMcCool
Member
**
Offline Offline

Activity: 83


View Profile
October 16, 2012, 06:32:21 PM
 #14

Quote
BTC is far beyond the clueless idiots who use most computers.
This is true. Retards must be forbidden from using computers. At least in past they were unable to use them because DOS command line interface was the natural filter.
Quote
BTC put another nail in its own coffin with ASIC.
Not true at all. First the ASIC from BFL is a scam, they never deliver. Secondly the selling point of Bitcoins are the Silk Road and similar sites, not the mining. I also could not mine reasonable amount of BTC using my GPU, it is not affecting how I use Bitcoins.
Quote
every sense of security or danger is "false" unless you actually know the exact threats you are (still) exposed to. thats something a layman will never have so whats the point of being paranoid?
Then they must be cautious of running anything that have .exe extension. Back in year 2001 I was asked to install Winamp because people were afraid from running Setup.exe because they would not know what will happen and it might break something. Now every retard runs exe files between relapses from epileptic coma.

Morons will need to pay someone else to handle their security just like they do now. And those of us who are competent enough to handle our own shit can save the fees by handling our own shit. Its that simple. The average Jackoff doesnt need to care about mining, just like he doesnt need to know how central banks create interest bearing garbage out of thin air and call it money, all he knows is that the grocery store wants a certain kind of money and his online drug dealer wants something else. He'll take whatever steps he needs to get the money of the kind his supplier of whatever goods wants and thats the end of it.
fornit
Hero Member
*****
Offline Offline

Activity: 989


View Profile
October 16, 2012, 06:36:23 PM
 #15

Quote
every sense of security or danger is "false" unless you actually know the exact threats you are (still) exposed to. thats something a layman will never have so whats the point of being paranoid?
Then they must be cautious of running anything that have .exe extension. Back in year 2001 I was asked to install Winamp because people were afraid from running Setup.exe because they would not know what will happen and it might break something. Now every retard runs exe files between relapses from epileptic coma.

you know how many people die in car accidents? or cleaning their guns? you know exactly what your food or your shampoo contains?
if you apply the same strict standards to everything else, 99% of the population shouldnt be allowed to get out of bed in the morning.

MysteryMiner
Legendary
*
Offline Offline

Activity: 910



View Profile
October 16, 2012, 06:58:36 PM
 #16

Quote
every sense of security or danger is "false" unless you actually know the exact threats you are (still) exposed to. thats something a layman will never have so whats the point of being paranoid?
Then they must be cautious of running anything that have .exe extension. Back in year 2001 I was asked to install Winamp because people were afraid from running Setup.exe because they would not know what will happen and it might break something. Now every retard runs exe files between relapses from epileptic coma.

you know how many people die in car accidents? or cleaning their guns? you know exactly what your food or your shampoo contains?
if you apply the same strict standards to everything else, 99% of the population shouldnt be allowed to get out of bed in the morning.
Car accidents are mostly random chances. Becoming good driver, learning how to predict actions of other drivers and how to handle car in extreme situations greatly helps to avoid traffic accident. Traffic accident is no concern for me as it is very likely that if I get in serious accident then me is no more.

When cleaning guns follow the same procedure - remove magazine, open and check chamber to be sure it is empty. Know how your gun is build and functions, it is not difficult at all.

For food I befriended the seller of my local shop and she knows what food is good and what is made from surrogates and she recommends me what to buy. For shampoo it is irrelevant as I don't drink shampoo. When gasoline was cheap I sometimes washed arms and legs in gasoline, so I don't mind even if my shampoo is made from car fuel.

1LEaxxAh1LKFUvDKYVhiMEVAHRM7K5o7cF
firefop
Sr. Member
****
Offline Offline

Activity: 420


View Profile
October 16, 2012, 11:40:19 PM
 #17

Morons will need to pay someone else to handle their security just like they do now. And those of us who are competent enough to handle our own shit can save the fees by handling our own shit. Its that simple. The average Jackoff doesnt need to care about mining, just like he doesnt need to know how central banks create interest bearing garbage out of thin air and call it money, all he knows is that the grocery store wants a certain kind of money and his online drug dealer wants something else. He'll take whatever steps he needs to get the money of the kind his supplier of whatever goods wants and thats the end of it.

Exactly.

I removed virus for my living - the vast majority of end uses don't understand the basic operation of a computer, much less the concepts of networking, security. Most of them don't even understand how a program runs or have the ability to discern between real software and malware.

I have one customer who calls in about once a week to have the "FBI - moneypak" virus removed. He just won't stop going to some shady porn sites and "finally clicks yes" on a prompt asking him to install something because it won't let him off the site if he doesn't, I can't convince this customer to avoid the site or to simply rightclick close the browser stack when he gets that msg. But hey as long as he wants to keep paying me $100 a pop for 20 mins of work... whatever.

cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
October 16, 2012, 11:41:41 PM
 #18

not bad.  36 to 0.  no hacks so far.  this is what i would've expected.  wallet encryption has helped tremendously as has educated users.
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
October 16, 2012, 11:44:32 PM
 #19

I would recommend bitcoin-qt as your hot wallet, keep in there encrypted a little ~20BTC then I would keep the majority of your wealth in armory, it feeds off the bitcoin-qt and has all the paper wallet and offline transaction stuff. That is how I setup my wallets, and I have yet to have any bitcoins stolen from my laptop or server.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
October 16, 2012, 11:59:44 PM
 #20

Bitcoins stored in an encrypted wallet are as secure as credit card you use for online purchases from the same computer.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!