Bitcoin Forum
December 15, 2024, 03:51:55 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: I'll backup your wallet.dat in one of the most secure locations for 1BTC  (Read 1816 times)
nussbi (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0



View Profile
June 04, 2011, 04:38:09 PM
Last edit: June 04, 2011, 05:14:25 PM by nussbi
 #1

Hei there,

I am currently working on a software to securely store your wallet.dat in form of an application that locally encrypts your wallet.dat, sends it to server X which then puts it in the Swiss Fort Knox datacenter (http://www.mount10.ch/english/C02_sfk.html), among other backup locations. I currently have an account with them and secure my data with a 20 character password and a 56 character encryption key (both randomly generated). These are backed-up on paper in a secure location (bank vault somewhere).

As I am going into military service for the next four months and won't have any time working on my product, I am looking to make a few bucks and pay for the costs of the service. Therefore I offer you the following:

A 1 year secure backup for your wallet.dat in the Swiss Fort Know datacenter for 1BTC.

You can send me your encrypted wallet.dat file and I'll back it up for you as I backup my own wallet.dat in the Swiss Fort Knox datacenter. DO NOT EVER SEND ME AN UNENCRYPTED WALLET.DAT, I WON'T ACCEPT IT. As an account there currently is about $10/month, a year of service would cost you $120. You have access to your file(s) within 24hours guaranteed, I will have internet access myself during my military service (as a company commander in the Swiss Army), but can not always react within minutes (being on training in the field etc.), so I guarantee to get back to you within 24 hours.

Last year I spent some months in one of those bunkers that is still used by the Swiss Army and in the same class as the two Swiss Fort Knox bunkers. Believe me, when I say that this is probably one of the most secure bunker systems set-up in the world and only the Israelis currently have anything that comes near it. A full blown atomic explosion right outside wouldn't even be felt inside. Forget bunker breaking arms, they are pretty useless against the rock around the bunkers. These places were built for eternity.

Note: If you're looking to use your file daily this won't be a service for you but this is perfect for someone looking to securely stash some coins in a secure location.

I am open to all questions and comments, just shoot...

You can PM me to get in contact or send an e-mail to nussbaumer -.aet.- gmail replacebydot com...

edit: corrected some grammatical errors, rephrased some sentences for better reading
Freakin
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
June 04, 2011, 05:16:50 PM
 #2

Sorry to say that with 1 post and a registration date 3 days ago people are going to have a hard time trusting you with their wallets (even encrypted)
nussbi (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0



View Profile
June 04, 2011, 05:26:34 PM
 #3

Sure, of course I understand this. That's why I'd never accept an unencrypted wallet.dat. However, if someone sends me an encrypted walltet.dat where he chose a secure password there's no way in hell I'll ever be able to crack this thing with my current MacBook pro, ever!

I advise anyone considering my offer to use a secure encryption algorithm such as AES/Serpent/Twofish or any other that offers at least 256bit encryption and a random generated password with at least 20 characters. A good online password generator for example is: http://strongpasswordgenerator.com/. Such passwords are very hard to retain in memory but pretty unbreakable in practice.

Taking these necessary precautions, it's completely impossible for me to get to the original wallet.dat, I'm not the NSA ;-)

So in practice, you don't have to trust me but your encryption software and the freely available open-source Truecrypt works like a charm :-)

and yes, I just signed-up but did not post a lot as I was pretty busy the last days. I am looking forward to post more when I have time and also establish some community trust. I appreciate your comment and  hope to have addresses your concerns?

Findeton
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
June 04, 2011, 05:27:59 PM
 #4

Sure, of course I understand this. That's why I'd never accept an unencrypted wallet.dat. However, if someone sends me an encrypted walltet.dat where he chose a secure password there's no way in hell I'll ever be able to crack this thing with my current MacBook pro, ever!

I advise anyone considering my offer to use a secure encryption algorithm such as AES/Serpent/Twofish or any other that offers at least 256bit encryption and a random generated password with at least 20 characters. A good online password generator for example is: http://strongpasswordgenerator.com/. Such passwords are very hard to retain in memory but pretty unbreakable in practice.

Taking these necessary precautions, it's completely impossible for me to get to the original wallet.dat, I'm not the NSA ;-)

So in practice, you don't have to trust me but your encryption software and the freely available open-source Truecrypt works like a charm :-)

and yes, I just signed-up but did not post a lot as I was pretty busy the last days. I am looking forward to post more when I have time and also establish some community trust. I appreciate your comment and  hope to have addresses your concerns?



Why trust you and not simply trust gmail?

Bitcoin Weekly, bitcoin analysis and commentary

14DD7MhRXuw3KDuyUuXvAsRcK4KXTT36XA
tito13kfm
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
June 04, 2011, 05:37:01 PM
 #5

Here's my thinking on this.  If my wallet.dat contained enough value to consider having it stored in a swiss vault, then I'd pay for the service full price as that is a pittance to what I am worth.  If I am looking for a lower cost by renting space from another user of their service, then my wallet.dat doesn't need to be stored this way.

It seems like a nice service, and I'm sure you are as reputable as you state.  Heck, if properly encrypted with a long enough password, all the computing power in the world wouldn't open it in my lifetime, so even if I didn't trust you the worst I would be out is 1BTC.  But sadly, at my massive 3.28BTC balance in my wallet, I don't think I will be using your service.
nussbi (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0



View Profile
June 04, 2011, 05:44:08 PM
 #6

Good question. I could go on a hypothetical journey now speaking of a nuclear war busting all of Google's datacenters but won't as I consider this pretty much just an intellectual game that is far from reality.

One valid argument however is that Google's security within the system is sort of a black box for us, we know they're secure but now how secure. Additionally, your email account is secured with a password only which can be obtained depending of your computer setup.

The data in the Swiss Fort Knox is secured by a long 20 character password and a 56 character encryption key. The security details are as follows:

SWISSVAULT uses a combination of Blowfish encryption and SSL secure data transmission to ensure safety of your data

When the Backup Client has to transfer data to the StorageCenter, it connects using a secure SSL (2048 bit RSA key exchange, 128 bit random RC4 stream cipher and SHA-1 integrity checking) connection to transfer the data. Signed SSL certificates and Certificate Revocation Lists (CRLs) are used to verify server integrity.

Data is stored using 448-bit Blowfish encryption to encode the data on the Server. This is considerable greater than the encryption used for Internet banking and online credit card transactions.

The SWISSVAULT StorageCenter uses your encryption key as a passphrase for the automatic creation of a 448-bit primary index (56 characters). This primary index is used for the effective data encryption on the StorageCenter. The encryption key defined by the user is NOT stored on the StorageCenter and can thus not be found out by SWISSVAULT.

The primary index is stored securely on the StorageCenter - encrypted by your encryption key. Without encryption key, your primary index can not be decoded and will not be available for backups and restores. In case of a new encryption key the primary index will not change, this index will simply be encrypted with another encryption key.


I'm not an expert in cryptography but consider this system to be pretty well designed...

Jaime Frontero
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
June 04, 2011, 05:46:52 PM
 #7

Sure, of course I understand this. That's why I'd never accept an unencrypted wallet.dat. However, if someone sends me an encrypted walltet.dat where he chose a secure password there's no way in hell I'll ever be able to crack this thing with my current MacBook pro, ever!

I advise anyone considering my offer to use a secure encryption algorithm such as AES/Serpent/Twofish or any other that offers at least 256bit encryption and a random generated password with at least 20 characters. A good online password generator for example is: http://strongpasswordgenerator.com/. Such passwords are very hard to retain in memory but pretty unbreakable in practice.

Taking these necessary precautions, it's completely impossible for me to get to the original wallet.dat, I'm not the NSA ;-)

So in practice, you don't have to trust me but your encryption software and the freely available open-source Truecrypt works like a charm :-)

and yes, I just signed-up but did not post a lot as I was pretty busy the last days. I am looking forward to post more when I have time and also establish some community trust. I appreciate your comment and  hope to have addresses your concerns?



Why trust you and not simply trust gmail?

good point.

also... if gmail is sent to a battlefield, it can't be killed.

has the OP given any thought to the difficulties of using an account that would not be kept up (i.e., paid for) in the event of his untimely demise?
nussbi (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0



View Profile
June 04, 2011, 05:49:23 PM
 #8

Here's my thinking on this.  If my wallet.dat contained enough value to consider having it stored in a swiss vault, then I'd pay for the service full price as that is a pittance to what I am worth.  If I am looking for a lower cost by renting space from another user of their service, then my wallet.dat doesn't need to be stored this way.

It seems like a nice service, and I'm sure you are as reputable as you state.  Heck, if properly encrypted with a long enough password, all the computing power in the world wouldn't open it in my lifetime, so even if I didn't trust you the worst I would be out is 1BTC.  But sadly, at my massive 3.28BTC balance in my wallet, I don't think I will be using your service.

You surely have an argument there. I consider this service useful for someone that want to stash just some coins away (let's say between 10-50) and hopes for a nice gain within a year. So if you take the current price of $120/year for the service, this would not be a completely secure option (only if the value a coin goes up very high). However, 1BTC against a secure location for between 10-50 coins does make sense.
nussbi (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0



View Profile
June 04, 2011, 05:57:40 PM
 #9

Sure, of course I understand this. That's why I'd never accept an unencrypted wallet.dat. However, if someone sends me an encrypted walltet.dat where he chose a secure password there's no way in hell I'll ever be able to crack this thing with my current MacBook pro, ever!

I advise anyone considering my offer to use a secure encryption algorithm such as AES/Serpent/Twofish or any other that offers at least 256bit encryption and a random generated password with at least 20 characters. A good online password generator for example is: http://strongpasswordgenerator.com/. Such passwords are very hard to retain in memory but pretty unbreakable in practice.

Taking these necessary precautions, it's completely impossible for me to get to the original wallet.dat, I'm not the NSA ;-)

So in practice, you don't have to trust me but your encryption software and the freely available open-source Truecrypt works like a charm :-)

and yes, I just signed-up but did not post a lot as I was pretty busy the last days. I am looking forward to post more when I have time and also establish some community trust. I appreciate your comment and  hope to have addresses your concerns?



Why trust you and not simply trust gmail?

good point.

also... if gmail is sent to a battlefield, it can't be killed.

has the OP given any thought to the difficulties of using an account that would not be kept up (i.e., paid for) in the event of his untimely demise?

Yes, he actually has :-)

As I am aware of the dangers of military service even in Switzerland (which hasn't been involved in a war for over 180 years - we went completely untouched through two world wars raging around us). I'm not being sent into a battlefield, we're a directional antenna company (telematics) so my personal risk assessment came up with; traffic accidents and heart failure due to high stress as most probable dangers. I am pretty young and in shape so don't consider heart failure very likely, nevertheless, traffic accidents can always happen.

I prepaid the service for one full year and left a note within my bank vault with instructions to access the backups. I'll also include a sheet with the contact details of every file owner (e-mail address and filename/directory). I have done so already and my parents and my brother are more or less up to date (They know of the service but not of the vault, they think the details are somewhere on my computer)

As I do before every military service, I already have prepared a last will which explains the existence of the bank vault and where to find the key. Explication: I don't have the key on me during service but keep it at home in a secure place. From there on, my brother will take over, get access to the vault and then contact the people on the list and send the files back. This may take some time probably as he needs to have my death certificate and get the details with the bank sorted out to be able to open it but it's worth the effort (i also have some spare change that he and my family would inherit).

I am a little paranoid for a man of 29 years but I want my personal bitcoins and some other sensitive stuff to be inheritable and therefore set-up a this process in case anything should happen to me in the next 4 months. Of ocurse, for the long run, this would have to be professionalised but I consider this secure enough for this amount of time...
Jaime Frontero
Full Member
***
Offline Offline

Activity: 126
Merit: 100


View Profile
June 04, 2011, 06:01:53 PM
 #10


[/quote]

Yes, he actually has :-)

As I am aware of the dangers of military service even in Switzerland (which hasn't been involved in a war for over 180 years - we went completely untouched through two world wars raging around us). I'm not being sent into a battlefield, we're a directional antenna company (telematics) so my personal risk assessment came up with; traffic accidents and heart failure due to high stress as most probable dangers. I am pretty young and in shape so don't consider heart failure very likely, nevertheless, traffic accidents can always happen.

I prepaid the service for one full year and left a note within my bank vault with instructions to access the backups. I'll also include a sheet with the contact details of every file owner (e-mail address and filename/directory). I have dome so already and my parents and my brother are also up to date.

As for every service, I'll already have prepared a last will which explains the existence of the bank vault and where to find the key. From there on, my brother will contact the people on the list and send the files back.

I am a little paranoid for a man of 29 years but I want my personal bitcoins to be inheritable and therefore set-up a this process in case anything should happen to me in the next 4 months. Of ocurse, for the long run, this would have to be professionalised but I consider this secure enough for this amount of time.
[/quote]

seems reasonable.
nussbi (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0



View Profile
June 04, 2011, 06:18:10 PM
 #11

another detail:

As I already had two computers stolen from me (entirely my fault), I use full disk encryption, a firewall and an anti-virus software. Yes, even in Switzerland there are people that steal, guess we're not all that rich as everyone thinks. And no, we don't all work for a bank or sell chocolate ;-)
tito13kfm
Newbie
*
Offline Offline

Activity: 42
Merit: 0


View Profile
June 04, 2011, 07:36:24 PM
 #12

Swiss... War??  I think you'd would have a better chance of dying in a car crash in your living room than OP being a casualty of war.
nussbi (OP)
Newbie
*
Offline Offline

Activity: 9
Merit: 0



View Profile
June 04, 2011, 08:16:42 PM
 #13

Swiss... War??  I think you'd would have a better chance of dying in a car crash in your living room than OP being a casualty of war.

Yes, right now the odds are vastly in favor of a car accident than becoming a casualty of war. Nevertheless, military service of any kind can be dangerous if you don't respect the security rules.

Yes, we can feel lucky never have been in a war during for around 180 years but still fulfill missions; mostly aiding police and fire services in case they need support, to help secure the WEF or as my most probable mission: bridge and reconnect cut communication networks after natural disasters...
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!