Bitcoin Forum
December 03, 2016, 07:54:12 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Question about wallet.dat and dropbox  (Read 4157 times)
tictok
Newbie
*
Offline Offline

Activity: 20


View Profile
June 12, 2011, 01:10:39 PM
 #1

Hi hope you can help

For added security (i.e to stop me loosing it) I've moved my bitcoin wallet to my dropbox (as dropbox keeps backups) and symlinked to it so the bitcoin app can still see it.

Now, does this mean I can now use my wallet from any machine as long as the bitcoin client looks in the right place (via symlink) for my wallet?

What would happen if I forgot to close the bitcoin client app on one machine and ended up with it running in multiple locations? Would that screw up my wallet.dat file?

Thanks
1480794852
Hero Member
*
Offline Offline

Posts: 1480794852

View Profile Personal Message (Offline)

Ignore
1480794852
Reply with quote  #2

1480794852
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480794852
Hero Member
*
Offline Offline

Posts: 1480794852

View Profile Personal Message (Offline)

Ignore
1480794852
Reply with quote  #2

1480794852
Report to moderator
1480794852
Hero Member
*
Offline Offline

Posts: 1480794852

View Profile Personal Message (Offline)

Ignore
1480794852
Reply with quote  #2

1480794852
Report to moderator
Ruxum
Jr. Member
*
Offline Offline

Activity: 39


View Profile
June 12, 2011, 01:22:49 PM
 #2

dropbox sync in itself is not a valid safety precaution. 

- what if they close your account? 
- or if someone hacks your account
- what if the file gets deleted / corrupted.  and then syncs everywhere.

You still need proper backups.

bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 12, 2011, 01:26:11 PM
 #3

That's the most stupid thing you could do.

1. The wallet is sacred. Everybody, who has access to the wallet, can spend your coins. The wallet is the only thing you have to keep private, and you failed ...

2. Dropbox is evil.

3. Dropbox is known to be insecure.

Misspelling protects against dictionary attacks NOT
Hawkix
Hero Member
*****
Offline Offline

Activity: 517



View Profile WWW
June 12, 2011, 01:27:50 PM
 #4

Use Truecrypt and create a small (1MB?) encrypted (with good password) volume file. Then, move wallet.dat into it. Keep this volume container file (e.g. wallet.tc) on Dropbox or Sugarsync or everwhere.

Donations: 1Hawkix7GHym6SM98ii5vSHHShA3FUgpV6
http://btcportal.net/ - All about Bitcoin - coming soon!
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 12, 2011, 01:32:39 PM
 #5

Use Truecrypt and create a small (1MB?) encrypted (with good password) volume file. Then, move wallet.dat into it. Keep this volume container file (e.g. wallet.tc) on Dropbox or Sugarsync or everwhere.


If you just want to encrypt some files for backup, why not use GPG? TrueCrypt looks bloated for that purpose.

Misspelling protects against dictionary attacks NOT
RodeoX
Legendary
*
Offline Offline

Activity: 2100


The revolution will be monetized!


View Profile
June 12, 2011, 01:48:34 PM
 #6

I think your idea is awesome. But as mentioned not secure enough. In addition to encryption you may want to rename the file that is plausibly encrypted. Maybe bankloan or divorce. Then dont tell what service you are storing this file on. Just say a remote/cloud service. Lastly, copy to flashdrive and store a copy somewhere other than in your home.
Now your 5000 BTC are *safe.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin=https://bitcointalk.org/index.php?topic=1610684
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 12, 2011, 01:54:09 PM
 #7

I think your idea is awesome. But as mentioned not secure enough. In addition to encryption you may want to rename the file that is plausibly encrypted. Maybe bankloan or divorce. Then dont tell what service you are storing this file on. Just say a remote/cloud service. Lastly, copy to flashdrive and store a copy somewhere other than in your home.
Now your 5000 BTC are *safe.

I do it very similarly. On Linux I type:

Code:
tar -c .bitcoin/wallet.dat | gpg -c > $FILENAME

- The tar command makes an archive (which keeps the name and path of the file that is backed up).
- The gpg command encrypts with an symmetric algorithm, asking for a password (in case of wallet files I enter a pretty strong password).
- The filename can be anything.

Then I store the encrypted backup at places with high reliability, e.g. university computers I have access to. You can store it anywhere, it's only a few kilobytes.

Misspelling protects against dictionary attacks NOT
tictok
Newbie
*
Offline Offline

Activity: 20


View Profile
June 12, 2011, 01:55:03 PM
 #8

Thanks guys...

Okay, so point taken.. will put the wallet in an encrypted volume (probably in an encytped DMG as I'm on a mac). Might use GPG, I used to use PGP, GPG, years ago, but its been a while and I got out of the habbit.

Is dropbox really that insecure though? Is it *really* "the most stupid thing you could do" as bcearl says? (believe me I can think of a few more stupid things than that!)
It's not like I'm putting the file in a public or shared folder? I have to be logged into my account to access it.
I use dropbox for a few work related things - bcearl, can you expand upon why its so evil and what the know insecurities are?
Going by your post it appears I should drop all dropbox usage immediately.

I also figure that if they close my account the files will still be in the dropbox folder on my main desktop mac.

And back to my original question. What would happen if I accidentally accessed the wallet from different bitcoin client applications on different computers??  That's my main concern at the moment...

Oh, I wish I had anywhere near 5000BTC!!!!  try removing a few (all) of the zeros form that  Wink
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 12, 2011, 01:58:36 PM
 #9

It's not like I'm putting the file in a public or shared folder?

Actually, Dropbox had bugs that actually made it one. You could access files of other Dropbox users by just knowing the hash.

Misspelling protects against dictionary attacks NOT
Ruxum
Jr. Member
*
Offline Offline

Activity: 39


View Profile
June 12, 2011, 02:01:08 PM
 #10

I think your idea is awesome. But as mentioned not secure enough. In addition to encryption you may want to rename the file that is plausibly encrypted. Maybe bankloan or divorce. Then dont tell what service you are storing this file on. Just say a remote/cloud service. Lastly, copy to flashdrive and store a copy somewhere other than in your home.
Now your 5000 BTC are *safe.

And don't forget to NOT FORGET the encryption password!!

124C41
Sr. Member
****
Offline Offline

Activity: 308

EVERYTHING YOU CAN IMAGINE IS REAL


View Profile
January 15, 2014, 09:09:14 AM
 #11

Thanks guys...

Okay, so point taken.. will put the wallet in an encrypted volume (probably in an encytped DMG as I'm on a mac). Might use GPG, I used to use PGP, GPG, years ago, but its been a while and I got out of the habbit.

Is dropbox really that insecure though? Is it *really* "the most stupid thing you could do" as bcearl says? (believe me I can think of a few more stupid things than that!)
It's not like I'm putting the file in a public or shared folder? I have to be logged into my account to access it.
I use dropbox for a few work related things - bcearl, can you expand upon why its so evil and what the know insecurities are?
Going by your post it appears I should drop all dropbox usage immediately.

I also figure that if they close my account the files will still be in the dropbox folder on my main desktop mac.

And back to my original question. What would happen if I accidentally accessed the wallet from different bitcoin client applications on different computers??  That's my main concern at the moment...

Oh, I wish I had anywhere near 5000BTC!!!!  try removing a few (all) of the zeros form that  Wink


Just google 'dropbox outage' and check out the news from this past weekend.

Some headlines:
"Dropbox Takes Blame For Cloud Outage"
"Dropbox problems linger after Friday outage"
"Dropbox explains outage, denies breach"
"Dropbox Outage Still Continues for Some"

Imagine yourself trying to sync your wallet or make a transfer while this is going on.

You do not want to take that risk with your hard earned coin.


Whether you think you can, or you think you can't - you're right.
BTC: 1Ex3zmaHoqbMBUWQVcG7kdTCktyng7Ld9M LTC: Lhrp8G9EjoyKCqKAmtuprUcV9KvqZQKAfk
cheeseburger123
Jr. Member
*
Offline Offline

Activity: 42


View Profile
January 15, 2014, 09:30:30 AM
 #12

why no transfer between two mobilephone.

DJsHuVDUAgFtHKgWARxy5ihkFqhFZErBkF
17ZyyiTV3fi5ubfoK4JQXx96JoroWXdjtr
nathan_kia
Newbie
*
Offline Offline

Activity: 19


View Profile
January 15, 2014, 11:24:43 AM
 #13

I am storing my wallet.dat file in wuala.com and on a encrypted USB flash which is being kept in somewhere safe. ( burried in the garden) Wink
Wuala.com security seems better to me. Employees cannot access the files. Encrypt it and upload it in wuala. I also have two types of encryption., one is a key file and other one is a password. The key file is a totally random file which is saved somewhere on my hard disk. It can be any kind of file .avi .mp3 .Jpg .
majika
Newbie
*
Offline Offline

Activity: 18

In Cryptography We Trust


View Profile
January 15, 2014, 12:22:40 PM
 #14

That's the most stupid thing you could do.

1. The wallet is sacred. Everybody, who has access to the wallet, can spend your coins. The wallet is the only thing you have to keep private, and you failed ...

2. Dropbox is evil.

3. Dropbox is known to be insecure.

I couldn't agree more..

Best bet is to do as others have said..
1) Rename your wallet.dat > "drivers.dat" (or to any other none obviously named file). maybe even change to file extension from *.dat" to "*.wav" and change it back when you need to make backup
2) Package this file up into a protected archive file (Password protected) (WinRAR, etc)
3) Save it to an encrypted partition on your HDD (Tools like TrueCrypt will do this for you)
4) Save it to several different "Physical" locations i.e Not on a cloud based server. Stick it on a thumb-drive Packaged, Pass-protected and encrypted
5) next create a second wallet to use as your "pocket money" wallet, then transfer a couple of coins into this wallet. Now with your other "Main" wallet this can act like your main bank account which holds the majority of your coins. and keep this secure & offline.
6) create some IDS rules on your Security product to "Disallow" access to remote machines for the given file name in step 2 (above) block certain fie-types (although with this IDS based method issues may arise when it comes to syncing your wallet(s)) - just an idea for added security. Smiley

BC: BDrrSTBTTejpz8frYNCUZE7gHc3G939NQd @Crypt0Trad
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!