Rate My Bitcoin Security Process (and please recommend improvements)

[alpacker123]

Hey guys,

I’m trying to create a secure process for storing my future bitcoins. I have a good chunk of the process down pat, but there are a few aspects that confuse me.

Okay, here is what I’ve done so far.

1.   I have installed bitcoin-qt on an encrypted USB drive, I copied it from a Windows computer and use the –datadir redirection. I should note that this drive was exposed to the internet, if that makes a difference (probably does).

2.   I then installed Ubuntu on my backup laptop, although I did connect to the internet to download bitcoin and truecrypt. From what I have read, I should use this ‘clean’ system to process and store my bitcoins and generate addresses.

3.   I have several USB drives ready to hold the keyfiles and the wallet.dat files, which I will password encrypt. I’m assuming that I should also use these drives to hold the addresses.

Here is where I get confused.

I understand that the wallet.dat is the file you want to backup and protect. But I have no idea how you are supposed to update the wallet.dat file without exposing it to the internet. I know that I should use the wallet.dat generated in the clean system, but again, how does it update? Is there a simple process for doing this, or am I missing something really basic?

If I had to guess, you would download the blocks onto the regular Windows system with the clean wallet.dat file, then transfer the wallet.dat file back across to the clean system, then delete the Windows wallet.dat file.

Also, should I worry about private keys? I’ve been reading a lot about the security process, but to be honest I’m finding some aspects to be very confusing.

Any clarification would be greatly appreciated.

[1714175737]

1714175737

[1714175737]

1714175737

[1714175737]

1714175737

[1714175737]

1714175737

[DannyHamilton]

Yes, the private keys are what you need to access your bitcoins, and are what you need to protect so that nobody else can access your bitcoins.

The private keys are what are stored in the wallet.dat, which is why when you want to create an ultra secure offline wallet you are encouraged to create the wallet.dat on a "clean" computer that is not connected to the internet.

So, the key features here are:

Start with a computer that is not connected to the internet.

Wipe it clean (ex: format the hard drive) and turn off the power to clear out any memory. Connecting to the internet at anytime after this step results in the potential for malware to make its way from the internet onto the computer.  It is therefore recommended that the computer not be connected to the internet after this step until the end of the process.

Install a known clean copy of a trusted operating system from removable media.

Install a known clean copy of Bitcoin-Qt from removable media.

Run Bitcoin-Qt on the offline computer and generate the addresses that you desire.

Write down the Bitcoin Addresses somewhere that you won't lose them.

Make enough reliable copies of the wallet.dat that you don't fear the possibility of losing them all, and secure those copies in some fashion that prevents others from accessing them.

Wipe the offline computer hard drive clean again, and power it off to clear out all memory.

After that step you can do whatever you want with the offline computer (such as reinstalling an operating system and reconnecting to the internet.  Make sure that none of the copies of the wallet.dat that you created are ever accessible from the internet.

You can now have bitcoins sent to any of the bitcoin addresses that you wrote down.  So long as you have at least one working copy of wallet.dat that you can access in the future, you will be able to access those bitcoins in the future.  If anyone else ever gets access to an unencrypted copy of the wallet.dat, they will have the ability to access your bitcoins.

Spending the bitcoins from the ultra secure offline wallet is a completely separate process.  If you are going to do so on a regular basis, then you should consider looking into the Armory wallet. If you are planning on using this process for "long term" storage, then the process for accessing the bitcoins is likely to change from the current process over time.  It would be a good idea to keep up with bitcoin developments and be aware if an old wallet.dat format is no longer going to be widely supported.

[Gator-hex]

Install fresh copy of Ubuntu (or other Linux) not Windows
Firewall all network ports except port 8333
Install Bitcoin client
Create wallet
Encrypt wallet
Backup wallet.dat to you memory stick
You will be exposed to the internet to sync the blockchain
Do not use the computer for anything else, NEVER MINE on the same computer as your wallet.

[DannyHamilton]

- snip -
You will be exposed to the internet to sync the blockchain
If you want to be super careful Firewall all network ports except port 8333

These indicated steps are unnecessary and can increase your risk if you are not planning on spending the bitcoins any time soon.

If you are planning on spending the bitcoins, and are concerned enough about security to go through this process, then you chould really consider using Armory, which will keep your private keys entirely offline while providing an interface for creating transactions that can be broadcast online.

[Gator-hex]

Firewall all network ports except port 8333

These indicated steps are unnecessary and can increase your risk if you are not planning on spending the bitcoins any time soon.

Bullshit, the official client has a redundent IRC network built in. They say it's a backup network in-case the state ever attacks 8333. Never leave IRC ports open, EVER, it's the most common method for remote controlling a computer.

[DannyHamilton]

Firewall all network ports except port 8333

These indicated steps are unnecessary and can increase your risk if you are not planning on spending the bitcoins any time soon.

Bullshit, the official client has a redundent IRC network built in. They say it's a backup network in-case the state ever attacks 8333. Never leave IRC ports open, EVER, it's the most common method for remote controlling a computer.

You aren't catching on to what I'm saying.

If you are not planning on spending the bitcoins anytime soon, then there is no need to connect the computer to the internet at all before completely wiping it.  There is no need to "be exposed to the internet to sync the blockchain".  There is no need to "sync the blockchain" at all.

On the other hand, if you are concerned enough about security to go through all these steps, and you do want to be able to spend the bitcoins some time soon, then it is a bad (and unnecessary) idea to connect the computer that has your private keys to the internet at all.  You should look into the Armory client that allows you to keep your private keys on an offline computer, and sync the blockchain on an online computer that does not have your private keys.

[alpacker123]

Thanks for the quick response Danny!

Just to clarify a few things:

1.   Is it the case that you never have to update the wallet.dat file if you are using it for long-term storage (other than the format changes you mentioned)? So you just create it on the offline machine and keep it offline for as long as you use it?

2.   Also, will I ever have to use the bitcoin-qt client again? It sounds like you simply send your bitcoins to one of the saved addresses, bypassing bitconi-qt altogether.

3.   Is there a secure process for selling the bitcoins without exposing the wallet.dat file?

And one more thing: If I have understood correctly, you don’t actually ‘download’ the bitcoins onto your system, instead you are given an access key to bitcoins already on the public block chain. But you are the only one with the private key, therefore controlling how you spend the bitcoins.

Is that correct?

Thanks again for your help!

[DannyHamilton]

1.   Is it the case that you never have to update the wallet.dat file if you are using it for long-term storage (other than the format changes you mentioned)? So you just create it on the offline machine and keep it offline for as long as you use it?

There could be an issue if new versions of the wallet come out that are incompatible with the older versions.  This is highly unlikely, but you'll want to keep yourself aware of any future developments.  If you want something a bit more reliable, you can learn how to find the private keys along with the addresses.  These keys are typically importable into just about any major wallet out there.  The only reason that the private keys would become unusable would be if a weakness is discovered in the ECDSA algorithm and bitcoin switches to a new digital signature algorithm.

2.   Also, will I ever have to use the bitcoin-qt client again? It sounds like you simply send your bitcoins to one of the saved addresses, bypassing bitconi-qt altogether.

One you have a trusted and reliable copy of the bitcoin addresses and the private keys, there is no longer a need to use the Bitcoin-Qt client as long as you are only receiving bitcoins.  There are several sources available to look up an address on the public ledger (blockchain) and see how many bitcoins are associated with it.  I expect that such ledger viewers will continue to exist.

3.   Is there a secure process for selling the bitcoins without exposing the wallet.dat file?

You can import the private keys into an wallet running on an online computer, but as soon as you do, you are immediately exposed to any malware that may exist on that computer.  To protect yourself from such risks, you can use the Armory wallet.  Depending on how long you are planning on storing the bitcoins, other options may present themselves in the future.

And one more thing: If I have understood correctly, you don’t actually ‘download’ the bitcoins onto your system, instead you are given an access key to bitcoins already on the public block chain. But you are the only one with the private key, therefore controlling how you spend the bitcoins.

Correct.

Lose the private keys associated with an address and nobody can help you access those bitcons.  You can consider them permanently "lost".

Allow someone else to gain access to those private keys somehow and they can now control and spend/steal those bitcoins.  There is nothing you can do to stop them except get to the coins first and transfer them to a new address that does not have a compromised key.