GimpyPrime (OP)
Member
 Offline
Activity: 68
Merit: 10
|
 |
April 01, 2013, 04:40:19 AM |
|
Did a quick search in the forums, didn't see this idea yet. Although I did see alot of other great ideas.
Objective
To provide a reliable long term solution for storing a wallets. The solution should mitigate risk of theft, while also providing redundancy in case of data loss.
This is not to be a replacement for wallets themselves. It is intended for long term storage only.
Problems with existing backup solutions
1. If a cracker obtains your backup there is a possibility of it being decrypted and stolen
2. If you lose your backup you lose your coins
3. Each backup copy you make to prevent data loss increases your risk of being stolen
Proposed solution
This is a fairly standard concept, and the most similar technology that comes to mind is RAID. Essentially we create 3 files which represent the backup of the wallet. In order to rebuild the wallet you need a minimum of 2 parts, at that point you still need to know the key for decrypting. Should an attacker obtain one of your files he will not have enough data to build a complete file. Also, should one of your storage devices fail you will presumably still have 2 parts to rebuild the wallet.
How it works
1. First we begin by encrypting the wallet
2. Split up the encrypted bytes into 3 Parts
3. Organize them into 3 unique pairs, for example
File 1: Part1 + Part2
File 2: Part1 + Part3
File 3: Part2 + Part3
4. Distribute the 3 files among different secured storage mediums. USB Key, hard Drive, FTP, etc...
Additional Thoughts
1. Technically we aren't limited to 3 parts. This could be theoretically any number.
2. This concept could be applied to eWallets as well. Rather than having a single wallet provider users may store wallet parts with multiple providers. In order for an attacker to steal funds they would need to hack N number of providers, somehow correspond wallet parts with eachother, and then of course know the encryption method/key for the wallet itself.
Anyway, if you like this idea perhaps we can start getting a working standard together. I am building my own wallet and I want to use as many best practices as possible, and create practices where they are lacking. If this idea already exists I apologize for the duplicate thread.
|
|
|
|
|
|
|
|
|
|
I HATE TABLES I HATE TABLES I HA(╯°□°)╯︵ ┻━┻ TABLES I HATE TABLES I HATE TABLES
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
April 02, 2013, 08:01:02 AM |
|
There is multi-part file for RAR files. Also parity files. And QuickPar. Although those are all old, but if you had burned a CD or DVD 8 years ago, and it has actually oxidized partially, there is a possibility to recover enough of the files and the parity files to reconstruct the original file.
I see that there is now something called MultiPar. When a future damage is predictable, you can prepare for it.
Currently, what I use is just RAR. I use recovery record and passwords. You can opt not to use compression too.
On burning to optical media or saving to USB flash drives, I make multiple copies of the same file, since the RAR'd wallet file is generally less than 1 megabyte and the capacity of the CD or DVD is many hundreds of times.
Then of course, there are paper backups. The encryption of QR codes is not yet standardized and every other QR code software seems to have their own version.
You could just ASCII armor the RAR file, and print that (either as text or as a giant QR code). That way, it is encrypted, it is in paper, and you can make multiple copies of it.
Your problems disappear:
1. Cracking your encryption = use long passwords = end of time before the cracker cracks your backup.
2. Multiple copies in different locations = you don't lose all your coins.
3. Each backup copy is encrypted = same risk of being stolen as getting access to only one backup copy.
Software pirates used to upload on USENET, and upload 10 parts of RAR files, with 3 or 4 recovery files. So if 3 files out of the 10 are corrupted, you can still recover the whole thing.
|
|
|
|
GimpyPrime (OP)
Member
Offline
Activity: 68
Merit: 10
|
|
April 02, 2013, 06:58:40 PM |
|
Interesting... I knew RAR could split a file into parts, but I didn't realize there was a similar recovery feature. It seems like an obvious feature I suppose, but then again I've never had the need for it until now.
In regards to passwords, cracking is becoming easier each day. It is true that the weakest point in any encrypted file is not the encryption itself, but the password used. As time goes on the length of passwords will need to perpetually increase. I guess that is where certificates come in. But then if you lose your private key you are equally compromised.
Anyway the point I am trying to make is that perhaps we should have the part file functionality built into the wallets. While other technologies are effective we need something the majority of people can use and understand. As times goes on we should expect people to become more ITsavvy. However for mass adoption of Bitcoin to continue, it must be relatively secure for the average person without having to jump through hoops.
Right now it is widely seen as a currency for hackers. For this to change... my 85 year old grandmother should be able to use it without being robbed blind. Of course this idea doesn't solve that, but I think it is a step in the right direction.
|
|
|
|
|
|
Deafboy
|
|
April 02, 2013, 07:08:32 PM |
|
1) Upload file to Freenet. 2) Download it every once in a while so it's not removed from distributed storage.  3) Profit |
|
|
|
|
justusranvier
Legendary
Offline
Activity: 1400
Merit: 1009
|
|
April 02, 2013, 07:13:54 PM |
|
2) Download it every once in a while so it's not removed from distributed storage.
There's a KeepAlive plugin for that now. |
|
|
|
|
PRab
Member
Offline
Activity: 98
Merit: 10
|
|
April 02, 2013, 10:45:52 PM
Last edit: April 03, 2013, 03:02:07 AM by PRab |
|
The general term for the technique you are describing is erasure coding. True erasure coding allows you to take any chunk of data (a file) and allows you to pick 2 parameters:
K= How many pieces do I need to reconstruct the original data
N= How many pieces are there going to be total
In addition, it would be smart to include a digital signature somewhere in you scheme to ensure that your wallet isn't changed. Depending on what type of encryption you are performing, it might be possible to modify the encrypted data undetectable (even if the attacker can not read it).
Tahoe-LAFS and Freenet (as mentioned by others) are both considered secure, distributed systems that have many of the properties you desire.
Edit: Added important "not"
|
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
April 03, 2013, 02:04:13 AM |
|
1. cloud servers: amazon, etc.
2. online storage: dropbox, wuala, google drive, etc.
3. send to your own email: gmail, yahoo, etc.
4. your own website or blog or whatever.
5. public file sharing sites: rapid-something, pastefile, pastebin, paste-something.
6. other computers you have access to: friends, relatives, office.
1 megabyte wallet file
1 megabyte public and private keys in text or document format (txt, word, open office, etc.)
Compressed with RAR with recovery record. With 20-60 character password. Optionally encrypted with TrueCrypt or GPG or similar tool. Note: recovery records or parity files must be AFTER it has been encrypted. Or you could RAR them together.
|
|
|
|
|
