Bitcoin Forum
July 16, 2018, 11:44:46 AM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 [13] 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 ... 129 »
  Print  
Author Topic: HOWTO: create a 100% secure wallet  (Read 274046 times)
itake
Jr. Member
*
Offline Offline

Activity: 40
Merit: 0


View Profile
June 28, 2011, 07:32:32 PM
 #241

Don't use the same encryption password as you do for your other accounts (mtGox, etc. etc.)
1531741486
Hero Member
*
Offline Offline

Posts: 1531741486

View Profile Personal Message (Offline)

Ignore
1531741486
Reply with quote  #2

1531741486
Report to moderator
1531741486
Hero Member
*
Offline Offline

Posts: 1531741486

View Profile Personal Message (Offline)

Ignore
1531741486
Reply with quote  #2

1531741486
Report to moderator
1531741486
Hero Member
*
Offline Offline

Posts: 1531741486

View Profile Personal Message (Offline)

Ignore
1531741486
Reply with quote  #2

1531741486
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1531741486
Hero Member
*
Offline Offline

Posts: 1531741486

View Profile Personal Message (Offline)

Ignore
1531741486
Reply with quote  #2

1531741486
Report to moderator
1531741486
Hero Member
*
Offline Offline

Posts: 1531741486

View Profile Personal Message (Offline)

Ignore
1531741486
Reply with quote  #2

1531741486
Report to moderator
1531741486
Hero Member
*
Offline Offline

Posts: 1531741486

View Profile Personal Message (Offline)

Ignore
1531741486
Reply with quote  #2

1531741486
Report to moderator
BitcoinBabe
Member
**
Offline Offline

Activity: 84
Merit: 10


Side-stepping the matrix | Bit by bit


View Profile WWW
June 30, 2011, 03:08:03 AM
 #242

OK,

You've probably already clarified this, but there are just too many replies to go through.

So I haven't made any transactions yet, but I have downloaded the bitcoin software to my PC (yes... it's windows... and?  :|).

Are you saying that even thougth I've done nothing involving my bitcoin wallet thus far, I should NOT back up this wallet onto a liveCD/USB...? Does this mean reinstalling bitcoin in ubuntu and then backing THAT up...?

bitlotto
Hero Member
*****
Offline Offline

Activity: 672
Merit: 500


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 30, 2011, 05:00:55 AM
 #243

OK,

You've probably already clarified this, but there are just too many replies to go through.

So I haven't made any transactions yet, but I have downloaded the bitcoin software to my PC (yes... it's windows... and?  :|).

Are you saying that even thougth I've done nothing involving my bitcoin wallet thus far, I should NOT back up this wallet onto a liveCD/USB...? Does this mean reinstalling bitcoin in ubuntu and then backing THAT up...?
The wallet contains "keys". Since it was on windows it COULD be compromised. If you back that up it's no good. You need a brand new wallet that's created while running the Live CD. Yes you would install Bitcoin while in Ubuntu. Run it. Get some addresses and then close it. Make sure its a new version of Bitcoin. Backup/Encrypt the new wallet. OR see:
https://forum.bitcoin.org/index.php?topic=24546.0 it may be more simple for a savings only account...

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
BitcoinBabe
Member
**
Offline Offline

Activity: 84
Merit: 10


Side-stepping the matrix | Bit by bit


View Profile WWW
June 30, 2011, 05:04:23 AM
 #244

OK,

You've probably already clarified this, but there are just too many replies to go through.

So I haven't made any transactions yet, but I have downloaded the bitcoin software to my PC (yes... it's windows... and?  :|).

Are you saying that even thougth I've done nothing involving my bitcoin wallet thus far, I should NOT back up this wallet onto a liveCD/USB...? Does this mean reinstalling bitcoin in ubuntu and then backing THAT up...?
The wallet contains "keys". Since it was on windows it COULD be compromised. If you back that up it's no good. You need a brand new wallet that's created while running the Live CD. Yes you would install Bitcoin while in Ubuntu. Run it. Get some addresses and then close it. Make sure its a new version of Bitcoin. Backup/Encrypt the new wallet. OR see:
https://forum.bitcoin.org/index.php?topic=24546.0 it may be more simple for a savings only account...

Gotcha!

Muchas gracias. Smiley

infested999
Hero Member
*****
Offline Offline

Activity: 728
Merit: 500



View Profile
June 30, 2011, 04:07:30 PM
 #245

Truecrypt volume inside a Virtual machine for maximum security xD
netrin
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


FirstBits: 168Bc


View Profile
June 30, 2011, 04:09:32 PM
 #246

... Since it was on windows it COULD be compromised.

There seem to be two schools of thought regarding the Linux vs. Windows security issue. (1) is that Linux is inherently more secure by design vs. (2) Windows has bigger market share and perhaps fewer technical users and is thus an easier, more lucrative target.

I subscribe to both schools, but I think bitcoins presents an interesting test case of these theories. We are a community made of a disproportionately high number of Linux users. Compromising our systems provides a nearly untraceable and immediate benefit to an attacker (namely copying and spending the wallet.dat file).

While it can probably still be said that the Linux users represent a higher technical level, it seems they might represent a bigger market share (do we have statistics on this?). So we may soon have more insight into assertion (1).

I run Linux, but I must admit, I am very concerned. The bitcoin client must implement encryption (unlocking on send only) and offline transaction files. I would not be surprised if we see a successful Linux trojan before Christmas which could do much damage to the general confidence in bitcoin security.

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
netrin
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


FirstBits: 168Bc


View Profile
June 30, 2011, 04:14:12 PM
 #247

Truecrypt volume inside a Virtual machine for maximum security xD

I am afraid you will all loose your keys after hardware failure rather than a malicious attack. I symetrically encrypt multiple wallets offline, then commit the encrypted wallets to distributed version control, and replicate the repositories on multiple devices.

I only decrypt one wallet at a time for spending, thus exposing only a subset of bitcoins to the network. I can check my total balances in the block chain. I am protected from both malicious attack and hardware failure. And it's MUCH easier than LiveCD's with encrypted shares that may Ooops! get lost.

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
jasonstx
Jr. Member
*
Offline Offline

Activity: 53
Merit: 0


View Profile
July 01, 2011, 02:52:10 AM
 #248

Forgive my ignorance, but couldn't you just get the vmware player (free), make your own vmx to install ubuntu, install bitcoin and truecrypt, download all the blocks, snapshot, mount and import your wallet.dat from truecrypt volume on USB, send BTC, shutdown and delete snapshot?  There isn't really even a need to make a change in your truecrypt volume.

I realize that you could possibly do forensics on the drive and recover that deleted snapshot but that requires physical access to the drive.

And AFAIK Ubuntu is pretty safe as it doesn't listen for any incoming connections.

So if it was a dedicated single use just for BTC transactions (no browsing, etc.) would it be fine for non-paranoid people?




John (John K.)
Global Troll-buster and
Legendary
*
Offline Offline

Activity: 1246
Merit: 1077


Will read PM's. Have more time lately


View Profile
July 01, 2011, 03:33:41 AM
 #249

Informational and funny to read  Grin

My BTC Tip Jar: 1Pgvfy19uwtYe5o9dg3zZsAjgCPt3XZqz9 , GPG ID: B3AAEEB0 ,OTC ID: johnthedong
Escrow service is available on a case by case basis! (PM Me to verify I'm the escrow!)

PandaMiner
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile
July 01, 2011, 06:03:21 AM
 #250

** Poll: Who is really doing so? **

Be honest. How many of us really use two wallets?
One for daily buying and selling. One for saving.

I am.  I tried out with small amounts first, and making sure my boot-from-ubuntu-usbkey worked multiple times before sending my "savings" to it.

❘|❘ NEUFUND Re-Imagine ICOs | Connect off- and on-chain with equity tokens | Enjoy risk-free commitment
JOIN THE ICBM | JOIN THE DISCUSSION
nipsy
Newbie
*
Offline Offline

Activity: 9
Merit: 0


View Profile
July 01, 2011, 06:32:58 AM
 #251

I know it's coming, but I still can't fathom why the client didn't include the option early on of encrypting the private keys in use in your wallet.  Seems like an obvious requirement for such a currency as this.
mystery2048
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
July 01, 2011, 09:13:46 AM
 #252

In my opinion, the first adage to obey is, Dont put all your eggs in one basket, before considering anything else about security... I dont think anyone should have too much money in any one wallet at a time...

Important: https://bitcointalk.org/index.php?topic=92424.0;all

Donations: 1HWMQv2VYviAgpy6NWNvVg9JhKm4zcMGS5
rowyourboat
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
July 01, 2011, 09:18:08 AM
 #253

great post, thanks!
sealkid
Jr. Member
*
Offline Offline

Activity: 59
Merit: 1


Honk, honk!


View Profile
July 01, 2011, 12:21:12 PM
 #254

thanks for the info! very useful

Come join my triplemining minipool! (http://sealkid.triplemining.com/register)
PandaMiner
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250



View Profile
July 01, 2011, 03:21:34 PM
 #255

I am in the process of installing bitcoin client on one of my miners for testing purposes.  It has been 3 hours and it still hasn't downloaded all of the blocks yet.  I fear every day puts minutes onto this time.  Which means that by this time next year, it will take a day or more to have a fully up-to-date client.

I wonder if there is a way to copy the database?

❘|❘ NEUFUND Re-Imagine ICOs | Connect off- and on-chain with equity tokens | Enjoy risk-free commitment
JOIN THE ICBM | JOIN THE DISCUSSION
samadamsbeer
Member
**
Offline Offline

Activity: 90
Merit: 10


View Profile
July 01, 2011, 04:04:13 PM
 #256

Sorry I have not gone thru all 14 pages, plan to do so. I did run a search on this and did not find an answer.

I asked the same question here: https://forum.bitcoin.org/index.php?topic=20298.msg311431#msg311431

Quote
Mine (Bitcoin data folder) is over 300MB already, looks like the block chain files are the main culprit in the hundred of mb. Like the file blk0001.dat is over 300MB. But if I want to follow the instructions to secure my wallet here https://en.bitcoin.it/wiki/Securing_your_wallet using a Truecrypt container it says to make the container at least 100MB. At this rate of growth it seems I need to make my container in the GBs if I don't want to keep recreating it? Am I missing something? Can I just encrypt a container for the wallet.dat and not the block chains?
cocodapuf
Newbie
*
Offline Offline

Activity: 27
Merit: 0


View Profile
July 01, 2011, 05:56:08 PM
 #257

Admittedly I read through the guide and the first page of comments, then skipped the rest.  Here are my thoughts...

As someone who works in IT, I think that for most users this process is pretty complicated, but more importantly way too tedious for simply transferring funds.  With my current bank, it's easier for me to transfer funds from my checking account to savings, even though those funds aren't physically in my possession.

Now granted, this is pretty simple for a system that is practically 100% secure.  Still, I think most people need a system that is perhaps 99% secure, but much simpler and faster. 
CyberPhunk
Full Member
***
Offline Offline

Activity: 124
Merit: 100


View Profile
July 01, 2011, 06:54:10 PM
 #258

Will definitely have to play around with this.

Thanks for putting the time into sharing the info.

List of client download mirrors / Older Catalyst drivers/SDK
13dRbbqBpfZEmZiXXdLM4NKNoJYsgHbuFJ  <- might as well, in case someone feels generous. Wink
netrin
Sr. Member
****
Offline Offline

Activity: 322
Merit: 250


FirstBits: 168Bc


View Profile
July 01, 2011, 07:11:51 PM
 #259

As someone who works in IT, I think that for most users this process is pretty complicated, but more importantly way too tedious for simply transferring funds.

Agreed. This all needs to be easier/simpler before my Mom will come near it.

Still, I think most people need a system that is perhaps 99% secure, but much simpler and faster. 

What does 99% secure mean? Is that like a water damn or parachute with a 1% hole in it? Or a computer with only one port out of a hundred compromised? Or one malicious out of hundred users? 99% secure is 100% insecure.

Most computers are not secure. This does not mean that their users will die or loose their all of their data, but it means that they are not the only ones in control of their hardware. When there are bitcoins on the machine, that is more of a concern than if the most private things you have a family photos and a tax return.

You have to think of this like a biological virus. A successful virus 'wants' to survive not kill or rather if a virus kills its host it will reduce its chance of replication. A successful virus 'wants' to infect in such a way that the host will continue unaware of infection unless (such as ebola) the host acts in a ways that it increases dissemination (like wandering into markets or going to the hospital and exploding blood upon a large number of vulnerable patients in close proximity).

An attacker does not want its host to know it has been compromised. It does not want to produce concern. It wants to act with surgical precision and maximal effect. We should thank Lulz and other joy riding young crackers for making us aware of our vulnerabilities, for making us conscious and secure.

Greenlandic tupilak. Hand carved, traditional cursed bone figures. Sorry, polar bear, walrus and human remains not available for export.
atomictornado
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
July 02, 2011, 04:51:57 AM
 #260

Very informative post!  Thanks for sharing!!   Grin

Envion : World's Most Profitable Standard of Self- Expanding Crypto Infrastructure (https://www.envion.org/en/ico)
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 [13] 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 ... 129 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!