Bitcoin Forum
December 06, 2016, 12:29:10 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 [125] 126 127 128 129 »
  Print  
Author Topic: HOWTO: create a 100% secure wallet  (Read 249667 times)
Richy_T
Legendary
*
Offline Offline

Activity: 1246


1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k


View Profile
November 25, 2013, 09:20:43 PM
 #2481

All possible Bitcoin private keys, eh?  Cheesy Cheesy Cheesy Cheesy Cheesy Cheesy Cheesy Cheesy Cheesy

1RichyTrEwPYjZSeAYxeiFBNnKC9UjC5k
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481027350
Hero Member
*
Offline Offline

Posts: 1481027350

View Profile Personal Message (Offline)

Ignore
1481027350
Reply with quote  #2

1481027350
Report to moderator
1481027350
Hero Member
*
Offline Offline

Posts: 1481027350

View Profile Personal Message (Offline)

Ignore
1481027350
Reply with quote  #2

1481027350
Report to moderator
RoxxR
Full Member
***
Offline Offline

Activity: 176


View Profile
November 27, 2013, 05:46:51 PM
 #2482

Crypto currencies are a game-changer.  But, as currently implemented, they are designed to fail.  The proposals here won’t change the out­come.

Simply put: there is no spend password on the private key!

To illustrate: my PGP/GPG private keys are only created and used off­line; printed and stored in an off­site safe.  But, they are vulnerable to replication.  Somebody sitting at a keyboard and hammering out a random string that just may be identical to my original PGP/GPG private key.

So, when somebody finally replicates my PGP/GPG private key they must still crack my random password to impersonate me.  That, is to transact with my key.

The Android Bitcoin flaw proved that the Bitcoin 51 character private key is much easier to replicate.  It starts with the digit 5 and the rest of the key are randomised characters from the Base58 symbol chart on the Base58Check encoding page.

It doesn’t matter if you follow best-practice privacy measures, such as cold storage, paper-wallets, encrypted USB drives, etc.  No passphrase, no security.

It won’t be long before some script-kiddy writes an algorithm to replicate all possible Bitcoin private keys.  Run them through the JavaScripts available on­line that calculate the individual public keys.  Query sites such as Bitcoin Block Explorer for addresses with transaction histories.  Download the JavaScript to create secure offline Bitcoin transactions.  Then, broadcast the transactions.

All without touching a single encrypted wallet.dat.
––––
REFERENCES
····
The Android Bitcoin vulnerability explained
  http://blogs.avg.com/mobile/android-bitcoin-vulnerability-explained/
····
Base58Check encoding
  https://en.bitcoin.it/wiki/Base58Check_encoding
····
Query private wallet keys at
  https://www.bitaddress.org
····
Watch wallets online at
  https://blockchain.info/address/
····
Retrieve transaction history at
  http://blockexplorer.com/q/mytransactions/
····
Create offline send with
  http://www.howtovanish.com/images/offline-transactions.zip
····
Broadcast spend at
  http://blockchain.info/pushtx


This already exists: Deep Space Vagabond Smiley  Google it.
Perhaps more interesting than the app is the discussion thread, read it all, it's very educational.
RoxxR
Full Member
***
Offline Offline

Activity: 176


View Profile
November 27, 2013, 05:49:11 PM
 #2483

Just use bitaddress.org (web page) or NoBrainr (offline tool) to generate robust brainwallets and cold storage addresses.
plej
Newbie
*
Offline Offline

Activity: 12


View Profile WWW
December 01, 2013, 08:24:05 AM
 #2484

I use bitaddress.org aswell, can recommend.

BTC: 17BDrv6m1WGzY6f61eWWArdQsyHwSioP4j
LTC: LPpxThksJQHAU2Ra5ykubThdTSimXa8NQk
QRK: Qc65owymp6KTAS3WKEE5EMyY3rA3TMP6U5
benziks
Newbie
*
Offline Offline

Activity: 3


View Profile
December 05, 2013, 05:15:28 PM
 #2485

I'm still trying to figure out how it works, and I haven't done any transactions yet.
barefoot
Newbie
*
Offline Offline

Activity: 3


View Profile
December 06, 2013, 03:34:24 PM
 #2486

As a well-disciplined newbie (although I already bought a bunch of BTC while still at $200-250), I tried to read this thread thoroughly, and the more I read the more I started to suspect that, unless I’m grossly missing something, the thing about “100% secure wallet” is a little bit paranoiac.

First I’ll state my conclusion: besides backing up the data to an external media, the only thing I have to do is to soundly encrypt the wallet and keep the passphrase out of the system. For additional protection I’ll put the wallet in an encrypted volume.

Now my arguments:

1. I think that most users generate and keep their passwords (the passphrase in this case) via a serious, dedicated app, protected by a healthy master password. This app will enter the passwords in any box you direct it to, bypassing the clipboard.

2. I know a thing or two about hacking (the now and then pass-time with friends in the nineties, as a teenager), and I’ll say that even if you are a greenhorn that opens unknown emails, visits unsafe sites etc., and thinks that the costliest antivirus, antispy and antimalware programs do protect you (they don’t), still:
  • keyloggers may work only if you enter the password manually. You should be quite a nerd to enter a 20 chars long gibberish password manually.
  • spyware and such are useless against encrypted data.
  • theoretically, a second-rate hacker may enter your system any time he wants and, finding a hot keyword in your files (as bitcoin, for example), he may start digging. But why choose precisely your computer? If you kept a low profile and your mouth shut, chances that he’ll find you are nil. And again, if your data is well encrypted, you are safe.

My 2¢. I’ll be grateful to the enlightened of this forum to show what am I missing. Perhaps things are more complicated. I still have to work out how using the same address for multiple transactions makes you vulnerable, as asserted in a previous reply in this thread.
AlbertKing
Newbie
*
Offline Offline

Activity: 14


View Profile
December 11, 2013, 04:50:09 AM
 #2487

Dude you really rock.
raveldoni
Sr. Member
****
Offline Offline

Activity: 378


View Profile
December 11, 2013, 04:55:21 AM
 #2488

As a well-disciplined newbie (although I already bought a bunch of BTC while still at $200-250), I tried to read this thread thoroughly, and the more I read the more I started to suspect that, unless I’m grossly missing something, the thing about “100% secure wallet” is a little bit paranoiac.

First I’ll state my conclusion: besides backing up the data to an external media, the only thing I have to do is to soundly encrypt the wallet and keep the passphrase out of the system. For additional protection I’ll put the wallet in an encrypted volume.

Now my arguments:

1. I think that most users generate and keep their passwords (the passphrase in this case) via a serious, dedicated app, protected by a healthy master password. This app will enter the passwords in any box you direct it to, bypassing the clipboard.

2. I know a thing or two about hacking (the now and then pass-time with friends in the nineties, as a teenager), and I’ll say that even if you are a greenhorn that opens unknown emails, visits unsafe sites etc., and thinks that the costliest antivirus, antispy and antimalware programs do protect you (they don’t), still:
  • keyloggers may work only if you enter the password manually. You should be quite a nerd to enter a 20 chars long gibberish password manually.
  • spyware and such are useless against encrypted data.
  • theoretically, a second-rate hacker may enter your system any time he wants and, finding a hot keyword in your files (as bitcoin, for example), he may start digging. But why choose precisely your computer? If you kept a low profile and your mouth shut, chances that he’ll find you are nil. And again, if your data is well encrypted, you are safe.

My 2¢. I’ll be grateful to the enlightened of this forum to show what am I missing. Perhaps things are more complicated. I still have to work out how using the same address for multiple transactions makes you vulnerable, as asserted in a previous reply in this thread.


Very well said. I totally agree with that.
rarebitproject
Newbie
*
Offline Offline

Activity: 22

rarebit project


View Profile WWW
December 11, 2013, 05:10:06 AM
 #2489

For both sending & receiving coins you need to connect internet.

What do you mean by "receiving"?
If I have created a wallet and copied the receiving addresses on a piece of paper I don't really need internet connection to receive coins.
I can just give the address to someone and that's it.
Now If I want to spend these coins then I will need internet, but that is sending, no receiving.


You can also spend coins by generating (signing) a transaction on an offline computer, then use a thumbdrive or sd card to move the raw tx to a service that will broadcast that tx to the bitcoin network for you.  That way, your private key or brainwallet passphrase need never be revealed to a computer with an internet connection (and its possible collection of installed malware).

There are wallets, such as brainwallet.org that can be run on an offline computer.
Paulieb81
Newbie
*
Offline Offline

Activity: 7


View Profile
December 18, 2013, 03:27:19 PM
 #2490

I absolutely love this OP! Great info and not all geeky worded, it's nice to see that some people still have personality. I'm going to start working with digital coins and found this with some searching online.
Attani
Newbie
*
Offline Offline

Activity: 7

There's mice on the moon!


View Profile
December 26, 2013, 06:06:59 AM
 #2491

Thanks for the advice. At least now I know how to deal with my paranoia. I've been looking at buying and mining but the whole stealing aspect has made me very nervous. I'm going to start with dogecoins so if I fuck up I won't feel too bad.

Attani

9Vt1JdAjKYBbi6ADnvMgokDFHLYc47t7YR
rapport
Full Member
***
Offline Offline

Activity: 128


View Profile
December 28, 2013, 09:26:56 AM
 #2492

The OP guide talks about wallet.dat suggesting the use of bitcoinqt.  For newbies, bitcoinqt is painfully slow to start with and be prepared to spend a day waiting to get the entire blockchain (unless you get bootstrap.dat which I didn't try).
Something like this guide might be more helpful these days:
https://bitcointalk.org/index.php?topic=257672.msg2746081#msg2746081
CountBlood
Newbie
*
Offline Offline

Activity: 8


View Profile
January 04, 2014, 09:07:43 PM
 #2493

I think the OP was not clear on this bit I put in red:

But how can I haz my money back?

Okay, for those of you who didn't guess it yet: Whenever you want to make a transaction from your savings-account to someplace else, get your wallet.dat out of the safe, boot up your liveCD (don't you dare using your regular OS after all this work, or I'll come beat you up personally) and do the reverse: Install bitcoin again

A. How is that the reverse of what you did before? It isn't ... or am I missing the obvious here?
B. Why install bitcoin again? The instructions above did not say to uninstal it, so why do you install it a second time?

Maybe I'm dumber than I thought, or missing something because I'm a noob....or that red bit really is not clear. Obviously I think it's the last, hence my post!  Tongue
jayc89
Sr. Member
****
Offline Offline

Activity: 294


View Profile
January 09, 2014, 02:25:07 PM
 #2494

I think the OP was not clear on this bit I put in red:

But how can I haz my money back?

Okay, for those of you who didn't guess it yet: Whenever you want to make a transaction from your savings-account to someplace else, get your wallet.dat out of the safe, boot up your liveCD (don't you dare using your regular OS after all this work, or I'll come beat you up personally) and do the reverse: Install bitcoin again

A. How is that the reverse of what you did before? It isn't ... or am I missing the obvious here?
B. Why install bitcoin again? The instructions above did not say to uninstal it, so why do you install it a second time?

Maybe I'm dumber than I thought, or missing something because I'm a noob....or that red bit really is not clear. Obviously I think it's the last, hence my post!  Tongue

Depending on how you created the LiveCD\USB it may not have persistent storage (and really shouldn't in this case). As such any changes you make within the LiveOS will be lost when you shutdown, hence the need to reinstall bitcoin.
jerrybaba
Newbie
*
Offline Offline

Activity: 1


View Profile
January 09, 2014, 03:15:43 PM
 #2495

[引用作者= myrm链接=主题= 17240。 msg222367 # msg222367日期= 1308141081]
一个linux发行版,一切你可能需要来得不够快。 就好如果很小,基本上是一个向导,用户完成所有必需的步骤走到安全的钱包。 如果我有时间我就会恢复正常。

它仍然会100%安全吗? 什么是恶意软件的当前状态驻留在BIOS ? 我知道这是什么真是酷毙了从前。 我认为,机器开始引导OSs,安全事后运行持续从同一媒体杀一些。如果公元前起飞,我们会看到一个回到那些日子吗?
(/报价)
12345678
newbitcoin
Newbie
*
Offline Offline

Activity: 13


View Profile
January 09, 2014, 03:28:34 PM
 #2496

create a 100% secure wallet?

It's impossible due to the SHA-256 is not 100% secure,  Cheesy
upnext
Newbie
*
Offline Offline

Activity: 8


View Profile
January 15, 2014, 11:26:05 AM
 #2497

If I use mac instead of linux and use sd card that is encrypted by truecrypt, will it be less secure than linux. For example if I download bitcoin client into true crypt container and then install it and create a wallet, then save the wallet only in the container. Will this be secure enough ?
diond
Jr. Member
*
Offline Offline

Activity: 42


View Profile
January 19, 2014, 11:22:49 PM
 #2498

create a 100% secure wallet?

It's impossible due to the SHA-256 is not 100% secure,  Cheesy

Of course, nothing is 100% secure, but writing "HOWTO: Create a 99.9999999% secure wallet" probably didn't have the same ring as 100% Wink

Having a fresh OS every time, with a fresh install of the QT wallet, and keeping 2 copies of your wallet.dat file encrypted on a removable medium (USB or CD/DVD) is probable as close to 100% as you can get ... (I'd keep a copy of the blockchain too, so you don't have to download it again)

Thanks to everyone for all the awesome suggestions in this thread!
fibbonac1z
Newbie
*
Offline Offline

Activity: 14


View Profile
January 20, 2014, 12:04:51 AM
 #2499

Brainwallet is a nice feature to have and unless someone can find a way to crack into people's brains, then it should be secure.
mkendall
Newbie
*
Offline Offline

Activity: 3


View Profile
January 25, 2014, 04:02:37 AM
 #2500

Thanks for the guidelines, will do as you say.
Pages: « 1 ... 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 [125] 126 127 128 129 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!