Bitcoin Forum
April 26, 2017, 03:58:10 PM *
News: If the forum does not load normally for you, please send me a traceroute.
 
   Home   Help Search Donate Login Register  
Pages: « 1 ... 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 [125] 126 127 128 129 »
  Print  
Author Topic: HOWTO: create a 100% secure wallet  (Read 256666 times)
RoxxR
Full Member
***
Offline Offline

Activity: 176


View Profile
November 27, 2013, 05:49:11 PM
 #2481

Just use bitaddress.org (web page) or NoBrainr (offline tool) to generate robust brainwallets and cold storage addresses.
1493222290
Hero Member
*
Offline Offline

Posts: 1493222290

View Profile Personal Message (Offline)

Ignore
1493222290
Reply with quote  #2

1493222290
Report to moderator
1493222290
Hero Member
*
Offline Offline

Posts: 1493222290

View Profile Personal Message (Offline)

Ignore
1493222290
Reply with quote  #2

1493222290
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1493222290
Hero Member
*
Offline Offline

Posts: 1493222290

View Profile Personal Message (Offline)

Ignore
1493222290
Reply with quote  #2

1493222290
Report to moderator
1493222290
Hero Member
*
Offline Offline

Posts: 1493222290

View Profile Personal Message (Offline)

Ignore
1493222290
Reply with quote  #2

1493222290
Report to moderator
1493222290
Hero Member
*
Offline Offline

Posts: 1493222290

View Profile Personal Message (Offline)

Ignore
1493222290
Reply with quote  #2

1493222290
Report to moderator
plej
Newbie
*
Offline Offline

Activity: 12


View Profile WWW
December 01, 2013, 08:24:05 AM
 #2482

I use bitaddress.org aswell, can recommend.

BTC: 17BDrv6m1WGzY6f61eWWArdQsyHwSioP4j
LTC: LPpxThksJQHAU2Ra5ykubThdTSimXa8NQk
QRK: Qc65owymp6KTAS3WKEE5EMyY3rA3TMP6U5
benziks
Newbie
*
Offline Offline

Activity: 3


View Profile
December 05, 2013, 05:15:28 PM
 #2483

I'm still trying to figure out how it works, and I haven't done any transactions yet.
barefoot
Newbie
*
Offline Offline

Activity: 3


View Profile
December 06, 2013, 03:34:24 PM
 #2484

As a well-disciplined newbie (although I already bought a bunch of BTC while still at $200-250), I tried to read this thread thoroughly, and the more I read the more I started to suspect that, unless I’m grossly missing something, the thing about “100% secure wallet” is a little bit paranoiac.

First I’ll state my conclusion: besides backing up the data to an external media, the only thing I have to do is to soundly encrypt the wallet and keep the passphrase out of the system. For additional protection I’ll put the wallet in an encrypted volume.

Now my arguments:

1. I think that most users generate and keep their passwords (the passphrase in this case) via a serious, dedicated app, protected by a healthy master password. This app will enter the passwords in any box you direct it to, bypassing the clipboard.

2. I know a thing or two about hacking (the now and then pass-time with friends in the nineties, as a teenager), and I’ll say that even if you are a greenhorn that opens unknown emails, visits unsafe sites etc., and thinks that the costliest antivirus, antispy and antimalware programs do protect you (they don’t), still:
  • keyloggers may work only if you enter the password manually. You should be quite a nerd to enter a 20 chars long gibberish password manually.
  • spyware and such are useless against encrypted data.
  • theoretically, a second-rate hacker may enter your system any time he wants and, finding a hot keyword in your files (as bitcoin, for example), he may start digging. But why choose precisely your computer? If you kept a low profile and your mouth shut, chances that he’ll find you are nil. And again, if your data is well encrypted, you are safe.

My 2¢. I’ll be grateful to the enlightened of this forum to show what am I missing. Perhaps things are more complicated. I still have to work out how using the same address for multiple transactions makes you vulnerable, as asserted in a previous reply in this thread.
AlbertKing
Newbie
*
Offline Offline

Activity: 14


View Profile
December 11, 2013, 04:50:09 AM
 #2485

Dude you really rock.
raveldoni
Sr. Member
****
Offline Offline

Activity: 378


View Profile
December 11, 2013, 04:55:21 AM
 #2486

As a well-disciplined newbie (although I already bought a bunch of BTC while still at $200-250), I tried to read this thread thoroughly, and the more I read the more I started to suspect that, unless I’m grossly missing something, the thing about “100% secure wallet” is a little bit paranoiac.

First I’ll state my conclusion: besides backing up the data to an external media, the only thing I have to do is to soundly encrypt the wallet and keep the passphrase out of the system. For additional protection I’ll put the wallet in an encrypted volume.

Now my arguments:

1. I think that most users generate and keep their passwords (the passphrase in this case) via a serious, dedicated app, protected by a healthy master password. This app will enter the passwords in any box you direct it to, bypassing the clipboard.

2. I know a thing or two about hacking (the now and then pass-time with friends in the nineties, as a teenager), and I’ll say that even if you are a greenhorn that opens unknown emails, visits unsafe sites etc., and thinks that the costliest antivirus, antispy and antimalware programs do protect you (they don’t), still:
  • keyloggers may work only if you enter the password manually. You should be quite a nerd to enter a 20 chars long gibberish password manually.
  • spyware and such are useless against encrypted data.
  • theoretically, a second-rate hacker may enter your system any time he wants and, finding a hot keyword in your files (as bitcoin, for example), he may start digging. But why choose precisely your computer? If you kept a low profile and your mouth shut, chances that he’ll find you are nil. And again, if your data is well encrypted, you are safe.

My 2¢. I’ll be grateful to the enlightened of this forum to show what am I missing. Perhaps things are more complicated. I still have to work out how using the same address for multiple transactions makes you vulnerable, as asserted in a previous reply in this thread.


Very well said. I totally agree with that.
rarebitproject
Newbie
*
Offline Offline

Activity: 22

rarebit project


View Profile WWW
December 11, 2013, 05:10:06 AM
 #2487

For both sending & receiving coins you need to connect internet.

What do you mean by "receiving"?
If I have created a wallet and copied the receiving addresses on a piece of paper I don't really need internet connection to receive coins.
I can just give the address to someone and that's it.
Now If I want to spend these coins then I will need internet, but that is sending, no receiving.


You can also spend coins by generating (signing) a transaction on an offline computer, then use a thumbdrive or sd card to move the raw tx to a service that will broadcast that tx to the bitcoin network for you.  That way, your private key or brainwallet passphrase need never be revealed to a computer with an internet connection (and its possible collection of installed malware).

There are wallets, such as brainwallet.org that can be run on an offline computer.
Paulieb81
Newbie
*
Offline Offline

Activity: 7


View Profile
December 18, 2013, 03:27:19 PM
 #2488

I absolutely love this OP! Great info and not all geeky worded, it's nice to see that some people still have personality. I'm going to start working with digital coins and found this with some searching online.
Attani
Newbie
*
Offline Offline

Activity: 7

There's mice on the moon!


View Profile
December 26, 2013, 06:06:59 AM
 #2489

Thanks for the advice. At least now I know how to deal with my paranoia. I've been looking at buying and mining but the whole stealing aspect has made me very nervous. I'm going to start with dogecoins so if I fuck up I won't feel too bad.

Attani

9Vt1JdAjKYBbi6ADnvMgokDFHLYc47t7YR
rapport
Full Member
***
Offline Offline

Activity: 128


View Profile
December 28, 2013, 09:26:56 AM
 #2490

The OP guide talks about wallet.dat suggesting the use of bitcoinqt.  For newbies, bitcoinqt is painfully slow to start with and be prepared to spend a day waiting to get the entire blockchain (unless you get bootstrap.dat which I didn't try).
Something like this guide might be more helpful these days:
https://bitcointalk.org/index.php?topic=257672.msg2746081#msg2746081
CountBlood
Newbie
*
Offline Offline

Activity: 8


View Profile
January 04, 2014, 09:07:43 PM
 #2491

I think the OP was not clear on this bit I put in red:

But how can I haz my money back?

Okay, for those of you who didn't guess it yet: Whenever you want to make a transaction from your savings-account to someplace else, get your wallet.dat out of the safe, boot up your liveCD (don't you dare using your regular OS after all this work, or I'll come beat you up personally) and do the reverse: Install bitcoin again

A. How is that the reverse of what you did before? It isn't ... or am I missing the obvious here?
B. Why install bitcoin again? The instructions above did not say to uninstal it, so why do you install it a second time?

Maybe I'm dumber than I thought, or missing something because I'm a noob....or that red bit really is not clear. Obviously I think it's the last, hence my post!  Tongue
jayc89
Sr. Member
****
Offline Offline

Activity: 322



View Profile
January 09, 2014, 02:25:07 PM
 #2492

I think the OP was not clear on this bit I put in red:

But how can I haz my money back?

Okay, for those of you who didn't guess it yet: Whenever you want to make a transaction from your savings-account to someplace else, get your wallet.dat out of the safe, boot up your liveCD (don't you dare using your regular OS after all this work, or I'll come beat you up personally) and do the reverse: Install bitcoin again

A. How is that the reverse of what you did before? It isn't ... or am I missing the obvious here?
B. Why install bitcoin again? The instructions above did not say to uninstal it, so why do you install it a second time?

Maybe I'm dumber than I thought, or missing something because I'm a noob....or that red bit really is not clear. Obviously I think it's the last, hence my post!  Tongue

Depending on how you created the LiveCD\USB it may not have persistent storage (and really shouldn't in this case). As such any changes you make within the LiveOS will be lost when you shutdown, hence the need to reinstall bitcoin.




         ▄▄████████████████████████▀
      ▄████▀     ▀▀██████████████▀
   ▄█████▌          ████████████▄
  ███████            █████████████▄
 ████████           ▄███████████████
▐█████████▄▄      ▄███████████████▀
████████████████████████████████▀
████████████▀▀▀▀▀▀███████████████▄
 █████████          ███████████████▄
 ▐███████            ██████████████▀
   ██████           ▐████████████▀
    ▀█████         ▄████████████▄
       ▀█████▄▄▄▄█████████████████▄
           ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
ETHBITS

.


.


.


jerrybaba
Newbie
*
Offline Offline

Activity: 1


View Profile
January 09, 2014, 03:15:43 PM
 #2493

[引用作者= myrm链接=主题= 17240。 msg222367 # msg222367日期= 1308141081]
一个linux发行版,一切你可能需要来得不够快。 就好如果很小,基本上是一个向导,用户完成所有必需的步骤走到安全的钱包。 如果我有时间我就会恢复正常。

它仍然会100%安全吗? 什么是恶意软件的当前状态驻留在BIOS ? 我知道这是什么真是酷毙了从前。 我认为,机器开始引导OSs,安全事后运行持续从同一媒体杀一些。如果公元前起飞,我们会看到一个回到那些日子吗?
(/报价)
12345678
newbitcoin
Newbie
*
Offline Offline

Activity: 13


View Profile
January 09, 2014, 03:28:34 PM
 #2494

create a 100% secure wallet?

It's impossible due to the SHA-256 is not 100% secure,  Cheesy
upnext
Newbie
*
Offline Offline

Activity: 8


View Profile
January 15, 2014, 11:26:05 AM
 #2495

If I use mac instead of linux and use sd card that is encrypted by truecrypt, will it be less secure than linux. For example if I download bitcoin client into true crypt container and then install it and create a wallet, then save the wallet only in the container. Will this be secure enough ?
diond
Jr. Member
*
Offline Offline

Activity: 42


View Profile
January 19, 2014, 11:22:49 PM
 #2496

create a 100% secure wallet?

It's impossible due to the SHA-256 is not 100% secure,  Cheesy

Of course, nothing is 100% secure, but writing "HOWTO: Create a 99.9999999% secure wallet" probably didn't have the same ring as 100% Wink

Having a fresh OS every time, with a fresh install of the QT wallet, and keeping 2 copies of your wallet.dat file encrypted on a removable medium (USB or CD/DVD) is probable as close to 100% as you can get ... (I'd keep a copy of the blockchain too, so you don't have to download it again)

Thanks to everyone for all the awesome suggestions in this thread!
fibbonac1z
Newbie
*
Offline Offline

Activity: 14


View Profile
January 20, 2014, 12:04:51 AM
 #2497

Brainwallet is a nice feature to have and unless someone can find a way to crack into people's brains, then it should be secure.
mkendall
Newbie
*
Offline Offline

Activity: 3


View Profile
January 25, 2014, 04:02:37 AM
 #2498

Thanks for the guidelines, will do as you say.
coinerbit
Newbie
*
Offline Offline

Activity: 25

#MASTERCOIN-FAUCET-OTS:#636159D9#


View Profile
January 25, 2014, 01:23:51 PM
 #2499

I absolutely love this OP! Great info and not all geeky worded, it's nice to see that some people still have personality. I'm going to start working with digital coins and found this with some searching online.

Win Bitcoins at https://bitcoin-scratchticket.com
k1ngandr3w1
Newbie
*
Offline Offline

Activity: 2


View Profile
January 26, 2014, 06:28:01 AM
 #2500

-= Small Edit: If you need something which is very secure and grandma-style easy, go vote on this poll and add your thoughts to the discussion. =-

Note: I can only post in the newbie forum for now, but if a moderator deems this topic useful, he may move it somewhere else. Right now, I'm too lazy to get 5 posts, just for the sake of it.

Also, there is an excellent article on the Wiki which should give you some ideas about the problem of security. This is meant as a more specific and simple straight-forward guide, i.e I won't spell out where you can find your wallet.dat and so on.


Why?

So, in light of the recent /19BSM]Drama Roll Eyes Kiss and my general feeling that some people are unsure about the security of their wallet (or their PC in general), I've decided to give you an idea how to create a secure savings account for you to deposit your hard-earned coins in.

Clarifications

So, you crazy twat want to invest all your savings in bitcoin, but you're not yet shit-for-brains enough to forget the security aspect of the whole thing? Here's the HowTo for you.

So, the first misconception to clear out, is the concept of the "wallet". The wording in itself is not ideal, since it is more like a key. Cryptographically speaking, it is actually exactly that: your private key.

Now this has the following implication: If someone steals your wallet.dat now, and you deposit coins in it later, the thief will be able to spend/transfer ALL your coins, including those you added _after_ the wallet was stolen! I'm sure a lot of you know this already, I just want to clarify this for everybody.

So, clearly, you have to make it impossible for anybody to _ever_ steal your wallet. Clearly, this is infeasible for your day-to-day transactions account, since encryption will be useless as soon as you want to access your coins (Since the decrypted wallet.dat has to be stored in RAM at some point. There are ways, but for now, consider them a little tedious).

So the solution is the following: you have your spendings-account where you keep only low amounts of coin (much like a real-life wallet), and you have your super-secure savings wallet, which you only access on rare occasions.

How?

I'll try to keep it short: You have to create your savings account under ideal security-conditions. I won't rant about you cunts people using Windows in general, but note that Linux is in no way automagically completely secure. Everything depends a lot on your behaviour.

1. What you'll do is the following: Create a live-CD or a bootable USB with your OS of choice on it. I suggest using the Ubuntu LiveCD.

The reason is simple. When you create your new wallet, you want to make abolutely sure, that your running operating system doesn't in any way log your keys or secretly save your files somewhere.

2. Boot your freshly-created OS, and install the Bitcoin client on it. Yes you can install software inside a liveCD environment. Optionally, also install some encryption software, but we'll leave that for now.

3. Your Bitcoin client will immediately generate 10 addresses for you, and with them, the corresponding wallet.dat.

4. Save your addresses somewhere, if you have to, write them down manually (if you do this, then I bow to your zeal and declare you crazy). I suggest you send them to yourself over email.

5. This is the important step. Copy your wallet.dat somewhere. Burn then on a CD or another medium. I for instance love those little 64MB SD-cards you sometimes get with a new camera. They rock. You might want to make multiple copies (on multiple cards/CDs, not multiple copies of the same file on the same disk you tart).

6. Now, eject whatever you just copied on, and guard it like your life depends on it. Not really, but here is the important step: If you encrypted your wallet.dat with an encryption algorithm you feel safe about, just keep it around your house.

7. Shut down. There will be no trace of your walled.dat on your harddisk, since it never actually resided there.

Important: You will want to keep another copy somewhere else, in a safe physical location, or at least one that is safe while your house burns down. You might already know it, but losing your wallet.dat is worse than someone stealing it. It'll be gone forever.

If you didn't encrypt the file (which I prefer), put the SDcards, CDs, whatever in a safe. That's right: a real-world safe, like banks have, who also happen to lock their doors and are in general very anal about their security and all that jazz. You can rent small safety-deposit boxes in exchange for money. As a bonus, it'll be fire-proof as well.

8. In case it's not yet obvious: You will now only make day-to-day transactions like you used to do it, on your computer (are you _still_ using windows?) and every now and then, you will put some coins into your savings-account. Using the addresses from step 4). How much you want to keep in your wallet is up to you.

But how can I haz my money back?

Okay, for those of you who didn't guess it yet: Whenever you want to make a transaction from your savings-account to someplace else, get your wallet.dat out of the safe, boot up your liveCD (don't you dare using your regular OS after all this work, or I'll come beat you up personally) and do the reverse: Install bitcoin again, install the encryption-software if necessary and copy your wallet.dat where it belongs.

Congratulations: you can now access your 25'000 bitcoins and nobody will have messed with them while you were asleep.

Possible attacks

So now, the _only_ way for someone to steal your coin, will be to steal your physical copy of the wallet. That's why you might want to encrypt it, although if you do, don't forget the passphrase. Also, if you die, your family can still get your bank-safe opened, but they won't be able to pick through your brain and get the passphrase out of it. That's why I prefer to not encrypt it.

There is one more possibility: a physical keylogger: It will be able to intercept the password you use to encrypt your wallet.dat, which, if you keep a copy at home, can then be stolen and used. Another reason, why a regular safe is the best option in my humble opinion.

What else?

EDIT: A little protip for those who don't know: You can of course use blockexplorer.com to keep track of your account while it's safely hidden away. Doing this will simply allow you to see how many coins are associated with a given address.

I suggest you also create new day-to-day wallets (even having a few coins stolen can be frustrating), as your current ones might already have been stolen. Of course, this requires a secure OS, so you better ditch that infected piece of shit fine gear of yours. DON'T just create new wallets on the system you're using right now, since it won't solve anything in case you're already infected.

In addition, it doesn't hurt to read up on some technical details. Use the Wiki. Learn the difference between the amount in your wallet, and the amount on the different block-addresses. If you handle a lot of money, ACT ACCORDINGLY. Don't get all crazy-enthusiastic-venture-capitalist and invest all your savings in bitcoin. Also, don't speculate too much on the price development, you'll make more money if you use that time to work at a regular job.

Now, if you happen to make/have made a significant amount of coins, don't run around telling everybody like the self-satisfied vagina that you are. You wouldn't do that with real money either. At least I hope so.

Also, someone will probably make a bitcoin-specific liveCD, which should save some hassle in the steps above.
Also, take it easy and be a cool guy woh doesn't afraid of anything.
Also, pick up a book every now and then.


Yes, there are other ways to do this, and yes, some might be more practical and maybe just as secure. Write a comment about it.

If anyone has any clarifications, questions, suggestions, or wants to call me a moron, please feel free to do so, and I'll see if there is anything to be improved about it. Also, spelling mistaeks.

Also, in case anybody got all excited by this guide and/or seen the light of Jesus-Christ the saviour AND wants to thank me with coins (why on earth would you do that?), here's my address: 16VD78R8nxqJGesE7E9KS6A8TikQQpKNm5

Have fun. Cool

EDIT: Corrections and added a few insults just for you, dear anonymous reader.

thanks

I plan to use these tips. 
Pages: « 1 ... 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 [125] 126 127 128 129 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!