Bitcoin Forum
December 10, 2016, 06:53:21 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 [32] 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 ... 129 »
  Print  
Author Topic: HOWTO: create a 100% secure wallet  (Read 249958 times)
CrownCloud
Sr. Member
****
Offline Offline

Activity: 467


View Profile
February 15, 2012, 03:17:50 PM
 #621

Cool, thanks for the tut, I've been using the encrypt wallet function in the BitCoin client, i'll try this too Smiley more security the better..

CrownCloud - Internet Services
Dedicated servers, OpenVZ and KVM based VPSes and  in 4 locations. (We accept Bitcoin !)
http://crowncloud.net/
1481396001
Hero Member
*
Offline Offline

Posts: 1481396001

View Profile Personal Message (Offline)

Ignore
1481396001
Reply with quote  #2

1481396001
Report to moderator
If you see garbage posts (off-topic, trolling, spam, no point, etc.), use the "report to moderator" links. All reports are investigated, though you will rarely be contacted about your reports.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481396001
Hero Member
*
Offline Offline

Posts: 1481396001

View Profile Personal Message (Offline)

Ignore
1481396001
Reply with quote  #2

1481396001
Report to moderator
1481396001
Hero Member
*
Offline Offline

Posts: 1481396001

View Profile Personal Message (Offline)

Ignore
1481396001
Reply with quote  #2

1481396001
Report to moderator
Quizzesport
Newbie
*
Offline Offline

Activity: 15


View Profile
February 16, 2012, 12:35:18 PM
 #622

passphrase has been used
Buckwheet
Member
**
Offline Offline

Activity: 108


View Profile
February 17, 2012, 02:01:09 PM
 #623

Thanks for the guide. I now have a nice secure wallet.
DarkEagle
Newbie
*
Offline Offline

Activity: 9


View Profile
February 19, 2012, 09:28:56 PM
 #624

i think the risks of the diying the USB stick or cd become scratched are the same is became hacked... As for me I have 4 faulty USB sticks last year. I think that's not good enough for the wallet purposes. As for me I keep my wallet unsecured onto the secured with SHA256 drive. This virtual drive is presented as a file on the physical disk. Most drive crypting software could do that, for example BestCrypt could, so I use it for years before, it bugless. Next you must do some regular backup procedures or upload crypted virtual drive container onto your google account - that's all. So you dont need to reebot, you dont need another PC... and so on. Meybe that's better heh?
johnsmith88
Newbie
*
Offline Offline

Activity: 12


View Profile
February 20, 2012, 01:39:28 PM
 #625

i use encryption on my wallet and back up to dropbox. just paranoia really, there's so little in there at any one time that i shouldn't worry!  Embarrassed
Vernon715
Full Member
***
Offline Offline

Activity: 182



View Profile
February 20, 2012, 01:42:21 PM
 #626

I believe that there is a linux distro called Linuxcoin. Also, would puppy os work instead of Ubuntu?

Please donate: 1FfJzfpGCXD6saKqmMs8W1qt9wouhA98Mj

http://bitcoinpyramid.com/r/1642

100101011010100100101010010111001010010101010100101001000100101010101010101010
Realpra
Hero Member
*****
Offline Offline

Activity: 819


View Profile
February 21, 2012, 03:07:48 AM
 #627

As someone who read Tanenbaum (the bible on operating systems) in university I will divulge some knowledge (correct or not) to the satisfaction of my own ego and maybe your paranoia:

1. "Windows is unsafe":
Yes, but there are very real limits to what viruses can do hardcoded into every OS.

Without this they would instantly crash from (even friendly) programs interfering with each other.

2. Wallets stolen from RAM:
You CAN'T do this even if the computer is running nothing BUT bitcoin and malware:

Every program has a ram space, other programs can't touch it.

This means that even assuming data stayed alive in RAM a while (I never heard of such):

The virus would need to allocate almost ALL the computers RAM to itself in order to even get access the residue after the bitcoin client closed THEN it would have to search it.

This would slow the PC to a crawl and be VERY obvious.

3. Secure Wallet creation:
An unlocked wallet with all its default keys could very conceivably be stolen at anytime or at least as soon as the BTC client marked the file "not-in-use".

However if you lock your wallet, restart the BTC client and THEN create the secure keys you want, it should be safe even with malware around.

I mean scan your computer and such, but you should be safe unless the BTC client is VERY badly programmed.

No live usb/cd really needed.

4. The hacker:
Hackers are humans, not gods AND they need to eat at some point.

They have no reason to write code infiltrating the OS drivers themselves, live cds or debugging RAM residue, even if possible, if even 0.1% of people leave their wallet unlocked and easy to steal.

Or when they can hack Mt. Gox, others or set up a scam BTC site.

If they are advanced they may steal encrypted wallets too and bruteforce passwords up to some low strength IF the file is encrypted in a way their automated decrypter script expects - IE standard wallet encryption MAYBE zip/rar.



If you encrypt your wallet with its non-default keys, with good passes and then also put that in an encrypted archive (zip/rar/other), which you store everywhere while writing down the two passes, you have little to fear.

If you like to install toolbars and video players from random porn- and media-sites do not attempt to use BTC at all please - live cd or no.

Cheap and sexy Bitcoin card/hardware wallet, buy here:
http://BlochsTech.com
aayuko
Jr. Member
*
Offline Offline

Activity: 47



View Profile
February 25, 2012, 02:04:43 AM
 #628

WOW this helped allot. I was jsut saving my wallet to two different places for security.
pastory99
Jr. Member
*
Offline Offline

Activity: 36


View Profile
February 25, 2012, 05:47:00 AM
 #629

Thanks a lot for these instructions!

arrowdebreu
Newbie
*
Offline Offline

Activity: 19


View Profile
February 25, 2012, 01:01:01 PM
 #630

Thanks, that helped!
tatsuchan
Full Member
***
Offline Offline

Activity: 184



View Profile
February 26, 2012, 01:03:24 AM
 #631

It really sucks that there is this much involvement with security for wallet.dat.  I was naive enough at one point in thinking I was safe because I was using a mac. 
LoWang
Full Member
***
Offline Offline

Activity: 145



View Profile
February 28, 2012, 06:57:10 PM
 #632

Please people stop thanking the author and please stick to the discussion topic! The guide is really good, but a year old already and you make this thread crazy long because of all the thanks bumping Wink But back to what I want to say:
Am I the only one who thinks the official bitcoin wiki is not very easy to understand? It is unfortunatelly just for technical savvy people. For example https://en.bitcoin.it/wiki/Securing_your_wallet#Making_a_new_wallet does not say a word about how to do it thus people need to repeatedly ask for it here Undecided
After reading about 15 pages of this thread I admit I have just a vague idea about what the wallet.dat actually is and what it contains. If you would like to find out, you don't even find this in the FAQ directory. You have to search for it. But I found it, so now I have some idea finally and I hope some people will find this usefull too Smiley
https://en.bitcoin.it/wiki/Wallet
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
March 02, 2012, 10:23:56 PM
 #633

You CAN'T do this even if the computer is running nothing BUT bitcoin and malware:

Every program has a ram space, other programs can't touch it.

This means that even assuming data stayed alive in RAM a while (I never heard of such):

The virus would need to allocate almost ALL the computers RAM to itself in order to even get access the residue after the bitcoin client closed THEN it would have to search it.

This would slow the PC to a crawl and be VERY obvious.
This is incorrect.  There are plenty of tools available for editing another programs RAM.  This is how many of the public video game hacks work.

cncmasterw
Newbie
*
Offline Offline

Activity: 8



View Profile
March 03, 2012, 10:35:31 PM
 #634

wow, haha his choice of words... and understanding.. I like how he Rolls!!

question though, could a Virtual machine work just as well? and basically Totally lock down that virtual machine so nothing and Nothing can access that information unless you boot it up?
i feel like this would be possible too, yes a usb idea is much greater but if you just move the Virtual machine over to a flash drive Disconnect from the internet or something on a different computer and access it that way? i could be just making up some dumb crap but hell, might as well put some effort into getting out of the newbiee SECTION..

Im no student major in collage Smiley and thus i may use commas in wrong places! xD
BlueCorp
Jr. Member
*
Offline Offline

Activity: 42



View Profile
March 05, 2012, 05:29:12 AM
 #635

This is a very good idea
LoWang
Full Member
***
Offline Offline

Activity: 145



View Profile
March 05, 2012, 05:44:24 PM
 #636

That's right but I think it WOULD work if you used your computer as non-admin user on XP or have UAC enabled of Win 7 and vista. Most computer viruses launch themselves under the currently logged on user by somehow stealing the session, so that brings me to another idea how to make your wallet more secure:
- create another user account in your system (non admin)
- Install bitcoin (or whatever coin you are interested in) client, but do not run it.
- run the client by using "run as" context menu command or "runas" from command line as this newly created user
- change the NTFS permissions on it's data folder so only this new account can access it (also remove "administrators" group from it - you may have to turn of permissions inheriting in advanced menu to do this)
- run the client under this new account
Now your wallet should be relatively safe against wallet stealers or whatever malware, because the file is inaccessible for your account which you normally use and if that malware does not somehow elevate itself to run with admin rights it should not be able to tap into bitcoin-qt's process memory either.
Am I right?
cncmasterw
Newbie
*
Offline Offline

Activity: 8



View Profile
March 06, 2012, 05:58:32 AM
 #637

That's right but I think it WOULD work if you used your computer as non-admin user on XP or have UAC enabled of Win 7 and vista. Most computer viruses launch themselves under the currently logged on user by somehow stealing the session, so that brings me to another idea how to make your wallet more secure:
- create another user account in your system (non admin)
- Install bitcoin (or whatever coin you are interested in) client, but do not run it.
- run the client by using "run as" context menu command or "runas" from command line as this newly created user
- change the NTFS permissions on it's data folder so only this new account can access it (also remove "administrators" group from it - you may have to turn of permissions inheriting in advanced menu to do this)
- run the client under this new account
Now your wallet should be relatively safe against wallet stealers or whatever malware, because the file is inaccessible for your account which you normally use and if that malware does not somehow elevate itself to run with admin rights it should not be able to tap into bitcoin-qt's process memory either.
Am I right?

Now, i am not a genius when it comes to computers, but i have enough basic knowledge that i feel like i can come up with an educated guess.

In theory you're idea should work, but i would in combination use a virtual machine that only can be accessed by this NONE admin account, while also blocking all access to the ADMIN account and blocking ITS access to the basic account. What you said is what i am basically saying. Stick a virtual machine on too the computer with a very STRICT Admin account that BLOCKS ALL INTERNET access ( you can set the virtual machine to unplug its internet per-say and only plug it in.. * turn it on * when needed to Add money to the account. While also adding a whole bunch of system security to the whole computer and its virtual machine.. doubling the needed strength to get into the file.. yes if he accesses the virtual machine he in theory could crack it open, but if you lock it down in a file with a extremely long password the computer it self should be fine. I dont have a whole lot of experience with virtual machines but if im sure i dont think the bios is that mod-able.

Cncmasterw - p.s. I'm not student major with English. Smiley and im not very good with periods and commas!~ Smiley

Im no student major in collage Smiley and thus i may use commas in wrong places! xD
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
March 06, 2012, 06:11:50 PM
 #638

That's right but I think it WOULD work if you used your computer as non-admin user on XP or have UAC enabled of Win 7 and vista. Most computer viruses launch themselves under the currently logged on user by somehow stealing the session, so that brings me to another idea how to make your wallet more secure:
- create another user account in your system (non admin)
- Install bitcoin (or whatever coin you are interested in) client, but do not run it.
- run the client by using "run as" context menu command or "runas" from command line as this newly created user
- change the NTFS permissions on it's data folder so only this new account can access it (also remove "administrators" group from it - you may have to turn of permissions inheriting in advanced menu to do this)
- run the client under this new account
Now your wallet should be relatively safe against wallet stealers or whatever malware, because the file is inaccessible for your account which you normally use and if that malware does not somehow elevate itself to run with admin rights it should not be able to tap into bitcoin-qt's process memory either.
Am I right?

Now, i am not a genius when it comes to computers, but i have enough basic knowledge that i feel like i can come up with an educated guess.

In theory you're idea should work, but i would in combination use a virtual machine that only can be accessed by this NONE admin account, while also blocking all access to the ADMIN account and blocking ITS access to the basic account. What you said is what i am basically saying. Stick a virtual machine on too the computer with a very STRICT Admin account that BLOCKS ALL INTERNET access ( you can set the virtual machine to unplug its internet per-say and only plug it in.. * turn it on * when needed to Add money to the account. While also adding a whole bunch of system security to the whole computer and its virtual machine.. doubling the needed strength to get into the file.. yes if he accesses the virtual machine he in theory could crack it open, but if you lock it down in a file with a extremely long password the computer it self should be fine. I dont have a whole lot of experience with virtual machines but if im sure i dont think the bios is that mod-able.

Cncmasterw - p.s. I'm not student major with English. Smiley and im not very good with periods and commas!~ Smiley
I've seen malware that installs itself on Windows by completely ignoring UAC and it has full admin rights.  For a truly secure wallet, you need a separate system.  Putting things in a VM may protect you from an automated attack, but it is likely not enough to stop a directed attack.

Get a cheap netbook and put Armory on it. No one will ever be able to steal your funds over the internet, 100% guaranteed.

Tuxavant
Hero Member
*****
Offline Offline

Activity: 756


Bitcoin Mayor of Las Vegas


View Profile WWW
March 06, 2012, 06:27:45 PM
 #639

Putting my 2 BTC in...

You need to diversify your holdings.

A large portion must go off-line. If your Bitcoins have been secure up to this point, it's relatively safe to assume that your computer has not been compromised so download the BitAddress.org page and save it to disk. Disconnect your computer from the network and generate some Bitcoin addresses. Print them to paper several times. Close your browser and reconnect to the Internet. Send the majority of your Bitcoins in multiple denominations to different Bitcoin addresses. For instance, if you have 1000 Bitcoins and 10 addresses, send 100 Bitcoins to 9 addresses and leave 100 Bitcoins in your online wallet.

Next, download BitcoinSpinner, or some other method to keep a wallet on your phone. Send 10-20 Bitcoins to your phone for casual spending while out and about - offering to pay your friends, family, coworkers Bitcoins in return for buying your lunch or paying your beer tab.

The 50 remaining Bitcoins in your desktop wallet should be for funding your phone and online purchases and holding new bitcoin you purchase from exchanges, etc. When you exceed 50 BTC, send some more to your off-line addresses. Only keep on your phone and desktop what you need for spending.

When it comes time for a big purchase, you only need to import one or more off-line addresses to fund your purchase - rather than the entire amount offline and risk losing it to malware.

Now... to protect your online wallet... you need to be operating outside of the 80% of the average users because that is what malware targets. Anything you do differently will help you miss becoming a target. Encrypt your wallet. Store it in a truecrypt volume. Use a VM. Use Linux as your Bitcoin OS. Buy a dedicated netbook and never use it for anything but Bitcoin.

Generation Bitcoin | G+ | FB | Bitcoins In Vegas | CoinBus.com | TOR Exit Operator 1MVTPATVCKBMfALRHJsXpHfKJu7GyL7nAc
Financier
Jr. Member
*
Offline Offline

Activity: 59


View Profile
March 08, 2012, 10:57:20 PM
 #640

thanks, useful information
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 [32] 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 ... 129 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!