Bitcoin Forum
December 05, 2016, 12:48:01 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 [33] 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 ... 129 »
  Print  
Author Topic: HOWTO: create a 100% secure wallet  (Read 249609 times)
1l1l11ll1l
Hero Member
*****
Offline Offline

Activity: 711


TheMerchantShop.com


View Profile WWW
March 08, 2012, 11:53:09 PM
 #641

The only 100% secure wallet is a wallet that on a flash drive in a vault.

High Volume and/or High Risk Credit Card Processing. TheMerchantShop.com
1480942081
Hero Member
*
Offline Offline

Posts: 1480942081

View Profile Personal Message (Offline)

Ignore
1480942081
Reply with quote  #2

1480942081
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
March 08, 2012, 11:58:49 PM
 #642

The only 100% secure wallet is a wallet that on a flash drive in a vault.
I think on paper in a vault is better.

1l1l11ll1l
Hero Member
*****
Offline Offline

Activity: 711


TheMerchantShop.com


View Profile WWW
March 09, 2012, 12:02:00 AM
 #643

lol, just write down the code on paper. lol

High Volume and/or High Risk Credit Card Processing. TheMerchantShop.com
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
March 09, 2012, 12:20:15 AM
 #644

Disconnect your computer from the network and generate some Bitcoin addresses. Print them to paper several times.

intermediate step: secure-wipe your printer's flash-memory cache. (don't ask me how to do this, i'd have to look it up).

Close your browser and reconnect to the Internet.
Jaryu
Member
**
Offline Offline

Activity: 91


View Profile
March 09, 2012, 04:07:19 AM
 #645

This is great info for a BTC newbie like me. Been having fun reading all the possible ways to keep your wallet safe.
wyager
Member
**
Offline Offline

Activity: 98



View Profile
March 10, 2012, 03:33:39 AM
 #646

Wouldn't you have to download the entire block chain every time you used the LiveCD (which could take over 24 hours)? Also, because they don't have persistence, wouldn't that use over a gig of ram?

I think we need a client that allows for easy/secure temporary account usage (so you can carry around your private key and account info on a USB drive, and be able to use it temporarily). Right now, I think the only way is to keep your entire wallet.dat and swap it out when you want to use your stored accounts, which is a PITA.

OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
ragnard
Member
**
Offline Offline

Activity: 66



View Profile
March 10, 2012, 03:49:25 AM
 #647

Thanks for the info!
LoWang
Full Member
***
Offline Offline

Activity: 145



View Profile
March 10, 2012, 01:40:26 PM
 #648

That's right but I think it WOULD work if you used your computer as non-admin user on XP or have UAC enabled of Win 7 and vista. Most computer viruses launch themselves under the currently logged on user by somehow stealing the session, so that brings me to another idea how to make your wallet more secure:
- create another user account in your system (non admin)
- Install bitcoin (or whatever coin you are interested in) client, but do not run it.
- run the client by using "run as" context menu command or "runas" from command line as this newly created user
- change the NTFS permissions on it's data folder so only this new account can access it (also remove "administrators" group from it - you may have to turn of permissions inheriting in advanced menu to do this)
- run the client under this new account
Now your wallet should be relatively safe against wallet stealers or whatever malware, because the file is inaccessible for your account which you normally use and if that malware does not somehow elevate itself to run with admin rights it should not be able to tap into bitcoin-qt's process memory either.
Am I right?

Now, i am not a genius when it comes to computers, but i have enough basic knowledge that i feel like i can come up with an educated guess.

In theory you're idea should work, but i would in combination use a virtual machine that only can be accessed by this NONE admin account, while also blocking all access to the ADMIN account and blocking ITS access to the basic account. What you said is what i am basically saying. Stick a virtual machine on too the computer with a very STRICT Admin account that BLOCKS ALL INTERNET access ( you can set the virtual machine to unplug its internet per-say and only plug it in.. * turn it on * when needed to Add money to the account. While also adding a whole bunch of system security to the whole computer and its virtual machine.. doubling the needed strength to get into the file.. yes if he accesses the virtual machine he in theory could crack it open, but if you lock it down in a file with a extremely long password the computer it self should be fine. I dont have a whole lot of experience with virtual machines but if im sure i dont think the bios is that mod-able.

Cncmasterw - p.s. I'm not student major with English. Smiley and im not very good with periods and commas!~ Smiley
I've seen malware that installs itself on Windows by completely ignoring UAC and it has full admin rights.  For a truly secure wallet, you need a separate system.  Putting things in a VM may protect you from an automated attack, but it is likely not enough to stop a directed attack.

Get a cheap netbook and put Armory on it. No one will ever be able to steal your funds over the internet, 100% guaranteed.

This is an impractical overkill. I am talking about securing your everyday use wallet. Not the one for lifesavings! For that I would generate address on bitcoinaddress.org and use paper wallet. This armoryclient looks promising though...
Even that malware you are talking about should not be able to overcome ntfs permissions and access the folder unless it impersonates as the only user account who has permissions to access it. And it should not be able to do it if there is no process running under this account. I am not sure how big is a chance that some malware would hijack the session of a bitcoin-qt process when you "run as" it as this designated account though...
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
March 11, 2012, 03:11:37 AM
 #649

Get a cheap netbook and put Armory on it. No one will ever be able to steal your funds over the internet, 100% guaranteed.

This is an impractical overkill. I am talking about securing your everyday use wallet. Not the one for lifesavings! For that I would generate address on bitcoinaddress.org and use paper wallet. This armoryclient looks promising though...
Even that malware you are talking about should not be able to overcome ntfs permissions and access the folder unless it impersonates as the only user account who has permissions to access it. And it should not be able to do it if there is no process running under this account. I am not sure how big is a chance that some malware would hijack the session of a bitcoin-qt process when you "run as" it as this designated account though...
While it seems like overkill, it is actually pretty similar to the directions on page 1.  Armory on a separate system isn't so different from running a live cd like recommended here.  Armory is also by far the easiest client I've used (if you can get past the RAM requirement which will eventually be going away).  An offline armory system is also actually offline, unlike the live cd which needs an internet connection.  It has no need to update the blockchain, which will likely take a long time and kill your poor flash drive.

You can also do online transactions with Armory on your normal computer for your everyday funds.  The wallet file (or files since it supports multiple wallets) is far easier to maintain and only needs to be backed up once (unlike the Satoshi client with its keypool).  Armory supports encryption of the wallet as well, so installing it gives you a secure wallet without having to deal with live cds or anything like that.  A key logger would still be bad, but if you didn't mind setting up a live cd like these instructions recommended, you can just use armory with a live cd.  That's what I did until I got an old laptop running.

LoWang
Full Member
***
Offline Offline

Activity: 145



View Profile
March 11, 2012, 11:41:48 AM
 #650

But Armory can be used only for bitcoin right?
Tangowska
Newbie
*
Offline Offline

Activity: 10


View Profile
March 15, 2012, 08:53:52 AM
 #651

Useful information,thanks.
ARapalo
Member
**
Offline Offline

Activity: 93


View Profile
March 15, 2012, 11:18:01 PM
 #652

To have zero risk from a wallet, can I just not have one?

For example, I can just accept BTC directly into my mtgox account, and if I need to pay someone with BTC, with draw the BTC from my mtgox directly into the other person's wallet/mtgox account. Would this be safe?
payb.tc
Hero Member
*****
Offline Offline

Activity: 812



View Profile
March 15, 2012, 11:46:06 PM
 #653

To have zero risk from a wallet, can I just not have one?

For example, I can just accept BTC directly into my mtgox account, and if I need to pay someone with BTC, with draw the BTC from my mtgox directly into the other person's wallet/mtgox account. Would this be safe?

no.

entrusting all your coins to anyone but yourself is most definitely not 'zero risk'.
perlboy
Member
**
Offline Offline

Activity: 77


View Profile WWW
March 16, 2012, 08:24:39 AM
 #654

I'm not sure if it's already been mentioned in these 33 pages of posts (sorry I was lazy and didn't read it through) but wouldn't the most secure wallet on creation be the one that's put on a USB stick (encrypted or not) then shoved in a bank safe deposit box.

Nothing beats physical security offered by the brick & mortar people that have been securely holding stuff for decades.

Stu
wyager
Member
**
Offline Offline

Activity: 98



View Profile
March 16, 2012, 06:57:02 PM
 #655

I'm not sure if it's already been mentioned in these 33 pages of posts (sorry I was lazy and didn't read it through) but wouldn't the most secure wallet on creation be the one that's put on a USB stick (encrypted or not) then shoved in a bank safe deposit box.

Nothing beats physical security offered by the brick & mortar people that have been securely holding stuff for decades.

Stu

It's a lot harder to break AES than it is to break into a bank vault.

OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
perlboy
Member
**
Offline Offline

Activity: 77


View Profile WWW
March 18, 2012, 01:53:34 AM
 #656

I'm not sure if it's already been mentioned in these 33 pages of posts (sorry I was lazy and didn't read it through) but wouldn't the most secure wallet on creation be the one that's put on a USB stick (encrypted or not) then shoved in a bank safe deposit box.

Nothing beats physical security offered by the brick & mortar people that have been securely holding stuff for decades.

Stu

It's a lot harder to break AES than it is to break into a bank vault.

Like I said "encrypted or not". Just because there's AES encryption on something doesn't make it secure though. Think about it, if someone holds a gun to your head and tells you to disclose your AES password to unlock your wallet, would you die protecting it?

If it's in a bank vault presumably that person would either need more leverage (like kidnapping a family member) and serious balls to keep you motivated since you're going into the bank alone.

Of course, there's lots of if's, buts and maybe's around all the scenarios but I was mainly trying to point out that physical security is one of the most important elements of security. Encryption is very helpful (and is another element of an overall security approach) but not the be-all and end-all of making a '100% secure wallet'.

Just my 2c,

Stu
wyager
Member
**
Offline Offline

Activity: 98



View Profile
March 18, 2012, 05:06:41 AM
 #657

Good point. I suppose the weakest element in the encryption chain is the human.

OTC-WoT: 1BWF66DuVqBCSFksUgkLtdYmHucpBgPmVm
rizzy
Newbie
*
Offline Offline

Activity: 9


View Profile
March 18, 2012, 03:03:44 PM
 #658

thanks im going to do this now
Kaos
Member
**
Offline Offline

Activity: 64



View Profile
March 19, 2012, 02:13:12 PM
 #659

Valid points, and interesting language... Or... You could just use Armory! Wink
sexystick
Member
**
Offline Offline

Activity: 71


Bitcoin & Litecoin Accepted Here


View Profile
March 19, 2012, 02:34:46 PM
 #660

Armory & Electrum both look awesome!
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 [33] 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 ... 129 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!