HOWTO: create a 100% secure wallet

[Alex Beckenham]

I've put this article up (with your donation address intact) at http://bitcoinsecurity.com.

Let me know if there are any issues with it.

Also, I've sent 0.20 to your donation address.

[1714132623]

1714132623

[1714132623]

1714132623

[1714132623]

1714132623

[1714132623]

1714132623

[1714132623]

1714132623

[aiwk171]

Careful what version of Bitcoin you use! Some versions will display multiple addresses but the private keys won't be made till you do a transaction and have it open for a while!!! Someone did something similar, where they sent some to the first address as a test then saw it worked then send the rest to the second address. Deleted everything only to go back and see that he lost his BTC!!

I did not know that. Are you sure, it's not just one of the occasions where --rescan would have done the trick? What version was it?

I've put this article up (with your donation address intact) at http://bitcoinsecurity.com.

Wow. My sincere thanks. I'll PM you in case I make any relevant additions to the text. Glad that you took out the emoticions, they look dumb in plain text

Also, feel free to delete the address mentioned at the bottom, that way it won't come across quite as desperately

And you may want to delete the mention about "comments"

[torusJKL]

Thanks for this post.
It has some very important facts.

And it's funny to read! :-)

P.S. Maybe you should add that one should only use trusted distributions (Debian, Ubuntu, Fedora, etc.) and check the md5sum of that Live CD.

[Alex Beckenham]

Careful what version of Bitcoin you use! Some versions will display multiple addresses but the private keys won't be made till you do a transaction and have it open for a while!!! Someone did something similar, where they sent some to the first address as a test then saw it worked then send the rest to the second address. Deleted everything only to go back and see that he lost his BTC!!

I think it was a case of the client only creating 1 address at first, whereas the user expected it to immediately create 100 addresses (which it only did after the first time he hit the "New..." button.

So he:

installed the client
backed up the wallet (which only contained 1 address)
clicked "New..." a few times and sent all his BTC to those new addresses. It was only after this that the client created the pool of 100.
Next, he deleted the wallet, because he thought it had already been backed up, when in actual fact only the first address had been.

Coins lost.

[aiwk171]

Next, he deleted the wallet, because he thought it had already been backed up, when in actual fact only the first address had been.

Oh snap. Good to know though, and yes, the wallet only contains the addresses already generated at the time the file was backed up. I will refrain from mentioning this in the guide though, since 1: I advise against using the wallet you just backed up, 2: with the 10 fresh addresses generated, this shouldn't happen anymore, 3: I'm trying to keep it simple and hope not to confuse anybody. As Confucius says: Confusion is the death of non-confusion (and oversight)

[Alex Beckenham]

the wallet only contains the addresses already generated at the time the file was backed up.

Yes. The problem arises if you assume a newly created wallet.dat has generated your first 100 addresses in it.

Which is what I would have assumed until that unfortunate person lost his coins and posted about it.

[honeybadger]

Great post!

I installed Ubuntu on an encrypted LVM specifically for bitcoin realted use. I'll be taking your advice on the backups.

[SomeoneWeird]

I've put this article up (with your donation address intact) at http://bitcoinsecurity.com.

Let me know if there are any issues with it.

Also, I've sent 0.20 to your donation address.

And stickied.

[murfshake]

"that Linux is in now way automagically completely secure."

Typo.

Great read though!

[aiwk171]

Thanks for the sticky, and thanks for the corrections. Keep it up. 10 spelling mistakes corrected and I will personally invent a new swearword and post it here.

[Nescio]

And that ladies and gentlemen is what you get when you let 4chan and Encyclopedia Dramatica rear your kids

Additional security measure: don't click on URL shortened links, especially in Bitcoin related fora.

[Nescio]

It's a shame the bitcoin.org client download link doesn't have a checksum...

The SHA1 signature was posted here with the announcement. It's a good practice not to put the signature on the same page the download resides, since if one is compromised the other can easily be altered too. That's assuming the forum is hosted on a different machine of course.

[hex]

Is it still actual that when you send part of your bitcoins to someone rest of BTC are sent to you but on another address so your old wallet backup is useless ?

[Desu]

Thank god for this post! My laptop is pretty secure, hijack tracking software and finger scan technology, but that only protects from meatspace attacks. This helps for all others. I favor the usb attemp. Secure it on a thumb drive, only plugging it in to preform transactions or add to it.
--
Remember, Safety first! haha

[Bezza]

If you are running Mac OS X simply create a 256-bit encrypted .DMG to store everything in your '~/Library/Application Support/Bitcoin' folder.  Impossible to steal unless you have the password or direct access.

Thanks for this!

[cypherdoc]

Next, he deleted the wallet, because he thought it had already been backed up, when in actual fact only the first address had been.

Oh snap. Good to know though, and yes, the wallet only contains the addresses already generated at the time the file was backed up. I will refrain from mentioning this in the guide though, since 1: I advise against using the wallet you just backed up, 2: with the 10 fresh addresses generated, this shouldn't happen anymore, 3: I'm trying to keep it simple and hope not to confuse anybody. As Confucius says: Confusion is the death of non-confusion (and oversight)

wait an minute.  are u saying a new client install immediately creates 10 addresses?

which client version created only 1?

[Salzgitter]

Thanks man!

(and another post closer to post on grown-ups forums...)

[88bitcoins]

If you prefer to not encrypt the files to avoid remembering passwords, you won't be secure, unless you make a physical backup of the media holding your money and then put that backup in a vault (at your house or in a bank).

Actually, you could do a weekly trip to the bank and put your wallet.dat on a memory stick in a safety box. Assuming that you have that many BTCs to protect.

NO!! Encryption is not some magic thingamajawb that protects you from all evil.

Let me clarify: A _backup_ is of absolutely NO USE. So your weekly trip doesn't accomplish anything if the very same file has been on your main operating system. This is a dangerous fallacy, hence my analogy with "keys" instead of "wallets".

Again: that would be like making a copy of your safe-key every week and putting that in the vault.

It has to be a new, untainted address, in conjunction with the wallet.dat that you deposit. Actually, this is way more convenient, since you don't have to access your bank vault at all. You just deposit/sent the coins into the right addresses.

Until I read this thread, I was planning on doing the physical backup (of wallet.dat file) to usb. I don't have enough BTCs to justify "protecting", but I've learned that developing good security habits pays. Making those habits second nature is like insurance - in my experience.

Anyway, I just need clarification that I am understanding the following correctly - please advise so that I know I have not misunderstood the advice being given:

1)

backing up on physical media is of "NO USE"  [ME]: I'm assuming because if the same file is on your OS then it's not "protected" whether or not you have a physical backup elsewhere.

QUESTION: is there any circumstance in which making a physical backup would be beneficial? It's certainly easy enough.

2)

Encryption does not "protect [you] from all evil"  [ME]: I'm assuming because it can still be hacked and/or encryption doesn't protect from greater dangers such as your hard drive dying and the wallet cannot be retrieved, your laptop is stolen to be sold for $20 on the street.

[QUESTION]: is encryption still recommended?

3) [QUOTE/QUESTION]: So in order to (protect) your BTCs, you have to create a "new, untainted address, in conjunction with the wallet.dat that you deposit".

QUESTION: (I may sound naive, but I have to ask) do I go into my bitcoin app, then create a new never been used address, then send what I have to this new address, i.e. to myself? THEN, back up both that new address and my wallet.dat file together? And additionally, each time I want to do a backup, create a fresh address?


thanks in advance for clarification

[kuloch]

While I'm a complete n00b to BTC as of yesterday, I do know a thing or two about public/private key encryption.

1)

backing up on physical media is of "NO USE"
[88bitcoins]: I'm assuming because if the same file is on your OS then it's not "protected" whether or not you have a physical backup elsewhere.

Correct.  If the unencrypted "wallet" (read "key") exists in a vulnerable place, then it doesn't matter how securely you back it up.  It's like keeping a copy of your house key under your mat but making a "secure" copy regularly.  A burglar can simply check under your mat, regardless of how securely you keep the copies.

QUESTION: is there any circumstance in which making a physical backup would be beneficial? It's certainly easy enough.

I can think of two valid reasons for separate physical copies.  The first is simply to guard against data corruption, drive destruction, etc.  The second is to keep the "secure" file only on media other than your hard drive, created and saved in a "secure" operating system.

Keeping at least one backup is a good idea.  Just remember that the *least* secure copy of your "wallet" (read "key") is effectively the only one that matters for security.

2)

Encryption does not "protect [you] from all evil"
[88bitcoins]: I'm assuming because it can still be hacked and/or encryption doesn't protect from greater dangers such as your hard drive dying and the wallet cannot be retrieved, your laptop is stolen to be sold for $20 on the street.

Hard drive corruption/destuctions/loss is why it's good to keep a backup copy on another physical medium.  Note that having your drive stolen with an unencrypted wallet means that wallet is forfeit, unless you happen to transfer all BTC out from that account to another using a backup copy before the "bad guys" get to it, first.

[QUESTION]: is encryption still recommended?

I can't speak much on local encryption, as I've never personally had anything worth the bother.  But if you have a keylogger on your system, then encryption probably isn't worth crap once you type in your password.

3)

So in order to (protect) your BTCs, you have to create a "new, untainted address, in conjunction with the wallet.dat that you deposit".

The point is that any "wallet" (read "key") that has ever existed in unencrypted form on your computer (which may have keyloggers, trojans, and the like - regardless of whatever your anti-malware software says) could potentially be compromised.  The suggestion of using a bootable linux distro so that the "wallet" (read "key") file never touches your potentially tainted system is pretty good, if a little hardcore.  But if I had 25k BTC, that's probably what I'd do.

QUESTION: (I may sound naive, but I have to ask) do I go into my bitcoin app, then create a new never been used address, then send what I have to this new address, i.e. to myself? THEN, back up both that new address and my wallet.dat file together? And additionally, each time I want to do a backup, create a fresh address?

As soon as you create a "wallet" (read "key") in your (potentially compromised) operating system, then your wallet is already potentially compromised.  Remember: securing one copy doesn't secure all copies.  Only if *every* single copy that has ever existed is secure can you consider the "wallet" (read "key") to be "secure".

[eamon]

Personally, I like the idea of running Bitcoin in a virtual machine with no other programs installed on it. Windows 7 has virtual PC built right into it, and Virtual PC is available as a download for Windows XP. Plus, it's a way of doing things that can be explained to your mother or father. There's only two files to move. The only issue is that they generally are larger than 2G, so you need to NTFS format a USB drive. Then if you need to securely remove the files, you can secure erase the Virtual PC files and be relatively assured that they are not going to be found as a deleted file.

I thought I was pretty clever, until I met a guy who pointed out, that if you store your wallet.dat in a safe deposit box, you don't even need to see the blocks get downloaded to a new client. You can go to block explorer and verify that the funds have been transferred. Granted, you do need to install the wallet to transfer the coins.

Unfortunately, multiple wallets is somewhat inevitable, and although bitcoin tries to hide the mechanics of all the key management, I think address management is a huge risk. People have a natural tendancy to use the last-known-good address and wait for something to go wrong. I'm sure we all know people who would write one bitcoin address down once, and expect it to always work. That's a really dangerous expectation. By this point, I've installed the client on 4 different machines several times, and although I don't need all of those addresses .. if it's out there .. there's a risk someone will use it.