Bitcoin Forum
November 11, 2024, 08:25:37 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 ... 127 »
  Print  
Author Topic: HOWTO: create a 100% secure wallet  (Read 276212 times)
mg101
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
June 17, 2011, 02:19:19 AM
 #81

Good read, noobs like me need stuff like this, thanks!

janedoe
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
June 17, 2011, 02:39:57 AM
 #82

thanks for the great info!
scottk
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile
June 17, 2011, 04:25:43 AM
 #83

Here's the take-away:
1. ONLY store your wallet.dat on an encrypted partition.
by extension:
1a. DON'T BACKUP YOUR WALLET TO AN UNENCRYPTED PARTITION!
1b. Don't use Dropbox to backup your wallet!
1c. DON'T USE DROPBOX TO BACKUP YOUR WALLET! Yes, it's handy, yes, it's automatically backed up, and yes it's encrypted. But none of that matters. Although Dropbox does encrypt your data, the way the Dropbox system works makes it a relatively insecure place for storing your wallet - once you connect to Dropbox on a PC, rather than keeping your password, the program keeps a token. Anyone with that token has access to your Dropbox (and your wallet). It doesn't matter that the data is encrypted because Dropbox does the decryption on their end (not good - companies should learn, this is the same thing Gawker did wrong, and is one of the many things Sony did wrong, and it's one of the easiest problems to avoid).
1d. If you want to use a cloud-based back-up solution, MAKE SURE that it encrypts *LITERALLY *ALL* of your data before it is "sent to the cloud." Also, MAKE SURE THAT ONLY YOU HAVE THE ENCRYPTION KEY. (Or trusted loved ones. But you know what I mean - make sure the service doesn't keep a copy of your key - otherwise you can get totally screwed even if you personally do everything right.) Yes, this means that if you ever lose that password you lose all that data - but that's why we have password "hints" and why we have password autofillers. Wuala does encrypt your data beforehand and does not store a copy of the key (and incidentally, accepts Bitcoin if you want to use their paid services) and there are services such as Carbonite which can supposedly do the same (although I can't personally vouch for any of these).

2. The key to keeping a system secure (aside from just disconnecting it from the Internet) is to BE AWARE. Pay attention to what is installed on your system, and why, and how often you use it. If you aren't using it, get rid of it as it's nothing more than a potential attack vector.
2a. PAY ATTENTION to what's on your computer!
2b. PAY ATTENTION to what's on your computer! Assuming this guy is telling the truth, this is where he really fucked up. He was running this on his main home PC, which he also used for work and stock trading. I'd assume he also used the same computer for general Web browsing, file sharing, gaming, chatting, and everything else. We all do it, and it puts us at risk. It's not that it isn't/can't be OK - it can - but he did it without thinking about the fact that every program is a potential attack vector. It would've been OK if he'd kept his wallet on a physically disconnected volume, but he didn't.'t.

3. Keep the PC which holds your main wallet up-to-date and keep it secure, and/or keep your wallet off your PC until you want to use it.
3a. If you can, keep your wallet on another computer (IE, not your main PC) that pretty much isn't used for anything but Bitcoin, and LOCK IT DOWN TIGHT. The more programs you have on the PC, the more vectors of attack an attacker has.
3b. For most of us, it's not feasible to have a separate PC just for Bitcoin. This can be OK. If you have a lot of Bitcoin, keep your main wallet on a Flash drive or something similar that is only physically connected to your system when you want to run Bitcoin. (Make sure you understand - I am NOT talking about making a copy of your wallet, I am talking about actually moving the file to a separate drive where it is normally inaccessible to the Bitcoin software except when you deliberately plug it in.)

4. Be smart and realize you are human. Leaving your wallet in plain sight in a locked car isn't "keeping it safe" and it seems like it's pretty obvious that doing it puts you at risk, but accidents happen sometimes - which is why we tend to keep our money either with a bank or somewhere safe at home. If you have enough Bitcoin, keep two wallets - one with the majority of your Bitcoin, and one with your spending money - and make sure the "main" wallet is kept ultra-secure. Treat your BTC wallet like a real wallet - don't keep large amounts on you because if you get robbed and you're carrying $100 or even $1000 you're set back but not enough that you won't recover, but if you're carrying $500,000 and you get robbed (or lose your wallet) you're pretty well fucked.
adamstgBit
Legendary
*
Offline Offline

Activity: 1904
Merit: 1037


Trusted Bitcoiner


View Profile WWW
June 17, 2011, 04:49:05 AM
 #84

This is all very complicated,

i have a few btc, not overly worried about getting them stolen
i was hoping there would be a very simple way to "put my wallet on a usb"

can't i simply cut and past wallet.dat on a usb key?

Alex Beckenham
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
June 17, 2011, 05:33:43 AM
 #85

This is all very complicated,

i have a few btc, not overly worried about getting them stolen
i was hoping there would be a very simple way to "put my wallet on a usb"

can't i simply cut and past wallet.dat on a usb key?

Sure, if you're not overly worried about getting them stolen.

frutza
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
June 17, 2011, 07:35:05 AM
 #86

Human factor and buggy software explains 99% of all issues...
valve
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
June 17, 2011, 08:36:09 AM
 #87

Hello I need a couple things cleared up for me, first off After I install Ubuntu and the bitcoin program and generate the 10 addresses why am I saving all the addresses and not just one? Will I be fine leaving a copy of the wallet on the usb drive that has Ubuntu on it or would that be a bad idea? And now that I will have 10 new addresses I can send my current btc to any one of those and then delete the wallet that is on my HD or do I need to leave that so I can send future btc from my HD to my new addresses? Also I don't need to mine with Ubuntu it is just a medium for safe transactions of my btc correct?
aristidesfl
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
June 17, 2011, 11:32:24 AM
 #88

Using truecrypt with symlink one mac osx here..
crank
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
June 17, 2011, 02:03:17 PM
 #89

Human factor and buggy software explains 99% of all issues...
That's right, 80% of all issues will sitting before the machine   Wink
je_bailey
Newbie
*
Offline Offline

Activity: 18
Merit: 2


View Profile WWW
June 17, 2011, 02:08:18 PM
 #90

Good posting, a couple of points.

1. Live CDs. Your able to store things on Live CDs because they create a virtual file system file on the local drive. and merge that local file system with the filesystem that's on the CD. If you install your wallet on the Live CD. You are actually putting in on the hard drive of your computer. ( see http://en.wikipedia.org/wiki/Live_CD#Technique)

2. I object to the usage of "100%" secure. There's no such thing Smiley The closest you can come is to make it portable at which point you're vulnerable to physical theft and loss.

-Jason
cypherdoc
Legendary
*
Offline Offline

Activity: 1764
Merit: 1002



View Profile
June 17, 2011, 02:26:26 PM
 #91

Good posting, a couple of points.

1. Live CDs. Your able to store things on Live CDs because they create a virtual file system file on the local drive. and merge that local file system with the filesystem that's on the CD.

what do u mean by "store"?  by being in a virtual state isn't the virtual file system just temporary until u logoff live cd unless u decide to save the wallet?

Quote from: je_bailey
If you install your wallet on the Live CD. You are actually putting in on the hard drive of your computer. ( see http://en.wikipedia.org/wiki/Live_CD#Technique)

which then means it can be stolen despite not being logged on with live cd?

Quote from: je_bailey

2. I object to the usage of "100%" secure. There's no such thing Smiley The closest you can come is to make it portable at which point you're vulnerable to physical theft and loss.

-Jason
je_bailey
Newbie
*
Offline Offline

Activity: 18
Merit: 2


View Profile WWW
June 17, 2011, 02:57:20 PM
 #92

Good posting, a couple of points.

1. Live CDs. Your able to store things on Live CDs because they create a virtual file system file on the local drive. and merge that local file system with the filesystem that's on the CD.

what do u mean by "store"?  by being in a virtual state isn't the virtual file system just temporary until u logoff live cd unless u decide to save the wallet?

Yes, the virtual filesystem is temporary, so if you are using a Live CD and you create a wallet on it, and transfer money into your wallet. You have the option of saving it (where it ends up on your hard drive) or it disappears when you eject the CD and you lose the money.

Quote
Quote from: je_bailey
If you install your wallet on the Live CD. You are actually putting in on the hard drive of your computer. ( see http://en.wikipedia.org/wiki/Live_CD#Technique)

which then means it can be stolen despite not being logged on with live cd?

That's correct
royalecraig
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile WWW
June 17, 2011, 03:11:48 PM
 #93

Thanks for a Great Post, it does appear that the 'wallet' and it's security is not straightforward as it might at first appear, it would be wise to assume that anyone who has installed Bitcoin to a PC could theoretically be compromised already, and it seems that if someone took a copy of your unprotected wallet.dat file three weeks ago, they could wait 1yr or two yrs and assume that Bitcoins will be worth more then start using those wallets.
So here is a worse case scenario, that EVERYONE who installed Bitcoin, in an unprotected fashion, which would probably be most people. may have had their wallet 'peeked', you might not have cared then, you might not care now because you only have a few Bitcoins, but theoretically, hackers could have been scouring the net, looking for unprotected wallets and taken copies.
In 5 yrs time, many of these wallets may no longer exist, but a few at least may well have significant amounts of Bitcoins in them, which they wil be able to use because they have your wallet, which is more accurately likened to a Key.
That means anyone who has left themselves vulnerable at sometime in the past, even if they didn't have any Bitcoins, is now at risk because those Old snapshots, taken of your empty wallets can be used to run transactions at sometime in the future, when your Wallet may contain significantly more BTC's.
Does that mean also that anyone mining using the CPU or GPU is inadvertently sending out a signal saying their wallet is 'open', an invitation for hackers to come in and take a copy of your 'wallet' for use at a later date.

Anyone with significant no of BTC's who has ever left their PC in an unprotected mode is right now at risk that someone has taken a copy that
they may well be able to use at some later date.
So the real procedure we need is not how to create a backup wallet but how to get those bitcoins out of that wallet, destroy the client we have downloaded, shred, defrag, wipe the disc and start again with a new download.
My guess is we are all potentially compromised, and if you intend having any significant BTC's in that wallet, you / we should think about
starting again, I mean surely all the bad guys have to do is release a virus that infects harddrives and sits there looking for wallet.dat, sending a copy to BadGuy Central, it could even be of a fresh install, it will not matter if its a copy of a freshly created wallet because at sometime in the future there will be coins in it, which preseumably they can check with Block explorer, aren't we all screwed ?




























je_bailey
Newbie
*
Offline Offline

Activity: 18
Merit: 2


View Profile WWW
June 17, 2011, 03:28:19 PM
 #94

So here is a worse case scenario, that EVERYONE who installed Bitcoin, in an unprotected fashion, which would probably be most people. may have had their wallet 'peeked', you might not have cared then, you might not care now because you only have a few Bitcoins, but theoretically, hackers could have been scouring the net, looking for unprotected wallets and taken copies.
In 5 yrs time, many of these wallets may no longer exist, but a few at least may well have significant amounts of Bitcoins in them, which they wil be able to use because they have your wallet, which is more accurately likened to a Key.

The part that you are missing is that a backup is only good for a certain number of transactions.

The wallet contains a pre-generated number of addresses. When you copy,or back-up, your wallet those addresses go with it.

Once the number of transactions goes beyond that prefixed number then the old backup is worthless. because the key that goes along with it is now out of date.

-Jason
TowlieLives
Newbie
*
Offline Offline

Activity: 15
Merit: 0



View Profile
June 17, 2011, 04:46:34 PM
 #95

Hi guys! For the newbies out there that may not fully understand encrypting or all the complicated steps you guys have laid out here I have a very simple solution for 100% security.  DO NOT STORE YOUR WALLET ON ANY COMPUTER EVER!  Use a removable media to store your wallet.dat and keep it in a safe place.  At the moment I keep my wallet on two flash drives, flash drives are very convenient but are known to fail.  This is why I have two.  Whenever I need to make a transaction I plug in my flash drive and put my wallet on my pc, once I finish sending or receiving coins I move it back to the flash drive.  Hopefully soon the bitcoin client itself will have more built in security, but for the time being this is the most convenient method I can think of.  As an added bonus to this method, you can carry your wallet with you anywhere which could come in handy if you need to spend some coin on the fly!
Desu
Newbie
*
Offline Offline

Activity: 28
Merit: 0



View Profile
June 17, 2011, 05:00:45 PM
 #96

Hey, we n00bs have to stick together.  Some of us just happen to have a little more of a computing background.

Now if only I can finally land a job with my recent Bachelor's degree in Computer Science...
I'm still working on mine. I'm still a little new.
TheWebTech
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
June 17, 2011, 06:55:16 PM
 #97

thanks for this post, it's helped a lot. I'd hate to buy into bitcoins and have all of it get stolen or lost.
Travis
Full Member
***
Offline Offline

Activity: 280
Merit: 100



View Profile
June 17, 2011, 07:07:12 PM
 #98

Following this advice...

 How do I install truecrypt and bitcoin on Ubuntu Linux? I just downloaded the programs, they are both .tar.gz files..
iambean
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
June 17, 2011, 09:01:17 PM
 #99

Thanks for the excellent write up! If I had any coin I would send some your way.
Run BTC
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
June 17, 2011, 09:05:11 PM
 #100

Yes thanks. Buying some USB drives today.
Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 ... 127 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!