HOWTO: create a 100% secure wallet

[BitcoinBabe]

OK,

You've probably already clarified this, but there are just too many replies to go through.

So I haven't made any transactions yet, but I have downloaded the bitcoin software to my PC (yes... it's windows... and?  :|).

Are you saying that even thougth I've done nothing involving my bitcoin wallet thus far, I should NOT back up this wallet onto a liveCD/USB...? Does this mean reinstalling bitcoin in ubuntu and then backing THAT up...?

The wallet contains "keys". Since it was on windows it COULD be compromised. If you back that up it's no good. You need a brand new wallet that's created while running the Live CD. Yes you would install Bitcoin while in Ubuntu. Run it. Get some addresses and then close it. Make sure its a new version of Bitcoin. Backup/Encrypt the new wallet. OR see:
https://forum.bitcoin.org/index.php?topic=24546.0 it may be more simple for a savings only account...

Gotcha!

Muchas gracias.

[1713542336]

1713542336

[infested999]

Truecrypt volume inside a Virtual machine for maximum security xD

[netrin]

... Since it was on windows it COULD be compromised.

There seem to be two schools of thought regarding the Linux vs. Windows security issue. (1) is that Linux is inherently more secure by design vs. (2) Windows has bigger market share and perhaps fewer technical users and is thus an easier, more lucrative target.

I subscribe to both schools, but I think bitcoins presents an interesting test case of these theories. We are a community made of a disproportionately high number of Linux users. Compromising our systems provides a nearly untraceable and immediate benefit to an attacker (namely copying and spending the wallet.dat file).

While it can probably still be said that the Linux users represent a higher technical level, it seems they might represent a bigger market share (do we have statistics on this?). So we may soon have more insight into assertion (1).

I run Linux, but I must admit, I am very concerned. The bitcoin client must implement encryption (unlocking on send only) and offline transaction files. I would not be surprised if we see a successful Linux trojan before Christmas which could do much damage to the general confidence in bitcoin security.

[netrin]

Truecrypt volume inside a Virtual machine for maximum security xD

I am afraid you will all loose your keys after hardware failure rather than a malicious attack. I symetrically encrypt multiple wallets offline, then commit the encrypted wallets to distributed version control, and replicate the repositories on multiple devices.

I only decrypt one wallet at a time for spending, thus exposing only a subset of bitcoins to the network. I can check my total balances in the block chain. I am protected from both malicious attack and hardware failure. And it's MUCH easier than LiveCD's with encrypted shares that may Ooops! get lost.

[jasonstx]

Forgive my ignorance, but couldn't you just get the vmware player (free), make your own vmx to install ubuntu, install bitcoin and truecrypt, download all the blocks, snapshot, mount and import your wallet.dat from truecrypt volume on USB, send BTC, shutdown and delete snapshot?  There isn't really even a need to make a change in your truecrypt volume.

I realize that you could possibly do forensics on the drive and recover that deleted snapshot but that requires physical access to the drive.

And AFAIK Ubuntu is pretty safe as it doesn't listen for any incoming connections.

So if it was a dedicated single use just for BTC transactions (no browsing, etc.) would it be fine for non-paranoid people?

[John (John K.)]

Informational and funny to read 

[PandaMiner]

** Poll: Who is really doing so? **

Be honest. How many of us really use two wallets?
One for daily buying and selling. One for saving.

I am.  I tried out with small amounts first, and making sure my boot-from-ubuntu-usbkey worked multiple times before sending my "savings" to it.

[nipsy]

I know it's coming, but I still can't fathom why the client didn't include the option early on of encrypting the private keys in use in your wallet.  Seems like an obvious requirement for such a currency as this.

[mystery2048]

In my opinion, the first adage to obey is, Dont put all your eggs in one basket, before considering anything else about security... I dont think anyone should have too much money in any one wallet at a time...

[rowyourboat]

great post, thanks!

[sealkid]

thanks for the info! very useful

[PandaMiner]

I am in the process of installing bitcoin client on one of my miners for testing purposes.  It has been 3 hours and it still hasn't downloaded all of the blocks yet.  I fear every day puts minutes onto this time.  Which means that by this time next year, it will take a day or more to have a fully up-to-date client.

I wonder if there is a way to copy the database?

[samadamsbeer]

Sorry I have not gone thru all 14 pages, plan to do so. I did run a search on this and did not find an answer.

I asked the same question here: https://forum.bitcoin.org/index.php?topic=20298.msg311431#msg311431

Mine (Bitcoin data folder) is over 300MB already, looks like the block chain files are the main culprit in the hundred of mb. Like the file blk0001.dat is over 300MB. But if I want to follow the instructions to secure my wallet here https://en.bitcoin.it/wiki/Securing_your_wallet using a Truecrypt container it says to make the container at least 100MB. At this rate of growth it seems I need to make my container in the GBs if I don't want to keep recreating it? Am I missing something? Can I just encrypt a container for the wallet.dat and not the block chains?

[cocodapuf]

Admittedly I read through the guide and the first page of comments, then skipped the rest.  Here are my thoughts...

As someone who works in IT, I think that for most users this process is pretty complicated, but more importantly way too tedious for simply transferring funds.  With my current bank, it's easier for me to transfer funds from my checking account to savings, even though those funds aren't physically in my possession.

Now granted, this is pretty simple for a system that is practically 100% secure.  Still, I think most people need a system that is perhaps 99% secure, but much simpler and faster. 

[CyberPhunk]

Will definitely have to play around with this.

Thanks for putting the time into sharing the info.

[netrin]

As someone who works in IT, I think that for most users this process is pretty complicated, but more importantly way too tedious for simply transferring funds.

Agreed. This all needs to be easier/simpler before my Mom will come near it.

Still, I think most people need a system that is perhaps 99% secure, but much simpler and faster. 

What does 99% secure mean? Is that like a water damn or parachute with a 1% hole in it? Or a computer with only one port out of a hundred compromised? Or one malicious out of hundred users? 99% secure is 100% insecure.

Most computers are not secure. This does not mean that their users will die or loose their all of their data, but it means that they are not the only ones in control of their hardware. When there are bitcoins on the machine, that is more of a concern than if the most private things you have a family photos and a tax return.

You have to think of this like a biological virus. A successful virus 'wants' to survive not kill or rather if a virus kills its host it will reduce its chance of replication. A successful virus 'wants' to infect in such a way that the host will continue unaware of infection unless (such as ebola) the host acts in a ways that it increases dissemination (like wandering into markets or going to the hospital and exploding blood upon a large number of vulnerable patients in close proximity).

An attacker does not want its host to know it has been compromised. It does not want to produce concern. It wants to act with surgical precision and maximal effect. We should thank Lulz and other joy riding young crackers for making us aware of our vulnerabilities, for making us conscious and secure.

[atomictornado]

Very informative post!  Thanks for sharing!!   

[kartcrg84]

wow, I probably laughed more than I learned. (I did learn a lot though. thanks a ton!)

[BkkCoins]

Sorry I have not gone thru all 14 pages, plan to do so. I did run a search on this and did not find an answer.

I asked the same question here: https://forum.bitcoin.org/index.php?topic=20298.msg311431#msg311431

Mine (Bitcoin data folder) is over 300MB already, looks like the block chain files are the main culprit in the hundred of mb. Like the file blk0001.dat is over 300MB. But if I want to follow the instructions to secure my wallet here https://en.bitcoin.it/wiki/Securing_your_wallet using a Truecrypt container it says to make the container at least 100MB. At this rate of growth it seems I need to make my container in the GBs if I don't want to keep recreating it? Am I missing something? Can I just encrypt a container for the wallet.dat and not the block chains?

Making a backup of the block chain data is pointless except perhaps to save time later (as then it won't need to be downloaded again). Encrypting and backing up the wallet.dat file is essential and it's not too big. The plan is that future versions of the client will not need to have the full block chain on hand so by the time that data gets painfully huge we should have a solution that does not require downloading the whole chain.

[cocodapuf]

Still, I think most people need a system that is perhaps 99% secure, but much simpler and faster. 

What does 99% secure mean? Is that like a water damn or parachute with a 1% hole in it? Or a computer with only one port out of a hundred compromised? Or one malicious out of hundred users? 99% secure is 100% insecure.

Most computers are not secure. This does not mean that their users will die or loose their all of their data, but it means that they are not the only ones in control of their hardware. When there are bitcoins on the machine, that is more of a concern than if the most private things you have a family photos and a tax return.

You have to think of this like a biological virus. A successful virus 'wants' to survive not kill or rather if a virus kills its host it will reduce its chance of replication. A successful virus 'wants' to infect in such a way that the host will continue unaware of infection unless (such as ebola) the host acts in a ways that it increases dissemination (like wandering into markets or going to the hospital and exploding blood upon a large number of vulnerable patients in close proximity).

An attacker does not want its host to know it has been compromised. It does not want to produce concern. It wants to act with surgical precision and maximal effect. We should thank Lulz and other joy riding young crackers for making us aware of our vulnerabilities, for making us conscious and secure.

Heh, the lulz boat has been fun to watch, and I totally agree.  I have a feeling that most people don't see it as a mostly positive force though. 

And to clarify, instead of "99% secure" what I should have said was "good enough" security.  For example, when you punch in your ATM pin, you do it in a public place.  Does some unseen spy have a camera focused on the keypad?  Do you know that nobody tampered with he machine before you got there?  We could all come up with many more (absolutely legitimate) potential security holes.  Still, most people use ATMs and consider them mostly safe.  So what is mostly safe for us?

I found this other thread on the forums that I think satisfies my needs. "How to set up a secure bitcoin savings account"

But seriously, what is your opinion on "good enough" security? (open question to everyone in the thread)