HOWTO: create a 100% secure wallet

[Kazimir]

Once I move it to my USB, I can basically have it safe now?

No, you also have to make sure that

• your USB (or at least your wallet file) is encrypted with a strong password (otherwise, what happens if you lose your USB or it gets stolen?)
  
  
• you have at least one, preferably multiple remote backups somewhere (otherwise, what happens if your house burns down?) and any backup must be encrypted as well (otherwise, what happens if the remote backup location gets hacked / confiscated by the feds / stolen by a fraudulent employee / etc?)
  
  
• you only insert the USB stick in a computer that is guaranteerd free from malware/virus/spyware/keyloggers/trojans/etc (or at least whenever you actually enter your password to unlock the wallet and confirm any payments)

[MassMaster]

What it sounds like is can make this wallet file; save it on an SD card. Lock it up in my closet.  Then deposit coins to the address associated with the wallet.dat file with out having to take it out of its 'spot' UNLESS i want to pull coins out of my savings?  If so this is awesome! I'm looking forward to setting this up.  Thanks for the post!

MassMaster

[HonorMe]

Thanks for this, very informative

[Kazimir]

What it sounds like is can make this wallet file; save it on an SD card. Lock it up in my closet.  Then deposit coins to the address associated with the wallet.dat file with out having to take it out of its 'spot' UNLESS i want to pull coins out of my savings?  If so this is awesome! I'm looking forward to setting this up.  Thanks for the post!

Correct. Although keep in mind what I wrote above about encrypting the wallet file (even if it's stored on a USB drive or SD card) and remote backups.

[HonorMe]

Sound advice, im going to work on this myself

[KajiMaster]

I got a 2gb micro sd card salvaged from my old smart phone. I knew it was going to come in handy!

[skrubis]

Already did that to secure my whopping 11BTC

Really great tutorial, by the way!

[WongthForReal]

Secured my wallet, thanks.

[BBE]

good read.  Thanks for the sticky

[ALOIS]

i think just keeping Anti-Virus up to date, will save my bitcoins from 12 years old lame hackers. There is no need to be paranoid about wallet, if here isn't really BIG amount of BTC

[molecular]

I got a 2gb micro sd card salvaged from my old smart phone. I knew it was going to come in handy!

just don't make it the only place to put your encrypted wallet.dat

[marika70]

that was very helpfull thank yo u

[procyon]

...
2. Wallets stolen from RAM:
You CAN'T do this even if the computer is running nothing BUT bitcoin and malware:

Every program has a ram space, other programs can't touch it.

This means that even assuming data stayed alive in RAM a while (I never heard of such):

The virus would need to allocate almost ALL the computers RAM to itself in order to even get access the residue after the bitcoin client closed THEN it would have to search it.

This would slow the PC to a crawl and be VERY obvious.
...

This is NOT true. Programs can read and write to RAM not owned by them. Nice programs don't do it, but programs can do this. You need to know something about the data you are looking for, it won't be nicely labeled 'secret_key:', but it is not impossible to find and extract. I have done this (with other programs, not bitcoin) on both windows xp and 7.

[Beleth]

Thanks for the great guide.

[Status]

Thanks, tried it out and it worked

[userr]

ARMORY looks like a good choice of software for secure wallet

[knokturnl]

Thanks for this tut, I'm sure you've helped a countless number of people with it!

[gamebak]

really a great tutorial, thanks mate.

[muqali]

A linux distro that has everything you need probably can't come quick enough.

The distributor of that distro needs to enjoy enormous trust.

I trust a vanilla ubuntu live cd a ton lot more to contain no wallet stealer than a special "for your secure bitcoin savings" distro.

I am quite fond of TAILS but of course a Live CD can't store data like your wallet and private GPG key - it is possible though to use the built in disk utility to encrypt a USB stick which can contain such information.

V.

I'd like to second the use of tails as a live cd. It's backed by debian's massive repository if you absolutely need some program while setting up your secure wallet.

[rgenito]

i didn't bother to read EVERY thread on here, but a thing to beware of with linux USB / live CDs: if your encryption requires high-quality random numbers, you might not want to generate random keys after booting from a USB boot / live CD; apparently that's not a good choice because the environment is more predictable. Anyone out there ever even take advantage of this flaw? I sure haven't; I've only had wikipedia entertain me with these thoughts

Honestly, it surely doesn't matter, but for those that love being paranoid: beware of generating keys after freshly booting from a live CD / USB.

As for creating a "100% secure wallet", I don't think it's possible to quantify or measure the % of security that a wallet is under. Keep in mind that your wallet isn't exactly secure if even YOU lose access to it! (It's no longer secure--it is useless!)