HOWTO: create a 100% secure wallet

[aral]

aral: So you're saying burning CDs is too tedious, better buy a netbook and use that as medium? And do you specifically require a crappy one?  

Why are you taking the piss?  I have just made your idea way more convenient.   

Instead of booting up off a liveCD (which IS slow) then installing bitcoin and waiting for the download, you can just fire up the netbook. 

You can make a script that burns an encrypted wallet copy as well, do whatever you want, it's waiting there for next time you need it.

When you've finished the transaction you just stow the netbook in the safe again.  If I had 25k BTC I would probably do this.  I think it makes a whole lot of sense.

[aiwk171]

aral: So you're saying burning CDs is too tedious, better buy a netbook and use that as medium? And do you specifically require a crappy one?  

Why are you taking the piss?  I have just made your idea way more convenient.   

Instead of booting up off a liveCD (which IS slow) then installing bitcoin and waiting for the download, you can just fire up the netbook. 

You can make a script that burns an encrypted wallet copy as well, do whatever you want, it's waiting there for next time you need it.

When you've finished the transaction you just stow the netbook in the safe again.  If I had 25k BTC I would probably do this.  I think it makes a whole lot of sense.

Don't sweat, I like taking the piss. Just yanking your chain...

My initial point was, that you don't need to access your wallet.dat in order to transfer funds to it, so as long as you're in piggybank-mode, a tiny SDcard in a safe seems the least error-prone way.

But you're right of course. If you can store a netbook safely somewhere and trust its hardware will remain intact it'll work. Just never, ever install any programs in userspace. And of course, see that you never use sudo for anything you're not 100% sure about. So thanks for your contribution (Ugh, that's me being nice, I hate myself already).

[Rggoalie3]

I see references to printing out your wallet.dat all over the place and I really like that idea. But, when I open up my wallet.dat file in word pad it is 200+ pages long. Am I missing something here?

[jerfelix]

I see references to printing out your wallet.dat all over the place and I really like that idea. But, when I open up my wallet.dat file in word pad it is 200+ pages long. Am I missing something here?

Sorry, yes, I have mentioned a few times that a printed copy of wallet.dat would be attractive to me.  But let me explain:

First, the valuable part of wallet.dat is the key pairs. 
Second, Bitcoin creates 100 Bitcoin Addresses to start with, and each time you perform a transaction, your wallet gets a little bigger.  You'll create more keypairs, and therefore more size.

What I was trying to say is that you can create a virgin wallet, and print the important parts of THAT.  Specifically, the key pairs necessary to reactivate ONE bitcoin Address (not 100).

That set of information is relatively small - I believe significantly less than 1000 characters.  It could easily be printed and stored on one page.  Even a virgin wallet file with the 100 key pairs is only about 16K.

My logic with this was to create a "vault" for your long term storage.  It would be used for deposit only, until someday when you want to retrieve it all.  The paper would be a fail-safe, if all media failed (imagine you store your wallet.dat file in a safe deposit box, and the renter next to you stores a large magnet!)   Paper has some advantages.

The next question is, though, what do you do with this paper in the event you need to recover.  I believe it would be relatively trivial to write a program to recreate a valid wallet file given the piece of paper, but I haven't proven that yet.  I also believe that if I had 100K tied up in my ability to perform that task, I'd get it done!  (especially since the Bitcoin software is open source, and the file format is documented.)

Here's all the stuff that's in a "loaded" wallet.dat file.  That's why I think you want a "virgin" file (and you really only need 1 address's keypairs):

    your keypairs for each addresses
    transactions done from/to your addresses
    user preferences
    default key
    reserve keys
    accounts
    a version number
    Key pool

See why it gets huge?

[Rggoalie3]

I see references to printing out your wallet.dat all over the place and I really like that idea. But, when I open up my wallet.dat file in word pad it is 200+ pages long. Am I missing something here?

...
See why it gets huge?

Yes, that does make sense. But it doesn't help me very much. How does one parse out a particular public/private key for printing? Then, once done, how does one take that private key and make it functional inside of a bitcoin client again? I see this recommendation all over the forums, but I have never seen a tutorial on how it is done. Any help you could give would be great!!!

[jerfelix]

Yes, that does make sense. But it doesn't help me very much. How does one parse out a particular public/private key for printing? Then, once done, how does one take that private key and make it functional inside of a bitcoin client again? I see this recommendation all over the forums, but I have never seen a tutorial on how it is done. Any help you could give would be great!!!

Someone (maybe me) will write a utility (or two) to do just that.
I was going to start with bitcointools: https://github.com/gavinandresen/bitcointools

With those tools, you can manipulate the wallet pretty freely.

[J180]

You could always just get a crappy cheap little netbook to put your safe wallet on and keep that in the safe.  Saves a lot of faffing with CDs.

You're still going to have to connect to the internet if you ever want to spend the coins.

Perhaps there will be a future market for a bitcoin laptop. An OS which uses completly read-only memory, so it can't get malware, and perhaps a design which makes it very difficult to tamper with. Then people could just put one of those little devices into their safe.

[imperi]

I have a question, if someone happens to know, and sorry if this was already asked.

Can someone sniff both your public and private key off the network? Can someone explain technically if this is possible?

What I mean is, even if your computer has NO malware on it, is it possible for someone to intercept the keys and then use them?

[lemonginger]

You could always just get a crappy cheap little netbook to put your safe wallet on and keep that in the safe.  Saves a lot of faffing with CDs.

You're still going to have to connect to the internet if you ever want to spend the coins.

Perhaps there will be a future market for a bitcoin laptop. An OS which uses completly read-only memory, so it can't get malware, and perhaps a design which makes it very difficult to tamper with. Then people could just put one of those little devices into their safe.

I think that possibly before that there will be a market for insured virtual bitcoin safes where companies are under legal binding agreement to keep your bitcoins safe, like, you know,  a bank

[aiwk171]

I have a question, if someone happens to know, and sorry if this was already asked.

Can someone sniff both your public and private key off the network? Can someone explain technically if this is possible?

What I mean is, even if your computer has NO malware on it, is it possible for someone to intercept the keys and then use them?

No. Interception is impossible, simply because the whole concept of a private key implies that it will _never_ have to leave your PC. It's just used to generate a signature if you will, which then "proves" to the network that you are allowed to make a transaction from address X.

[imperi]

I have a question, if someone happens to know, and sorry if this was already asked.

Can someone sniff both your public and private key off the network? Can someone explain technically if this is possible?

What I mean is, even if your computer has NO malware on it, is it possible for someone to intercept the keys and then use them?

No. Interception is impossible, simply because the whole concept of a private key implies that it will _never_ have to leave your PC. It's just used to generate a signature if you will, which then "proves" to the network that you are allowed to make a transaction from address X.

Ohh I see. That makes perfect sense. Thanks!

[bcearl]

If you're looking for really strong passwords I can always recommend a YubiKey http://www.yubico.com/yubikey
Using a "normal strong" password (something you can actually remember) in combination with the 16-64 character long static password on the YubiKey provides pretty good safety. Though you then have to watch out for your YubiKey of course

I use a lot public key crypto every day, for example to log in at university machines.

But for wallets it all comes back to a password anyway, because I want to be confident that I could access some backup at any time. So some of my wallet backups will be encrypted with AES and passphrase anyway.

[bcearl]

You could always just get a crappy cheap little netbook to put your safe wallet on and keep that in the safe.  Saves a lot of faffing with CDs.

You're still going to have to connect to the internet if you ever want to spend the coins.

You actually don't. It's just that the current official client does not support any other method.

But in theory the client could make the transaction offline by writing it to a transaction file. You could then transport that file to an online computer and send it to the network from there.

There is no need to have a private key leave the offline computer. That's not a new concept, any smartcard does the same. They never release public keys, they release the signed data only.

[aiwk171]

But in theory the client could make the transaction offline by writing it to a transaction file. You could then transport that file to an online computer and send it to the network from there.

Ooh, that would be tits!

[bcearl]

But in theory the client could make the transaction offline by writing it to a transaction file. You could then transport that file to an online computer and send it to the network from there.

Ooh, that would be tits!

I think the devs thought about all of that. Including encrypting the wallet by default, so that backups require only copying the wallet.dat.

It is more of an accident that bitcoin got so much media attention in version 0.3.2x - the number should explain everything.

[aiwk171]

It is more of an accident that bitcoin got so much media attention in version 0.3.2x - the number should explain everything.

Well, to be fair, that's actually the traditional way opensource programs usually do their numbering: total understatement. If it was a commercial program, you bet they would be at least at version 3 right now.

[wujh]

It's still early age for the BTC.

But if we all have to do this tricky stuff, the bitcoin will never thrive as a currency.

You geeky guys should give some solutions for the people not very familiar with these kind of complicated tech skill. Maybe backup\encrypt\import\export\ the wallet.dat function should be put into the future client software.

[bcearl]

It is more of an accident that bitcoin got so much media attention in version 0.3.2x - the number should explain everything.

Well, to be fair, that's actually the traditional way opensource programs usually do their numbering: total understatement. If it was a commercial program, you bet they would be at least at version 3 right now.

Yes, but people don't manage millions of dollars with most of the software they use.

[aiwk171]

It's still early age for the BTC.

But if we all have to do this tricky stuff, the bitcoin will never thrive as a currency.

You geeky guys should give some solutions for the people not very familiar with these kind of complicated tech skill. Maybe backup\encrypt\import\export\ the wallet.dat function should be put into the future client software.

Bah, first of all, it's not that hard, second of all, you don't _have_ to do it, thirdly, it's only relevant if you handle larger sums. I hope you don't find putting your real money in a bank too geeky and/or hard.

I'll say it as often as I have to: Your suggestion would just lead to a false sense of security, and will be useless if the user doesn't know what he's doing. I'm sorry, but that's the reality of it: If you do dumb stuff, behave irresponsibly with large sums, no IT security in the WORLD will save you from the threat of being robbed.

So you, as a person who likes it the convenient way, you still have two options: 1. Use Linux. Jesus, at least for bitcoin. And the still, don't click on everything you find on the internet, watch your porn on another account and, ideally, ditch that fuckwad called adobe-flashplayer.
2. Do it as people do with banks: entrust a professional with your money. I'm sure as bitcoin will establish itself, services like that will pop up. Still: if you write down your password to that service somewhere, you're hopeless. And even if you behave like the smart person you are, there may still be risk involved as long as you don't understand the technical side of it. It's not that hard, really.

Read the guide in the wiki, it basically recommends setting up a safe account for bitcoin. It's secure enough while still being convenient to use _and_ easy to set up.

[aiwk171]

In case anyone here is interested in an all-in-one solution (this request came up frequently in the newbie discussion), I created a poll to see if there is any interest in having something like a simple, grandma-friendly tutorial and a prepackaged operating system, which would come in the form of a bitcoin-only USB-stick that allows safe transfers without the need of any technical affinity.

Head over there if you want to express your opinion about this: Poll for an easy security HOWTO (+ operating system)