Bitcoin Forum
March 29, 2024, 01:31:22 PM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Simple yet effective advices on wallet security  (Read 1655 times)
nakowa (OP)
Member
**
Offline Offline

Activity: 83
Merit: 10


View Profile
June 15, 2011, 07:13:05 PM
Last edit: June 15, 2011, 07:29:20 PM by nakowa
 #1

Shocked you were when you heard the horrify story, a guy lost a tremendous amount of BTC (perhaps worth half a million!), and so was I. Gone are the days when [url http://bitcointalk.org/index.php?topic=137.msg1195#msg1195]10000BTC could only buy a $25 pizza courtesy[/url]. After decimal bitcoin reached parity with the US dollar (2011 Feb. 9), BTC became serious at least for some individuals. The price of BTC keeping rising, wallet files on computers finally attract attention of thieves.
 
HOW to protect our BTC wallet?

The first advice is that you should walk away from MS Windows. MS Windows are too venerable, often easily infected with viruses, subject to Trojans, or controlled by unknown malicious programs. Nix-based operating systems are much more secure.

If you cannot abandon MS Windows as many (sometimes including me), at least you should setup a virtual machine (such as VBOX), dedicated only to running bitcoin client. DON'T install any other program even including anti-virus softwares. DON'T allow any other program pass through the firewall except bitcoin client -- open port 8333 ONLY. ONLY open this virtual machine when you have to pay bitcoin to others.

If you are interested in mining, DON't do solo mining. Solo mining forces you using mining software on the same machine in which you store your wallet file. Hackers can easily spot machines whose 8332 port is opening. They always have some methods hacking into your machine without your noticing, then, bang! your BTC disappears! When you're working in mining pool, you can only setup workers on local machine, and only setup a receiving address on the mining pool server, which means your wallet can put somewhere else, securely.

Now, official bitcoin client is weak.

If you have a fairly big amount of BTC, you should cultivate a habit:

  • When you close your bitcoin client, you should move (NOT copy) your wallet file to other location, add a password (even a simple password is better than none) when compressing, and then rename it (DON'T leave it as wallet.dat!).
  • Open your bitcoin client ONLY WHEN you have to send BTC to someone.
  • Before you open your bitcoin client, put back your wallet file as it was.

Hope these simple advices are useful for you.

[url http://forum.bitcoin.org/index.php?topic=17208.0]BTW, I'm selling mining contracts[/url]. http://forum.bitcoin.org/index.php?topic=17208.0
1711719082
Hero Member
*
Offline Offline

Posts: 1711719082

View Profile Personal Message (Offline)

Ignore
1711719082
Reply with quote  #2

1711719082
Report to moderator
1711719082
Hero Member
*
Offline Offline

Posts: 1711719082

View Profile Personal Message (Offline)

Ignore
1711719082
Reply with quote  #2

1711719082
Report to moderator
According to NIST and ECRYPT II, the cryptographic algorithms used in Bitcoin are expected to be strong until at least 2030. (After that, it will not be too difficult to transition to different algorithms.)
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
Dude65535
Full Member
***
Offline Offline

Activity: 126
Merit: 101


View Profile
June 15, 2011, 07:29:57 PM
 #2

The only way a VM can help with bitcoin security is if you do everything inside the VM and only use bitcoin outside the VM.

1DCj8ZwGZXQqQhgv6eUEnWgsxo8BTMj3mT
Leandro César
Hero Member
*****
Offline Offline

Activity: 536
Merit: 503


+1


View Profile WWW
June 15, 2011, 07:31:54 PM
 #3

Good points!

L.

Leandro César
flug
Sr. Member
****
Offline Offline

Activity: 280
Merit: 250



View Profile
June 15, 2011, 11:48:05 PM
 #4

+1

It's good to point out the really simple things. In practice, many people will shy away from the 100% security recommendations, but just renaming your wallet.dat is easy and might be enough to save a lot of money. 20% effort to get 80% effect.
knightmb
Sr. Member
****
Offline Offline

Activity: 308
Merit: 256



View Profile WWW
June 16, 2011, 12:15:40 AM
 #5

Another good point of advice, don't brag about how much you have. When I saw a news story about bitcoin and the value was so high, they mentioned in the story that the person who had the most bitcoins in the world (270K I think) and I wanted badly to e-mail them and say that they were very wrong and that I had 100K over that, but I didn't because I don't want the media banging down my door or turning a watchful eye to thieves or crackers.

Timekoin - The World's Most Energy Efficient Encrypted Digital Currency
nakowa (OP)
Member
**
Offline Offline

Activity: 83
Merit: 10


View Profile
June 16, 2011, 03:11:00 AM
 #6

The only way a VM can help with bitcoin security is if you do everything inside the VM and only use bitcoin outside the VM.

humorous...
phillipsjk
Legendary
*
Offline Offline

Activity: 1008
Merit: 1001

Let the chips fall where they may.


View Profile WWW
June 16, 2011, 04:54:06 AM
 #7

Yeah, it's totally not true: to be safe you need to do your day-today things in one VM, and do your bitcoin things in another.

Or, if you don't want the overhead of a two virtual machines, you could create two limited user accounts: one for day-to-day stuff, and one for bitcoin.

Moral of the story: It not viruses and tojans that make Windows insecure, it is the expectation that you are able to install Adobe Flash, P2P software, and Games as the administrative user. In the *ix world, requiring root privileges is considered a software bug.

With Windows Vista, Microsoft had the opportunity to make a clean break: they could have shoved all missbehaving programs in a Virtual machine running Windows XP. They chose the path of evil: putting misbehaving programs in a VM would be admitting that DRM does not work. On the contrary, Microsoft built DRM deeper into the system. Video drivers were screwed up for months because the companies involved were required by contract to make them hard to debug (to obfuscate the "Protected Media Path").

</Rant>

James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE  0A2F B3DE 81FF 7B9D 5160
Timo Y
Legendary
*
Offline Offline

Activity: 938
Merit: 1001


bitcoin - the aerogel of money


View Profile
June 16, 2011, 06:20:21 AM
 #8

100% safe wallet:

1. buy an old PC on ebay
2. physically remove any wireless cards
3. boot from a linux live CD
4. run bitcoin offline to generate address and wallet.dat
5. encrypt wallet and save it to USB stick
6. deposit USB stick in bank vault
7. hand-type address into bitcoin client on other machine and send "savings" balance
8. remove hard disk from old PC and physically destroy it with a blowtorch

9. after withdrawing from savings wallet, repeat steps 3-8 with a new hard disk.


Ok, to be really 100% safe you probably have do all of the above in a faraday cage, but I don't think we have arrived at that point yet.

GPG ID: FA868D77   bitcoin-otc:forever-d
bcearl
Full Member
***
Offline Offline

Activity: 168
Merit: 103



View Profile
June 16, 2011, 07:05:32 AM
 #9

The only way a VM can help with bitcoin security is if you do everything inside the VM and only use bitcoin outside the VM.

humorous...

It is true. VMs are designed to protect the host against the guest. Protection in the other direction was never intended and does not exist at all.

It's just security by obscurity. Renaming files does the same job. I wouldn't even call it security. Linus Torvalds would call it masturbation.

Misspelling protects against dictionary attacks NOT
bitplane
Sr. Member
****
Offline Offline

Activity: 321
Merit: 250

Firstbits: 1gyzhw


View Profile WWW
June 16, 2011, 11:50:49 AM
 #10

Renaming files does the same job. I wouldn't even call it security. Linus Torvalds would call it masturbation.
Security by masturbation? That's security I can believe in!
Tril
Full Member
***
Offline Offline

Activity: 213
Merit: 100


View Profile
June 16, 2011, 12:00:58 PM
 #11

Quote
Solo mining forces you using mining software on the same machine in which you store your wallet file.

False. You can run bitcoind on one machine and connect to it remotely from the mining machine. However, from a security standpoint it's almost the same, since your mining machine will still have full access to the coins using the RPC password.
jerfelix
Sr. Member
****
Offline Offline

Activity: 266
Merit: 250


View Profile
June 16, 2011, 12:06:14 PM
 #12

100% safe wallet:

1. buy an old PC on ebay
2. physically remove any wireless cards
3. boot from a linux live CD
4. run bitcoin offline to generate address and wallet.dat
5. encrypt wallet and save it to USB stick
6. deposit USB stick in bank vault
7. hand-type address into bitcoin client on other machine and send "savings" balance
8. remove hard disk from old PC and physically destroy it with a blowtorch

9. after withdrawing from savings wallet, repeat steps 3-8 with a new hard disk.


Ok, to be really 100% safe you probably have do all of the above in a faraday cage, but I don't think we have arrived at that point yet.


Good advice, except that I am under the impression that Linux Live CD's (like LinuxCoin) can run entirely in RAM, and so no need to torch your hard drive.  The wallet.dat file never hit your hard drive.

In addition, you left off the implied step of not connecting to the internet.


You know, this sounds really hard, but it's simple.  Once you have the LinuxCoin ISO, it's a piece of cake.  Just disconnect from the internet, turn off your unsecured access points, and fire up LinuxCoin.  I thought it'd be hard, but I did it yesterday and it was REALLY simple.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!