New to bitcoins, but still kind of confused

[joeydangerous]

I just learned about bitcoins about 90 minutes ago and all I've done is read everything I can about it. I read the FAQ on the main site and I think I understand the basics of how it works. My brain is really not mathematically wired and I'm not that great with computer stuff, though. It seems like a lot of the people involved so far are really good when it comes to that stuff. So I was hoping to ask for some help here to get myself started.

What I want to do now is trade some USD cash or paypal a few USD into bitcoins if possible, and maybe sell some stuff on this bidding pond site.

My main concern with it is that I'm worried about getting hacked and all my coins stolen. I really have no idea what I'm doing when it comes to anything technical like that, and I was wondering if I should be using any other programs besides virus scan software and spybot to keep myself safe when trading bitcoins.

Also, I want to make sure I'm backing up my data properly so I don't lose them. I used the faq and I think I've located it in a directory that ends with application data\bitcoin. There's a file called wallet.dat thats 104 kb. So each time I do a new transaction, I will need to back up this file only in at least one place? I am thinking of doing it to an sd card as well as a flash drive each time i do anything to be extra safe. So i should just overwrite the file in both locations each time?

Sorry for all the questions, but if anybody can help me out with any of them, I'll appreciate it! If it goes well, I'm thinking of accepting them as payment for my business.

Thanks!

[FreeMoney]

wallet.dat is the only file you need to save. If you have the newest version 100 addresses are "premade" and stored in your wallet which means you have a buffer and don't have to backup every time. Previously, you would need to backup after every SEND because the change would go back to you at a new address which wouldn't be in your backup.

An SD card is smart. I don't know why I didn't do that before, I'm going to do it now.

[theymos]

So i should just overwrite the file in both locations each time?

It might be a good idea to save a few old versions.

[caveden]

You can protect your wallet.dat from hacking by encrypting it (using a password-protected key).

To be really safe, keep at least 3 copies of the file in different medias. Encrypted copies by the way.

To all: I think it's really imperative that the client has built-in encryption and backup features before a 1.0 release could be done... I hope I'm not the only one to think this! (and sorry, but no, I don't know enough C++ to help you...)

[Anonymous]

http://www.bitcointo.com/2010/11/back-up-your-wallet-to-this-bad-boy.html

You could use one of these to back up your wallet  

And  keep a backup image of your hard drive with this.
http://www.bitcointo.com/2010/11/acronis-true-image.html 

[eurekafag]

I'd suggest using Clonezilla for backing up your drive. It's free software and easy to use.

[The Madhatter]

http://www.bitcointo.com/2010/11/back-up-your-wallet-to-this-bad-boy.html

You could use one of these to back up your wallet  

Why should I trust a closed source on-chip AES-256 implementation?

You are further ahead using a cheap thumb drive and whole disk crypto. Also, be sure to keep more than one backup of your thumb drive. That should solve the thumb drive theft and/or theft/copy/silently return it problems.

As for the 10 password guess limit and self-destruct feature: I use GELI on FreeBSD and I leave my AES keys on a *computer*. The passwords are in my noggin'. Have fun toying with my thumb drives. They are inexpensive 'bricks'.

Chips covered in epoxy? Who cares. I consider thumb drives disposable anyway. Lose a cheap thumb drive? It's an annoyance. Lose that IronKey thing and you might cry.

Don't fall for hype.

[Timo Y]

Here is what you can do for maximum safety:

1) Use a separate physical machine just for Bitcoin. Any working 10 year-old laptop or PC with Linux installed will do.

2) Important: This machine must never be connected to the internet.

3) On this machine you set up a "savings account". Run Bitcoin (while disconnected), to generate a wallet.dat.

4) Then encrypt your wallet.dat using Truecrypt or similar. Use a 20 character passphrase and a keyfile. A hidden volume doesn't hurt either if you live in places like the UK.

5) Backup your encrypted wallet.dat in at least 3 different places. One should be geographically separated from the other two. I recommend cloud storage such as Dropbox or Wuala. Remember to upload the encrypted wallet.dat only from your other, online machine.

6) Copy your Bitcoin address from your offline machine to your online machine. Only the address, not the wallet.dat.

7) Shred the unencrypted wallet.dat file on your offline machine. Simply deleting is not enough. You can use the shred command in linux. Power off the machine and remove the battery.

8 ) Now, from your online machine, send the Bitcoins to the "savings account" address. Keep a smaller amount of coins in the online "current account".

If you ever decide to spend the coins in the savings account repeat steps 3-8 with a fresh wallet.dat

Before sending large amounts, make sure you test this method first with 0.01 BTC!


Of course, this lengthy procedure is overkill if you just own a few hundred coins.

Then I would recommend an online wallet provider such as mybitcoin or mtgox.

They will take care of all the technicalities of securing bitcoins for you. Just keep in mind that they too are not immune to hacker attacks, technical faults, bankruptcy, etc.

[ShadowOfHarbringer]

My main concern with it is that I'm worried about getting hacked and all my coins stolen. I really have no idea what I'm doing when it comes to anything technical like that, and I was wondering if I should be using any other programs besides virus scan software and spybot to keep myself safe when trading bitcoins.

You need to do at least 2 things to make your bitcoins safe (not 100% safe, but safe enough for everyday usage).

1. Switch to Linux or BSD (or at least switch the computer having Bitcoin installed)
2. Use Truecrypt.
3. (optionally) Don't install anything outside of the official repositories of Your distro. Otherwise You risk potential downloading of some malware.

And i mean it not because I'm some kind of Linux fanboy. I say that deadly seriously: if you want Your bitcoins safe, don't use windows.

[caveden]

If the file is always encrypted I don't see why running on a not-so-secure-system would be a problem...

That's why I think the client should handle built-in encryption.

[Timo Y]

If the file is always encrypted I don't see why running on a not-so-secure-system would be a problem...

Because an unencrypted copy could still be hiding somewhere on the HD. The more complex your OS, and the more "user friendly" stuff you have running in the background, the higher the risk.

For instance, some backup/recovery tools keep copies of recently accessed files in their cache.

[ShadowOfHarbringer]

If the file is always encrypted I don't see why running on a not-so-secure-system would be a problem...

Because an unencrypted copy could still be hiding somewhere on the HD. The more complex your OS, and the more "user friendly" stuff you have running in the background, the higher the risk.

For instance, some backup/recovery tools keep copies of recently accessed files in their cache.

Exactly. This especially applies to Windows. The "user-friendly" features there are leaving so many traces of everything everywhere, that it is difficult to hide anything from anybody at all. Also, lack of trusted application repositories with digital signatures allows a lot of possibilities of trojan & virus automated installation.

This is one of the reasons i stopped using it. I don't like to be traced or spied upon. Everyone deserves privacy.

[MoonShadow]

My main concern with it is that I'm worried about getting hacked and all my coins stolen. I really have no idea what I'm doing when it comes to anything technical like that, and I was wondering if I should be using any other programs besides virus scan software and spybot to keep myself safe when trading bitcoins.

Use a free account at Mybitcoin.com until you have reached a level of value that you become uncomfortable with it. 

[joeydangerous]

Thanks for all your responses! I'm really thankful there's so many helpful people on here. I just figured out how to do encryption and I've just got truecrypt. I only have one computer at the moment, and I'm running windows xp unfortunately. I'm an artist by trade and windows runs the programs I need for work best. I'll have to build another computer I think to be able to run linux and store my coins properly.

So maybe I should not keep a copy of my wallet file on my computer when I'm not using it? Is that smart? And just keep 3 copies of the same encrypted file elsewhere when I'm not using it, for instance one flash drive, one sd card, and upload one to dropbox? I haven't used dropbox yet, but I know someone who has and it seems good.

Also, is it common to use multiple wallet files? It seems like as long as I can keep them in folders labeled properly, it would be a good idea and would keep me from losing everything all at once if something bad did happen to one of the wallets.

I think I'm almost ready to start trading bitcoins now. I'm really excited about it.

[FreeMoney]

Also, is it common to use multiple wallet files? It seems like as long as I can keep them in folders labeled properly, it would be a good idea and would keep me from losing everything all at once if something bad did happen to one of the wallets.

I think I'm almost ready to start trading bitcoins now. I'm really excited about it.

I have a "savings" account in a separate place (places now) from my frequently used "spending" wallet

[joeydangerous]

Ok thanks again for everyone's help, I am now a proud owner of some bitcoins! I'm glad to be started.

[Anonymous]

Thanks for all your responses! I'm really thankful there's so many helpful people on here. I just figured out how to do encryption and I've just got truecrypt. I only have one computer at the moment, and I'm running windows xp unfortunately. I'm an artist by trade and windows runs the programs I need for work best. I'll have to build another computer I think to be able to run linux and store my coins properly.

So maybe I should not keep a copy of my wallet file on my computer when I'm not using it? Is that smart? And just keep 3 copies of the same encrypted file elsewhere when I'm not using it, for instance one flash drive, one sd card, and upload one to dropbox? I haven't used dropbox yet, but I know someone who has and it seems good.

Also, is it common to use multiple wallet files? It seems like as long as I can keep them in folders labeled properly, it would be a good idea and would keep me from losing everything all at once if something bad did happen to one of the wallets.

I think I'm almost ready to start trading bitcoins now. I'm really excited about it.

What sort of art do you do?  You could sell that to earn bitcoins.

[Bimmerhead]

This discussion has got me all shook up about getting involuntarily relieved of my bitcoins.

I've got my wallet.dat backed up and stored away.  What else should I do?  Do I need to remove the client and wallet files from my (XP) machine?  Is that even possible without a full wipe of the HD?

[MoonShadow]

This discussion has got me all shook up about getting involuntarily relieved of my bitcoins.

I've got my wallet.dat backed up and stored away.  What else should I do?  Do I need to remove the client and wallet files from my (XP) machine?  Is that even possible without a full wipe of the HD?

I just keep a client on a thumbdrive, and it spends most of it's time in my fire safe.  It's not encrypted.  But I don't have a very large collection, either.

[joeydangerous]

What sort of art do you do?  You could sell that to earn bitcoins.

I do a lot of types of commercial and personal commission work. Right now my main projects are a graphic novel project and a video game project. I've been needing to update my site for a while, so I just did and included a bitcoin link! My site is at www.JoeyDangerous.net, but soon it'll be a .com.