ikonic
Newbie
Offline
Activity: 15
Merit: 0
|
|
June 21, 2011, 03:19:56 AM |
|
I've read quite a few times in this thread to make backups of your bitcoin wallet. But if I'm not completely wrong, then even stealing just the backup data results in losing all your bitcoins. So from a security perspective, better don't make backup copies! The idea is to create an encrypted back up of the wallet, not just a copy.
|
|
|
|
Gary13579
Newbie
Offline
Activity: 30
Merit: 0
|
|
June 21, 2011, 08:09:18 AM |
|
encrypted wallets don't do anything when you've already been trojan'd, they can just steal your passphrase/key. it makes you feel better at best and prevents someone from stealing your hard drive to get your wallet, but other than that it's a waste.
|
|
|
|
phillipsjk
Legendary
Offline
Activity: 1008
Merit: 1001
Let the chips fall where they may.
|
|
June 21, 2011, 08:43:50 PM |
|
I've read quite a few times in this thread to make backups of your bitcoin wallet. But if I'm not completely wrong, then even stealing just the backup data results in losing all your bitcoins. So from a security perspective, better don't make backup copies!
Theft if not the only thing you have to secure against: you have to secure your wallet against data loss as well. If you don't make back-up copies, you disk may fail tomorrow, taking all of your bitcoin with it. If you do make backup copies, you disk may still fail tomorrow, but you would be able to recover you wallet from the back-ups. For the paranoid: you don't really have back-ups until they are verified and stored off-site (preferably encrypted).
|
James' OpenPGP public key fingerprint: EB14 9E5B F80C 1F2D 3EBE 0A2F B3DE 81FF 7B9D 5160
|
|
|
jsttn
Newbie
Offline
Activity: 43
Merit: 0
|
|
June 22, 2011, 02:15:18 AM |
|
Thank you for bringing this to our attention.
|
|
|
|
GhostGum
Newbie
Offline
Activity: 29
Merit: 0
|
|
June 22, 2011, 03:15:19 AM |
|
sadly, it would be only too easy for even the lamest of script kiddies to make a wallet stealer. It would be nice if bitcoin would auto encrypt wallet file based on a password, which you enter every time you open bitcoin client. That would atleast slow down the script kiddies. Just be sure to move your main bitcoins to a secure (& preferable offline) wallet & you should* be safe.
|
|
|
|
minor_miner
Newbie
Offline
Activity: 28
Merit: 0
|
|
June 22, 2011, 07:42:21 AM |
|
Even though I'm running a Windows7 machine, I should still be safe if I generally don't open attachments, use a Virus Scanner, have all programs patched up-to-date and No-script active in FireFox? Don't want my precious BTC to get stolen
|
|
|
|
eramus
Newbie
Offline
Activity: 27
Merit: 0
|
|
June 22, 2011, 08:24:18 AM |
|
It would be nice if bitcoin would auto encrypt wallet file based on a password, which you enter every time you open bitcoin client.
but thats the problem. its not "bitcoin"'s responsibility to encrypt wallets. bitcoin is only a network for moving btc between two accounts. its the users that need to be secure about their usage. it might be nice if the apps that connect to bitcoin start to offer certain protections, but the users are the first line of defense: unique passwords everywhere, encrypted and backedup wallets and smarter, safer browsing
|
|
|
|
cothoms
Newbie
Offline
Activity: 14
Merit: 0
|
|
June 22, 2011, 04:22:13 PM |
|
And this is also a problem because until there is a standardized, easy way to secure your wallet, BTC will have a difficult time gaining mainstream approval.
|
|
|
|
http
Newbie
Offline
Activity: 10
Merit: 0
|
|
June 22, 2011, 04:44:42 PM |
|
Even though I'm running a Windows7 machine, I should still be safe if I generally don't open attachments, use a Virus Scanner, have all programs patched up-to-date and No-script active in FireFox? Don't want my precious BTC to get stolen That's a good start. But if you want to be safe against 0-days viruses, at least encrypt the wallet.
|
|
|
|
minor_miner
Newbie
Offline
Activity: 28
Merit: 0
|
|
June 22, 2011, 06:04:08 PM |
|
That's a good start. But if you want to be safe against 0-days viruses, at least encrypt the wallet.
Ok, but wouldn't that make any payments i should get fail because the program doesn't have write access to the wallet? I mean, i could create a copy of the wallet and encrypt it, but then the original would still be insecure I'm still new to the whole infrastructure of the program, sorry.
|
|
|
|
TiWu
Newbie
Offline
Activity: 25
Merit: 0
|
|
June 22, 2011, 09:12:40 PM |
|
That's a good start. But if you want to be safe against 0-days viruses, at least encrypt the wallet.
Ok, but wouldn't that make any payments i should get fail because the program doesn't have write access to the wallet? I mean, i could create a copy of the wallet and encrypt it, but then the original would still be insecure I'm still new to the whole infrastructure of the program, sorry. In fact you should create a separate 'savings' wallet where you keep the most of your coins. Create it on a system (preferably via a linux live cd) of which you are sure it has not been compromised. Instructions can be found here https://en.bitcoin.it/wiki/Securing_your_wallet. In fact the point is to create a new wallet on a secure system, then shutdown the bitcoin client, make an encrypted backup of the wallet.dat file and delete the whole thing again (the live OS, I mean) Then regulary move funds from your 'normal' wallet to the secure one (make a payment to one of those addresses). The balance of a wallet is kept on the network, and it is not needed to keep the savings account "live". I've came across another link the other day with a clear explanation about this, I'll see if i can find it again.
|
|
|
|
rocker340
Newbie
Offline
Activity: 16
Merit: 0
|
|
June 23, 2011, 12:07:46 AM |
|
Thanks for the warning i will be watching out you should tell us how we are supposed to report someone if we find out they are scamming
|
|
|
|
tschaboo
Newbie
Offline
Activity: 42
Merit: 0
|
|
June 23, 2011, 12:10:06 AM |
|
its not "bitcoin"'s responsibility to encrypt wallets. [.....] bitcoin is only a network for moving btc between two accounts.
It's helpful to keep bitcoin open all the time to see if transactions are coming in. If I do that, keeping the wallet inside an encrypted container doesn't help much, as others already explained. If you have a trojan with a keylogger it also doesn't help if bitcoin itself encrypts the file. But I'd suggest that bitcoin separates the private keys out of the wallet.dat and keeps those encrypted. Because you need them only for sending coins. This way you can at least prevent people that have only temporary access to your computer (like physically walking in front of it) from stealing your coins and if some offsite-backup gets stolen your coins are safe even if you didn't encrypt it [1]! I don't want to argue if bitcoin is responsible or not, but I say if you are able to make it more secure, it really should be a priority task. To sum up, i'd suggest that bitcoin should: * Store the private keys encrypted on disk. * Ask the user for the passphrase when coins are about to be sent. * Delete (=overwrite) the keys and the passphrase in memory immediately after sending the transaction. This would improve security a lot and can be only implemented in bitcoin. You can't do that as user. [1] You should still encrypt it, because there is other information to be gained. Like how much money you have, where you got it from, etc.
|
|
|
|
eramus
Newbie
Offline
Activity: 27
Merit: 0
|
|
June 23, 2011, 06:03:06 AM |
|
In fact the point is to create a new wallet on a secure system, then shutdown the bitcoin client, make an encrypted backup of the wallet.dat file and delete the whole thing again (the live OS, I mean) Then regulary move funds from your 'normal' wallet to the secure one (make a payment to one of those addresses). The balance of a wallet is kept on the network, and it is not needed to keep the savings account "live".
i think this is probably the best solution and also the beauty of bitcoin. going this route, a user could leave their savings account wallet offline for X number of years. the only reason ever to load the wallet would be to make withdrawls. actually, combine this with jrwr's offline paper storage and you have a pretty secure system. it might be a lot of hoops to jump through, but it would be difficult to crack.
|
|
|
|
harmal
Newbie
Offline
Activity: 33
Merit: 0
|
|
June 23, 2011, 08:03:08 AM |
|
I assumed i would hear about something like this pretty soon. if they make trojans to steal from banks, then bitcoins make a tasty target because there easier to transfer and more anonymous.
|
|
|
|
nexticeage
Newbie
Offline
Activity: 6
Merit: 0
|
|
June 23, 2011, 08:34:16 AM |
|
Even if I don't end up making much profit from BTC, my security standards online have already been raised threefold in the past month. ✓+
|
|
|
|
NANO
Newbie
Offline
Activity: 28
Merit: 0
|
|
June 23, 2011, 08:59:47 AM |
|
my wallet is running on a macbook pro so is safe! thanks god
|
|
|
|
TiWu
Newbie
Offline
Activity: 25
Merit: 0
|
|
June 23, 2011, 11:08:50 AM |
|
my wallet is running on a macbook pro so is safe! thanks god And why would a Macbook pro be any safer then whichever other system? Care to explain, or are you just ignorant and do you think that website cannot install stuff on your system?
|
|
|
|
karoshi
Newbie
Offline
Activity: 11
Merit: 0
|
|
June 23, 2011, 12:50:36 PM |
|
I'm using keepass for my passwords, but you can also store wallet.dat and other important files inside the encrypted password db.
|
|
|
|
bitcoin-rigs.com
Member
Offline
Activity: 77
Merit: 10
|
|
June 23, 2011, 02:12:51 PM |
|
my wallet is running on a macbook pro so is safe! thanks god And why would a Macbook pro be any safer then whichever other system? Care to explain, or are you just ignorant and do you think that website cannot install stuff on your system? While macs maybe safer, it isn't wise to just assume your safe because you're on a mac...Since they are rising in popularity more people are working hard to find ways to hack them like anything else....PROTECT YOUR WALLET.DAT!
|
NOTE: Even though my username is bitcoin-rigs.com, I let the domain run out and now it is owned by someone trying to sell it for rip-off prices. I am not the one selling it and I have no control of it :-(
|
|
|
|