How to create bitcoin current account in 7 easy steps.

[Vladimir]

1. Get yourself a low cost netbook.
2. Install not bloated linux (like archlinux) or FreeBSD or OpenBSD (in order of growing paranoia).
   - make sure that the above is done with ecrypted partitions and swap (plenty of guides on the net).
   - make sure that the above is done while offline as much as possible (for truly paranoid ones).
   - make sure that you do not not even configure wireless hardware, let alone using it
   - physically plug in Ethernet cable when you need connectivity for a minute or so
3. Install bitcoin client, generate a bunch of bitcoin addresses (current account)
4. Over time, transfer in small amounts (i.e not all of it in one go) your funds from your existing client to the addresses created in step 3
5. Keep this used exclusively as bitcoin client and nothing else, plug in Ethernet cable when you need to transfer money.
6. Keep this hardware wallet safe.
7. Creating a bitcoin savings account and making secure backups is still need to be done as described in multiply guides elsewhere.

P.S. Do not forget your passwords.


EDIT: your mileage may vary


BombaUcigasa made a very reasonable suggestion:

2. Install not bloated linux (like archlinux) or FreeBSD or OpenBSD (in order of growing paranoia).

Preferably change this rule to:

2. Install pre-2009 not bloated linux (like archlinux) or FreeBSD or OpenBSD (in order of growing paranoia) - don't install updates.

This to make sure that you use code generated before bitcoin existed, and as such there is no local vulnerability and never will be since you don't update it. (remote access vulnerabilities still present).

Considering that at most, as far as remote accessible services are concerned, you are only occasionally running sshd and I do not recall it having any fatal remotely exploitable bugs after 2008, this will do. You would have to compile bitcoin yourself, and this may cause problems due to out of date libs, though. I did not try it, yet.

[unk]

just to translate in case it helps, because americans used to misunderstand me too until i started spending more time over there, what we call a 'current account' is more commonly termed simply a 'checking account' there and in canada. it's called that even if cheques aren't used and the account exists mostly to support online receipts and payments.

[Timo Y]

One thing you forgot: configure iptables to block all ports except 8333

[Vladimir]

One thing you forgot: configure iptables to block all ports except 8333

I did not actually. If you have installed a 'nonbloated' OS like archlinux, freebsd or openbsd as advised it does not listen on any port by default.

With bloatuntu and others your mileage may vary, though.

But yea, your tip might be useful for some.

[TonyHoyle]

There's a big difference between not listening on any port by default and having a default deny firewall, which you have to setup manually on those distros.

If you leave it without a firewall you'll leave port 8332 open, potentially leaving yourself open to having your wallet stolen.

[Vladimir]

There's a big difference between not listening on any port by default and having a default deny firewall, which you have to setup manually on those distros.

If you leave it without a firewall you'll leave port 8332 open, potentially leaving yourself open to having your wallet stolen.

Error: Invalid user, replace and press any key.

Yep, ok, for those receiving the above error, messing with iptables or ipfw or whatever do they use on OpenBSD for firewall these days, is essential, and I will follow up with a detailed guide on how to configure all of those in the next 5 minutes.

Sorry that my risk assessment is different than yours. But as I said your mileage may vary.

Of course, not everyone is on secure network at all times.

[unk]

connecting only to a single mostly-trusted node (to keep the block chain updated and send transactions) can at least marginally improve security too, from a probabilistic systems perspective.

you might then restrict the firewall of whatever system you use to deny all incoming connections entirely; the only needed connection would be the outgoing one to your trusted node.

i've been doing that as a matter of instinct on the machine that stores my larger pile of bitcoins. there's no reason to allow any incoming connections at all. the only other connections from the machine (not to it) are from a script that pushes out backups of the private keys, encrypted with gpg using a symmetric-key cascade and then dumped on a variety of machines. (that last part is overkill, but it's done instinctively and largely for form's sake; a single pass with aes256 would be fine for almost all purposes., but 256-bit rijndael is not the best cipher available, even though it's almost certainly good enough for all purposes.)

[Vladimir]

What would be the disadvantage of using something like ubuntu? Honestly, it's the only linux distro I've used, so I'm comfortable with it. Though if something like archlinux is that much safer, I should probably read up on it. What's the learning curve on archlinux compared to Ubuntu?

It's more a personal opinion of mine. I for some reason think that ubuntu is a bloatware with so much stuff installed by default that running it without a deny all firewall seems to be unfathomable for some, apparently.

If I do not know or at least have some pretty good idea what every single package is doing on an OS I do not feel conformable running it.

The only OS'es I am comfortable with using the above approach are FreeBSD and Archlinux and I am prepared to give OpenBSD benefit of the doubt.

But it is just me.

[unk]

What would be the disadvantage of using something like ubuntu? Honestly, it's the only linux distro I've used, so I'm comfortable with it. Though if something like archlinux is that much safer, I should probably read up on it. What's the learning curve on archlinux compared to Ubuntu?

i mostly agree with vladimir on this, but to put it differently, there's basically no learning curve to use any of these systems.

i'd try freebsd because it might be more educational than merely another linux distribution. but to install it and then compile bitcoin ought to be trivial for anyone who has basic systems knowledge. or, if you don't fancy compiling bitcoin on an alternative system, you could always use mike's thin java client.

[Vladimir]

With FreeBSD it is really trivial if you do not attempt to install the whole X shebang.

1. Install minimal FreeBSD. # plenty of guides everywhere
2. cd /usr/ports/*/bitcoin ; make install clean # (select without X in config)
3. Bingo!

The trick here is to abandon GUI and just do CLI.

[wujh]

1. Get yourself a low cost netbook.
2. Install not bloated linux (like archlinux) or FreeBSD or OpenBSD (in order of growing paranoia).
   - make sure that the above is done with ecrypted partitions and swap (plenty of guides on the net).
   - make sure that the above is done while offline as much as possible (for truly paranoid ones).
   - make sure that you do not not even configure wireless hardware, let alone using it
   - physically plug in Ethernet cable when you need connectivity for a minute or so
3. Install bitcoin client, generate a bunch of bitcoin addresses (current account)
4. Over time, transfer in small amounts (i.e not all of it in one go) your funds from your existing client to the addresses created in step 3
5. Keep this used exclusively as bitcoin client and nothing else, plug in Ethernet cable when you need to transfer money.
6. Keep this hardware wallet safe.
7. Creating a bitcoin savings account and making secure backups is still need to be done as described in multiply guides elsewhere.

P.S. Do not forget your passwords.


EDIT: your mileage may vary

It's not that easy, since the first step is "Get yourself a low cost netbook". If everyone have to purchase another netbook for the safty of bitcoin, which is only 2 years old and not that much product to buy……

I suggest Gavin's team to build encrypt and back-up solution into the next release ASAP!

[Vladimir]

...

It's not that easy, since the first step is "Get yourself a low cost netbook". If everyone have to purchase another netbook for the safty of bitcoin, which is only 2 years old and not that much product to buy……

I suggest Gavin's team to build encrypt and back-up solution into the next release ASAP!

Ask the guy who lost half a mil if 200$ was too much to secure his wallet.

Gavin, please implement wallet encryption ASAP so that we can enjoy false sense of security while running bitcoin client on malware infested windows computers.

[BombaUcigasa]

2. Install not bloated linux (like archlinux) or FreeBSD or OpenBSD (in order of growing paranoia).

Preferably change this rule to:

2. Install pre-2009 not bloated linux (like archlinux) or FreeBSD or OpenBSD (in order of growing paranoia) - don't install updates.

This to make sure that you use code generated before bitcoin existed, and as such there is no local vulnerability and never will be since you don't update it. (remote access vulnerabilities still present).

[Vladimir]

got it, thanks.

[qikaifu]

...

It's not that easy, since the first step is "Get yourself a low cost netbook". If everyone have to purchase another netbook for the safty of bitcoin, which is only 2 years old and not that much product to buy……

I suggest Gavin's team to build encrypt and back-up solution into the next release ASAP!

Ask the guy who lost half a mil if 200$ was too much to secure his wallet.

Gavin, please implement wallet encryption ASAP so that we can enjoy false sense of security while running bitcoin client on malware infested windows computers.

If the file was encrypted, the hacker would have record the keyboard input to get the password. and this action is prevented by most of the anti-virus software.