Bitcoin Forum
December 03, 2016, 06:43:10 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [HowTo] Secure your currently unencrypted wallet (Windows)  (Read 930 times)
InstaGx
Member
**
Offline Offline

Activity: 70



View Profile
June 17, 2011, 10:08:49 AM
 #1

So, you followed all the tutorials and now your wallet.db is safely encrypted in a Truecrypt volume.

But once a day you start the Bitcoin client to keep track of transactions and catch up with the blockchain.
While you're doing this your Truecrypt volume is mounted and the wallet.dat decrypted and accessible by all malicious applications on your computer.

To conquer the most simple attack to your wallet, the complete search for any wallets on all mounted partitions, you can make use of user rights management on Windows.

Here's how:

Note: The Truecrypt volume has to be NTFS formated in order to work with this tutorial.

1.) Start lusrmgr.msc.
  • Create a new user
  • Choose a password you can remember
  • Remove all group memberships of this user

2.) Navigate to your Bitcoin client datadir (e.g. your mounted Truecrypt volume)
  • Open up the properties of the directory and locate the security tab
  • Navigate through the advanced options and deactivate the inheritance of security parameters
  • Now you can edit which users are able to access the directory. Grant full access to your new user and block everyone else's.
  • If everything worked as intended you will now see a lock on the directory icon the explorer. Try to open it, you should see an error message.

3.) Configure your Bitcoin client to start as the new user.
  • Either: Shift+Right-click on bitcoin.exe and choose to run as a different user. Fill out username and password.
  • Or: Write a short batch-script to start it (I assume most people already do that anyway)

Quote
start runas /noprofile /env  /user:yournewuser "bitcoin.exe -datadir=%cd%\data"
Adjust the bold text to your environment.

4.) Everything should work now.
  • Feel free to post your problems or suggestions.

Buy High - Sell Low
1480747390
Hero Member
*
Offline Offline

Posts: 1480747390

View Profile Personal Message (Offline)

Ignore
1480747390
Reply with quote  #2

1480747390
Report to moderator
1480747390
Hero Member
*
Offline Offline

Posts: 1480747390

View Profile Personal Message (Offline)

Ignore
1480747390
Reply with quote  #2

1480747390
Report to moderator
1480747390
Hero Member
*
Offline Offline

Posts: 1480747390

View Profile Personal Message (Offline)

Ignore
1480747390
Reply with quote  #2

1480747390
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480747390
Hero Member
*
Offline Offline

Posts: 1480747390

View Profile Personal Message (Offline)

Ignore
1480747390
Reply with quote  #2

1480747390
Report to moderator
1480747390
Hero Member
*
Offline Offline

Posts: 1480747390

View Profile Personal Message (Offline)

Ignore
1480747390
Reply with quote  #2

1480747390
Report to moderator
1480747390
Hero Member
*
Offline Offline

Posts: 1480747390

View Profile Personal Message (Offline)

Ignore
1480747390
Reply with quote  #2

1480747390
Report to moderator
Ajego
Jr. Member
*
Offline Offline

Activity: 56


View Profile WWW
June 17, 2011, 10:12:23 AM
 #2

wouldn't it be easier to boot a live-CD/live-USB and 'update' your wallet over this system?

InstaGx
Member
**
Offline Offline

Activity: 70



View Profile
June 17, 2011, 10:18:58 AM
 #3

wouldn't it be easier to boot a live-CD/live-USB and 'update' your wallet over this system?

Most likely yes. But it's always nice to have an alternative. There are a lot of users out there that will always use their Windows main system to manage their wallets. This way they can live a bit more secure.

Buy High - Sell Low
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 17, 2011, 09:02:06 PM
 #4

But once a day you start the Bitcoin client to keep track of transactions and catch up with the blockchain.
While you're doing this your Truecrypt volume is mounted and the wallet.dat decrypted and accessible by all malicious applications on your computer.

At least you got that point right -- but that makes the advice pretty useless.

Better install a second computer or secondary/live system or a second user account with encrypted personal data. You need to enforce policy as much as you need encryption to end up with a useful and secure setup.

Misspelling protects against dictionary attacks NOT
VillageChump
Newbie
*
Offline Offline

Activity: 29



View Profile
June 17, 2011, 09:46:37 PM
 #5

  • VirtualBox - Install Linux
  • Encrypt linux VM at install
  • Install bitcoin
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 17, 2011, 10:13:09 PM
 #6

  • VirtualBox - Install Linux
  • Encrypt linux VM at install
  • Install bitcoin

Even worse advice.


http://forum.bitcoin.org/index.php?topic=15052.20

Misspelling protects against dictionary attacks NOT
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!