|
Bruce Wagner (OP)
|
 |
November 19, 2010, 11:19:15 PM |
|
Sorry if this question has been addressed somewhere... but I couldn't find it.
It's my understanding that anyone who gains access to my wallet.dat file... basically has "the keys to the kingdom". He has all of my money.
That means that backing up my wallet.dat file is important. But it also means that every backup I make, is one more copy that could fall into the wrong hands. No? Kind of like making multiple copies of my house keys...?
What's the best practice with securing the safety of your wallet.dat file?
Also, couldn't there be encryption of my wallet.dat file built-in to the bitcoin app. In other words, upon launch, I am prompted to enter a password. That password un-encrypts my wallet.dat file. Later, when I close the app, it is automatically encrypted again.
This way, I could make a zillion backup copies of the file... without worry... because no one could actually use it without the un-encryption password.
No?
Could PGP encryption of the wallet.dat file be built-in to the app?
I apologize that I'm talking over my head, technology-wise... But you understand my question? Has this topic already been addressed somewhere else?
It seems pretty obvious to me... Who wants just anyone sitting down at their computer to have instant access to all of their money... without even a password standing in their way?
Also... If I backup my wallet.dat file into my Gmail account and my Dropbox.... then all of my money is only as secure as my Gmail account? or my Dropbox account? That's not too secure.
|
|
|
|
|
|
|
|
|
|
"If you don't want people to know you're a scumbag then don't be a scumbag." -- margaritahuyan
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
bitcoinex
|
|
November 20, 2010, 05:53:18 AM |
|
I see on your computer (except for your wallet) photos with someone. What are you doing there? You want to encrypt this photos too?
That's my strategy:
It would be logical to encrypt entire home directory. Mechanisms for this are built in into the windows and linux and may be into mac too.
+ On a home computer I do a backup on a physically separate hard drive, which also contains an encrypted file system.
sometimes I do a backup to a third encrypted disk, but it is rare - about every month or two.
Also, no one ever uses my account but me.
most frightens me that someone could put a hardware keylogger while I'm not home. (I also recently read that the foil hat is not really secure from radiowaves but rather strengthens it)
|
New bitcoin lottery: probiwon.com- Moжeт, ты eщё и в Heвидимyю Pyкy Pынкa вepyeшь? - Зaчeм жe вepoвaть в тo, чтo мoжнo нaблюдaть нeпocpeдcтвeннo? |
|
|
|
nanotube
|
|
November 21, 2010, 06:53:31 AM |
|
well, if you're savvy with pgp or truecrypt, you could do your encryption yourself.
that said, i don't think it's a bad idea to have the option to store the wallet as an encrypted file which requires a passphrase upon every bitcoin start, etc. that way the file is 'encrypted by default', which is not a bad place to be.
|
|
|
|
grondilu
Legendary
 Offline
Activity: 1288
Merit: 1076
|
|
November 21, 2010, 08:24:31 AM |
|
What's the best practice with securing the safety of your wallet.dat file?
You are responsible of the security of your data. So there is no "best practice". Personnaly I encrypt backups with GnuPG, and I use a ecryptfs virtual encrypted Private directory to store my wallet.dat file. None of this solution should be included in bitcoin, because I think bitcoin should adhere to the UNIX philosophy : "do only one thing, but do it well". |
|
|
|
slush
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
November 21, 2010, 12:07:28 PM |
|
You are responsible of the security of your data. So there is no "best practice".
Poor argument. Not all people can be an experts in safety. Why not to help people with transparent encryption of wallet.dat? It should improve security a lot. It can be quite easy, idea is the same as for private keys in GPG. File itself is encrypted with master password and when people want to make a transaction, application ask for password. Maybe there can be short password cache. With this simple thing wallet.dat is almost unusable for other people. Personnaly I encrypt backups with GnuPG, and I use a ecryptfs virtual encrypted Private directory to store my wallet.dat file.
Do you think it is easy? Say it to my mum. None of this solution should be included in bitcoin, because I think bitcoin should adhere to the UNIX philosophy : "do only one thing, but do it well".
But UNIX like system never became a mainstream. With this attitude, bitcoin never became mainstream too, because it will be too difficult to be safe. Imagine that many small companies have its 20 computers on the same LAN, with Windows sharing 'on'. Will people believe in bitcoin anymore after somebody will steal it's wallet.dat from their computers? I fully accept idea of bitcoin, but currently it is still game for a geeks. If we can take it seriously, we have to make it user friendly as much as possible. Answer that 'something does not belong to bitcoin core' will fail. It is also reason why I'd like to see exact specification of bitcoin protocol. Then there can be both simple clients for geeks (with almost no dependencies etc) and eye-candy client for masses. Like bittorent world. |
|
|
|
|
bitcoinex
|
|
November 21, 2010, 12:23:41 PM |
|
You are responsible of the security of your data. So there is no "best practice".
Poor argument. Not all people can be an experts in safety. Why not to help people with transparent encryption of wallet.dat? It should improve security a lot. It can be quite easy, idea is the same as for private keys in GPG. File itself is encrypted with master password and when people want to make a transaction, application ask for password. Maybe there can be short password cache. With this simple thing wallet.dat is almost unusable for other people. Personnaly I encrypt backups with GnuPG, and I use a ecryptfs virtual encrypted Private directory to store my wallet.dat file.
Do you think it is easy? Say it to my mum. None of this solution should be included in bitcoin, because I think bitcoin should adhere to the UNIX philosophy : "do only one thing, but do it well".
But UNIX like system never became a mainstream. you're dead  With this attitude, bitcoin never became mainstream too, because it will be too difficult to be safe. Imagine that many small companies have its 20 computers on the same LAN, with Windows sharing 'on'. Will people believe in bitcoin anymore after somebody will steal it's wallet.dat from their computers?
I fully accept idea of bitcoin, but currently it is still game for a geeks. If we can take it seriously, we have to make it user friendly as much as possible. Answer that 'something does not belong to bitcoin core' will fail. It is also reason why I'd like to see exact specification of bitcoin protocol. Then there can be both simple clients for geeks (with almost no dependencies etc) and eye-candy client for masses. Like bittorent world.
You want for bitcoin went all way to combat with storing users passwords in the disk caches or cleartext in RAM as software like PGP? What protection will give password for wallets really? Many users actually use different passwords for different accounts? Not system administrators or geeks but "regular users"? How many passwords do you personally use? (I think, password protection is a garbage at all. Meatbag can not remember more than 1-2 really good passwords.) |
New bitcoin lottery: probiwon.com- Moжeт, ты eщё и в Heвидимyю Pyкy Pынкa вepyeшь? - Зaчeм жe вepoвaть в тo, чтo мoжнo нaблюдaть нeпocpeдcтвeннo? |
|
|
slush
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
November 21, 2010, 12:43:20 PM |
|
you're dead :-) unix never become mainstream, but I personally use only unix-like systems (linux). You want for bitcoin went all way to combat with storing users passwords in the disk caches or cleartext in RAM as software like PGP?
What protection will give password for wallets really?
I think any kind of password protection will rise security. Each step will discourage small % of attackers and it is good at all. We can discuss where is the edge. If we want discourage 'common John' who known only how to copy and use unencrypted wallet.dat or discourage somebody who is capable to do cold stard attack to password stored in memory. Many users actually use different passwords for different accounts? Not system administrators or geeks but "regular users"?
Many users have two different passwords - one for chats, emails etc and second for banking. Things became better in few last years, because people became use Internet banking. How many passwords do you personally use?
One for very common services where I'm not interested in security and one for each separate services where I want better safety. I never store these passwords anywhere, but have an algorithm how to obtain this password. But nobody who get this one password can reconstruct original algorithm (yes - I'm using hashing function for my passwords for many years). (I think, password protection is a garbage at all. Meatbag can not remember more than 1-2 really good passwords.)
I personally don't remember more than algorithm. But without any password protection of my wallet.dat, I cannot apply this algorithm on that. |
|
|
|
|
wumpus
|
|
November 21, 2010, 12:48:04 PM |
|
(I think, password protection is a garbage at all. Meatbag can not remember more than 1-2 really good passwords.)
Indeed, password protection is way overdue to be replaced with other methods. They are difficult to remember and too easy to sniff with a keylogger / fast camera. Doesn't matter if it is two-factor, biometric, sideband, smartcard, everything is more secure than just a password. Too bad there is so little standardization in that realm, meaning that it is quite some more effort to use those in an actual application. |
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts. |
|
|
slush
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
November 21, 2010, 12:51:23 PM |
|
It would be logical to encrypt entire home directory. Mechanisms for this are built in into the windows and linux and may be into mac too.
By the way, this increase safety against physical attacks (somebody can steal your disk, but will find data unusable), but not again software attacks, because *all* software on your computer see wallet.dat unencrypted. When file on disk will be everytime encrypted and client ask for password, user can decide if he is doing correct transaction or something strange happen. This does not mean we have to make strange memory management etc. Plaintext password in memory (for time of transaction) is enough for this issue (it is much much harder to get unencrypted wallet for common John). |
|
|
|
slush
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
November 21, 2010, 12:54:12 PM |
|
Indeed, password protection is way overdue to be replaced with other methods. They are difficult to remember and too easy to sniff with a keylogger / fast camera.
But both is much much harder than move plaintext file to USB and go away. Nothing is perfect, but current situation is extremely unperfect :-). |
|
|
|
|
Anonymous
Guest
|
|
November 21, 2010, 01:13:21 PM |
|
I use keepass to create strong passwords and then I only have to remember the master password and the password file location on my computer.
|
|
|
|
|
|
bitcoinex
|
|
November 21, 2010, 01:29:25 PM |
|
You want for bitcoin went all way to combat with storing users passwords in the disk caches or cleartext in RAM as software like PGP?
What protection will give password for wallets really?
I think any kind of password protection will rise security. Each step will discourage small % of attackers and it is good at all. We can discuss where is the edge. If we want discourage 'common John' who known only how to copy and use unencrypted wallet.dat or discourage somebody who is capable to do cold stard attack to password stored in memory. We made changes to various software and the user after each sneeze must enter a password. Will he use different passwords everywhere? Or it uses the password that he uses everywhere on facebook and on the computer which hi now logged in. And how many people we turn away from using passwords by that way? Many users actually use different passwords for different accounts? Not system administrators or geeks but "regular users"?
Many users have two different passwords - one for chats, emails etc and second for banking. Things became better in few last years, because people became use Internet banking. Nonsense! All these passwords are stored in the configuration files for their software. And since the password must be in the cleartext they only scrambled but not hashed. That is, in fact, they just stored on their disks and may be readed by everybody. Banking do not using password protection for transactions at all How many passwords do you personally use?
One for very common services where I'm not interested in security and one for each separate services where I want better safety. I never store these passwords anywhere, but have an algorithm how to obtain this password. But nobody who get this one password can reconstruct original algorithm (yes - I'm using hashing function for my passwords for many years). This is a controversial strategy. No more than a few months ago, I become known for the case when by multiple passwords algorithm was been restored and a mail and personal information was stolen. (But he used a simple algorithm) I do not know your algorithm so I will not make assumptions. You, however, can permission or excuse the algorithm being drunk and then you have to invent a new one and it will be very difficult. Do you consider yourself a typical user? (I think, password protection is a garbage at all. Meatbag can not remember more than 1-2 really good passwords.)
I personally don't remember more than algorithm. But without any password protection of my wallet.dat, I cannot apply this algorithm on that. You can! you just need to protect the directory in which to store a wallet. |
New bitcoin lottery: probiwon.com- Moжeт, ты eщё и в Heвидимyю Pyкy Pынкa вepyeшь? - Зaчeм жe вepoвaть в тo, чтo мoжнo нaблюдaть нeпocpeдcтвeннo? |
|
|
|
bitcoinex
|
|
November 21, 2010, 01:35:03 PM |
|
It would be logical to encrypt entire home directory. Mechanisms for this are built in into the windows and linux and may be into mac too.
By the way, this increase safety against physical attacks (somebody can steal your disk, but will find data unusable), but not again software attacks, because *all* software on your computer see wallet.dat unencrypted. When file on disk will be everytime encrypted and client ask for password, user can decide if he is doing correct transaction or something strange happen. This does not mean we have to make strange memory management etc. Plaintext password in memory (for time of transaction) is enough for this issue (it is much much harder to get unencrypted wallet for common John). If someone has overflowed the buffer it can read memory of user processes. It might even be easier than running a large shell interpretator for the remote control. |
New bitcoin lottery: probiwon.com- Moжeт, ты eщё и в Heвидимyю Pyкy Pынкa вepyeшь? - Зaчeм жe вepoвaть в тo, чтo мoжнo нaблюдaть нeпocpeдcтвeннo? |
|
|
|
bitcoinex
|
|
November 21, 2010, 01:41:27 PM |
|
(I think, password protection is a garbage at all. Meatbag can not remember more than 1-2 really good passwords.)
Indeed, password protection is way overdue to be replaced with other methods. They are difficult to remember and too easy to sniff with a keylogger / fast camera. Doesn't matter if it is two-factor, biometric, sideband, smartcard, everything is more secure than just a password. Too bad there is so little standardization in that realm, meaning that it is quite some more effort to use those in an actual application. But we have libgss and PAM! |
New bitcoin lottery: probiwon.com- Moжeт, ты eщё и в Heвидимyю Pyкy Pынкa вepyeшь? - Зaчeм жe вepoвaть в тo, чтo мoжнo нaблюдaть нeпocpeдcтвeннo? |
|
|
slush
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
November 21, 2010, 01:57:01 PM |
|
We made changes to various software and the user after each sneeze must enter a password.
Will he use different passwords everywhere? Or it uses the password that he uses everywhere on facebook and on the computer which hi now logged in.
And how many people we turn away from using passwords by that way?
I see analogy with safety belts in car (=passwords in software). There are many other ways how to be safe than use them. For example buy a Hummer with extra steel frame around (=disk encryption,sandboxing etc). But you are saying that safety belts are nonsense, because *you* have Hummer. Buy I'm common user and have only Ford Ka. So using safety belts is better than nothing. Of course, I can meet you in your Hummer on highway, but I have a little bit more chance to be alive with belts than with nothing. It is just responsibility of everyone if he will use safety belts in Ford Ka or not (=if you use this password and if you do it safely). Buy belts are there already, no one driver of Hummer fight against safety belts in small Fords. Nonsense! All these passwords are stored in the configuration files for their software. And since the password must be in the cleartext they only scrambled but not hashed.That is, in fact, they just stored on their disks and may be readed by everybody.
What? Are you saying I have some magical file on my disk with my password to bank? Are you serious? Banking do not using password protection for transactions at all
Again, it is your point of view. My bank allow to use passwords for certain transaction and I use them. I do not use any kind of better security when sending money to my mum. This is a controversial strategy. No more than a few months ago, I become known for the case when by multiple passwords algorithm was been restored and a mail and personal information was stolen. (But he used a simple algorithm)
I do not know your algorithm so I will not make assumptions. You, however, can permission or excuse the algorithm being drunk and then you have to invent a new one and it will be very difficult.
You probably did not understand me at this point. I don't have any master passwords for my other passwords. I have just algorithm based on hashing methods so I can create password to my bank or to this forum without any additional software, which can be cracked and password stolen. Do you consider yourself a typical user?
Of course not. But again, it is just my responsibility to have strong system of my passwords. I use common infrastructure contained in almost every software - password protection. I'm missing that in bitcoin client. And disc encryption does not solve my problems, because until client itself does not support any kind of encryption, I have to unlock wallet.dat on disk also for every other software. That's all. You can! you just need to protect the directory in which to store a wallet.
But not in seamless fashion. I have to run additional software, decrypt directory before starting bitcoin client, then make a transaction and then again unmount a directory. That's both strange and not safe. Because once I mount decrypted directory, every piece of software can work with unencrypted data with common functions. I still feel that buffer overflow is less common way how to read file contents. |
|
|
|
slush
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
November 21, 2010, 01:59:41 PM |
|
But we have libgss and PAM! Of course we have :-). But try to implement that in platform-independent way ;-). Still think that simple password protection is first stage. If somebody add next auth method, I will be happy. But now we have *nothing* here. |
|
|
|
da2ce7
Legendary
Offline
Activity: 1222
Merit: 1016
Live and Let Live
|
|
November 21, 2010, 02:05:49 PM |
|
Basic (strong) encryption should be added to the wallet handling code, along with being able to have multiple wallets loaded, the ability to export and import wallets, and transfer balances between wallets.
|
One off NP-Hard.
|
|
|
Gavin Andresen
Legendary
Offline
Activity: 1652
Merit: 2216
Chief Scientist
|
|
November 21, 2010, 02:27:37 PM |
|
I see analogy with safety belts in car (=passwords in software).
I worry that the correct analogy is: Typing a password every time you use your bitcoin wallet is like putting padding your car's steering wheel instead of wearing a seatbelt. It might make you feel safer, but it is a false sense of security. Good security is hard. If you're not computer savvy, then you've probably already got spyware and trojans on your system, and running bitcoin on a system infested with spyware and trojans is a bad idea. Period. I think an online service that takes care of wallet security for you is a much better solution for non-geeks like my mom. All that said: As my personal bitcoin wallet gets more valuable, I get more nervous. I would like to be able to export some of the value in my wallet onto a USB thumb drive and then put that thumb drive in my safe deposit box (along with a backup, gpg-encrypted copy that I'd keep in the fire safe in my basement). Another analogy: I keep most of my money in the bank; I don't have piles of cash or gold in my house. I will do the same for my bitcoins, keeping only enough in my online, connected, possible-to-hack wallet to use day-to-day. |
How often do you get the chance to work on a potentially world-changing project?
|
|
|
|
bitcoinex
|
|
November 21, 2010, 02:33:44 PM |
|
We made changes to various software and the user after each sneeze must enter a password.
Will he use different passwords everywhere? Or it uses the password that he uses everywhere on facebook and on the computer which hi now logged in.
And how many people we turn away from using passwords by that way?
I see analogy with safety belts in car (=passwords in software). There are many other ways how to be safe than use them. For example buy a Hummer with extra steel frame around (=disk encryption,sandboxing etc). But you are saying that safety belts are nonsense, because *you* have Hummer. Buy I'm common user and have only Ford Ka. So using safety belts is better than nothing. Of course, I can meet you in your Hummer on highway, but I have a little bit more chance to be alive with belts than with nothing. It is just responsibility of everyone if he will use safety belts in Ford Ka or not (=if you use this password and if you do it safely). Buy belts are there already, no one driver of Hummer fight against safety belts in small Fords. Nonsense! All these passwords are stored in the configuration files for their software. And since the password must be in the cleartext they only scrambled but not hashed.That is, in fact, they just stored on their disks and may be readed by everybody.
What? Are you saying I have some magical file on my disk with my password to bank? Are you serious? Yes Can you post link to the internet banking manual of your bank? Banking do not using password protection for transactions at all
Again, it is your point of view. My bank allow to use passwords for certain transaction and I use them. I do not use any kind of better security when sending money to my mum. This is a controversial strategy. No more than a few months ago, I become known for the case when by multiple passwords algorithm was been restored and a mail and personal information was stolen. (But he used a simple algorithm)
I do not know your algorithm so I will not make assumptions. You, however, can permission or excuse the algorithm being drunk and then you have to invent a new one and it will be very difficult.
You probably did not understand me at this point. I don't have any master passwords for my other passwords. I have just algorithm based on hashing methods so I can create password to my bank or to this forum without any additional software, which can be cracked and password stolen. Probably, yes, I don't understand you. Can you tell me more? You use a password + salt and hash them for creating new password? How did you manage to enter a password without access to any hash functions? Or you remember the hashes? Do you consider yourself a typical user?
Of course not. But again, it is just my responsibility to have strong system of my passwords. I use common infrastructure contained in almost every software - password protection. I'm missing that in bitcoin client. And disc encryption does not solve my problems, because until client itself does not support any kind of encryption, I have to unlock wallet.dat on disk also for every other software. That's all. I prefer to simply do not use a passwords. You can! you just need to protect the directory in which to store a wallet.
But not in seamless fashion. I have to run additional software, decrypt directory before starting bitcoin client, then make a transaction and then again unmount a directory. That's both strange and not safe. Because once I mount decrypted directory, every piece of software can work with unencrypted data with common functions. I still feel that buffer overflow is less common way how to read file contents. I am wait for your answer and we compare our methods. |
New bitcoin lottery: probiwon.com- Moжeт, ты eщё и в Heвидимyю Pyкy Pынкa вepyeшь? - Зaчeм жe вepoвaть в тo, чтo мoжнo нaблюдaть нeпocpeдcтвeннo? |
|
|
slush
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
November 21, 2010, 02:41:14 PM |
|
Gavin, I almost agree. But I think an online service that takes care of wallet security for you is a much better solution for non-geeks like my mom.
is way how classic banks started its businesses. When some online wallet become popular, they will probably see that have too much bitcoins on account which nobody handle for long time.... By the way, when you have account bitcoins on some service, how they belong to you? Technically they are not yours. Do you ask for some paper that you have some deposit here? Do you see an analogy? :-) Electronic currency can be safer than physical wallet. Because it can be encrypted in your pocket and you can make a backup to your home vault. So when we fix wallet security somehow, there will not be a space for 'trusted entities which manage your large amounts of bitcoins'. |
|
|
|
slush
Legendary
Offline
Activity: 1386
Merit: 1097
|
|
November 21, 2010, 02:49:59 PM |
|
Probably, yes, I don't understand you. Can you tell me more?
You use a password + salt and hash them for creating new password?
How did you manage to enter a password without access to any hash functions? Or you remember the hashes?
The few most important hashes I already remember. I also have my website with simple hash calculator in javascript and virtual keyboard. I prefer to simply do not use a passwords. Of course, I absolutely agree. But do you prefer to use *nothing* than passwords? It is the main concern I'm speaking again and again here. I'm ABSULUTELY agree with you that passwords are not good enough and I use PAM and private/public keys everywhere it is possible. But I will use password rather than leaving my money in plaintext. Agree? I am wait for your answer and we compare our methods.
I didn't say it is not possible or that YOU cannot do that. I see that on bitcoin forum are 90% people geeks and 10% libertarians (which are not both geeks and libertarian). So you probably know how to do memory overflow. But I'm telling you there are tens of thousands of sysadmins which does not know how to do memory overflow but know how to do copy&paste. Again, passwords are better than nothing. |
|
|
|
caveden
Legendary
Offline
Activity: 1106
Merit: 1004
|
|
November 21, 2010, 03:04:46 PM |
|
I didn't read the whole topic but I agree that built-in password encryption of the wallet.dat would be a good thing.
The current client is really a "geek thing". It won't go mainstream like that.
|
|
|
|
|
nightrow
Newbie
Offline
Activity: 15
Merit: 0
|
|
November 21, 2010, 03:41:59 PM |
|
I can only agree on that.
Actually, wallet.dat is like a vault with the door open big.
Anyone that gain a physical access on your computer, or can execute something on it could theorically transfert all you wallet away.
We need some sorts of securisation.
You could suggest for example that when generating the private key, the last X digits are show to the user to store somewhere else, and are not stored in wallet.dat.
This way, you need both the password AND the wallet.dat to do anything.
Password is stored nowhere on computeur, and is just used to complete private key when signing payments.
|
|
|
|
|
|
bitcoinex
|
|
November 21, 2010, 04:04:56 PM
Last edit: November 21, 2010, 04:15:56 PM by bitcoinex |
|
Probably, yes, I don't understand you. Can you tell me more?
You use a password + salt and hash them for creating new password?
How did you manage to enter a password without access to any hash functions? Or you remember the hashes?
The few most important hashes I already remember. I also have my website with simple hash calculator in javascript and virtual keyboard. Yeah! Well we found a breach in your security strategy Actually, you either have to remember passwords-hashes (but you can not remember a lot of hashes), or hash them on computer under your control (then you can just write down your password on this computer without any hashing), or give your password to someone else's computer to get the hash what you need (totally insecure method). Like I said, you can simply encrypt the home dir with the same result. I prefer to simply do not use a passwords. Of course, I absolutely agree. But do you prefer to use *nothing* than passwords? Don't juggle! I suggest using one password instead of several useless annoing passwords. It is the main concern I'm speaking again and again here. I'm ABSULUTELY agree with you that passwords are not good enough and I use PAM and private/public keys everywhere it is possible. But I will use password rather than leaving my money in plaintext. Agree? I am wait for your answer and we compare our methods.
I didn't say it is not possible or that YOU cannot do that. I see that on bitcoin forum are 90% people geeks and 10% libertarians (which are not both geeks and libertarian). So you probably know how to do memory overflow. But I'm telling you there are tens of thousands of sysadmins which does not know how to do memory overflow but know how to do copy&paste. Again, passwords are better than nothing. My opinion: 5% geeks, 5% libertarians and 90% SEO-moneymakers-HYIP-investors-etc. First two are able to use cryptography and such stuff. Second I'm not interested, but for them nothing is to cost to encrypt sections of their home dir for secure their private data |
New bitcoin lottery: probiwon.com- Moжeт, ты eщё и в Heвидимyю Pyкy Pынкa вepyeшь? - Зaчeм жe вepoвaть в тo, чтo мoжнo нaблюдaть нeпocpeдcтвeннo? |
|
|
|
bitcoinex
|
|
November 21, 2010, 04:06:56 PM |
|
I can only agree on that.
Actually, wallet.dat is like a vault with the door open big.
The same is true for any personal data, not only for bitcoin wallet. |
New bitcoin lottery: probiwon.com- Moжeт, ты eщё и в Heвидимyю Pyкy Pынкa вepyeшь? - Зaчeм жe вepoвaть в тo, чтo мoжнo нaблюдaть нeпocpeдcтвeннo? |
|
|
grondilu
Legendary
Offline
Activity: 1288
Merit: 1076
|
|
November 22, 2010, 07:24:58 AM |
|
You are responsible of the security of your data. So there is no "best practice".
Poor argument. Not all people can be an experts in safety. Why not to help people with transparent encryption of wallet.dat? It should improve security a lot. Sure you can do that. But in a separate project. The whole point of bitcoin is not to depend on someone else trust for security. Therefore, I don't care if some people are unable or unwilling to be responsible for the security of their data. Those people could just as well use only mybitcoin.com. If you want you can create a software that will wrap the headless bitcoin client and add a nice security layer around it. But there is no reason to put any of it inside the bitcoin client itself. |
|
|
|
|
fergalish
|
|
November 23, 2010, 11:06:09 AM |
|
All that said: As my personal bitcoin wallet gets more valuable, I get more nervous. I would like to be able to export some of the value in my wallet onto a USB thumb drive and then put that thumb drive in my safe deposit box (along with a backup, gpg-encrypted copy that I'd keep in the fire safe in my basement).
So this is easy, right? Quit bitcoin, rename wallet.dat to wallet.dat.orig. Start bitcoin again, it will create a new wallet.dat with a new address. Write it down, quit bitcoin. Rename the new wallet.dat to wallet.dat.safe. Rename wallet.dat.orig back to wallet.dat, start bitcoin, send most of your BTCs to the new address you just wrote down. Voilà. Start up again with wallet.dat.new and watch your savings roll in. It's much easier if you do it on two separate computers of course. Encrypt & backup wallet.dat.safe and tell no-one about it. You could even print out a uuencoded version of the encrypted file and store it on your bookshelf. Me, I'd be mostly nervous about storing in some communal wallet.dat (as I understand mybitcoin does, am I correct?). It'll be fine until the day comes that BTC1 = US$lots, be that either through dollar hyperinflation, BTC market growth or both. Imagine how upset you'd be if some employee of your backup service transacts everybody's btc to themself? Really, though, bitcoin should allow for multiple wallet.dats and importing & exporting them (as someone already said). |
|
|
|
|
|
stakhanov
|
|
February 24, 2011, 07:08:42 AM |
|
I see analogy with safety belts in car (=passwords in software).
I worry that the correct analogy is: Typing a password every time you use your bitcoin wallet is like putting padding your car's steering wheel instead of wearing a seatbelt. It might make you feel safer, but it is a false sense of security. Good security is hard. If you're not computer savvy, then you've probably already got spyware and trojans on your system, and running bitcoin on a system infested with spyware and trojans is a bad idea. Period. [...] Another analogy: I keep most of my money in the bank; I don't have piles of cash or gold in my house. I will do the same for my bitcoins, keeping only enough in my online, connected, possible-to-hack wallet to use day-to-day. I like your analogies. But to build up on them, don't you have a lock on your home door? Even if you don't keep all of your money at home, you may still want to keep the small amount you have inside it somewhat secure. Granted, it's not "true" security (but nothing is, your online bank can also be compromised), but if a simple password encrypted wallet prevents stealing the wallet when the bitcoin application isn't started, why not include it? It would at least prevent most script kiddies to attempt simple scams. |
|
|
|
|
Timo Y
Legendary
Offline
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
|
|
February 24, 2011, 10:06:03 AM |
|
It would be nice to have a "bitbox".
A smartphone-sized piece of hardware used exclusively for Bitcoin. It would have an aggressive firewall that allows no communication except for the Bitcoin protocol and perhaps a simple way to receive Bitcoin addresses from the web/ bluetooth/camera. Automatic wallet encryption would mean that you have to enter a password before each transaction, but that's no more incovenient than using a credit card. Perhaps it could include a fingerprint reader?
The bitbox would be a way to make strong security accessible to the non-geek user.
Web wallet providers are not a satisfactory alternative IMO. Except for small amounts of BTC.
They are not banks and they carry all sorts of risks of their own.
|
|
|
|
|
bitcoinex
|
|
February 26, 2011, 11:54:49 AM |
|
It would be nice to have a "bitbox".
A smartphone-sized piece of hardware used exclusively for Bitcoin. It would have an aggressive firewall that allows no communication except for the Bitcoin protocol and perhaps a simple way to receive Bitcoin addresses from the web/ bluetooth/camera. Automatic wallet encryption would mean that you have to enter a password before each transaction, but that's no more incovenient than using a credit card. Perhaps it could include a fingerprint reader?
The bitbox would be a way to make strong security accessible to the non-geek user.
Web wallet providers are not a satisfactory alternative IMO. Except for small amounts of BTC.
They are not banks and they carry all sorts of risks of their own.
Bluetooth wireless 'smartcard' device which can ECDSA cryptography. On PIC controller with LCD screen and 2 buttons. It can receive request (bills) for payents by bluetooth, display payie selfname and "To: payee address", amount and wait for pushing 'Pay' or 'Cancel'. |
New bitcoin lottery: probiwon.com- Moжeт, ты eщё и в Heвидимyю Pyкy Pынкa вepyeшь? - Зaчeм жe вepoвaть в тo, чтo мoжнo нaблюдaть нeпocpeдcтвeннo? |
|
|
|
