Bitcoin Forum
December 07, 2016, 06:23:38 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: A Secure and Redundant Savings Wallet Concept, Hopefully  (Read 4324 times)
Dirt Rider
Member
**
Offline Offline

Activity: 111


View Profile
June 23, 2011, 02:44:13 PM
 #41

It is an unsupported claim of TrueCrypt, you should not trust it.

Their website and all of their documentation would lead one to believe otherwise.  I have experiemented with the feature personally and have yet to see anything (other then your suggestion) that suggests that it shouldn't be used.  I don't suppose you have any supporting information you'd like to share?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 26, 2011, 06:24:37 PM
 #42

It is an unsupported claim of TrueCrypt, you should not trust it.

Their website and all of their documentation would lead one to believe otherwise.  I have experiemented with the feature personally and have yet to see anything (other then your suggestion) that suggests that it shouldn't be used.  I don't suppose you have any supporting information you'd like to share?

That's not the point. They have to prove that their claim is true. Until they haven't done that, you should not trust it. That's the only way to do security.

Misspelling protects against dictionary attacks NOT
Rogue Star
Member
**
Offline Offline

Activity: 88


View Profile
June 26, 2011, 06:34:53 PM
 #43

i would agree with not trusting a hidden volume, but could we agree that it would be safer than a non-hidden volume, except perhaps barring damning evidence supporting otherwise?

you can donate to me for whatever reason at: 18xbnjDDXxgcvRzv5k2vmrKQHWDjYsBDCf
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 27, 2011, 06:31:05 AM
 #44

i would agree with not trusting a hidden volume, but could we agree that it would be safer than a non-hidden volume, except perhaps barring damning evidence supporting otherwise?

But what's the advantage compared with an AES-encrypted file that you delete? It is still on disk, but looks like random data. And it has a major advantage: It is way smaller and looks way less suspicious than a 5 gigabyte blob (perhaps with macroscopic patterns of a TrueCrypt hidden volume).

Misspelling protects against dictionary attacks NOT
johanatan
Member
**
Offline Offline

Activity: 84


View Profile
June 27, 2011, 07:01:54 AM
 #45

Quote
If something is made up of 6 parts, and you only have 5 of the parts, and each part is unique, you do not have the whole thing.  That is not something I am just hoping, that is fact, I know that if you don't have all 6 parts you don't have all 6 parts.

I haven't read the rest of the thread from here but something you guys seem to be missing (and which is mere speculation on my part as I haven't read the bitcoin client code yet) is that:

-. the wallet.dat file may be entirely useful even in part.  For example, consider that the private keys are stored in sequential order with no striping (distribution).  Having just one or a few parts of a wallet.dat would then allow you to recover some of the funds (via the private keys the part contains).

EDIT:  Just saw Eric's post.  I concur.

1GjRUzZfDCBHeCyJk6av3pXYS9VKjCvQTQ
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 27, 2011, 07:04:37 AM
 #46

Quote
If something is made up of 6 parts, and you only have 5 of the parts, and each part is unique, you do not have the whole thing.  That is not something I am just hoping, that is fact, I know that if you don't have all 6 parts you don't have all 6 parts.

I haven't read the rest of the thread from here but something you guys seem to be missing (and which is mere speculation on my part as I haven't read the bitcoin client code yet) is that:

-. the wallet.dat file may be entirely useful even in part.  For example, consider that the private keys are stored in sequential order with no striping (distribution).  Having just one or a few parts of a wallet.dat would then allow you to recover some of the funds (via the private keys it contains).

I think the OP wanted to split the encrypted file. But thats no proof of security either. Without a good argument supporting it, you shouldn't trust it. I agree with you.

Misspelling protects against dictionary attacks NOT
johanatan
Member
**
Offline Offline

Activity: 84


View Profile
June 27, 2011, 07:08:27 AM
 #47

Quote
If something is made up of 6 parts, and you only have 5 of the parts, and each part is unique, you do not have the whole thing.  That is not something I am just hoping, that is fact, I know that if you don't have all 6 parts you don't have all 6 parts.

I haven't read the rest of the thread from here but something you guys seem to be missing (and which is mere speculation on my part as I haven't read the bitcoin client code yet) is that:

-. the wallet.dat file may be entirely useful even in part.  For example, consider that the private keys are stored in sequential order with no striping (distribution).  Having just one or a few parts of a wallet.dat would then allow you to recover some of the funds (via the private keys it contains).

I think the OP wanted to split the encrypted file. But thats no proof of security either. Without a good argument supporting it, you shouldn't trust it. I agree with you.

Yea, he only mentioned one password and 6 key files.  Presumably if you have one of the parts and the password (and one of the key files), then you can get part of the wallet.dat (and thus part of the coins).

1GjRUzZfDCBHeCyJk6av3pXYS9VKjCvQTQ
EricJ2190
Full Member
***
Offline Offline

Activity: 134


View Profile
June 27, 2011, 07:11:19 AM
 #48

Actually, I noticed that he is also using multiple key files, so you actually would need two of the drives to get the full key to decrypt any of the archive. However, the part about splitting the TrueCrypt volume itself is pointless and unnecessary, as far as I can tell.
ThiagoCMC
Legendary
*
Offline Offline

Activity: 1190


฿itcoin: Currency of Resistance!


View Profile WWW
June 27, 2011, 09:19:42 AM
 #49

As mentioned by others, simply splitting the wallet, or even an encrypted volume or archive containing the wallet, is not secure. An attacker does not need a whole wallet file to steal from you. All they is a whole private key to an individual address (or enough of it that they can brute force the missing piece) to steal any coins received by that address. With the OP's method, chances are an attacker could steal most if not all of your coins with only one flash drive and your password.

Well, I solved this.

 I made a SIMPLE solution, which hosts the entire Bitcoin data (~/.bitcoin) directory, within the "Ubuntu One" free cloud service... Ahh! 100% encrypted by the way...

 With no third party softwares.

 Take a look at this:

 Wallet in the Cloud - Keeping your Bitcoins encrypted and saved into the Cloud!
 http://forum.bitcoin.org/index.php?topic=22386.0

 What do you guys think about my solution?!

 It is really easy to do by everybody... No complications.

 And it can be easily changed, or used with a USB pendrive instead a Cloud environment... But always use a Live CD, even to mount your encrypted USB Pendrive.

Cheers!
Thiago

Mercado Forex acessível para todos os Brasileiros que tenham Bitcoins! Cadastre-se hoje mesmo! Bastar acessar aqui: https://1broker.com/m/r.php?i=8879
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!