For those looking for a relatively easy method of securing your long-term bitcoin savings, without requiring a non-Windows install, here's what I do. Feel free to pick it apart.
- On a clean PC, install the bitcoin client and create one or more addresses via the "New..." button. Email these addresses to yourself via GMail or similar.
- Close Bitcoin and encrypt the Wallet.dat file (for instance with 7-zip, entering a strong password)
- Make copies of this file (burn to CD, email to yourself via GMail or other online email, etc.)
- Destroy the wallet.dat file via secure erase (SDelete works well, http://technet.microsoft.com/en-us/sysinternals/bb897443
- When your main bitcoin balance gets larger than you like, send the extra to one of the addresses you emailed to yourself.
- What is a clean PC? Well ideally it's a fresh install of Windows 7 SP1, restarted in Safe Mode with Networking.
- There's no need to access the encrypted wallet file unless you either want to spend from it, or desire additional addresses.
- You really only need one address from the encrypted wallet of course, but I like to keep each payment separate for my own accounting.
- Be careful when you select your password! It should be strong (http://www.microsoft.com/security/online-privacy/passwords-create.aspx
), memorable, and NEVER REUSED ELSEWHERE! Recent database hacking successes should teach us all that reusing passwords is a Bad Idea.