Bitcoin Forum
December 07, 2016, 10:42:49 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Am I Encrypting Right?  (Read 1640 times)
IlbiStarz
Full Member
***
Offline Offline

Activity: 224


View Profile
June 20, 2011, 12:49:45 AM
 #1

So...am I doing this right? What I did:

1. Turn off Bitcoin.

2. Copy the wallet.dat file.

3. I used Winrar to make an encryption.

4. Copy that encrypted file to a safe place.

5. Delete the original wallet.dat file. (I won't lose anything right?)

Then when I need to spend, unencrypt the file and put it back into the roaming folder right?

It's better to be pissed off, than to be pissed on.
BTC : 1UgM1rqL9mFtH4PHF8TgvAaceymaKmhmP         LTC : LgCGw2WrRphr94RYS1qXHj2PUuYrTap4vk
FC : 6jc9PEmqxpMSxydfepHtshE4f2jMom1dAJ
1481150569
Hero Member
*
Offline Offline

Posts: 1481150569

View Profile Personal Message (Offline)

Ignore
1481150569
Reply with quote  #2

1481150569
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481150569
Hero Member
*
Offline Offline

Posts: 1481150569

View Profile Personal Message (Offline)

Ignore
1481150569
Reply with quote  #2

1481150569
Report to moderator
1481150569
Hero Member
*
Offline Offline

Posts: 1481150569

View Profile Personal Message (Offline)

Ignore
1481150569
Reply with quote  #2

1481150569
Report to moderator
bitlotto
Hero Member
*****
Offline Offline

Activity: 672


BitLotto - best odds + best payouts + cheat-proof


View Profile WWW
June 20, 2011, 12:56:34 AM
 #2

Looks right. I don't know if I myself would use winrar though....
I'd recommend either truecrypt or gpg. Truecrypt would probably be the easiest to figure out. You create a "volume" that is pretty much a file. This file is "mounted" and makes it appear like a whole new drive on your computer. Copy the stuff to this new drive. Then "unmount". Copy that file you mounted.

But it's probably ok...

*Next Draw Feb 1*  BitLotto: monthly raffle (0.25 BTC per ticket) Completely transparent and impossible to manipulate who wins. TOR
TOR2WEB
Donations to: 1JQdiQsjhV2uJ4Y8HFtdqteJsZhv835a8J are appreciated.
BombaUcigasa
Legendary
*
Offline Offline

Activity: 1414



View Profile
June 20, 2011, 02:37:02 PM
 #3

Winrar
Wrong! This is not 1997, it's freaking 2011 you old gizzard!!!
MaGNeT
Legendary
*
Offline Offline

Activity: 1050


Founder of Orlycoin | O RLY? YA RLY!


View Profile WWW
June 22, 2011, 05:30:42 AM
 #4

So...am I doing this right? What I did:

1. Turn off Bitcoin.

2. Copy the wallet.dat file.

3. I used Winrar to make an encryption.

4. Copy that encrypted file to a safe place.

5. Delete the original wallet.dat file. (I won't lose anything right?)

Then when I need to spend, unencrypt the file and put it back into the roaming folder right?


Don't forget to back-up the encrypted file to another location...
If your encrypted file fails, your BTC are gone forever...
If your memory fails to remember the password, your BTC are gone forever...
joan
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 22, 2011, 08:28:10 AM
 #5

4. Copy that encrypted file to a safe place.

5. Delete the original wallet.dat file. (I won't lose anything right?)
Try a restore before deleting the original.
jamesb
Jr. Member
*
Offline Offline

Activity: 30


View Profile
June 23, 2011, 12:04:20 PM
 #6

5. Delete the original wallet.dat file. (I won't lose anything right?)

Wrong too! If you don't erase the old file bytes on the hard drive it will be easily read again. You will have to use a secure random to overwrite the bytes if you want your deleted file to be unreadable forever (like shred on Unix)!
Oldminer
Legendary
*
Offline Offline

Activity: 1022



View Profile
June 25, 2011, 11:44:43 AM
 #7


Wrong too! If you don't erase the old file bytes on the hard drive it will be easily read again. You will have to use a secure random to overwrite the bytes if you want your deleted file to be unreadable forever (like shred on Unix)!

Or you could just use www.encryptfiles.net

It gives you the option to delete or shred when you encrypt Smiley

If you like my post please feel free to give me some positive rep https://bitcointalk.org/index.php?action=trust;u=18639
Tip me BTC: 1FBmoYijXVizfYk25CpiN8Eds9J6YiRDaX
BitCoinBarter
Jr. Member
*
Offline Offline

Activity: 56



View Profile
June 28, 2011, 12:47:24 AM
 #8


Or you could just use www.encryptfiles.net

It gives you the option to delete or shred when you encrypt Smiley

I would not use/goto www.encryptfiles.net

It has a bad rep on WOT. See http://www.mywot.com/en/scorecard/www.encryptfiles.net for details.

Do no evil,

Smiley 12KYva8D2GT3C1wSD8wvgkFkP5TnBp3LPC Smiley
bitfreak!
Legendary
*
Offline Offline

Activity: 1514


electronic [r]evolution


View Profile WWW
June 28, 2011, 07:20:40 AM
 #9


Or you could just use www.encryptfiles.net

It gives you the option to delete or shred when you encrypt Smiley

I would not use/goto www.encryptfiles.net

It has a bad rep on WOT. See http://www.mywot.com/en/scorecard/www.encryptfiles.net for details.
That's because people seem to think it's a trojan due to warnings by their anti-virus software. I would guess they are simply false-positives due to the nature of the software. I don't think I've used it before though.

XCN: CYsvPpb2YuyAib5ay9GJXU8j3nwohbttTz | BTC: 18MWPVJA9mFLPFT3zht5twuNQmZBDzHoWF
Cryptonite - 1st mini-blockchain altcoin | BitShop - digital shop script
Web Developer - PHP, SQL, JS, AJAX, JSON, XML, RSS, HTML, CSS
XIU
Member
**
Offline Offline

Activity: 84


View Profile
June 28, 2011, 11:29:28 PM
 #10

Winrar
Wrong! This is not 1997, it's freaking 2011 you old gizzard!!!

If you have v3 or higher, then it'll use AES 128bit, which given a long and strong password, should provide enough security.

1xiuHwHk81j4TRnLuLBMvH2ctqtTsubT6
unclemantis
Member
**
Offline Offline

Activity: 98


(:firstbits => "1mantis")


View Profile
July 27, 2012, 02:35:51 AM
 #11

Winrar
Wrong! This is not 1997, it's freaking 2011 you old gizzard!!!

If you have v3 or higher, then it'll use AES 128bit, which given a long and strong password, should provide enough security.

How long is overkill and how short is too short? I am using a paragraph of about 4 rather long sentences out of a book.

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
July 27, 2012, 02:46:49 AM
 #12

10 characters is generally immune to brute force attempts if the passphrase is not weak (not found in any dictionary, leaked password list, or common password database).  4 sentences is probably overkill although I would prefer a single sentence along with some numbers which have meaning to you so it is unlikely to be part of a precomputation database.
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 1932



View Profile
July 27, 2012, 01:43:10 PM
 #13


Or you could just use www.encryptfiles.net

It gives you the option to delete or shred when you encrypt Smiley

I would not use/goto www.encryptfiles.net

It has a bad rep on WOT. See http://www.mywot.com/en/scorecard/www.encryptfiles.net for details.
>encryptfiles.net

seems legit Cool

That's because people seem to think it's a trojan due to warnings by their anti-virus software. I would guess they are simply false-positives due to the nature of the software. I don't think I've used it before though.
there's no possible reason why antivirus software will think encryption software would be a virus. after all, do you see winrar, 7zip, or truecrypt setting off alarms?

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
unclemantis
Member
**
Offline Offline

Activity: 98


(:firstbits => "1mantis")


View Profile
July 27, 2012, 05:55:33 PM
 #14

10 characters is generally immune to brute force attempts if the passphrase is not weak (not found in any dictionary, leaked password list, or common password database).  4 sentences is probably overkill although I would prefer a single sentence along with some numbers which have meaning to you so it is unlikely to be part of a precomputation database.

Is there a mask or set of rules that you apply when generating a 10 character passphrase?

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
Epoch
Legendary
*
Offline Offline

Activity: 917



View Profile
July 27, 2012, 06:10:10 PM
 #15

10 characters is generally immune to brute force attempts if the passphrase is not weak (not found in any dictionary, leaked password list, or common password database).  4 sentences is probably overkill although I would prefer a single sentence along with some numbers which have meaning to you so it is unlikely to be part of a precomputation database.
Is there a mask or set of rules that you apply when generating a 10 character passphrase?

First off, here is an informative (old but still mostly relevant) article describing password cracking ('recovery' is the politically-correct term) with GPUs and commercially available cracking software:

http://www.tomshardware.com/reviews/password-recovery-gpu,2945.html

TLDR:

1) At least ten characters in length.
2) Contain at least one upper-case letter
3) Contain at least one lower-case letter
4) Contain at least one special character, such as @ or !
5) Contain at least one number

The idea being to force any brute-force attack to search a large portion of the ASCII space, essentially increasing the 'strength' of each character of your password compared to, say, using lower- and upper- case letters only.

BTC: 1DJVUnLuPA2bERTkyeir8bKn1eSoRCrYvx
NMC: NFcfHSBBnq622pAr1Xoh9KtnBPA5CUn6id
Deafboy
Hero Member
*****
Offline Offline

Activity: 484



View Profile WWW
July 27, 2012, 06:39:55 PM
 #16

In my .bitcoin directory, there is only link to wallet.dat on USB. So there is no need to delete anything on local HDD after closing bitcon client. I just unplug the USB key.
Also I keep several online and offline backups of wallet in truecrypt containers, and several backups of keepassx password database with password for truecrypt containers and wallet itself.
bluefirecorp
Hero Member
*****
Offline Offline

Activity: 686


View Profile
July 27, 2012, 09:36:09 PM
 #17

10 characters is generally immune to brute force attempts if the passphrase is not weak (not found in any dictionary, leaked password list, or common password database).  4 sentences is probably overkill although I would prefer a single sentence along with some numbers which have meaning to you so it is unlikely to be part of a precomputation database.
Is there a mask or set of rules that you apply when generating a 10 character passphrase?

First off, here is an informative (old but still mostly relevant) article describing password cracking ('recovery' is the politically-correct term) with GPUs and commercially available cracking software:

http://www.tomshardware.com/reviews/password-recovery-gpu,2945.html

TLDR:

1) At least ten characters in length.
2) Contain at least one upper-case letter
3) Contain at least one lower-case letter
4) Contain at least one special character, such as @ or !
5) Contain at least one number

The idea being to force any brute-force attack to search a large portion of the ASCII space, essentially increasing the 'strength' of each character of your password compared to, say, using lower- and upper- case letters only.

.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
unclemantis
Member
**
Offline Offline

Activity: 98


(:firstbits => "1mantis")


View Profile
July 27, 2012, 10:12:54 PM
 #18

10 characters is generally immune to brute force attempts if the passphrase is not weak (not found in any dictionary, leaked password list, or common password database).  4 sentences is probably overkill although I would prefer a single sentence along with some numbers which have meaning to you so it is unlikely to be part of a precomputation database.
Is there a mask or set of rules that you apply when generating a 10 character passphrase?

First off, here is an informative (old but still mostly relevant) article describing password cracking ('recovery' is the politically-correct term) with GPUs and commercially available cracking software:

http://www.tomshardware.com/reviews/password-recovery-gpu,2945.html

TLDR:

1) At least ten characters in length.
2) Contain at least one upper-case letter
3) Contain at least one lower-case letter
4) Contain at least one special character, such as @ or !
5) Contain at least one number

The idea being to force any brute-force attack to search a large portion of the ASCII space, essentially increasing the 'strength' of each character of your password compared to, say, using lower- and upper- case letters only.


Doesn't 4 words go against the rules of having a dictionary word?

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
P_Shep
Legendary
*
Offline Offline

Activity: 924


View Profile WWW
July 27, 2012, 10:42:35 PM
 #19

Doesn't 4 words go against the rules of having a dictionary word?

No, as it's 4 of them.

No. words in dictionary * No. words in dictionary * No. words in dictionary * No. words in dictionary = big number
unclemantis
Member
**
Offline Offline

Activity: 98


(:firstbits => "1mantis")


View Profile
July 28, 2012, 05:30:49 AM
 #20

Doesn't 4 words go against the rules of having a dictionary word?

No, as it's 4 of them.

No. words in dictionary * No. words in dictionary * No. words in dictionary * No. words in dictionary = big number

Gotcha.

Well I guess I am reencrypting my wallet tomorrow :-D And then going around and picking up all the backups. Shreeding them and then redistributing the new one LOL

PHP, Ruby, Rails, ASP, JavaScript, SQL
20+ years experience w/ Internet Technologies
Bitcoin OTC | GPG Public Key                                                                               thoughts?
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!