Need help on integrating my Bitcoin wallet safely into TrueCrypt

[chessdragon]

Hey there guys, this is probably a really easy question to solve, but how do I successfully integrate my wallet into my encrypted TrueCrypt file?


As I understand it, there's a main Bitcoin folder with all the application files, and then there's other data in the %appdata%. I would normally just copy the Bitcoin file into the mounted TrueCrypt volume file, but that wouldn't encrypt my wallet.dat file, would it? And isn't that what I'm trying to hide from Trojans and other malicious programs?


Thanks in advance guys.

[1715227926]

1715227926

[1715227926]

1715227926

[jamesb]

When you copy your wallet file on the TrueCrypt volume it is encrypted on the hard disk but you can still access it unencrypted as long as your volume is open. You should use the -datadir option to tell Bitcoin to use the folder in your encrypted volume.

But the best way to protect your wallet is to use the bitcoin version proposed on GIT which encrypt with AES your wallet and ask for your password (it is not integrated yet in the official version). TrueCrypt is good for your backup but if you keep the volume open this won't be more secure than having your wallet in your regular directory.

[timmeyh]

also keep in mind that if you mount your encrypted volume, that your truecrypt password is unencrypted in RAM.

[krepta3000]

also keep in mind that if you mount your encrypted volume, that your truecrypt password is unencrypted in RAM.

I thought the password was only kept in RAM if you had the Cache option selected, which I don't.  How would I retrieve the password for my volume from RAM anyway?

And, another thing, if the bitcoin app is using encryption itself for the wallet file, doesn't it have to decrypt the file and keep it in memory to work with it?  How is there a difference then between having it on a truecrypt volume, and having the encryption/decryption handled from within the bitcoin app?  Oh, and I use XP Pro, I know how to encrypt files on NTFS 5, but I also know that windows does not leave a file only encrypted when the file is in use, no, it decrypts it into RAM so it can be worked with, and encrypts it to the hard drive whenever the file's content changes, constantly, on the fly.  Just like TrueCrypt does, and just like the bitcoin app would do if it was handling the encryption.  I really see absolutely no difference which way it's being handled because there will always be an unencrypted version in memory.  But, the unencrypted volume is accessible to the person who is currently able to read it, so, modifying file permissions in an encrypted volume would be good.  And adding Windows NTFS encryption would also be good, so if someone tries to grab the wallet file from the unencrypted volume, they will only get an encrypted file they can't use.

[jamesb]

@krepta3000: The difference is that Bitcoin only needs your password to send (encrypt and sign) coins. When it starts, it reads the transactions list in the memory and shouldn't keep the password in the memory.

[Jack of Diamonds]

also keep in mind that if you mount your encrypted volume, that your truecrypt password is unencrypted in RAM.

I thought the password was only kept in RAM if you had the Cache option selected, which I don't.  How would I retrieve the password for my volume from RAM anyway?

Someone with physical access to your PC's (say, they know you run a farm with your wallet connected PC among them, and you are out of town for a week)
can remove the RAM sticks, use a freeze attack (literally freeze the RAM with a spray bottle) & boot it up in a device which will dump the contents onto a USB flash drive.

Then they search for the contents of wallet.dat, reconstruct it & steal your Bitcoins.

It's worth it if they know you have a vast amount of BTC, otherwise it's not a very likely scenario.