Is this a safe practice?

[cellard]

Since I like running my own full node to transact, I need to keep my wallet.dat safe. The dilemma is, how can transacting within a full node be ever secure? If we admit that every computer that's connected to the internet is compromised, it is a hard task to keep it safe.

My idea is to keep my Bitcoin Core full node client synced, but only add the wallet.dat file when I need to transact. Once im done transacting, I would close Bitcoin Core, copy my wallet.dat into my USB, and then proceed to delete wallet.dat with a software such as Eraser (https://eraser.heidi.ie/)

This way there wouldn't be nothing to steal anymore, and the only moment you are exposed is during the transaction.

I was wondering if there is a device that would allow you to safely use your wallet.dat within your full node in an isolated way? Never used a Trezor but that's not what it does I think.

[jackg]

Since I like running my own full node to transact, I need to keep my wallet.dat safe. The dilemma is, how can transacting within a full node be ever secure? If we admit that every computer that's connected to the internet is compromised, it is a hard task to keep it safe.

My idea is to keep my Bitcoin Core full node client synced, but only add the wallet.dat file when I need to transact. Once im done transacting, I would close Bitcoin Core, copy my wallet.dat into my USB, and then proceed to delete wallet.dat with a software such as Eraser (https://eraser.heidi.ie/)

This way there wouldn't be nothing to steal anymore, and the only moment you are exposed is during the transaction.

I was wondering if there is a device that would allow you to safely use your wallet.dat within your full node in an isolated way? Never used a Trezor but that's not what it does I think.

You could always use another piece of software for your wallet such as electrum.

I think your idea mat work but the point where your USB fails or you delete the file without checking it's copied first (like if you're in a rush) is where the problem would arise. If you want to use bitcoin core, then you could consider dual booting or using another computer and store the pruned version of your blockchain on there (which'll take up about ,10GB more but will offer you a much more secure system). Don't prune the blockchain from your full node though.

[truthstalker]

Always recommended when you are running a node is to keep your wallet separate to the node. You could either use a different wallet but the best solution would be to have a dedicated server to run a full node.

[HeRetiK]

Leaving your wallet.dat even for just for a short time on an online machine could potentially expose it to malware, so you unfortunately gain very little additional security with this method. In reality you just expose yourself to the risk of accidentally deleting your wallet.dat indefinitely, assuming you don't have any additional backups around -- which you also should have, btw.

Depending on how many BTC you own you're better off looking into cold storage options such as paper wallets, Armory or a hardware wallet -- at least for your main stash, assuming you need a small amount of BTC for day-to-day transactions.

[BattleZeo]

Leaving your wallet.dat even for just for a short time on an online machine could potentially expose it to malware, so you unfortunately gain very little additional security with this method. In reality you just expose yourself to the risk of accidentally deleting your wallet.dat indefinitely, assuming you don't have any additional backups around -- which you also should have, btw.

Depending on how many BTC you own you're better off looking into cold storage options such as paper wallets, Armory or a hardware wallet -- at least for your main stash, assuming you need a small amount of BTC for day-to-day transactions.

And tell me please, if I have had a purse with bitcoins for a long time, but I lost the password from it, is it possible to restore it somehow?

[pooya87]

~ we admit that every computer that's connected to the internet is compromised,~
~ add the wallet.dat file when I need to transact. ~

i think you answered your own question here.
if we assume your computer is already compromised that means as soon as you "add" the wallet.dat file it will be stolen. you are just taking additional unnecessary steps!

things like hardware wallet (Trezor for instance) don't let anything leak to the outside world. they just sign your transactions for you.

if you are ok with taking additional tiring steps then do this:
- use your online full node to make an unsigned raw transaction
- disconnect internet and boot into a live linux from a DVD
- run your wallet client
- sign that transaction of step 1 with your private keys.
- shut down
- back to online OS, broadcast the now signed transaction.

some helps:
http://people.xiph.org/~greg/signdemo.txt
https://bitcoin.org/en/developer-examples#offline-signing

[cellard]

~ we admit that every computer that's connected to the internet is compromised,~
~ add the wallet.dat file when I need to transact. ~

i think you answered your own question here.
if we assume your computer is already compromised that means as soon as you "add" the wallet.dat file it will be stolen. you are just taking additional unnecessary steps!

things like hardware wallet (Trezor for instance) don't let anything leak to the outside world. they just sign your transactions for you.

if you are ok with taking additional tiring steps then do this:
- use your online full node to make an unsigned raw transaction
- disconnect internet and boot into a live linux from a DVD
- run your wallet client
- sign that transaction of step 1 with your private keys.
- shut down
- back to online OS, broadcast the now signed transaction.

some helps:
http://people.xiph.org/~greg/signdemo.txt
https://bitcoin.org/en/developer-examples#offline-signing

Would you still consider Trezor safe after this?

https://www.reddit.com/r/Bitcoin/comments/6zgocf/psa_trezor_privacy_leak_trezor_windows_driver/

Looks like you would need to boot Trezor with Tails to avoid that.

Not to mention the fact that Trezor is a very recognizable device that doesn't allow for plausible deniability.
If you have a Trezor, it automatically means you have BTC. If you have an USB, there could be anything inside.

Also it's a single point of failure. You would need several Trezors.

[ranochigo]

Would you still consider Trezor safe after this?

https://www.reddit.com/r/Bitcoin/comments/6zgocf/psa_trezor_privacy_leak_trezor_windows_driver/

Looks like you would need to boot Trezor with Tails to avoid that.

Why not? The problem described in the link is at best, a privacy risk and nothing more. It does not allow a third party to touch your Bitcoins at all, I don't see a problem with the security.

Trezor or most hardware wallets were not designed for privacy. You need to run Tails or at least connect it through Tor or other proxies.

Not to mention the fact that Trezor is a very recognizable device that doesn't allow for plausible deniability.
If you have a Trezor, it automatically means you have BTC. If you have an USB, there could be anything inside.

Also it's a single point of failure. You would need several Trezors.

I mean, it doesn't compromise security, does it? The only way for it to be stolen is to have physical access to it. Even then, there should be a way to secure it with a passphrase.

[pooya87]

~
Would you still consider Trezor safe after this?

by "anything" i meant anything sensitive like your private keys. @ranochigo gave a good answer about this.

and if you want my opinion i personally prefer something that i can see/understand myself. open source code which i use to create my own setup. it is harder but i am a DIY guy.
heck my preferred method of generating a new private key is using a dice, physically rolling it on the floor, no computers involved