Timo Y (OP)
Legendary
 Offline
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
|
 |
June 27, 2011, 12:30:13 PM |
|
I felt that the Securing Your Wallet article on the Bitcoin Wiki was too hard to digest for a non-technical user so I created this simple, brief list of dos and don't as a starting point: https://en.bitcoin.it/wiki/Wallet_Security_Dos_and_Don%27ts_%28Windows%29Any modifications or improvements are appreciated. Bear in mind that this is not meant to be a comprehensive guide on how to create a 100% secure wallet. I'm just trying to address the most obvious security mistakes made by beginners. |
|
|
|
|
fornit
|
|
June 27, 2011, 12:49:17 PM |
|
Do keep encrypted backups of all your wallets in at least 3 physically separate locations.
Do use keyfiles to encrypt your wallets, and keep backups of your keyfiles in at least 3 physically separate locations. mostly the same. Do use a good antivirus and firewall, and keep them up to date. firewalls and antivirus on a personal computer dont do much good and make people rely on them, which is a major mistake. see allinvain. otherwise nice guide / reminder  |
|
|
|
|
|
luv2drnkbr
|
|
June 27, 2011, 12:52:38 PM |
|
firewalls and antivirus on a personal computer dont do much good and make people rely on them, which is a major mistake. see allinvain. Uhhhhh, have you SEEN Comodo's software firewall??? Shit is amazing. |
|
|
|
|
Grouver (BtcBalance)
|
|
June 27, 2011, 12:54:32 PM |
|
1) Keep your big wallet offline
2) Split your big wallet to 15+ small wallets
3) Use one small wallet when you want to spent.
4) Encrypt all wallets when not in use.
5) Scan your computer before copying your wallet to a connected computer.
Done
|
|
|
|
|
BitcoinPorn
|
|
June 27, 2011, 12:58:23 PM |
|
All words that are attached to the "Do's" and "Don'ts" should be linking to parts of the Wiki discussing those things.
|
|
|
|
|
haydent
|
|
June 27, 2011, 01:00:39 PM |
|
firewalls and antivirus on a personal computer dont do much good and make people rely on them, which is a major mistake. see allinvain. Uhhhhh, have you SEEN Comodo's software firewall??? Shit is amazing. i prefer ESET Smart Security, but i used comodo firewall for ages before this. In both i have them set and recommend people use 'manual mode' so you must allow or block anything trying to send or recieve data via your computer. great for stopping those pesky apps from checking online for updates / key's |
2x Gigabyte 6950 OC @ 920/450 w/ ati tray tools (1 shader modded) - 760Mhs on ozco.in 0% fee aus pool
btc: 1HS5Brzcsh7XkJn566XYbvfpa2JuBRBdss
|
|
|
|
error
|
|
June 27, 2011, 05:08:49 PM |
|
The problem with securing the wallet on Windows is that you have to secure Windows as well, or all your efforts are in vain. I despair of ever seeing a day when the average Windows user has a reasonably secure, virus-free computer. (Hey, you, you aren't average. Stuff it.)
|
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
da2ce7
Legendary
Offline
Activity: 1222
Merit: 1016
Live and Let Live
|
|
June 27, 2011, 05:16:02 PM |
|
The problem with securing the wallet on Windows is that you have to secure Windows as well, or all your efforts are in vain. I despair of ever seeing a day when the average Windows user has a reasonably secure, virus-free computer. (Hey, you, you aren't average. Stuff it.)
Dang... I was just about to comment that a properly set-up window 7 x64, using limited privilege user, and efs for private data can be very secure. |
One off NP-Hard.
|
|
|
da2ce7
Legendary
Offline
Activity: 1222
Merit: 1016
Live and Let Live
|
|
June 27, 2011, 05:17:01 PM |
|
The problem with securing the wallet on Windows is that you have to secure Windows as well, or all your efforts are in vain. I despair of ever seeing a day when the average Windows user has a reasonably secure, virus-free computer. (Hey, you, you aren't average. Stuff it.)
Dang... I was just about to comment that a properly set-up window 7 x64, using limited privilege user accounts, and efs for private data can be very secure. |
One off NP-Hard.
|
|
|
BitCoinBarter
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 27, 2011, 07:05:07 PM |
|
I felt that the Securing Your Wallet article on the Bitcoin Wiki was too hard to digest for a non-technical user so I created this simple, brief list of dos and don't as a starting point: https://en.bitcoin.it/wiki/Wallet_Security_Dos_and_Don%27ts_%28Windows%29Any modifications or improvements are appreciated. Bear in mind that this is not meant to be a comprehensive guide on how to create a 100% secure wallet. I'm just trying to address the most obvious security mistakes made by beginners. Great start. Thank you. I'm sure that this will help (if only they use it) all users (not just Window users). I agree with BitcoinPorn, "...should be linking..." To that, I would add that it links to reliable information, even if it does't link to the Wiki. I would also suggest you to add/modify/explain the following (possible with a link): -How to find/use symmetric encryption (asymmetric may be a little much, however it should be mentioned). -What a keyfile is and how it relates to encryption. -Don't use an online backup/storage services' encryption unless you have the sole key. Even if that is the case, I suggest you to not use their encryption (use your own). If the service uses encryption, then considered that a plus that is added to your encryption. -Once your wallet leaves your system (e.g., to an online backup/storage, USB, etc.), it should be encrypted. -When deleting an unencrypted wallet, that file must be shredded. Of course this will mean explain what shredding is and why it is important. -Recommend a good password manager to help (I vote for LastPass). |
|
|
|
|
Timo Y (OP)
Legendary
Offline
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
|
|
June 29, 2011, 09:41:22 AM |
|
Thanks for your feedback. -When deleting an unencrypted wallet, that file must be shredded. Of course this will mean explain what shredding is and why it is important.
It has been pointed out that shredding is not effective on modern operating systems. I think it's still better than nothing, but does it give people a false sense of security? -Recommend a good password manager to help (I vote for LastPass).
Password managers create a single point of failure. Do you think this is secure enough for protecting wallets? I prefer to encrypt my savings wallets with different, independent passwords. |
|
|
|
Timo Y (OP)
Legendary
Offline
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
|
|
June 29, 2011, 09:42:29 AM |
|
2) Split your big wallet to 15+ small wallets
Why so many? 15 seems like a lot of work. Won't about 5 suffice for the average user? |
|
|
|
|
IlbiStarz
|
|
June 29, 2011, 09:47:00 AM |
|
Don't keep your computer switched on overnight.
Dang then how do we mine  |
|
|
|
|
Timo Y (OP)
Legendary
Offline
Activity: 938
Merit: 1001
bitcoin - the aerogel of money
|
|
June 29, 2011, 10:25:14 AM |
|
Don't keep your computer switched on overnight.
Dang then how do we mine I'll fix that to cater for miners. |
|
|
|
|
Gareth Nelson
|
|
June 29, 2011, 10:52:03 AM |
|
Do keep encrypted backups of all your wallets in at least 3 physically separate locations.
Do use keyfiles to encrypt your wallets, and keep backups of your keyfiles in at least 3 physically separate locations. mostly the same. Do use a good antivirus and firewall, and keep them up to date. firewalls and antivirus on a personal computer dont do much good and make people rely on them, which is a major mistake. see allinvain. otherwise nice guide / reminder Antivirus is pretty mandatory on a windows box, but as for firewall - use a hardware firewall too. Pretty much any consumer DSL router already includes one - use it. |
|
|
|
|
|
XIU
|
|
June 29, 2011, 11:36:03 AM |
|
Using the -datadir option to move your wallet.dat file to another location could also help for the current wallet stealers, they all use %AppData%\Bitcoin\wallet.dat hardcoded.
|
|
|
|
|
titeuf_87
Member
Offline
Activity: 111
Merit: 10
|
|
June 29, 2011, 11:45:58 AM |
|
An important one to add:
Don't click on any links from an email or open any attachment, no matter how official looking they are.
|
15kfBM3TQ4PGzL7cKncU3su2pH7ZJmiLtr
|
|
|
|
error
|
|
June 29, 2011, 04:54:17 PM |
|
It has been pointed out that shredding is not effective on modern operating systems. I think it's still better than nothing, but does it give people a false sense of security?
Shredding is fine on modern operating systems. It does NOT work on solid-state drives, USB flash sticks, etc. |
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
|
bcearl
|
|
June 29, 2011, 05:34:43 PM |
|
It has been pointed out that shredding is not effective on modern operating systems. I think it's still better than nothing, but does it give people a false sense of security?
Shredding is fine on modern operating systems. It does NOT work on solid-state drives, USB flash sticks, etc. No, shredding files does not work, because modern file systems don't write the new data for a file to the same place (for performance and recovery reasons). shredding whole volumes works, but takes weeks. |
Misspelling protects against dictionary attacks NOT
|
|
|
|
error
|
|
June 29, 2011, 05:40:03 PM |
|
It has been pointed out that shredding is not effective on modern operating systems. I think it's still better than nothing, but does it give people a false sense of security?
Shredding is fine on modern operating systems. It does NOT work on solid-state drives, USB flash sticks, etc. No, shredding files does not work, because modern file systems don't write the new data for a file to the same place (for performance and recovery reasons). shredding whole volumes works, but takes weeks. Oh yeah, I forgot all about journaling filesystems and things of that nature. Doh. Though shredding entire volumes takes hours or days, not weeks. Unless you have some unusually large volumes. |
3KzNGwzRZ6SimWuFAgh4TnXzHpruHMZmV8
|
|
|
|
