Is Dropbox a safe place keep my TrueCrypted BTC wallet backup?

[Capitalism Prevails]

I read this answer on another forum.  What do you think?

"Depends how paranoid you are. Many do but if you reallly want to be safe then according to the bitcoin wiki:

Using Dropbox to back up your Bitcoin data is not recommended as doing so introduces the following security concerns:

Dropbox stores your encryption key (meaning that a disgruntled Dropbox employee or an > attacker who gained access to the system could decrypt your Dropbox data and steal your bitcoins)

The Dropbox client only needs a password for the first login. After it authenticates once, the server assigns it a token which it uses to show that, at one time, its user knew the password rather than sending the actual password (meaning that if you ever use the Dropbox client on another PC, that PC's users can access your Dropbox - even if you change your password - and can steal your bitcoins or get a virus that will steal your bitcoins).

For these reasons, an alternative that always uses password authentication such as Wuala should be used. Wuala's servers do not store your encryption key and the program authenticates with the password each time it is started.

Whether you use Dropbox as your backup or not, it is advised to use what Steve Gibson calls "pre-Internet encryption" which means to use some form of encryption on your files before you back them up, in case an attacker gains access to that backup. Make sure to pick a password that is memorable but secure.

The only file you need to back up is "wallet.dat" which can be done one of two ways. To make a copy of the wallet.dat file, ensure that Bitcoin is closed and copy this file somewhere else. The other way is to use the backupwallet JSON-RPC command to back up without shutting down Bitcoin.

Once a copy has been made, encrypt it, and put it in two or more safe locations. Consider the risk due to theft, fire, or natural disaster in proportion to the value of bitcoins stored in the wallet."

[Mike Christ]

I wouldn't trust it.  I believe all items, when transferred, are encrypted, but a back door is always a possible route, especially when drugs and CP and terrorism is involved.

[macintosh]

Its safe if the download link is never gave to anyone

[b!z]

I personally wouldn't do it, but if you are uploading an encrypted wallet with not many coins you *should* be fine.

[adamas]

I personally wouldn't do it, but if you are uploading an encrypted wallet with not many coins you *should* be fine.

Better put it in a small truecrypt container before uploading.

[firefop]

I personally wouldn't do it, but if you are uploading an encrypted wallet with not many coins you *should* be fine.

Better put it in a small truecrypt container before uploading.

That's the right way to go about it.

encrypt the wallet.dat - then encrypt the file with 3rd party encryption software and that can go to online storage.

[TheSpiral]

In theory, BTSync would probably be a better solution. Less people with access to the files (i.e. decentralized). Same concept as Dropbox, just without the central server, and uses a passkey just to sync (extra layer never hurts). That said, I use both, but I wouldn't put anything sensitive on Dropbox.

http://labs.bittorrent.com/experiments/sync.html

[adamas]

Better put it in a small truecrypt container before uploading.

That's the right way to go about it.
encrypt the wallet.dat - then encrypt the file with 3rd party encryption software and that can go to online storage.

For max. security you could scramble the file before uploading it: http://www.alldataright.com/file-scrambler/screenshots.html

[iram1022]

I think its not safe. I its safer on gmail  added with strong password.

[legitnick]

I suggest you put your wallet on a USB as well on your computer. The more backups you have the safer.

Dropbox is safe, if you put a password on the file.

[favdesu]

As you wrote: Depends how paranoid you are.

Encrypt your wallet and you should be fine

[cp1]

It's probably fine if you've already encrypted it, but it's better to just print a paper backup in my opinion.  Two people can keep a secret if one of them is dead.

[AliceWonder]

I wouldn't keep it in dropbox, even encrypted.

Stick it on a USB key (encrypted) and keep it in a safety deposit box, or in a relative's safe.

Or for long term storage make a really good brain wallet involving a salt, a complex phrase, and a personal identification number (like drivers license). Salt should be at least 8 characters, dozen preferred.

[Larry666]

I zip mine up and then rename the zip.  Most clowns don't know what they are doing when they try to steal.  They will do searches only.

[DannyHamilton]

I zip mine up and then rename the zip.  Most clowns don't know what they are doing when they try to steal.  They will do searches only.

Well, there's a wallet just begging to be stolen.

[Lothy]

why not keep it in a windows skydrive account?

[tigusoft]

I suggest you to keep your encrypted wallet on encrypted USB stick in the safe. It is the most secure way when nobody can get even your encrypted wallet.

[moisesmcardona]

You can try with Bitcasa, since the files are encrypted on your PC instead of their servers and then the encrypted data is uploaded to their servers.

[medinscot]

As long as you have encrypted the wallet file using TrueCrypt (strong password + locally stored key file), you should be fine backing it up to the cloud (DropBox, GMail or any similar alternatives).

If anyone manage to get hold of the file (from the cloud), and they are prepared to bruteforce your password, they still need the key file (which is not stored anywhere near the cloud, and only you know its exact location).

[naphto]

Should be safe ...