Bitcoin Forum
September 19, 2019, 05:43:11 PM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: [SECURITY | GUIDE] How to protect your wallets and private keys  (Read 392 times)
Nestade
Sr. Member
****
Offline Offline

Activity: 672
Merit: 318


View Profile
February 23, 2018, 05:05:10 AM
Last edit: February 23, 2018, 12:36:33 PM by Nestade
Merited by sangkler11 (1)
 #1

Hi,

I'd just like to share some suggestions to improve the security of your cold-wallets and private keys.
In general for cold storage wallets only malware could be a real problem and of course losing your wallet data.

1.: Always create a backup of your wallet data - for most wallets there is an option to create a backup.
     If there isn't, you will most likely find the data folder in the appdata directory (type %appdata% into the windows search).
     Store this files on an USB flash drive - DO NOT store it in any cloud! Also always write down your private keys on a paper and store it safely!

2.: If you're using your computer which contains your wallet for everyday activities you may also visit some unknown websites or download things.
     It's always possible to download malware and your antivirus won't detect properly encrypted malicious software. These would be some suggestions on how to bypass this possibility:
     - If you've got an old computer just reformat it and only use it for cryptocurrency-storage and transactions - don't do anything else on this machine
     - Create a new partition on your existing system, install an OS and don't assign it to your main OS - only use it for cryptocurrency-storage and transactions - don't do anything else on this partition.
     - Create a virtual machine, encrypt it (there are many guides on how to encrypt a whole system) and only use it for cryptocurrency-storage and transactions - don't do anything else on this VM.

3.: Usually you should never store your private-keys on your computer. For example IOTA only requires your private-key (seed) to log in to your wallet. However some people may do it anyway and it's really annoying
     always typing your private-key by hand. If you're storing it on your computer you should at least encrypt it. There are tons of ways of doing this (DO NOT use any online-platforms!!!) - however for me the following is
     most preferred.
     Notepad++ (my default editor anyway) offers the possibility of installing plugins. On of those already pre-listed is an encryption plugin. I'll include a short guide on how to do this at the end.

4.: I think it's not really necessary to say, but NEVER tell anyone your private-key and don't send any data files.

5.: You could store your important stuff in an encrypted container. Just inform yourself about recent encryption-software similar to TrueCrypt.

6.: Always keep your operating system up2date - some updates contain security updates or fixes for (critical) exploits

7.: Use a sandbox for running downloaded stuff if the source isn't 100% trustworthy

8.: Well, doesn't really fit here, but if you're using MyEtherWallet you may want to check this:
     https://bitcointalk.org/index.php?topic=2822325.msg28909433#msg28909433


Now let's come to the promised (short) guide about encrypting your private-key or any other text.

Installing the plugin:
- Download Notepad++ (https://notepad-plus-plus.org/) and install it
- Open Notepad++ go to Plugins > Plugin Manager > Show Plugin Manager
- Select NppCrypt from the list, hit the 'Install' button and allow Notepad++ to restart after installation

Encrypting:
- Now you can enter your text (in this case your private-key or whatever you want to encrypt)
- Select (mark) the text you want to encrypt
- Go to Plugins > NppCrypt > Encrypt
- Optional: Select your preferred cipher and mode
- Enter a password, hit 'OK', confirm your password and hit 'OK' again.
- Your text is now encrypted - now you can safe it.

Decrypting:
- Go to Plugins > NppCrypt > Decrypt
- If you changed cipher and mode you'll have to change it accordingly
- Enter your password and click 'OK'
- Your text is now decrypted
> Make sure to close the tab or re-encrypt before closing Notepad++
> It's always a risk having your private-key in the chache when C&P it; you can erase it from your chache by running the command
Code:
cmd /c “echo off | clip
  in CMD (https://www.howtogeek.com/235101/10-ways-to-open-the-command-prompt-in-windows-10/)

Like I said there are more methods of encryption but at least for me this one is most convenient.
I'm not an expert and this are just some suggestions - you'll most likely have to do some Google-research on some of them.

(Small advise: Antivirus programms may not really help against professional malware but it can provide at least some security against crappy malicious stuff - there's no best antivirus but I'd suggest Malwarebytes: Anti-Malware in combination with the Windows integrated antivirus. However using antivirus software may mislead some people to believe they're completely safe - you should always pay attention to your surf behaviour and be careful about any downloads or fishy stuff)

Hope there's something useful for you Smiley
Any advice and suggestions will be greatly appreciated!

Regards,
Nestade alias xuNsh1ne


Just a small warning for IOTA-owners... If you created your seed using any online-seed-generator you should immediately generate a new seed offline and transfer your balance to this new seed!!!
Guide on how to generate your own seed for Windows and Linux (MacOS not tested, but should also work): https://bitcointalk.org/index.php?topic=3002939.msg30877844#msg30877844

1568914991
Hero Member
*
Offline Offline

Posts: 1568914991

View Profile Personal Message (Offline)

Ignore
1568914991
Reply with quote  #2

1568914991
Report to moderator
1568914991
Hero Member
*
Offline Offline

Posts: 1568914991

View Profile Personal Message (Offline)

Ignore
1568914991
Reply with quote  #2

1568914991
Report to moderator
1568914991
Hero Member
*
Offline Offline

Posts: 1568914991

View Profile Personal Message (Offline)

Ignore
1568914991
Reply with quote  #2

1568914991
Report to moderator
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, which will follow the rules of the network no matter what miners do. Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1568914991
Hero Member
*
Offline Offline

Posts: 1568914991

View Profile Personal Message (Offline)

Ignore
1568914991
Reply with quote  #2

1568914991
Report to moderator
1568914991
Hero Member
*
Offline Offline

Posts: 1568914991

View Profile Personal Message (Offline)

Ignore
1568914991
Reply with quote  #2

1568914991
Report to moderator
1568914991
Hero Member
*
Offline Offline

Posts: 1568914991

View Profile Personal Message (Offline)

Ignore
1568914991
Reply with quote  #2

1568914991
Report to moderator
ankurguta87
Full Member
***
Offline Offline

Activity: 364
Merit: 117



View Profile
February 23, 2018, 05:40:08 AM
Merited by vapourminer (1), Nestade (1)
 #2

The best way currently, that is still easy to access are hardware wallets. The two most famous retailers are:

Trezor: https://buytrezor.com/

Ledger: https://www.ledgerwallet.com/

A hardware wallet is dedicated hardware with a defined interface that makes it impossible to extract the private key from the hardware. The interface does, however, allow signing of transactions. This means that the hardware wallet can safely be plugged into hardware infected with malware.
Nestade
Sr. Member
****
Offline Offline

Activity: 672
Merit: 318


View Profile
February 23, 2018, 05:42:46 AM
 #3

The best way currently, that is still easy to access are hardware wallets. The two most famous retailers are:

Trezor: https://buytrezor.com/

Ledger: https://www.ledgerwallet.com/

A hardware wallet is dedicated hardware with a defined interface that makes it impossible to extract the private key from the hardware. The interface does, however, allow signing of transactions. This means that the hardware wallet can safely be plugged into hardware infected with malware.

Hi,

Thats right, but many currencies aren't supported yet. I'm using the Ledger Nano S and it doesn't support IOTA for example - however in this case only the seed has to be secured for example by encryption or even better by not storing it on your computer and typing it manually everytime you want to log in.
So the only option are online-wallets (security factors: User AND provider) or cold-wallets (security factor: User).

But everyone should get a hardware-wallet for supported coins instead of using the methods mentioned above. Nothing can beat the security of a hardware-wallet (at least for now and I doubt this will change in near future)

Regards,
Nestade

sangkler11
Full Member
***
Offline Offline

Activity: 266
Merit: 101



View Profile
February 23, 2018, 06:19:55 AM
 #4

a very helpful topic
thanks for sharing this guide, i will try it
I've also read your topic created earlier about myetherwallet security guide. good job

Nestade
Sr. Member
****
Offline Offline

Activity: 672
Merit: 318


View Profile
February 23, 2018, 06:28:44 AM
 #5

a very helpful topic
thanks for sharing this guide, i will try it
I've also read your topic created earlier about myetherwallet security guide. good job

Thank you very much! Smiley
Just thought I could contribute a little bit as many people create threads about security-concerns.
I can't guarantee that everything I wrote is 100% correct but I think it may help at least as basis for further research.

jezus
Sr. Member
****
Offline Offline

Activity: 560
Merit: 250



View Profile
February 23, 2018, 06:53:48 AM
 #6

I am store my coins in two hdd,3 pendrives.

█████████████████████████████████████████
██                                     ██
██ █████████████▄ ▀███████████████████ ██
██ ██          ▀██▄ ▀██▄            ██ ██
██ ██            ▀██▄ ▀██▄          ██ ██
██ ██              ▀██▄ ▀██▄        ██ ██
██ ██                ▀██▄ ▀██▄  ▄▄████ ██
██ ██                  ▀██▄ ▀████▀▀    ██
██ ██                    ▀██▄ ▀▀ ▄████ ██
██ ██▄                     ▀██  ██  ██ ██
██ █████▄                 ▄▄██  ██  ██ ██
██     ▀███▄        ▄▄██████▀ ▄▄ ▀████ ██
██ ████▄ ▀▀██ ▄▄██████▀▀ ▄▄▄▄████▄▄    ██
██ ██  ██  ▀███▀▀▀ ▄▄▄▄██▀▀▀▀▀  ▀▀████ ██
██ ██  ██ ▄▄▄▄▄▄██▀▀▀▀▀█▄           ██ ██
██ ████▀  ▀▀▀▀▀▀▀ ▄███▄ ▀▄          ██ ██
██   ▄▄▄██▀▀▀▀▀█ ██   ██ █▄         ██ ██
██ ██▄▄▄▄▄▄▄▄▄▄█ ███████ █████████████ ██
██                                     ██
█████████████████████████████████████████
LASER ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
BLOCKCHAIN WITHOUT BORDERS












A BLOCKCHAIN-AGNOSTIC SERVICE LAYER
FOR IMPROVED SPEED, ANONYMITY, AND INTEROPERABILITY
[]
Nestade
Sr. Member
****
Offline Offline

Activity: 672
Merit: 318


View Profile
February 23, 2018, 07:52:00 AM
 #7

I am store my coins in two hdd,3 pendrives.

Hi,

Do you mean you've got an backup on 2 HDDs and 3 pendrives?^^
I think you'll never lose your files Cheesy

Regards,
Nestade

damberg
Full Member
***
Offline Offline

Activity: 560
Merit: 100


Decentralized Gaming Platform - Play & Earn $


View Profile WWW
February 23, 2018, 08:09:00 AM
 #8


     Store this files on an USB flash drive - DO NOT store it in any cloud! Also always write down your private keys on a paper and store it safely!


Very helpful guide, every crypto newbie should read this through. And I would emphasize the point with not storing private keys in cloud - clouds are simply not safe for this, use good old USB's  Cool

Nestade
Sr. Member
****
Offline Offline

Activity: 672
Merit: 318


View Profile
February 23, 2018, 08:16:22 AM
 #9


     Store this files on an USB flash drive - DO NOT store it in any cloud! Also always write down your private keys on a paper and store it safely!


Very helpful guide, every crypto newbie should read this through. And I would emphasize the point with not storing private keys in cloud - clouds are simply not safe for this, use good old USB's  Cool

Hi,

Thats right Smiley If you're storing your private keys in a cloud you can also use an online wallet - well, then you'll have 3 risk factors: a) Cloud  b) Wallet c) Computer Cheesy

vincentong17
Member
**
Offline Offline

Activity: 266
Merit: 17


View Profile
February 23, 2018, 08:35:01 AM
 #10

Thanks this is useful, I use USB to store my private keys and i wrote down all in a piece of sheet. Though i wanted to buy trezor in the long run to keep a bunch of altcoins soon. However do you use coinomi and jaxx? Would you recommend us if it's safe? TIA!
Nestade
Sr. Member
****
Offline Offline

Activity: 672
Merit: 318


View Profile
February 23, 2018, 08:42:29 AM
 #11

Thanks this is useful, I use USB to store my private keys and i wrote down all in a piece of sheet. Though i wanted to buy trezor in the long run to keep a bunch of altcoins soon. However do you use coinomi and jaxx? Would you recommend us if it's safe? TIA!

Hi,

I'm sorry, but I don't have any experience with multi-asset-wallets so I can't make any recommendation.
To be honest I don't even know how this wallets exactly work - are those hot or cold wallets? At least for ETH and tokens it's just an interface (cold-wallet) like MyEtherWallet I guess.
In general I think it's always better using the original-wallet.

Yuuto
Hero Member
*****
Offline Offline

Activity: 644
Merit: 501



View Profile
February 23, 2018, 09:01:47 AM
 #12

Thanks for the guide.

As an IOTA investor, I find it hard to keep track of my IOTA all the time if I had to enter in the private key every single time I wanted to check my balance or send some IOTA. Which is why I'll admit, I keep my private key string on my laptop, unencrypted.

Obviously, the best thing to do would be to encrypt it or handwrite it offline. But if you just have a few hundred bucks worth of cryptos, it's unlikely that it's going to get hacked, and even if it does get hacked you shouldn't be out of too much money. Backing up your private keys are probably even more important than securing it, in these scenarios.
Nestade
Sr. Member
****
Offline Offline

Activity: 672
Merit: 318


View Profile
February 23, 2018, 09:22:18 AM
 #13

Thanks for the guide.

As an IOTA investor, I find it hard to keep track of my IOTA all the time if I had to enter in the private key every single time I wanted to check my balance or send some IOTA. Which is why I'll admit, I keep my private key string on my laptop, unencrypted.

Obviously, the best thing to do would be to encrypt it or handwrite it offline. But if you just have a few hundred bucks worth of cryptos, it's unlikely that it's going to get hacked, and even if it does get hacked you shouldn't be out of too much money. Backing up your private keys are probably even more important than securing it, in these scenarios.

Hi,

Well, you're right - the possibility of getting 'hacked' is not very high.
But don't forget - most attacks aren't directed against you rather it's malware someone uploaded and targets many people.
So the possibility is low, but still higher than one would think.

Another problem are so called exploit-kits: There are specialized kits (luckily incredible expensive) which are hosted on a webserver. If someone visits the domain it tries to silently download and run a payload (malware) by using one or multiple 0day exploits. You won't even notice you got infected. Well, the possibility is still low, but it's possible.

I'd really suggest at least using the encryption-method; by the way: For many currencies you could just use the blockexporer to check your wallet without even logging in.

By the way: Hope you didn't generate your IOTA seed using an online generator

RACallanta
Member
**
Offline Offline

Activity: 182
Merit: 11


View Profile
February 23, 2018, 01:21:27 PM
 #14

very helpful topic men. thanks for this i hope a lot of user will be use this topic for their own security. because a lot of user dont know how to upgrade their security system to their own wallet.. actually me also dont know to do that and this thread could be help for me hehehe nice one

S M A R T   Q U O R U M
ANNTelegramWhitepapersmartquorum.comOnepagerDiscordTwitter
The First POS Coin To Fuel Blockchain Market Boom
Nestade
Sr. Member
****
Offline Offline

Activity: 672
Merit: 318


View Profile
February 24, 2018, 03:35:14 PM
 #15

very helpful topic men. thanks for this i hope a lot of user will be use this topic for their own security. because a lot of user dont know how to upgrade their security system to their own wallet.. actually me also dont know to do that and this thread could be help for me hehehe nice one

Hi,

Thanks for your feedback Smiley
In general you should always use a hardware-wallet for supported currencies if the value is above $500.
For unsupported currencies cold-wallets should be preferred. Most important is keeping your PC free from malware and creating backups.

thinkme1st
Member
**
Offline Offline

Activity: 532
Merit: 10


View Profile WWW
February 24, 2018, 08:54:37 PM
Merited by Nestade (1)
 #16

Very helpful and informative. thanks for this nice informative guide/turtorial. You are doing a nice job and i guess everyone using online wallets should really read and understand this that they are vulnerable and avoid downloading stuff. if they don't have hardware wallet then Encrypting your private key is a must thing to do.

modtakels
Member
**
Offline Offline

Activity: 182
Merit: 10


View Profile
February 24, 2018, 09:01:42 PM
 #17

Good read,this is a great knowledge to have,also you can protect your browsers from the phishing sites using the metamask extension it is being recommended by myetherwallet.com to use,because it will protect your private keys from being stolen when you are using dex or decentralized exchanges,it can also be used together with the hardware wallets like ledger and trezor.

cryptocue
Member
**
Offline Offline

Activity: 252
Merit: 13


View Profile
February 24, 2018, 09:16:58 PM
 #18

Great guide you can add metamask extension to your guide so these phising sites will be prevent especially when we are using DEX or Decentralized Exchange like etherdelta and forkedelta,there is another extension which is called cryptonite it is also recommended by myetherwallet.com so you will be warned whenever you enter a potential phishing sites.

Nestade
Sr. Member
****
Offline Offline

Activity: 672
Merit: 318


View Profile
February 25, 2018, 09:07:29 AM
 #19

Great guide you can add metamask extension to your guide so these phising sites will be prevent especially when we are using DEX or Decentralized Exchange like etherdelta and forkedelta,there is another extension which is called cryptonite it is also recommended by myetherwallet.com so you will be warned whenever you enter a potential phishing sites.

Hi,

Haven't done much research about Metamask but it seems to be a very good extenstion especially for trading on decentalized exchanges like you said.

Regards,
Nestade

GlennChristopher
Newbie
*
Offline Offline

Activity: 116
Merit: 0


View Profile
February 25, 2018, 09:18:08 AM
 #20

Hi,

I'd just like to share some suggestions to improve the security of your cold-wallets and private keys.
In general for cold storage wallets only malware could be a real problem and of course losing your wallet data.

1.: Always create a backup of your wallet data - for most wallets there is an option to create a backup.
     If there isn't, you will most likely find the data folder in the appdata directory (type %appdata% into the windows search).
     Store this files on an USB flash drive - DO NOT store it in any cloud! Also always write down your private keys on a paper and store it safely!

2.: If you're using your computer which contains your wallet for everyday activities you may also visit some unknown websites or download things.
     It's always possible to download malware and your antivirus won't detect properly encrypted malicious software. These would be some suggestions on how to bypass this possibility:
     - If you've got an old computer just reformat it and only use it for cryptocurrency-storage and transactions - don't do anything else on this machine
     - Create a new partition on your existing system, install an OS and don't assign it to your main OS - only use it for cryptocurrency-storage and transactions - don't do anything else on this partition.
     - Create a virtual machine, encrypt it (there are many guides on how to encrypt a whole system) and only use it for cryptocurrency-storage and transactions - don't do anything else on this VM.

3.: Usually you should never store your private-keys on your computer. For example IOTA only requires your private-key (seed) to log in to your wallet. However some people may do it anyway and it's really annoying
     always typing your private-key by hand. If you're storing it on your computer you should at least encrypt it. There are tons of ways of doing this (DO NOT use any online-platforms!!!) - however for me the following is
     most preferred.
     Notepad++ (my default editor anyway) offers the possibility of installing plugins. On of those already pre-listed is an encryption plugin. I'll include a short guide on how to do this at the end.

4.: I think it's not really necessary to say, but NEVER tell anyone your private-key and don't send any data files.

5.: You could store your important stuff in an encrypted container. Just inform yourself about recent encryption-software similar to TrueCrypt.

6.: Always keep your operating system up2date - some updates contain security updates or fixes for (critical) exploits

7.: Use a sandbox for running downloaded stuff if the source isn't 100% trustworthy

8.: Well, doesn't really fit here, but if you're using MyEtherWallet you may want to check this:
     https://bitcointalk.org/index.php?topic=2822325.msg28909433#msg28909433


Now let's come to the promised (short) guide about encrypting your private-key or any other text.

Installing the plugin:
- Download Notepad++ (https://notepad-plus-plus.org/) and install it
- Open Notepad++ go to Plugins > Plugin Manager > Show Plugin Manager
- Select NppCrypt from the list, hit the 'Install' button and allow Notepad++ to restart after installation

Encrypting:
- Now you can enter your text (in this case your private-key or whatever you want to encrypt)
- Select (mark) the text you want to encrypt
- Go to Plugins > NppCrypt > Encrypt
- Optional: Select your preferred cipher and mode
- Enter a password, hit 'OK', confirm your password and hit 'OK' again.
- Your text is now encrypted - now you can safe it.

Decrypting:
- Go to Plugins > NppCrypt > Decrypt
- If you changed cipher and mode you'll have to change it accordingly
- Enter your password and click 'OK'
- Your text is now decrypted
> Make sure to close the tab or re-encrypt before closing Notepad++
> It's always a risk having your private-key in the chache when C&P it; you can erase it from your chache by running the command
Code:
cmd /c “echo off | clip
  in CMD (https://www.howtogeek.com/235101/10-ways-to-open-the-command-prompt-in-windows-10/)

Like I said there are more methods of encryption but at least for me this one is most convenient.
I'm not an expert and this are just some suggestions - you'll most likely have to do some Google-research on some of them.

(Small advise: Antivirus programms may not really help against professional malware but it can provide at least some security against crappy malicious stuff - there's no best antivirus but I'd suggest Malwarebytes: Anti-Malware in combination with the Windows integrated antivirus. However using antivirus software may mislead some people to believe they're completely safe - you should always pay attention to your surf behaviour and be careful about any downloads or fishy stuff)

Hope there's something useful for you Smiley
Any advice and suggestions will be greatly appreciated!

Regards,
Nestade alias xuNsh1ne


Just a small warning for IOTA-owners... If you created your seed using any online-seed-generator you should immediately generate a new seed offline and transfer your balance to this new seed!!!
Guide on how to generate your own seed for Windows and Linux (MacOS not tested, but should also work): https://bitcointalk.org/index.php?topic=3002939.msg30877844#msg30877844
very helpful topic i believe other will benefit from it thumbs up from me
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!