Safest Wallet

[indianplayers]

I heard cold storage is best.

[flatfly]

We have just added a paranoid mode to NoBrainr, to generate strong cold storage addresses without relying on the system RNG at all

[moderate]

That is not paranoid at all, it should be the default operation mode for all the bitcoin users. Encrypting the wallet is the basic stuff and a must. Truecrypt partition complements that well, good reminder.

Ok, so what is paranoid mode then? For true security maniacs?

You need to start with a computer that never got to meet the Internet and never will while acting as cold storage. Look at what inputs.io did and do all differently (couldn't resist, sorry).

[deisik]

You need to start with a computer that never got to meet the Internet and never will while acting as cold storage.

And end by throwing out the computer and keeping the keys in your memory...

Look at what inputs.io did and do all differently (couldn't resist, sorry).

Never mind, I wasn't among their clients 

[Tirapon]

If you're storing lots of coins long term, paper wallets with digital backups. Armory is also good, I bough an old laptop for about £50 to run armory on. I haven't had any problems with QT but I wouldn't consider it safe storage - just convenient.

[porcupine87]

Ah to buy an extra computer, which is never connected to the internet. Very user friendly? What's wrong with a brain wallet? I generated with a safe password a bitcoin address and store that address with private key in an text file in an truecrypt container on an USB (on 2 USBs) - with the downloaded bitaddress.org.html.

What I did:
- downloaded bitaddress.org.html
- shut down internet connection
- think about a good, strong password, which is easy to remember (first letters of your all time favarite song)
- download and install Truecrypt,and create container with same password
- create with bitaddress.org and password an address
- store the private and public key in an textfile and get it in the container
- store this container with bitadress.org.html on two different USB
- paranoid: shut down pc and start new to delete everything out of the memory

I don't know Amory, so I can't trust it to 100%. For me that is secure enough.

But let's face it. 99% of lost coins is not the product of a thief. But it is a mistake or you forget something. The best option would be a paper wallet. Because: What if you forget or what if you die?

[Tirapon]

Be very careful choosing a passphrase for your brainwallet. People are running very comprehensive brute force attacks on potential brainwallets.

http://www.reddit.com/r/Bitcoin/comments/1ptuf3/brain_wallet_disaster/

[flatfly]

Ah to buy an extra computer, which is never connected to the internet. Very user friendly? What's wrong with a brain wallet? I generated with a safe password a bitcoin address and store that address with private key in an text file in an truecrypt container on an USB (on 2 USBs) - with the downloaded bitaddress.org.html.

What I did:
- downloaded bitaddress.org.html
- shut down internet connection
- think about a good, strong password, which is easy to remember (first letters of your all time favarite song)
...

Please. This is extremely insecure. Attackers are using huge databases including any song titles, initials, lyrics, or exotic poems that you might think of.  If you really want to go with a "brainwallet" make sure to generate one with provably sufficient entropy. How do you do that?

Use NoBrainr, for instance: only 30 lines of code so very easy to review, very robust, and runs 100% locally.

Main thread is at https://bitcointalk.org/index.php?topic=308972.0

[bizz]

Electrum cold storage.

http://electrum.org/tutorials.html#offline-mpk

[moderate]

Electrum cold storage.

http://electrum.org/tutorials.html#offline-mpk

Oh but that uses raw transactions, people around here have claimed that users can't ever use that and I'm an idiot for suggesting it.

[R2D221]

What if you die?

I will just retrieve my coins while in Heaven. I see no problem there.

[IsaacGoldbourne]

Hey everyone, I've heard a lot of speculation recently about which wallet to use and whether it's best to use an online wallet or a static software wallet hosted on my personal computer.

I want to keep my coins as safe as the next person and would like you to voice your opinion on what you think is best to use and for which reasons. Any help is more than appreciated, apologies in advance if this thread has already been created (I have searched beforehand).

Kindest regards,
- Twipple

I use electrum for my hot wallet, and a text document with the public key for my savings with the priv key in a truecrypt volume stored on the cloud and on my NAS. Password to it is hidden in my folder of financial documents.

[moderate]

I use electrum for my hot wallet, and a text document with the public key for my savings with the priv key in a truecrypt volume stored on the cloud and on my NAS. Password to it is hidden in my folder of financial documents.

Hey good hints there, can you also give the name of this folder of financial documents ? Is it HIDDEN_PASSWORD_FINANCIAL_DOCS_DONT_LOOK ?

[bizz]

Electrum cold storage.

http://electrum.org/tutorials.html#offline-mpk

Oh but that uses raw transactions, people around here have claimed that users can't ever use that and I'm an idiot for suggesting it.

People are ignorant. And then newbie goes and sends 30 BTCs to Inputs.io. True for small amounts/daily use blockchain.info wallet with 2FA is just fine. But  risking over 30 BTC online (inputsio WTF  ). Or on a probably infected PC

Raw tx? What's so hard about saving file  to USB > go to/reboot to offline Ubuntu > open file > click > save > go back to online PC > click. Done.

[IsaacGoldbourne]

I use electrum for my hot wallet, and a text document with the public key for my savings with the priv key in a truecrypt volume stored on the cloud and on my NAS. Password to it is hidden in my folder of financial documents.

Hey good hints there, can you also give the name of this folder of financial documents ? Is it HIDDEN_PASSWORD_FINANCIAL_DOCS_DONT_LOOK ?

Its a piece of paper in a physical folder. Not a folder on my computer aha.

[porcupine87]

Ah to buy an extra computer, which is never connected to the internet. Very user friendly? What's wrong with a brain wallet? I generated with a safe password a bitcoin address and store that address with private key in an text file in an truecrypt container on an USB (on 2 USBs) - with the downloaded bitaddress.org.html.

What I did:
- downloaded bitaddress.org.html
- shut down internet connection
- think about a good, strong password, which is easy to remember (first letters of your all time favarite song)
...

Please. This is extremely insecure. Attackers are using huge databases including any song titles, initials, lyrics, or exotic poems that you might think of.  If you really want to go with a "brainwallet" make sure to generate one with provably sufficient entropy. How do you do that?

Use NoBrainr, for instance: only 30 lines of code so very easy to review, very robust, and runs 100% locally.

Main thread is at https://bitcointalk.org/index.php?topic=308972.0

Hm sorry, I have no idea about the use of your tool. What will I do with this pass phrase? How will I get the private key from this? Would u reommend such a tool to a non programmer?


I aware that attackers could use big databases with lyrics and that stuff. But if I use the first letters of my favorite song:
- how many words do I use? Ok, between 10 and 20 seems reasonable. factor 10
- where do I start? It depends, how "intelligent" this database is. Can it say, where the chorus begins? Or verses? Factor 5. (some songs have no Chorus)
- at least 2 numbers + another sign (example: first number -> number of members of the band, second: year of appearance backwards, separated by two pipes ): factor 1000

Just to be more safe: use the letters backwards, or add to every letter one in the alphabet.

-> this is a more than secure password. But feel free to use your favorite scene in a movie to do this

[bizz]

Ah to buy an extra computer, which is never connected to the internet. Very user friendly? What's wrong with a brain wallet? I generated with a safe password a bitcoin address and store that address with private key in an text file in an truecrypt container on an USB (on 2 USBs) - with the downloaded bitaddress.org.html.

What I did:
- downloaded bitaddress.org.html
- shut down internet connection
- think about a good, strong password, which is easy to remember (first letters of your all time favarite song)
...

Please. This is extremely insecure. Attackers are using huge databases including any song titles, initials, lyrics, or exotic poems that you might think of.  If you really want to go with a "brainwallet" make sure to generate one with provably sufficient entropy. How do you do that?

Use NoBrainr, for instance: only 30 lines of code so very easy to review, very robust, and runs 100% locally.

Main thread is at https://bitcointalk.org/index.php?topic=308972.0

Hm sorry, I have no idea about the use of your tool. What will I do with this pass phrase? How will I get the private key from this? Would u reommend such a tool to a non programmer?


I aware that attackers could use big databases with lyrics and that stuff. But if I use the first letters of my favorite song:
- how many words do I use? Ok, between 10 and 20 seems reasonable. factor 10
- where do I start? It depends, how "intelligent" this database is. Can it say, where the chorus begins? Or verses? Factor 5. (some songs have no Chorus)
- at least 2 numbers + another sign (example: first number -> number of members of the band, second: year of appearance backwards, separated by two pipes ): factor 1000

Just to be more safe: use the letters backwards, or add to every letter one in the alphabet.

-> this is a more than secure password. But feel free to use your favorite scene in a movie to do this

But why would you put yourself to that risk when you can use something like Diceware? Humans suck at choosing passwords!

http://world.std.com/~reinhold/diceware.html

[justusranvier]

Raw tx? What's so hard about saving file  to USB > go to/reboot to offline Ubuntu > open file > click > save > go back to online PC > click. Done.

moderate is being disingenuous.

Electrum has a feature they call raw transactions (which is similar to Armory's offline transactions), but it's not the same as Bitcoin-Qt's support for raw transactions via RPC.

[moderate]

Raw tx? What's so hard about saving file  to USB > go to/reboot to offline Ubuntu > open file > click > save > go back to online PC > click. Done.

moderate is being disingenuous.

Electrum has a feature they call raw transactions (which is similar to Armory's offline transactions), but it's not the same as Bitcoin-Qt's support for raw transactions via RPC.

disingenuous ??

You seem to think GUIs are somehow magical. It cannot be different from what the standard client does, otherwise the network would reject the transaction. Look at https://github.com/spesmilo/electrum/blob/master/docs/offline_wallets for an example using electrum but without a GUI, why do you insist so much in calling me names ?

[cshelswell]

I'd been starting to get a bit panicky over storage too. At the moment I still want access to some coins. I've set what I consider to be a pretty strong password and I'm using multibit on a mac. I presume multibit is reasonably good?