Bitcoin Forum
September 25, 2020, 08:00:02 PM *
News: Latest Bitcoin Core release: 0.20.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 ... 113 »
  Print  
Author Topic: Trust No One  (Read 160636 times)
nastyone
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
May 23, 2012, 02:56:10 AM
 #441

Seriously. Don't trust the exchanges, don't trust online wallet services, don't trust your anti-virus software, and don't trust anybody online.

If you absolutely must trust someone with your bitcoins, for the love, choose carefully!

  • Do you know their full name?
  • Do you know where they are located?
  • Have they demonstrated trustworthiness in the past?
  • Are they asking you to trust them? (red flag)
  • Do they have insurance?

Insurance? Impossible, you say. Not so!

When I needed people to trust me to hold bitcoins for a contest, I deposited 50 bitcoins as a bond with a well-respected forum member, so that even if I did something stupid and lost people's money, they would still be reimbursed. You can read about it here: http://bitcointalk.org/index.php?topic=10008.0

Consider carefully who you will trust. With bitcoins, elaborate scams may be profitable. For instance, someone may develop trust for their user name over many months with small transactions on this forum, then take advantage of that trust to make off with a lot of money. Such a scam would only be worth doing on this forum. No other forum in the world would be worth the effort.

If you want someone to hold your bitcoins for you, there are NO online services that have the transparency and security to make me comfortable using them for storing bitcoins for more than a short time in small amounts. The only way to do it is like I did - choose someone whom you believe to be trustworthy, and approach them. If they approach you, or in any way say or insinuate that they are a trustworthy person to hold your coins, STAY AWAY.

If you are thinking that I might not be trustworthy, since I am writing this post about the issue, you are approaching the appropriate level of paranoia.

If you want to store your bitcoins with maximum security, there are lots of resources about how to do it, such as this: https://en.bitcoin.it/wiki/Securing_your_wallet

Here's my summary:

1. Put all your coins in a new wallet that has never connected to the network
2. Encrypt that wallet with the maximum security you can find, using the most secure password you can keep track of
3. Delete the plaintext wallet, and distribute the encrypted wallet to every piece of physical media you own, store it online, and send it to several people you trust

Don't think you can generate and remember a secure enough password? Create a super-long password, and store clues to help you remember it. For instance, your password clue file might say:

My standard password + My throwaway password (backwards, all caps) + &#$%@ + First two sentences of first paragraph of page 19 of my favorite book (include all capitalization and punctuation) + My wife's mother's middle name + My son's favorite superhero + My favorite number times 8734 + food my wife hates (backwards, all caps) + 9-digit number stored with my paper will + 10-character password stored in my safety deposit box + . . . .

You can go on in this way to create as long a password as you want. Store this password clue file with your encrypted wallet, and optionally encrypt both with a simple standard password to keep out snoopers.

In this way, not only can you recover your coins from your "savings account" at a later date, if you get hit by a chicken truck tomorrow and die, your loved ones can probably piece together your password and recover the coins too (better make sure you trust them, and that between them they have or can get the answers to those clues).

I recommend that you practice your wallet encryption and recovery a few times with a small number of coins, until you are very comfortable with the process before you try it with the bulk of your savings.

And remember, this is how most bitcoins services get started:

https://lh3.googleusercontent.com/-lgm4poF3JWE/TgsHwby-BlI/AAAAAAAADwQ/twan94HT6p4/020.jpg

Comic from: http://bitcointalk.org/index.php?topic=13903.0

The only one I trust is my son.
1601064002
Hero Member
*
Offline Offline

Posts: 1601064002

View Profile Personal Message (Offline)

Ignore
1601064002
Reply with quote  #2

1601064002
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1601064002
Hero Member
*
Offline Offline

Posts: 1601064002

View Profile Personal Message (Offline)

Ignore
1601064002
Reply with quote  #2

1601064002
Report to moderator
1601064002
Hero Member
*
Offline Offline

Posts: 1601064002

View Profile Personal Message (Offline)

Ignore
1601064002
Reply with quote  #2

1601064002
Report to moderator
maestrodo
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
May 23, 2012, 10:11:06 AM
 #442

Good advice,

I do like the idea of trusting people on their reputation though, but were to start off to build a reputation.

Greets,
Samor
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
May 23, 2012, 07:01:16 PM
 #443

I think it depends how much funds do you have. I often engage in transactions where
I'm fully prepared to loose the funds involved. If the transaction would be too large
for me to allow such loss, I try to split it in smaller parts. Surprisingly, I have met very
few scammers.
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1000



View Profile
May 23, 2012, 10:50:55 PM
 #444

+1 extremely paranoid here too.

Besides "trust no one", I also like to stress: NO compromise when it comes to securing your bitcoins.

Here's what I do:

I have a dedicated VirtualBox VM with Ubuntu which I only use to run the Bitcoin client. I use an encrypted wallet. I store this wallet in a small truecrypt container (inside the VM). Furthermore the VM itself (well, the .vdi disk image containing the actual data) is inside a truecrypt container on the host machine.

I also make sure to have frequent remote backups (in case my house burns down, my PC gets stolen, the FBI takes it, whatever). After every few transactions, I compress the truecrypt container (I mean the small one inside the VM which contains just the wallet) using 7-zip with AES-256 encryption, and send this .7z to three webmail addresses (one yahoo, one hotmail, one gmail).

All passwords (for the truecrypt volumes and the encrypted wallet and the 7-zip archive etc) are 25+ random characters.
The passwords are stored in KeePass (and in the truecrypt mount and backup scripts in the VM so I never have to fill them in manually, except when I'd need to restore a backup).

I will not get f*cked. Smiley

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
coineta.com
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile WWW
May 23, 2012, 11:01:20 PM
 #445

What if you forget one of your 25+ random characters passwords? Then how would you get your bitcoins back?

+1 extremely paranoid here too.

Besides "trust no one", I also like to stress: NO compromise when it comes to securing your bitcoins.

Here's what I do:

I have a dedicated VirtualBox VM with Ubuntu which I only use to run the Bitcoin client. I use an encrypted wallet. I store this wallet in a small truecrypt container (inside the VM). Furthermore the VM itself (well, the .vdi disk image containing the actual data) is inside a truecrypt container on the host machine.

I also make sure to have frequent remote backups (in case my house burns down, my PC gets stolen, the FBI takes it, whatever). After every few transactions, I compress the truecrypt container (I mean the small one inside the VM which contains just the wallet) using 7-zip with AES-256 encryption, and send this .7z to three webmail addresses (one yahoo, one hotmail, one gmail).

All passwords (for the truecrypt volumes and the encrypted wallet and the 7-zip archive etc) are 25+ random characters.
The passwords are stored in KeePass (and in the truecrypt mount and backup scripts in the VM so I never have to fill them in manually, except when I'd need to restore a backup).

I will not get f*cked. Smiley
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1000



View Profile
May 23, 2012, 11:23:42 PM
 #446

What if you forget one of your 25+ random characters passwords? Then how would you get your bitcoins back?
The passwords are stored in KeePass

And KeePass is protected with one Master password which is impossible to guess or bruteforce, but very easy (for me) to remember.
It looks like bd9x2G5!27cjEYd5v6k, but different Smiley I only remember this particular password though. I wouldn't trust myself on having to remember more passwords like that one myself (that's what KeePass is for).

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
JulioGonzo
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
May 24, 2012, 08:03:58 PM
 #447

I agree
d6d4d59
Newbie
*
Offline Offline

Activity: 18
Merit: 0


View Profile
May 25, 2012, 07:17:55 AM
 #448

is ur password a hash?
hashing "ilovemymommy" gives you an incredibly hard to crack password, butis pretty easy to remember (you love your momma and the hashing algorithm)
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1000



View Profile
May 25, 2012, 08:53:48 AM
 #449

is ur password a hash?
hashing "ilovemymommy" gives you an incredibly hard to crack password, butis pretty easy to remember (you love your momma and the hashing algorithm)
No, this is actually easy to brute force. Such tricks are common.

If "ilovemymommy" is a bad password (and it is), then so is hash("ilovemymommy"). In fact its md5 appears in several open dictionaries already (example).

What I'm doing is somewhat like this: I take memorable sentence, for example Old Mac Donald Had a Farm. Then I pick only the last and first letter of each word: dOcMdDdHamF.
But slightly more complicated (for my actual password I use two sentences, with some numbers and strange 'slang words' that only make sense to me).

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
kaurdump
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
May 25, 2012, 03:37:21 PM
 #450

not even my own mother?
malevolent
can into space
Staff
Legendary
*
Offline Offline

Activity: 2702
Merit: 1455



View Profile
May 26, 2012, 07:25:07 PM
 #451


What I'm doing is somewhat like this: I take memorable sentence, for example Old Mac Donald Had a Farm. Then I pick only the last and first letter of each word: dOcMdDdHamF.
But slightly more complicated (for my actual password I use two sentences, with some numbers and strange 'slang words' that only make sense to me).


You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password  Tongue

crouslai
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
May 28, 2012, 03:04:24 PM
 #452


What I'm doing is somewhat like this: I take memorable sentence, for example Old Mac Donald Had a Farm. Then I pick only the last and first letter of each word: dOcMdDdHamF.
But slightly more complicated (for my actual password I use two sentences, with some numbers and strange 'slang words' that only make sense to me).


You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password  Tongue

+1
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1000



View Profile
May 29, 2012, 10:15:05 AM
 #453

You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password  Tongue
Well, my addition was not true either (or was it? you never know!)
It was just for demonstration purposes.

Either way, I'm willing to bet a million BTC that even if I would reveal the actual basic construction of my password to anyone (which I won't), they wouldn't be able to guess/hack/crack/bruteforce it in a lifetime Smiley

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
QiVX
Member
**
Offline Offline

Activity: 81
Merit: 10



View Profile
May 29, 2012, 11:36:55 AM
 #454

Very informative guide.
Simple rule of thumb, if it's too good to be true, it probably isn't true!
malevolent
can into space
Staff
Legendary
*
Offline Offline

Activity: 2702
Merit: 1455



View Profile
May 29, 2012, 03:53:58 PM
 #455

You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password  Tongue
Well, my addition was not true either (or was it? you never know!)
It was just for demonstration purposes.
Either way, I'm willing to bet a million BTC that even if I would reveal the actual basic construction of my password to anyone (which I won't), they wouldn't be able to guess/hack/crack/bruteforce it in a lifetime Smiley

Well you still have given little info but search results are definitely narrowed. Now assuming there was someone who knew you personally outside the forums that person would have easier work.

Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1000



View Profile
May 29, 2012, 05:09:53 PM
 #456

Well you still have given little info but search results are definitely narrowed. Now assuming there was someone who knew you personally outside the forums that person would have easier work.
I dare to say they wouldn't Smiley
(But just in case, I'm not posting under my real name)

But just for clarity I'd like to summarize the idea behind this kind of password management again:

1. Have ONE unique, strong, long, master password, that is easy to remember (for you) yet incredibly difficult to guess for others (even people who know you personally) or brute force by dictionary attacks and common variations (mixing upper/lower case, 1337 speak, etc).
Just as examples, consider the xkcd comic about password strength (but more complex, that one is actually easy to brute force) or the points I mentioned above.
The name of your dog or mother + your birth year is NOT a good password.

2. For any account, email address, bitcoin wallet, encrypted drive, login, and anything else, use a unique, randomly generated (thus very hard to remember and impossible to guess) password. Store these passwords with KeePass or a similar solution (for example a .txt file inside a truecrypt container).

3. Protect (as in, encrypt) these passwords with the master password from step 1, the idea is your passwords should NEVER be stored in plaintext anywhere. And make sure to backup your password database (typically just a single data file or truecrypt container) regularly, to a remote location. Automatic backup solutions such as Dropbox can also help here.

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
drewsonlinenow
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
May 29, 2012, 09:50:27 PM
 #457

gotta be careful!
burnside
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004


Lead Blockchain Developer


View Profile WWW
May 30, 2012, 09:49:44 PM
 #458

Don't run windows.
wirmola
Member
**
Offline Offline

Activity: 111
Merit: 10


View Profile
June 01, 2012, 09:43:22 AM
 #459

well I 've got my coins stolen from BITCOINICA... no more trusting... Now I need to make sum new coins.. Huh
Jouke
Sr. Member
****
Offline Offline

Activity: 426
Merit: 250



View Profile WWW
June 01, 2012, 11:08:34 AM
 #460

The legislation in countries are very harsh, if a company doesn't have some sort of legislation it will be taken down.

Koop en verkoop snel en veilig bitcoins via iDeal op Bitonic.nl
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 ... 113 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!