Bitcoin Forum
December 05, 2016, 09:02:02 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 ... 115 »
  Print  
Author Topic: Trust No One  (Read 143039 times)
Conch
Newbie
*
Offline Offline

Activity: 14


BTC Newbie.


View Profile
May 20, 2012, 08:15:37 PM
 #441

Interesting read, seems a bit drastic. I usually generate all my password randomly and keep them all inside a master key in my web browser, and the ones I use most, I physically write them down in a notepad then lock it away somewhere so no one else can look at it - No one looks at it anyway as I have no friends in real life Tongue and I trust my family members.

I'll definitely use this advice though, thanks! Smiley

Learning The BitCoin-Fu. - Feel Free To Add Me On Google+ Smiley
https://plus.google.com/u/0/113655759952844990389/posts
1480971722
Hero Member
*
Offline Offline

Posts: 1480971722

View Profile Personal Message (Offline)

Ignore
1480971722
Reply with quote  #2

1480971722
Report to moderator
1480971722
Hero Member
*
Offline Offline

Posts: 1480971722

View Profile Personal Message (Offline)

Ignore
1480971722
Reply with quote  #2

1480971722
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480971722
Hero Member
*
Offline Offline

Posts: 1480971722

View Profile Personal Message (Offline)

Ignore
1480971722
Reply with quote  #2

1480971722
Report to moderator
coineta.com
Newbie
*
Offline Offline

Activity: 14


View Profile WWW
May 21, 2012, 02:24:15 AM
 #442

You can try the site that I am working on www.coineta.com to exchange funds using Paypal. I might add support for Payza in near future


I recently got this offer. Does it seem legit?

Quote
Im looking for AP(Alertypay but now known as payza) funds, if you could deposit with your card into your own payza.com account, we could do the exchange either with exchangezone.com or whatever other method you would prefer.

I will do the exchange at face value with no fees above the 2.5% + 25c receiver fee I would pay from receiving AP funds from you. Send me PM or reply in this thread if interested and we can figure something out.
ilovethisshit
Newbie
*
Offline Offline

Activity: 11


View Profile
May 22, 2012, 04:36:04 PM
 #443

Wow. Your password ideas suggest deep paranoia. Warranted perhaps?
nastyone
Newbie
*
Offline Offline

Activity: 10


View Profile
May 23, 2012, 02:56:10 AM
 #444

Seriously. Don't trust the exchanges, don't trust online wallet services, don't trust your anti-virus software, and don't trust anybody online.

If you absolutely must trust someone with your bitcoins, for the love, choose carefully!

  • Do you know their full name?
  • Do you know where they are located?
  • Have they demonstrated trustworthiness in the past?
  • Are they asking you to trust them? (red flag)
  • Do they have insurance?

Insurance? Impossible, you say. Not so!

When I needed people to trust me to hold bitcoins for a contest, I deposited 50 bitcoins as a bond with a well-respected forum member, so that even if I did something stupid and lost people's money, they would still be reimbursed. You can read about it here: http://bitcointalk.org/index.php?topic=10008.0

Consider carefully who you will trust. With bitcoins, elaborate scams may be profitable. For instance, someone may develop trust for their user name over many months with small transactions on this forum, then take advantage of that trust to make off with a lot of money. Such a scam would only be worth doing on this forum. No other forum in the world would be worth the effort.

If you want someone to hold your bitcoins for you, there are NO online services that have the transparency and security to make me comfortable using them for storing bitcoins for more than a short time in small amounts. The only way to do it is like I did - choose someone whom you believe to be trustworthy, and approach them. If they approach you, or in any way say or insinuate that they are a trustworthy person to hold your coins, STAY AWAY.

If you are thinking that I might not be trustworthy, since I am writing this post about the issue, you are approaching the appropriate level of paranoia.

If you want to store your bitcoins with maximum security, there are lots of resources about how to do it, such as this: https://en.bitcoin.it/wiki/Securing_your_wallet

Here's my summary:

1. Put all your coins in a new wallet that has never connected to the network
2. Encrypt that wallet with the maximum security you can find, using the most secure password you can keep track of
3. Delete the plaintext wallet, and distribute the encrypted wallet to every piece of physical media you own, store it online, and send it to several people you trust

Don't think you can generate and remember a secure enough password? Create a super-long password, and store clues to help you remember it. For instance, your password clue file might say:

My standard password + My throwaway password (backwards, all caps) + &#$%@ + First two sentences of first paragraph of page 19 of my favorite book (include all capitalization and punctuation) + My wife's mother's middle name + My son's favorite superhero + My favorite number times 8734 + food my wife hates (backwards, all caps) + 9-digit number stored with my paper will + 10-character password stored in my safety deposit box + . . . .

You can go on in this way to create as long a password as you want. Store this password clue file with your encrypted wallet, and optionally encrypt both with a simple standard password to keep out snoopers.

In this way, not only can you recover your coins from your "savings account" at a later date, if you get hit by a chicken truck tomorrow and die, your loved ones can probably piece together your password and recover the coins too (better make sure you trust them, and that between them they have or can get the answers to those clues).

I recommend that you practice your wallet encryption and recovery a few times with a small number of coins, until you are very comfortable with the process before you try it with the bulk of your savings.

And remember, this is how most bitcoins services get started:

https://lh3.googleusercontent.com/-lgm4poF3JWE/TgsHwby-BlI/AAAAAAAADwQ/twan94HT6p4/020.jpg

Comic from: http://bitcointalk.org/index.php?topic=13903.0

The only one I trust is my son.
maestrodo
Newbie
*
Offline Offline

Activity: 2


View Profile
May 23, 2012, 10:11:06 AM
 #445

Good advice,

I do like the idea of trusting people on their reputation though, but were to start off to build a reputation.

Greets,
Samor
Newbie
*
Offline Offline

Activity: 8


View Profile
May 23, 2012, 07:01:16 PM
 #446

I think it depends how much funds do you have. I often engage in transactions where
I'm fully prepared to loose the funds involved. If the transaction would be too large
for me to allow such loss, I try to split it in smaller parts. Surprisingly, I have met very
few scammers.
Kazimir
Legendary
*
Offline Offline

Activity: 1036



View Profile
May 23, 2012, 10:50:55 PM
 #447

+1 extremely paranoid here too.

Besides "trust no one", I also like to stress: NO compromise when it comes to securing your bitcoins.

Here's what I do:

I have a dedicated VirtualBox VM with Ubuntu which I only use to run the Bitcoin client. I use an encrypted wallet. I store this wallet in a small truecrypt container (inside the VM). Furthermore the VM itself (well, the .vdi disk image containing the actual data) is inside a truecrypt container on the host machine.

I also make sure to have frequent remote backups (in case my house burns down, my PC gets stolen, the FBI takes it, whatever). After every few transactions, I compress the truecrypt container (I mean the small one inside the VM which contains just the wallet) using 7-zip with AES-256 encryption, and send this .7z to three webmail addresses (one yahoo, one hotmail, one gmail).

All passwords (for the truecrypt volumes and the encrypted wallet and the 7-zip archive etc) are 25+ random characters.
The passwords are stored in KeePass (and in the truecrypt mount and backup scripts in the VM so I never have to fill them in manually, except when I'd need to restore a backup).

I will not get f*cked. Smiley

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
coineta.com
Newbie
*
Offline Offline

Activity: 14


View Profile WWW
May 23, 2012, 11:01:20 PM
 #448

What if you forget one of your 25+ random characters passwords? Then how would you get your bitcoins back?

+1 extremely paranoid here too.

Besides "trust no one", I also like to stress: NO compromise when it comes to securing your bitcoins.

Here's what I do:

I have a dedicated VirtualBox VM with Ubuntu which I only use to run the Bitcoin client. I use an encrypted wallet. I store this wallet in a small truecrypt container (inside the VM). Furthermore the VM itself (well, the .vdi disk image containing the actual data) is inside a truecrypt container on the host machine.

I also make sure to have frequent remote backups (in case my house burns down, my PC gets stolen, the FBI takes it, whatever). After every few transactions, I compress the truecrypt container (I mean the small one inside the VM which contains just the wallet) using 7-zip with AES-256 encryption, and send this .7z to three webmail addresses (one yahoo, one hotmail, one gmail).

All passwords (for the truecrypt volumes and the encrypted wallet and the 7-zip archive etc) are 25+ random characters.
The passwords are stored in KeePass (and in the truecrypt mount and backup scripts in the VM so I never have to fill them in manually, except when I'd need to restore a backup).

I will not get f*cked. Smiley
Kazimir
Legendary
*
Offline Offline

Activity: 1036



View Profile
May 23, 2012, 11:23:42 PM
 #449

What if you forget one of your 25+ random characters passwords? Then how would you get your bitcoins back?
The passwords are stored in KeePass

And KeePass is protected with one Master password which is impossible to guess or bruteforce, but very easy (for me) to remember.
It looks like bd9x2G5!27cjEYd5v6k, but different Smiley I only remember this particular password though. I wouldn't trust myself on having to remember more passwords like that one myself (that's what KeePass is for).

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
JulioGonzo
Newbie
*
Offline Offline

Activity: 6


View Profile
May 24, 2012, 08:03:58 PM
 #450

I agree
d6d4d59
Newbie
*
Offline Offline

Activity: 18


View Profile
May 25, 2012, 07:17:55 AM
 #451

is ur password a hash?
hashing "ilovemymommy" gives you an incredibly hard to crack password, butis pretty easy to remember (you love your momma and the hashing algorithm)
Kazimir
Legendary
*
Offline Offline

Activity: 1036



View Profile
May 25, 2012, 08:53:48 AM
 #452

is ur password a hash?
hashing "ilovemymommy" gives you an incredibly hard to crack password, butis pretty easy to remember (you love your momma and the hashing algorithm)
No, this is actually easy to brute force. Such tricks are common.

If "ilovemymommy" is a bad password (and it is), then so is hash("ilovemymommy"). In fact its md5 appears in several open dictionaries already (example).

What I'm doing is somewhat like this: I take memorable sentence, for example Old Mac Donald Had a Farm. Then I pick only the last and first letter of each word: dOcMdDdHamF.
But slightly more complicated (for my actual password I use two sentences, with some numbers and strange 'slang words' that only make sense to me).

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
kaurdump
Newbie
*
Offline Offline

Activity: 17


View Profile
May 25, 2012, 03:37:21 PM
 #453

not even my own mother?

BTC: 18nErDyDaPhbtYzCoHEWqq14aP7WK6w1Cf
malevolent
can into space
Staff
Legendary
*
Offline Offline

Activity: 1624



View Profile
May 26, 2012, 07:25:07 PM
 #454


What I'm doing is somewhat like this: I take memorable sentence, for example Old Mac Donald Had a Farm. Then I pick only the last and first letter of each word: dOcMdDdHamF.
But slightly more complicated (for my actual password I use two sentences, with some numbers and strange 'slang words' that only make sense to me).


You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password  Tongue
crouslai
Newbie
*
Offline Offline

Activity: 6


View Profile
May 28, 2012, 03:04:24 PM
 #455


What I'm doing is somewhat like this: I take memorable sentence, for example Old Mac Donald Had a Farm. Then I pick only the last and first letter of each word: dOcMdDdHamF.
But slightly more complicated (for my actual password I use two sentences, with some numbers and strange 'slang words' that only make sense to me).


You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password  Tongue

+1
Kazimir
Legendary
*
Offline Offline

Activity: 1036



View Profile
May 29, 2012, 10:15:05 AM
 #456

You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password  Tongue
Well, my addition was not true either (or was it? you never know!)
It was just for demonstration purposes.

Either way, I'm willing to bet a million BTC that even if I would reveal the actual basic construction of my password to anyone (which I won't), they wouldn't be able to guess/hack/crack/bruteforce it in a lifetime Smiley

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
QiVX
Member
**
Offline Offline

Activity: 81



View Profile
May 29, 2012, 11:36:55 AM
 #457

Very informative guide.
Simple rule of thumb, if it's too good to be true, it probably isn't true!
malevolent
can into space
Staff
Legendary
*
Offline Offline

Activity: 1624



View Profile
May 29, 2012, 03:53:58 PM
 #458

You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password  Tongue
Well, my addition was not true either (or was it? you never know!)
It was just for demonstration purposes.
Either way, I'm willing to bet a million BTC that even if I would reveal the actual basic construction of my password to anyone (which I won't), they wouldn't be able to guess/hack/crack/bruteforce it in a lifetime Smiley

Well you still have given little info but search results are definitely narrowed. Now assuming there was someone who knew you personally outside the forums that person would have easier work.
Kazimir
Legendary
*
Offline Offline

Activity: 1036



View Profile
May 29, 2012, 05:09:53 PM
 #459

Well you still have given little info but search results are definitely narrowed. Now assuming there was someone who knew you personally outside the forums that person would have easier work.
I dare to say they wouldn't Smiley
(But just in case, I'm not posting under my real name)

But just for clarity I'd like to summarize the idea behind this kind of password management again:

1. Have ONE unique, strong, long, master password, that is easy to remember (for you) yet incredibly difficult to guess for others (even people who know you personally) or brute force by dictionary attacks and common variations (mixing upper/lower case, 1337 speak, etc).
Just as examples, consider the xkcd comic about password strength (but more complex, that one is actually easy to brute force) or the points I mentioned above.
The name of your dog or mother + your birth year is NOT a good password.

2. For any account, email address, bitcoin wallet, encrypted drive, login, and anything else, use a unique, randomly generated (thus very hard to remember and impossible to guess) password. Store these passwords with KeePass or a similar solution (for example a .txt file inside a truecrypt container).

3. Protect (as in, encrypt) these passwords with the master password from step 1, the idea is your passwords should NEVER be stored in plaintext anywhere. And make sure to backup your password database (typically just a single data file or truecrypt container) regularly, to a remote location. Automatic backup solutions such as Dropbox can also help here.

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
drewsonlinenow
Newbie
*
Offline Offline

Activity: 10


View Profile
May 29, 2012, 09:50:27 PM
 #460

gotta be careful!
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 ... 115 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!