Bitcoin Forum
March 29, 2024, 02:07:12 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 ... 112 »
  Print  
Author Topic: Trust No One  (Read 161183 times)
coineta.com
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile WWW
May 23, 2012, 11:01:20 PM
 #441

What if you forget one of your 25+ random characters passwords? Then how would you get your bitcoins back?

+1 extremely paranoid here too.

Besides "trust no one", I also like to stress: NO compromise when it comes to securing your bitcoins.

Here's what I do:

I have a dedicated VirtualBox VM with Ubuntu which I only use to run the Bitcoin client. I use an encrypted wallet. I store this wallet in a small truecrypt container (inside the VM). Furthermore the VM itself (well, the .vdi disk image containing the actual data) is inside a truecrypt container on the host machine.

I also make sure to have frequent remote backups (in case my house burns down, my PC gets stolen, the FBI takes it, whatever). After every few transactions, I compress the truecrypt container (I mean the small one inside the VM which contains just the wallet) using 7-zip with AES-256 encryption, and send this .7z to three webmail addresses (one yahoo, one hotmail, one gmail).

All passwords (for the truecrypt volumes and the encrypted wallet and the 7-zip archive etc) are 25+ random characters.
The passwords are stored in KeePass (and in the truecrypt mount and backup scripts in the VM so I never have to fill them in manually, except when I'd need to restore a backup).

I will not get f*cked. Smiley
1711678032
Hero Member
*
Offline Offline

Posts: 1711678032

View Profile Personal Message (Offline)

Ignore
1711678032
Reply with quote  #2

1711678032
Report to moderator
1711678032
Hero Member
*
Offline Offline

Posts: 1711678032

View Profile Personal Message (Offline)

Ignore
1711678032
Reply with quote  #2

1711678032
Report to moderator
The Bitcoin network protocol was designed to be extremely flexible. It can be used to create timed transactions, escrow transactions, multi-signature transactions, etc. The current features of the client only hint at what will be possible in the future.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001



View Profile
May 23, 2012, 11:23:42 PM
 #442

What if you forget one of your 25+ random characters passwords? Then how would you get your bitcoins back?
The passwords are stored in KeePass

And KeePass is protected with one Master password which is impossible to guess or bruteforce, but very easy (for me) to remember.
It looks like bd9x2G5!27cjEYd5v6k, but different Smiley I only remember this particular password though. I wouldn't trust myself on having to remember more passwords like that one myself (that's what KeePass is for).

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
JulioGonzo
Newbie
*
Offline Offline

Activity: 6
Merit: 0


View Profile
May 24, 2012, 08:03:58 PM
 #443

I agree
d6d4d59
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
May 25, 2012, 07:17:55 AM
 #444

is ur password a hash?
hashing "ilovemymommy" gives you an incredibly hard to crack password, butis pretty easy to remember (you love your momma and the hashing algorithm)
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001



View Profile
May 25, 2012, 08:53:48 AM
 #445

is ur password a hash?
hashing "ilovemymommy" gives you an incredibly hard to crack password, butis pretty easy to remember (you love your momma and the hashing algorithm)
No, this is actually easy to brute force. Such tricks are common.

If "ilovemymommy" is a bad password (and it is), then so is hash("ilovemymommy"). In fact its md5 appears in several open dictionaries already (example).

What I'm doing is somewhat like this: I take memorable sentence, for example Old Mac Donald Had a Farm. Then I pick only the last and first letter of each word: dOcMdDdHamF.
But slightly more complicated (for my actual password I use two sentences, with some numbers and strange 'slang words' that only make sense to me).

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
kaurdump
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
May 25, 2012, 03:37:21 PM
 #446

not even my own mother?
malevolent
can into space
Legendary
*
Offline Offline

Activity: 3472
Merit: 1721



View Profile
May 26, 2012, 07:25:07 PM
 #447


What I'm doing is somewhat like this: I take memorable sentence, for example Old Mac Donald Had a Farm. Then I pick only the last and first letter of each word: dOcMdDdHamF.
But slightly more complicated (for my actual password I use two sentences, with some numbers and strange 'slang words' that only make sense to me).


You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password  Tongue

Signature space available for rent.
crouslai
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
May 28, 2012, 03:04:24 PM
 #448


What I'm doing is somewhat like this: I take memorable sentence, for example Old Mac Donald Had a Farm. Then I pick only the last and first letter of each word: dOcMdDdHamF.
But slightly more complicated (for my actual password I use two sentences, with some numbers and strange 'slang words' that only make sense to me).


You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password  Tongue

+1
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001



View Profile
May 29, 2012, 10:15:05 AM
 #449

You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password  Tongue
Well, my addition was not true either (or was it? you never know!)
It was just for demonstration purposes.

Either way, I'm willing to bet a million BTC that even if I would reveal the actual basic construction of my password to anyone (which I won't), they wouldn't be able to guess/hack/crack/bruteforce it in a lifetime Smiley

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
QiVX
Member
**
Offline Offline

Activity: 81
Merit: 10



View Profile
May 29, 2012, 11:36:55 AM
 #450

Very informative guide.
Simple rule of thumb, if it's too good to be true, it probably isn't true!
malevolent
can into space
Legendary
*
Offline Offline

Activity: 3472
Merit: 1721



View Profile
May 29, 2012, 03:53:58 PM
 #451

You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password  Tongue
Well, my addition was not true either (or was it? you never know!)
It was just for demonstration purposes.
Either way, I'm willing to bet a million BTC that even if I would reveal the actual basic construction of my password to anyone (which I won't), they wouldn't be able to guess/hack/crack/bruteforce it in a lifetime Smiley

Well you still have given little info but search results are definitely narrowed. Now assuming there was someone who knew you personally outside the forums that person would have easier work.

Signature space available for rent.
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001



View Profile
May 29, 2012, 05:09:53 PM
 #452

Well you still have given little info but search results are definitely narrowed. Now assuming there was someone who knew you personally outside the forums that person would have easier work.
I dare to say they wouldn't Smiley
(But just in case, I'm not posting under my real name)

But just for clarity I'd like to summarize the idea behind this kind of password management again:

1. Have ONE unique, strong, long, master password, that is easy to remember (for you) yet incredibly difficult to guess for others (even people who know you personally) or brute force by dictionary attacks and common variations (mixing upper/lower case, 1337 speak, etc).
Just as examples, consider the xkcd comic about password strength (but more complex, that one is actually easy to brute force) or the points I mentioned above.
The name of your dog or mother + your birth year is NOT a good password.

2. For any account, email address, bitcoin wallet, encrypted drive, login, and anything else, use a unique, randomly generated (thus very hard to remember and impossible to guess) password. Store these passwords with KeePass or a similar solution (for example a .txt file inside a truecrypt container).

3. Protect (as in, encrypt) these passwords with the master password from step 1, the idea is your passwords should NEVER be stored in plaintext anywhere. And make sure to backup your password database (typically just a single data file or truecrypt container) regularly, to a remote location. Automatic backup solutions such as Dropbox can also help here.

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
drewsonlinenow
Newbie
*
Offline Offline

Activity: 10
Merit: 0


View Profile
May 29, 2012, 09:50:27 PM
 #453

gotta be careful!
burnside
Legendary
*
Offline Offline

Activity: 1106
Merit: 1004


Lead Blockchain Developer


View Profile WWW
May 30, 2012, 09:49:44 PM
 #454

Don't run windows.
wirmola
Member
**
Offline Offline

Activity: 111
Merit: 10


View Profile
June 01, 2012, 09:43:22 AM
 #455

well I 've got my coins stolen from BITCOINICA... no more trusting... Now I need to make sum new coins.. Huh
Jouke
Sr. Member
****
Offline Offline

Activity: 426
Merit: 250



View Profile WWW
June 01, 2012, 11:08:34 AM
 #456

The legislation in countries are very harsh, if a company doesn't have some sort of legislation it will be taken down.

Koop en verkoop snel en veilig bitcoins via iDeal op Bitonic.nl
Kazimir
Legendary
*
Offline Offline

Activity: 1176
Merit: 1001



View Profile
June 01, 2012, 11:52:47 AM
 #457

The legislation in countries are very harsh, if a company doesn't have some sort of legislation it will be taken down.
What company? What country? Not sure what you're talking about. Remember, Bitcoin is not a company, and it's not related to any country.

And it cannot be taken down. Bitcoin is simply a world wide P2P network consisting of hundreds of thousands (and growing) random users all over the world. Exactly who or what do you think they could 'take down'?

Well, they'll have to shut down the entire internet. Not gonna happen (and if it does, regular banks will be f*cked just as much).

In theory, there's no difference between theory and practice. In practice, there is.
Insert coin(s): 1KazimirL9MNcnFnoosGrEkmMsbYLxPPob
nolo200
Member
**
Offline Offline

Activity: 98
Merit: 10



View Profile
June 02, 2012, 11:11:54 PM
 #458

Good guide.  I don't know if anyone mentioned it here, but definitely don't trust bitcoins with Paypal!
ryangetzlaf
Newbie
*
Offline Offline

Activity: 36
Merit: 0



View Profile
June 03, 2012, 08:19:43 AM
 #459

Great advice!
btcftw
Newbie
*
Offline Offline

Activity: 29
Merit: 0



View Profile
June 04, 2012, 10:07:45 AM
 #460

Well you still have given little info but search results are definitely narrowed. Now assuming there was someone who knew you personally outside the forums that person would have easier work.
I dare to say they wouldn't Smiley
(But just in case, I'm not posting under my real name)

But just for clarity I'd like to summarize the idea behind this kind of password management again:

1. Have ONE unique, strong, long, master password, that is easy to remember (for you) yet incredibly difficult to guess for others (even people who know you personally) or brute force by dictionary attacks and common variations (mixing upper/lower case, 1337 speak, etc).
Just as examples, consider the xkcd comic about password strength (but more complex, that one is actually easy to brute force) or the points I mentioned above.
The name of your dog or mother + your birth year is NOT a good password.

2. For any account, email address, bitcoin wallet, encrypted drive, login, and anything else, use a unique, randomly generated (thus very hard to remember and impossible to guess) password. Store these passwords with KeePass or a similar solution (for example a .txt file inside a truecrypt container).

3. Protect (as in, encrypt) these passwords with the master password from step 1, the idea is your passwords should NEVER be stored in plaintext anywhere. And make sure to backup your password database (typically just a single data file or truecrypt container) regularly, to a remote location. Automatic backup solutions such as Dropbox can also help here.


I like when there is a plan. And this looks like a really good set of instructions to keep in mind. Thank you.

Coming to the topic of trust no one, I disagree, we do have to trust at some time. And trusting people offline and online is kinda similar. I think of it as getting as much information as possible on the people that you want to trust and in the end going with your gut feeling.
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [23] 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 ... 112 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!