Is my qt wallet .dat file secure?

[raskolnikovx]

I need some opinions on this.
The thing is that I wanna be able to store my .dat file in places like dropbox because I wanna a local hardware massive failure recovery plan.
This is what I am doing right now with my backup file (I am using Debian)

1) Get the file
2) Zip the file with password (zip --password MYSTRONGPASSWORD bck.zip bck.dat)
3) Take the zipped file and encrypt it with Openssl enc (openssl enc -in bck.zip -aes-256-cbc -e > bck.zip.enc)

I am using two different strong passwords in steps 2 and 3.

So, would you call this safe so as to upload it to a place that might be compromised?

Thanks in advance!

[Kouye]

Just rename the file not to hint about it being a BTC wallet (I know it's a dumb advice, but sometimes you just forget little details... ), and you're more than fine, in my opinion.
Double-check you can reverse the encryption process before uploading, too, just in case you mistyped anything...

[raskolnikovx]

Just rename the file not to hint about it being a BTC wallet (I know it's a dumb advice, but sometimes you just forget little details... ), and you're more than fine, in my opinion.
Double-check you can reverse the encryption process before uploading, too, just in case you mistyped anything...

You are right, that would be step 1. Will do

[grue]

or you can, you know... use the built in wallet encryption

[Cryddit]

Use the built in wallet encryption. 

When it prompts you for a password, type something more than 200 characters long which nobody else will *EVER* guess.  No quotes!  Use interesting and memorable juxtapositions that make no sense whatsoever.  Make up something fictitious and describe it verbosely in terms of three or four other fictitious things. 

DO NOT: use a password less than 60 characters long that you can remember.  If you can remember it, a cracker can hack it.

If your password is secure, you don't have to worry about storing that file anywhere, whether you change its name or not.

[raskolnikovx]

or you can, you know... use the built in wallet encryption

I will research into this. Thanks a lot

[raskolnikovx]

or you can, you know... use the built in wallet encryption

I was actually doing this so the steps described above would be over the encrypted wallet backup file.
So there are 3 levels of encryption here. I guess I can call this safe enough.

[blub]

but: all your layers of encryption are AES and AES is broken.
there is no practiacal attac but still, if beeing paranoid than do it right:
My way would be to use the built in encryption, and than encrypt it with true crypt using a cascade of all supportet algorithms. (after checking the whole code for backdoors...)

[Kouye]

but: all your layers of encryption are AES and AES is broken.
there is no practiacal attac but still, if beeing paranoid than do it right:
My way would be to use the built in encryption, and than encrypt it with true crypt using a cascade of all supportet algorithms. (after checking the whole code for backdoors...)

If you wanna go to that level of paranoia, I suggest that you wrap your wallet encrypted data within a bigger file, containing:
a header
a random number of random bytes
the encrypted wallet data
a random number of random bytes
a footer

In the header, you can put, for example, the offset to find the wallet data first byte.
And in the footer, for example, the wallet data size.

Of course, you can be even more imaginative...
Embed your encrypted data in a .wav file, using http://naudio.codeplex.com/ (open source) lib, for example, and rename the final file produced "white_noise.wav". 

[raskolnikovx]

but: all your layers of encryption are AES and AES is broken.
there is no practiacal attac but still, if beeing paranoid than do it right:
My way would be to use the built in encryption, and than encrypt it with true crypt using a cascade of all supportet algorithms. (after checking the whole code for backdoors...)

If you wanna go to that level of paranoia, I suggest that you wrap your wallet encrypted data within a bigger file, containing:
a header
a random number of random bytes
the encrypted wallet data
a random number of random bytes
a footer

In the header, you can put, for example, the offset to find the wallet data first byte.
And in the footer, for example, the wallet data size.

Of course, you can be even more imaginative...
Embed your encrypted data in a .wav file, using http://naudio.codeplex.com/ (open source) lib, for example, and rename the final file produced "white_noise.wav". 

Nahh, that's just too much for me.

[LiteCoinGuy]

why dropbox ? why not USB and CDs? if you are paranoid, you should stay away from dropbox.

[Kouye]

why dropbox ? why not USB and CDs? if you are paranoid, you should stay away from dropbox.

It's probably better to have the backup copied over several location, including CDs, USB sticks, etc.
But having it on dropbox or any other cloud offer isn't a problem, as long as it's encrypted.

If your house burns, you'll be happy to have other backups.

[raskolnikovx]

To me its not about not getting access to the file.
I just wanna do every thing I can to make the file only usable for me.

[Ecurb123]

I don't really see any reason to compress the file, I would just encrypt it with a very strong password.

[CounterStrike]

Guys, stop thinking of how to secure your wallet.. the most important part is remembering where  your wallet is few years later...

[PenAndPaper]

Guys, stop thinking of how to secure your wallet.. the most important part is remembering where  your wallet is few years later...

Unfortunately we are not in 2008. I don't think someone thats on bitcoin right now will forget his wallet.
Nonetheless there are some kinda paranoid advices like the 200 characters long password  

[Wilstar1]

This sounds like a very secure way of storing your .dat file. If you're even more cautious I'd keep the .dat file on a usb and everytime you go to access the wallet plug in the usb.