How to create a secure wallet.

[Talbot49]

Hi guys,

First of all I'm really a noob regarding computer language, softwares etc. I discovered bitcoin couple months ago and I bought a few of them. I registered at blockchaininfo.com and that is where they are right now. At the time I wasn't even aware that bitcoin-qt existed and I thought online wallets were the only way to go. But now that ive read a few topics here, and bitcoin prices are up, I'm considering incresing my security. Also I'm always tempted to sell but deep inside I just wanna buy and hold so I wanna make it difficult to move them coins. What is the procedure to move those bitcoins from blockchain.info to an offline wallet? I read that article https://bitcointalk.org/index.php?topic=17240.2480 . Is that still a good way to do it? I bought a 5$ unbuntu live-cd on ebay and I may try that. I don't have any old pc at hand  so a way to do it without storing them into a computer would be the best for me. I also installed and syncronized Bitcoin-qt because I'm aware that it could be part of the process to a more secure wallet.

That's what I know for now.. Those thoughts are all unclear though and I don't know where to start, so if some of you tech savy guys could point out the best threads on the subject or where I should start, it would be verry appreciated.

Also I speak french so it makes it even tougher to be clear.

Thanks

Edit
To sumarize I would like a wallet where I never log in to avoid malwares and keyloggers, and where there is not information about it on my computer, like the private keys etc. I would only send bitcoins from time to time to that address. No spending.

[Anon136]

Sure ok. So ill give you a description of the most secure way to do it. Well go right to the james bond level.

• Hover over this url https://bitaddress.org look in the bottom left corner of the screen to make sure it is honest
• Right click on that url and click save link as. Save it to a usb drive or something like that
• Boot ubuntu from your live cd (DO NOT CONNECT TO THE INTERNET)
• copy the bitaddress.org.htm file that you saved on your usb drive to your desktop
• open the bitaddress.org.htm file from your desktop
• go to the print paper wallet tab
• connect your pc to your printer using a usb cable and print the paper wallets (not wifi)
• (optional for extra security) clear your printer cache
• restart your computer
• send bitcoins to the address on your paper wallets in w/e denomination you like
• (recommended) laminate your paper wallets

[Talbot49]

Cool that sounds simple! The only thing is I didn't receive my ubuntu live-Cd yet. But I'll do that as soon as I receive it! After I send the coins to that address, will there be some way so see if the funds were received?

[Anon136]

Cool that sounds simple! The only thing is I didn't receive my ubuntu live-Cd yet. But I'll do that as soon as I receive it! After I send the coins to that address, will there be some way so see if the funds were received?

just make it yourself then, its super simple. If you have a 32 bit machine than download this iso http://www.ubuntu.com/start-download?distro=desktop&bits=32&release=lts If you have is 64 bit machine than use this link http://www.ubuntu.com/start-download?distro=desktop&bits=64&release=lts These are image files so just use a standard cd/dvd burning program to create an image disk using one of these two iso's. And thats it you have an ubuntu image disk.

[nak]

Cool that sounds simple! The only thing is I didn't receive my ubuntu live-Cd yet. But I'll do that as soon as I receive it! After I send the coins to that address, will there be some way so see if the funds were received?

just make it yourself then, its super simple. If you have a 32 bit machine than download this iso http://www.ubuntu.com/start-download?distro=desktop&bits=32&release=lts If you have is 64 bit machine than use this link http://www.ubuntu.com/start-download?distro=desktop&bits=64&release=lts These are image files so just use a standard cd/dvd burning program to create an image disk using one of these two iso's. And thats it you have an ubuntu image disk.

What about on a mac?

[Talbot49]

Cool but I think I'll wait for my cd, just to make myself believe that I didnt pay 5$ for nothing lol. Anyway I have 2 way authentification and strong passwords on blockchain.info so I should be alright by then. So I'll be super secure with that? Like that's a good way to keep bitcoins furing 5 years and avoid any risks of stealing if you protect the private key etc? Because that's what I'll do. Also nevermind for the part where I ask how I'll be able to see the funds, on bitadress I just saw you only have to paste the address on the blockchain.

One last thing, any risk of bitaddress at some point trying to steal coins from the address they generated?

Thank you very much for the answers I love that site.

[Abdussamad]

I would never trust a live cd that I didn't burn myself or bought directly from the ubuntu store:

http://shop.canonical.com/product_info.php?products_id=976

[Anon136]

I would never trust a live cd that I didn't burn myself or bought directly from the ubuntu store:

http://shop.canonical.com/product_info.php?products_id=976

i thought about that also but then i thought, if he boots from the disk and makes is keypairs and then reboots his computer back to its normal partition without ever connecting to the internet, it should be fine for that purpose.

[Talbot49]

I would never trust a live cd that I didn't burn myself or bought directly from the ubuntu store:

http://shop.canonical.com/product_info.php?products_id=976

i thought about that also but then i thought, if he boots from the disk and makes is keypairs and then reboots his computer back to its normal partition without ever connecting to the internet, it should be fine for that purpose.

That's what I bought: http://www.ebay.com/itm/180886304621?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1439.l2649

Two last questions:
1- I saw a topic, where the guy generated a key from bitaddress and when he was about to send coins he discovered it was already an address and it had 50btc on it so he could have access to them. I think the post was old though and it's really possible that the bug was fixed. Could that be an issue?

2- I tought about setting a brainwallet for my keys. What you think is better? Setting a really hard passphrase or just printing out normal keys and hiding them in safe?

Oh and one last thing . When I shut down my computer and restart it, will ubuntu still be running or will I be able to keep using windows as before?

Thanks

[Anon136]

I would never trust a live cd that I didn't burn myself or bought directly from the ubuntu store:

http://shop.canonical.com/product_info.php?products_id=976

i thought about that also but then i thought, if he boots from the disk and makes is keypairs and then reboots his computer back to its normal partition without ever connecting to the internet, it should be fine for that purpose.

That's what I bought: http://www.ebay.com/itm/180886304621?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1439.l2649

Two last questions:
1- I saw a topic, where the guy generated a key from bitaddress and when he was about to send coins he discovered it was already an address and it had 50btc on it so he could have access to them. I think the post was old though and it's really possible that the bug was fixed. Could that be an issue?

2- I tought about setting a brainwallet for my keys. What you think is better? Setting a really hard passphrase or just printing out normal keys and hiding them in safe?

Oh and one last thing . When I shut down my computer and restart it, will ubuntu still be running or will I be able to keep using windows as before?

Thanks

1- I saw a topic, where the guy generated a key from bitaddress and when he was about to send coins he discovered it was already an address and it had 50btc on it so he could have access to them. I think the post was old though and it's really possible that the bug was fixed. Could that be an issue?

sounds like hes full of crap to me. it asks you to move your mouse around at the start inorder to seed entropy, so then for there to be an address collision like that i think he would have had to seed it with the exact same mouse inputs, which seems astronomically unlikely.

2- I tought about setting a brainwallet for my keys. What you think is better? Setting a really hard passphrase or just printing out normal keys and hiding them in safe?

brainwallets are the best way to go in my opinion but you have to know how to make a good password and that takes some knowledge. Even a long password may still be broken if it is not a good password. And even a good password thats short may still be broken. Infact you could type in an entire paragraph from a book and it would probably be broken by someone using an algorythm that searched google for known literary phrases.

you have to understand that with brainwallets if someone is trying crack brain-wallets they are simultaneously trying to crack everyones on earth. This means that it can potentially be a lot more profitable to invest resources in cracking brainwallets than any one persons password for something.

So with that being said, if you decide to go the brain-wallet route this is how you do it:

First make a high entropy password. http://www.random.org/passwords/ can help with that. Write this down and store safely in multiple locations. give a copy to your grandma, hide a copy under the rug, but make sure it never becomes part of the public record. This part will protect you from brute forcers who are not targeting anyone in particular but all of the brainwallets in the world at the same time.

second make a medium entropy password. this is something that uses a real sentence with real words so that it is easy to remember but will never be part of the public record. For example "my pet gorilla snorts lemon powder when she thinks about her blue hair" its syntactically sound but semantically ridiculous. this part you NEVER write down or tell anyone about ever. it must only exist in your brain. this part will help to protect you against the brute forcers but also against someone who obtains the key you wrote down. so think like if the cops raided your house or something and got the high entropy password you got from random.com that key wouldnt be enough since you have this in your brain.

for the last part add something from the public record. things from the public used by themselves make very bad brainwallet passwords BUT in conjunction with things that are off the public record they can add a lot of security for almost no cost to your memory, since you dont have to remember the words themselves only where they are located. So for example you may take a common book and turn to a random page and use a short paragraph. now you may not remember what the words were exactly but you remember what book it was and about where it was in the book and what the paragraph was about and you can easily find it again.

Anyway i highly recommend this method and i highly recommend that in addition to writing down the high entropy password you work diligently on committing it to memory just incase. If you can do it right this is definitely the best way to store your btc because this way NO one can ever take them away from you. the government can take EVERYTHING away from you, your house, your bank accounts, your life savings, the contents of your safe, your clothes, they can even examine your rectum, and lock you in solitary confinement, and you will STILL be filthy rich, even after all of that. This is, more than anything, what makes bitcoins so valuable to me. You can have TRULY sovereign wealth even in a statist paradigm where the government has its slimy tentacles on every other aspect of our lives.

Oh and one last thing . When I shut down my computer and restart it, will ubuntu still be running or will I be able to keep using windows as before?

yep it will run it on your ram rather than your hard drive. just dont install it.

[jojo69]

I would never trust a live cd that I didn't burn myself or bought directly from the ubuntu store:

http://shop.canonical.com/product_info.php?products_id=976

i thought about that also but then i thought, if he boots from the disk and makes is keypairs and then reboots his computer back to its normal partition without ever connecting to the internet, it should be fine for that purpose.

unless the key pair was already produced by the creator of the disk image and presented to him as fresh

[Anon136]

I would never trust a live cd that I didn't burn myself or bought directly from the ubuntu store:

http://shop.canonical.com/product_info.php?products_id=976

i thought about that also but then i thought, if he boots from the disk and makes is keypairs and then reboots his computer back to its normal partition without ever connecting to the internet, it should be fine for that purpose.

unless the key pair was already produced by the creator of the disk image and presented to him as fresh

theoretically possible. in practice though he has a better chance of being killed by a rogue meteor.

[jojo69]

perhaps, but if we are going to be paranoid...

[Abdussamad]

I would never trust a live cd that I didn't burn myself or bought directly from the ubuntu store:

http://shop.canonical.com/product_info.php?products_id=976

i thought about that also but then i thought, if he boots from the disk and makes is keypairs and then reboots his computer back to its normal partition without ever connecting to the internet, it should be fine for that purpose.

No. If he's booting from a malicious CD/DVD then all sorts of things could happen. Some scenarios:

- Malware gets installed on his hard drive.

- The random number generator on the DVD is such that it produces deterministic numbers that the malware author can predict. Meaning any private keys you generate could also be generated by the malware author and he could steal your coins.

That's what I bought: http://www.ebay.com/itm/180886304621?ssPageName=STRK:MEWNX:IT&_trksid=p3984.m1439.l2649

Ideally when you get the DVD you should do a md5sum to confirm it is the same as

c4f4c7a0d03945b78e23d3aa4ce127dc *ubuntu-12.04.3-desktop-i386.iso

http://releases.ubuntu.com/precise/MD5SUMS

Two last questions:
1- I saw a topic, where the guy generated a key from bitaddress and when he was about to send coins he discovered it was already an address and it had 50btc on it so he could have access to them. I think the post was old though and it's really possible that the bug was fixed. Could that be an issue?

2- I tought about setting a brainwallet for my keys. What you think is better? Setting a really hard passphrase or just printing out normal keys and hiding them in safe?

Oh and one last thing . When I shut down my computer and restart it, will ubuntu still be running or will I be able to keep using windows as before?

Thanks

1. Personally I would not use bitaddress. IMO it is better to use bitcoin-qt or electrum. Both will require some fiddling though but more secure.

2. Electrum. Brainwallets where you pick your own passphrase are a VERY BAD idea. Electrum will generate a truly random 12 word passphrase.

You will get windows after the restart. But if you have linux swap partitions Ubuntu may write to them.

[Talbot49]

Ok thanks will do to verify my ubuntu CD.

Damn your making me unsure of the way I was going to proceed lol. Then what would be the way to make a paper wallet with bitcoin-qt for savings that would be risk-free vs malware and keyloggers, that I would create offline? And that I would just hide in different places? If it's too long to explain just maybe give me a couple links about the subject?

Thank you

[Anon136]

Ok thanks will do to verify my ubuntu CD.

Damn your making me unsure of the way I was going to proceed lol. Then what would be the way to make a paper wallet with bitcoin-qt for savings that would be risk-free vs malware and keyloggers, that I would create offline? And that I would just hide in different places? If it's too long to explain just maybe give me a couple links about the subject?

Thank you

just check the hash of your disk before you use it and then follow the steps in the bulleted list in post #2. it doesn't get much safer than that.

[Talbot49]

So I should stick to your plan?  

Seems like a really good plan to me indeed.

The only thing that makes me paranoid, and it could happen with bitcoin-qt or whatever I guess, is the scenario that at one point in time in the upcoming years, somebody will create the same address I have and get my bitcoins. I know there is a shitload of characters and letters in those keys, but there is also a shit load of addresses being generated, and if bitcoin becomes mainstream, that shitload will be multiplied by 100 and the risk of generating same addresses will increase as well?

Maybe I'm completely wrong too I'm a noob regarding bitcoin technicals.

[jojo69]

So I should stick to your plan?  

Seems like a really good plan to me indeed.

The only thing that makes me paranoid, and it could happen with bitcoin-qt or whatever I guess, is the scenario that at one point in time in the upcoming years, somebody will create the same address I have and get my bitcoins. I know there is a shitload of characters and letters in those keys, but there is also a shit load of addresses being generated, and if bitcoin becomes mainstream, that shitload will be multiplied by 100 and the risk of generating same addresses will increase as well?

Maybe I'm completely wrong too I'm a noob regarding bitcoin technicals.

[Anon136]

So I should stick to your plan?  

Seems like a really good plan to me indeed.

The only thing that makes me paranoid, and it could happen with bitcoin-qt or whatever I guess, is the scenario that at one point in time in the upcoming years, somebody will create the same address I have and get my bitcoins. I know there is a shitload of characters and letters in those keys, but there is also a shit load of addresses being generated, and if bitcoin becomes mainstream, that shitload will be multiplied by 100 and the risk of generating same addresses will increase as well?

Maybe I'm completely wrong too I'm a noob regarding bitcoin technicals.

what jojo said

[Talbot49]

I dont really understand the first paragraph because I'm french and vocabulary and concept is a little bit tough, but I understand the rest and it sure is convincing lol. So basically there is no way 2 addresses would be generaing twice? Before computer are made of other things than matter.. loll

But what about that post https://bitcointalk.org/index.php?topic=254489.0 and reply number 7 ... That's basically why I posted my paranoid post on generating same addresses.