How to create a secure wallet.

[jojo69]

I dont really understand the first paragraph because I'm french and vocabulary and concept is a little bit tough, but I understand the rest and it sure is convincing lol. So basically there is no way 2 addresses would be generaing twice? Before computer are made of other things than matter.. loll

But what about that post https://bitcointalk.org/index.php?topic=254489.0 and reply number 7 ... That's basically why I posted my paranoid post on generating same addresses.

not impossible, but vanishingly unlikely, probably an elaborate troll...and by "probably" I mean 99.9999999999999999999 I'm getting tired of pushing 9 %

[Talbot49]

your random address happen to be one of the many millions of addresses already in use. you have just won the lottery.

i suggest not using that address as obviously someone else has it too..

i dont think this is the first time a address 'collision' has occured which is why v9 of bitcoin-QT will start using messaged to allow recognition of transactions, to avoid merchants using fresh addresses per transaction. thus reducing the chances of 'collisions' becoming a regular thing.

most people think that there is no chance of a collision unless you create billions of addresses. the actual fact is that you have 1 chance WITHIN those billions of addresses.. so it could be the 10th address you make or the 9,999,999,999th address or so on.

wtf are you talking about? Stop spreading FUD.

Even with trillions of addresses, there would still be no collision. 2^256 is a very big number, almost as all the atoms in the visible universe.

He probably can't understand how big 256 is let alone 2^256. I didn't even think it was worth arguing it's so stupid and has been discussed endlessly.

I read the rest and you are right lol. I'm convinced now!

[deepceleron]

The linked post is from 2011, and is not very good. It includes complicated steps that are more likely to result in you losing bitcoins.

There are two strong ways to store your bitcoins:

• On a securely generated offline paper wallet (for savings)
• On a dedicated secure computer only used for Bitcoin running Bitcoin-Qt

Notice I did not say virtual machine, web wallet, copy your wallet all over the place, etc.

Here is how I would configure this secure dedicated bitcoin computer:

Get a desktop PC, it doesn't have to be anything special. Use a hash-verified ISO Linux distribution CD or DVD image (kubuntu 13.10 32 bit is a good choice). When installing, wipe and create a manageable partition, such as 100GB, on that computer and install the OS. Choose the option to encrypt your whole hard drive, and create a user name, both using a strong and long password you will not forget.

Now, get the official binary of Bitcoin-Qt, download it from the http://sourceforge.net/projects/bitcoin/files/Bitcoin/ official repository. Verify the expected hash or signature of this file independently on a normal computer or with communication with others vs your copy. I'll help you out here:

Code:

84543f10de5e82ce6e88dd5a501db37c6327edf79a2a04f29199c24843e71f63 *bitcoin-0.8.5-linux.tar.gz

Now set up your wallet securely. First create the ~\.bitcoin directory yourself, and put a bitcoin.conf file there, with these options to lock it down and make a more secure wallet backup:

Code:

server=0
keypool=1000
paytxfee=0.0001

Run bitcoin, and encrypt your wallet with a different password than the above you also won't forget. Let it catch up on the blockchain (days).

Now, we must backup that wallet securely. We are talking about "your house burns down", "your computer is stolen" securely. You must never store the backup wallet.dat on any computer or device that will touch the internet besides your wallet PC; buy a new flash drive for this, or burn a CD from your secure computer. Restart your computer before creating a backup to ensure Bitcoin is not running or accessing the wallet.dat.

You must also backup the passwords for both the hard drive encryption and username, along with the password of the wallet. Too many people have forgotten their passwords and lost coins. As you created these, you should be able to write them down. Paper password backups should be stored securely (think safety deposit box), and separately from the secure PC or location of wallet.dat backup media.

Advanced Level: TEST YOUR BACKUP

Send your new secure PC wallet 0.001 BTC and see that it gets there. Great? Now wipe the hard drive and do it all again! Okay, that's extreme, but imagine the hard drive dies and you must restore your wallet - it must work. Plug in a different cheap hard drive and do all the steps above to install the OS; then restore your wallet backup and spend your test bitcoins. Your backups must work. After verifying that you were able to re-create the OS and restore your backup to spend bitcoins, the second hard drive can be another type of backup you can store securely, or if not, you should wipe it with manufacturer's "erase disk" utilities.

[Anon136]

The linked post is from 2011, and is not very good. It includes complicated steps that are more likely to result in you losing bitcoins.

There are two strong ways to store your bitcoins:

• On a securely generated offline paper wallet (for savings)
• On a dedicated secure computer only used for Bitcoin running Bitcoin-Qt

Notice I did not say virtual machine, web wallet, copy your wallet all over the place, etc.

Here is how I would configure this secure dedicated bitcoin computer:

Get a desktop PC, it doesn't have to be anything special. Use a hash-verified ISO Linux distribution CD or DVD image (kubuntu 13.10 32 bit is a good choice). When installing, wipe and create a manageable partition, such as 100GB, on that computer and install the OS. Choose the option to encrypt your whole hard drive, and create a user name, both using a strong and long password you will not forget.

Now, get the official binary of Bitcoin-Qt, download it from the http://sourceforge.net/projects/bitcoin/files/Bitcoin/ official repository. Verify the expected hash or signature of this file independently on a normal computer or with communication with others vs your copy. I'll help you out here:

Code:

84543f10de5e82ce6e88dd5a501db37c6327edf79a2a04f29199c24843e71f63 *bitcoin-0.8.5-linux.tar.gz

Now set up your wallet securely. First create the ~\.bitcoin directory yourself, and put a bitcoin.conf file there, with these options to lock it down and make a more secure wallet backup:

Code:

server=0
keypool=1000
paytxfee=0.0001

Run bitcoin, and encrypt your wallet with a different password than the above you also won't forget. Let it catch up on the blockchain (days).

Now, we must backup that wallet securely. We are talking about "your house burns down", "your computer is stolen" securely. You must never store the backup wallet.dat on any computer or device that will touch the internet besides your wallet PC; buy a new flash drive for this, or burn a CD from your secure computer. Restart your computer before creating a backup to ensure Bitcoin is not running or accessing the wallet.dat.

You must also backup the passwords for both the hard drive encryption and username, along with the password of the wallet. Too many people have forgotten their passwords and lost coins. As you created these, you should be able to write them down. Paper password backups should be stored securely (think safety deposit box), and separately from the secure PC or location of wallet.dat backup media.

Advanced Level: TEST YOUR BACKUP

Send your new secure PC wallet 0.001 BTC and see that it gets there. Great? Now wipe the hard drive and do it all again! Okay, that's extreme, but imagine the hard drive dies and you must restore your wallet - it must work. Plug in a different cheap hard drive and do all the steps above to install the OS; then restore your wallet backup and spend your test bitcoins. Your backups must work. After verifying that you were able to re-create the OS and restore your backup to spend bitcoins, the second hard drive can be another type of backup you can store securely, or if not, you should wipe it with manufacturer's "erase disk" utilities.

i really don't understand the part about not letting your backup wallets touch the internet. If its well encrypted on a computer with a fresh linux install, no additional software and every port locked down except 8333, how on earth could anyone ever unlock your wallet? you should be able to post it publicly here on the forums with bold letters "this is my wallet" and have 0 concern. I scatter copies of my backup wallet over the internet like seeds to the wind. That just seems smart to me, but maybe I'm missing something.

[deepceleron]

i really don't understand the part about not letting your backup wallets touch the internet. If its well encrypted on a computer with a fresh linux install, no additional software and every port locked down except 8333, how on earth could anyone ever unlock your wallet? you should be able to post it publicly here on the forums with bold letters "this is my wallet" and have 0 concern. I scatter copies of my backup wallet over the internet like seeds to the wind. That just seems smart to me, but maybe I'm missing something.

Wallets don't start out encrypted, instructions must not give bad advice to those who haven't encrypted their wallet or have a wallet with previously-unencrypted addresses in them.

Good security relies on something-only-you-have + something-only-you-know. You don't want to reduce that to something-only-you-and-I-have + a-password-only-you-know-that-could-be-your-reused-hackackable-password.