Computers, Phones & Devices CANNOT be used to Keep Wallets - Safety for Dummies

[bitrebel]

   I'm a netdummy so forgive me for speaking illiterate to the illiterate and literate.

   If anything mechanical that utilizes a hard drive of any kind to store data is used to store bitcoin wallet files, it can malfunction. At anytime, something can go wrong.
   Anything that actually has working parts to it, or anything mechanical at all, is not ever going to be a safe storage vehicle for bitcoins. That includes all forms of computers, storage drives, hard drives and mobile phones. Anything that can break or could need repair is not ever going to be a good long term storage device for bitcoins or wallet files.
   
   I propose a special situation for wallet storage. First off, get a computer dedicated for bitcoins. I picked one up for $350 for a laptop. Getting it new is always best, that way you know it's not infected in any way. I know people sometimes pay more than $350 for a real wallet to hold fake money, so I think it's a smart investment.
   Then download Ubuntu onto it, then the Bitcoin client. Keep it offline 99% of the time.
   Next, I'm thinking Truecrypt to encrypt the drive from being hacked. If not, then GnuPG as someone previously suggested. Somehow, this data should be able to be loaded onto a card, while encrypted. That card, containing your wallet file and bitcoins is now safe, I would imagine.
   Also mentioned previously is that GnuPG has card integration with smart readers. This would , I think, by necessity, have to be readable/writable directly onto the wallet file.  If anyone knows whether or not this can be used effectively and easily by their grandparents or children, please speak up.

   This is completely nontechnical, for dummies and smart folks.
If there are flaws, problems, or issues that people find in this, explain away, please. People need a simple, safe way to keep bitcoins, long and short term, and currently, most solutions I have seen are not safe (trusting bitcoins to online wallets), (trusting them to computers and hard drives), and keeping them secured in networks of infinite terms most people could never understand.

   Mainly, it's important to note, that many people have thought it was safe to store bitcoins online. That's probably the very least safest way to store them. Next is on a computer hard drive or mechanical device. Machines fail all the time. Even servers, even though they get backed up, data gets lost all the time. All machines are unsafe for bitcoin storage.

[1714780857]

1714780857

[1714780857]

1714780857

[Xephan]

   I'm a netdummy so forgive me for speaking illiterate to the illiterate and literate.

   If anything mechanical that utilizes a hard drive of any kind to store data is used to store bitcoin wallet files, it can malfunction. At anytime, something can go wrong.
   Anything that actually has working parts to it, or anything mechanical at all, is not ever going to be a safe storage vehicle for bitcoins. That includes all forms of computers, storage drives, hard drives and mobile phones. Anything that can break or could need repair is not ever going to be a good long term storage device for bitcoins or wallet files.
   
   I propose a special situation for wallet storage. First off, get a computer dedicated for bitcoins. I picked one up for $350 for a laptop. Getting it new is always best, that way you know it's not infected in any way. I know people sometimes pay more than $350 for a real wallet to hold fake money, so I think it's a smart investment.

Everything can malfunction, including solid state storage, a good strong electrical zap could damage it enough to make recovering the data impossible.

There are new computers that come infected, reported in the news before. So a new computer and old computer are only equally safe if they are formatted after booting from a safe bootdisk.

   Then download Ubuntu onto it, then the Bitcoin client. Keep it offline 99% of the time.
   Next, I'm thinking Truecrypt to encrypt the drive from being hacked. If not, then GnuPG as someone previously suggested. Somehow, this data should be able to be loaded onto a card, while encrypted. That card, containing your wallet file and bitcoins is now safe, I would imagine.
   Also mentioned previously is that GnuPG has card integration with smart readers. This would , I think, by necessity, have to be readable/writable directly onto the wallet file.  If anyone knows whether or not this can be used effectively and easily by their grandparents or children, please speak up.

   This is completely nontechnical, for dummies and smart folks.
If there are flaws, problems, or issues that people find in this, explain away, please. People need a simple, safe way to keep bitcoins, long and short term, and currently, most solutions I have seen are not safe (trusting bitcoins to online wallets), (trusting them to computers and hard drives), and keeping them secured in networks of infinite terms most people could never understand.

Non-technical dumb people are going to use whatever OS is installed on the computer. They are not going to want to learn how to install a new OS, even if it's as simple as popping in a DVD to boot (they might even have problems getting it to boot from DVD instead of the HDD), nor are they likely to want to install yet another "mysterious" program like truecrypt/gnupg to encrypt the wallet and even less likely to buy an expensive smart card writer/reader just for this.

[Smalleyster]

Gee, my USB drives cost...$8!

and they have a whole linux operating system on them

they boot easily to almost any modern computer

and I've got them backed up in multiple places

FUD sucks

[wumpus]

As I've advocated before, use paper to store your private keys (either as base58 or QR-codes). At least for the big stash / savings wallet.

Most people know how to secure physical things, and although paper decays over time, it does in a predictable way and is not prone to incompatibility issues.

[bitrebel]

Gee, my USB drives cost...$8!

and they have a whole linux operating system on them

they boot easily to almost any modern computer

and I've got them backed up in multiple places

FUD sucks

Nothing you are doing is ultimately "safe". USB drives fail. Or do you own some brand of super USB drive none of us know about?

[bitrebel]

As I've advocated before, use paper to store your private keys (either as base58 or QR-codes). At least for the big stash / savings wallet.

Most people know how to secure physical things, and although paper decays over time, it does in a predictable way and is not prone to incompatibility issues.

Where is the original file stored though? Or does it even matter really? If it's not destroyed, then someone else can get to it, even though it's printed, right?

How come nobody has done a video on this?

[wumpus]

Where is the original file stored though? Or does it even matter really? If it's not destroyed, then someone else can get to it, even though it's printed, right?

Yes. The original file should be secure-wiped from any devices connected to the internet. You could still keep a copy on an USB stick of course, that's more of a convenience tradeoff...

[bitrebel]

Where is the original file stored though? Or does it even matter really? If it's not destroyed, then someone else can get to it, even though it's printed, right?

Yes. The original file should be secure-wiped from any devices connected to the internet. You could still keep a copy on an USB stick of course, that's more of a convenience tradeoff...

And then the method for re-recreating that on the wallet.dat file?
and would this be easy for dummies and convenient, too?

[wumpus]

And then the method for re-recreating that on the wallet.dat file?
and would this be easy for dummies and convenient, too?

If it's QR codes you could use either a webcam or scanner to scan them back in. That could be made very user friendly.

Yes, it's some work especially if you have lots of keys, but whether that's worth it all depends on how much your security is worth to you.

[bitrebel]

And then the method for re-recreating that on the wallet.dat file?
and would this be easy for dummies and convenient, too?

If it's QR codes you could use either a webcam or scanner to scan them back in. That could be made very user friendly.

Yes, it's some work especially if you have lots of keys, but whether that's worth it all depends on how much your security is worth to you.

So, you believe, ultimately, paper may be better than a credit card and reader? (What about the fact that paper is archaic and people like easy techie shit like plastic cards with info storage?)
I'm thinking, safest and easiest without compromising one for the other.

[wumpus]

You could have a few keys... stash each one with a certain amount of BTC, and scan in only the keys for the amount you need. Or stash everything into one key even... but then an attacker could potentially intercept the one private key when you scan it someday to take some coins out.

This would all need a user-friendly management application, but it's not rocket science.

So, you believe, ultimately, paper may be better than a credit card and reader?
I'm thinking, safest and easiest without compromising one for the other.

All methods have their use. If you want to spend the coins, loading them into a card, phone or your local PC makes more sense. For secure and potentially long term storage, paper wins IMO.

[bitrebel]

You could have a few keys... stash each one with a certain amount of BTC, and scan in only the keys for the amount you need. Or stash everything into one key even... but then an attacker could potentially intercept the one private key when you scan it someday to take some coins out.

This would all need a user-friendly management application, but it's not rocket science.

So, you believe, ultimately, paper may be better than a credit card and reader?
I'm thinking, safest and easiest without compromising one for the other.

All methods have their use. If you want to spend the coins, loading them into a card, phone or your local PC makes more sense. For secure and potentially long term storage, paper wins IMO.

That's very helpful. I think we need a non-techie section or a "for dummies" section, so some can learn and understand without too much techno jargon. That's really the only way bitcoins will gain mainstream acceptance. Dummies have to be able to figure it all out and use it.

[wumpus]

What about the fact that paper is archaic

Archaic is an advantage here. It's the only place hackers cannot get to.

People are starting to realize this as hacking is becoming more and more prevalent all over the world.

Too many flashy techie cosy user friendly solutions running away with your money

[bitrebel]

What about the fact that paper is archaic

Archaic is an advantage here. It's the only place hackers cannot get to.

People are starting to realize this as hacking is becoming more and more prevalent all over the world.

Too many flashy techie cosy user friendly solutions running away with your money

Agreed. You make an excellent point.
Instead of hackers, i'll worry about arsonists. lol

[Ekaros]

Create keys offline, print them on paper.

Import one for daily use for phone, keep only the ammount of cash you would normaly keep on person something which loosings isn't a major deal for you, be it equivalent for 50€ or 1000€.

Don't stack all the coins on one address.

One more idea, which need some work. Way to export private-key+bunch of transactions. So you could bring one key active and move BTC from it(burn the key it might be lost at this point), without compromising any part of your entirely off-line wallet. Most secure way would likely be to burn it on CD, and run ones connected to chain on network.

So store on one key, and when you need the BTC move all the BTC from it to other storage and day-to-day use wallet. So, every storage key is used only onces.


Paper or write only media is most secure, USB-sticks can carry infections... Anyway we can't ever get rid off issues on end point devices, but before it can be secured quite fine...

[bitrebel]

John Smith,
   What would be the precise method for getting these it to paper in these formats?
(The base58 or QR-codes)   - "Save As"? You need the original program for either one first? Can you explain a little, please.

[spruce]

If you don't trust your computer abilities enough to make your own securely, get a paper bitcoin wallet from Casascius or someone you do trust to do it right. Encode by hand the private key (see link in my sig) with an unbreakable one-time code. You can then put the encoded private key into emails or whatever. As long as you don't forget your passphrase, you're completely safe.

In five years' time when you want to cash out your now-hopefully-fat wallet, only then does the plaintext private key get near an internet-connected computer.

[Ekaros]

If you don't trust your computer abilities enough to make your own securely, get a paper bitcoin wallet from Casascius or someone you do trust to do it right. Encode by hand the private key (see link in my sig) with an unbreakable one-time code. You can then put the encoded private key into emails or whatever. As long as you don't forget your passphrase, you're completely safe.

In five years' time when you want to cash out your now-hopefully-fat wallet, only then does the plaintext private key get near an internet-connected computer.

Adding an other layer is good, if you are absolutely sure you can remember the key for decoding.

Personaly for extreme security I support multiple keys even for this, best with geographicly separated copies.

[markm]

You could make multiple copies, whatever the media.

Cheap easy media would be useful for that, so you could in effect make yourself a bunch of cards (whether paper or cardboard or plastic or engraved platinum is partly a matter of taste), in various denominations, and duplicate them.

Maybe have an app that asks not only how much you want in your hand but also in what denominations and media and how many copies of each.

So you could click icons or whatever to tell it gimme twenty ones, only one copy of each, twenty twos, two copies of each of those will do, ten fives, just two copies of those is fine too, ten twenties, better gimme three copies of each of those, and twenty hundreds, gimme five copies of each of those, one printed on the secure printer in the secure room in the possibly offsite place...

-MarkM-

[wumpus]

Instead of hackers, i'll worry about arsonists. lol

Also a good point. So you'd at least want multiple copies.

Create keys offline, print them on paper.

Indeed. A possible workflow would be:

1) Preferably on a device without network connection you want to run an application that generates a number of keypairs. The private keys are printed to paper (or some other hyper-secure place), the associated public keys (addresses) are written to an USB stick or digital medium.

2) The bitcoin client on an online device is then used to send BTC to the public keys generated in step (1). It sends a configurable number of BTC per address.

3) When you want to spend the BTC, the private keys can be scanned/retrieved as needed, for the amount you want to take out.

So (1) happens outside the bitcoin client, (2) and (3) happen inside it.

(Optionally you could buy the paper/certificates for (1) from some trusted vendor. You really need to trust that guy though to not store your private keys anywhere else)