Xenland
Legendary
 Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
 |
August 05, 2011, 08:25:30 AM |
|
Not trolling but this thread sparked this idea up. Soon people will have there Bitcoin addresses printed on their body as tattos so they can scan their money when they go to the market. This is the part where the Christians say "OMG THE APOCOLYPTIC CURRENCY HAS AWOKEN!!!". But in reality I'm highly religious so not trying to offend anybody here.
|
|
|
|
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
bitrebel (OP)
|
|
August 05, 2011, 08:29:02 AM |
|
Not trolling but this thread sparked this idea up. Soon people will have there Bitcoin addresses printed on their body as tattos so they can scan their money when they go to the market. This is the part where the Christians say "OMG THE APOCOLYPTIC CURRENCY HAS AWOKEN!!!". But in reality I'm highly religious so not trying to offend anybody here.
That would have to be a centralized currency, not a decentralized one, like bitcoin, and it's completely off topic to boot.  |
Why does Bitrebel have 65+ Ignores?
Because Bitrebel says things that some people do not want YOU to hear.
|
|
|
|
Ekaros
|
|
August 05, 2011, 08:29:54 AM |
|
Instead of hackers, i'll worry about arsonists. lol
Also a good point. So you'd at least want multiple copies. Create keys offline, print them on paper.
Indeed. A possible workflow would be: 1) Preferably on a device without network connection you want to run an application that generates a number of keypairs. The private keys are printed to paper (or some other hyper-secure place), the associated public keys (addresses) are written to an USB stick or digital medium. 2) The bitcoin client on an online device is then used to send BTC to the public keys generated in step (1). It sends a configurable number of BTC per address. 3) When you want to spend the BTC, the private keys can be scanned/retrieved as needed, for the amount you want to take out. So (1) happens outside the bitcoin client, (2) and (3) happen inside it. Note for step (3), if you don't use for full amount, remainder must be transfered to new keypair from step (1). Once you have key-pair on device which is connected to net, you can't entirely dismiss possibility of it being compromised. |
|
|
|
Smalleyster
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
August 05, 2011, 08:33:34 AM |
|
Gee, my USB drives cost...$8!
and they have a whole linux operating system on them
they boot easily to almost any modern computer
and I've got them backed up in multiple places
FUD sucks
Nothing you are doing is ultimately "safe". USB drives fail. Or do you own some brand of super USB drive none of us know about? What part of "multiple" did you not understand? |
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
August 05, 2011, 08:35:21 AM |
|
Not trolling but this thread sparked this idea up. Soon people will have there Bitcoin addresses printed on their body as tattos so they can scan their money when they go to the market. This is the part where the Christians say "OMG THE APOCOLYPTIC CURRENCY HAS AWOKEN!!!". But in reality I'm highly religious so not trying to offend anybody here.
That would have to be a centralized currency, not a decentralized one, like bitcoin, and it's completely off topic to boot. Not entirely off-topic, I was trying to give suggestions as what mediums we could safely store addresses(obviously not private keys) but also adding a religious pun to it. |
|
|
|
|
|
Ekaros
|
|
August 05, 2011, 08:43:48 AM |
|
Not trolling but this thread sparked this idea up. Soon people will have there Bitcoin addresses printed on their body as tattos so they can scan their money when they go to the market. This is the part where the Christians say "OMG THE APOCOLYPTIC CURRENCY HAS AWOKEN!!!". But in reality I'm highly religious so not trying to offend anybody here.
That would have to be a centralized currency, not a decentralized one, like bitcoin, and it's completely off topic to boot. Not entirely off-topic, I was trying to give suggestions as what mediums we could safely store addresses(obviously not private keys) but also adding a religious pun to it. Safety of address isn't realy an issues? Every used key is know anyway... Also, you need private key to make a payment... |
|
|
|
|
wumpus
|
|
August 05, 2011, 08:47:46 AM
Last edit: August 05, 2011, 10:10:06 AM by John Smith |
|
Note for step (3), if you don't use for full amount, remainder must be transfered to new keypair from step (1). Once you have key-pair on device which is connected to net, you can't entirely dismiss possibility of it being compromised.
+1 So you have to either take the risk that the other coins with the key will be stolen, or you have to send the change to a new pre-generated keypair. ==== The client support for this would be One of: 1) a "send from private key(s) not in wallet" option, in which the private key(s) are provided by some external provider (OCR from webcam/scanner/user entered, whatever). The keys will be secure wiped from memory after use. This is not 100% secure of course, as someone could intercept it at multiple stages. 2) or simply import the private keys into the wallet. The problem with this is that it will be part of your wallet forever, so the on-paper key is no longer secure in any way. Then again, if you send the change to a new pre-generated keypair, this is not a problem. (2) is by far the easiest to implement (it is already in a pull request, just needs UI...) so it has my preference. andA pre-programmed and easy sendmany. Import a list of public keys from a file, send each one a configurable amount. Or even better, import a list of (address,label,amount) tuples from a CSV file or list of URLs. This is even more general. An external program as used for off-line key generation can easily generate these as well. This is the part where the Christians say "OMG THE APOCOLYPTIC CURRENCY HAS AWOKEN!!!"
Yeah yeah please don't spam this thread, we're working hard to save humanity from the (financial) Apocalypse here  |
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts. |
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
August 05, 2011, 09:01:39 AM |
|
Not trolling but this thread sparked this idea up. Soon people will have there Bitcoin addresses printed on their body as tattos so they can scan their money when they go to the market. This is the part where the Christians say "OMG THE APOCOLYPTIC CURRENCY HAS AWOKEN!!!". But in reality I'm highly religious so not trying to offend anybody here.
That would have to be a centralized currency, not a decentralized one, like bitcoin, and it's completely off topic to boot. Not entirely off-topic, I was trying to give suggestions as what mediums we could safely store addresses(obviously not private keys) but also adding a religious pun to it. Safety of address isn't realy an issues? Every used key is know anyway... Also, you need private key to make a payment... About the safety of addres isn't issues...question. If someone has your private keys someone the jig is up if someone takes it and then asks for you address. Thats what I was intending to mean about safety anyways. |
|
|
|
|
|
Ekaros
|
|
August 05, 2011, 09:28:48 AM |
|
Not trolling but this thread sparked this idea up. Soon people will have there Bitcoin addresses printed on their body as tattos so they can scan their money when they go to the market. This is the part where the Christians say "OMG THE APOCOLYPTIC CURRENCY HAS AWOKEN!!!". But in reality I'm highly religious so not trying to offend anybody here.
That would have to be a centralized currency, not a decentralized one, like bitcoin, and it's completely off topic to boot. Not entirely off-topic, I was trying to give suggestions as what mediums we could safely store addresses(obviously not private keys) but also adding a religious pun to it. Safety of address isn't realy an issues? Every used key is know anyway... Also, you need private key to make a payment... About the safety of addres isn't issues...question. If someone has your private keys someone the jig is up if someone takes it and then asks for you address. Thats what I was intending to mean about safety anyways. Hmm, I'm not in to math, but can't you connect public and private key to each other, if you know the limited pool of public-keys(the chain)? |
|
|
|
Xenland
Legendary
Offline
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
|
|
August 05, 2011, 11:51:34 AM |
|
Not trolling but this thread sparked this idea up. Soon people will have there Bitcoin addresses printed on their body as tattos so they can scan their money when they go to the market. This is the part where the Christians say "OMG THE APOCOLYPTIC CURRENCY HAS AWOKEN!!!". But in reality I'm highly religious so not trying to offend anybody here.
That would have to be a centralized currency, not a decentralized one, like bitcoin, and it's completely off topic to boot. Not entirely off-topic, I was trying to give suggestions as what mediums we could safely store addresses(obviously not private keys) but also adding a religious pun to it. Safety of address isn't realy an issues? Every used key is know anyway... Also, you need private key to make a payment... About the safety of addres isn't issues...question. If someone has your private keys someone the jig is up if someone takes it and then asks for you address. Thats what I was intending to mean about safety anyways. Hmm, I'm not in to math, but can't you connect public and private key to each other, if you know the limited pool of public-keys(the chain)? Yeah your correct. My imagined scenario is this. If they have access to your private keys they 100.99(Repeating of course) have your public key regardless.... |
|
|
|
|
westkybitcoins
Legendary
Offline
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
|
|
August 05, 2011, 12:39:42 PM |
|
Assuming we're talking about savings wallets, or other wallets that won't need to be accessed very much, I'm surprised no one has mentioned CDs.
1) Send the bitcoins to the savings wallet.
2) OPTIONAL: Keep copies of one or more public key(s) from the wallet to add funds later. If you do this, you could create an empty wallet in step #1.
3) Burn the wallet to two or more CDs. Test the CDs, even re-import one of the wallets to ensure all went well.
4) Securely shred the wallet from the computer. Done!
At this point, most folks should be able to handle it. They can simply store the CDs in various places, just like with cash. Note that those with a little technical knowledge who can remember their password for a while can encrypt the wallet first.
|
Bitcoin is the ultimate freedom test. It tells you who is giving lip service and who genuinely believes in it.
... ... In the future, books that summarize the history of money will have a line that says, “and then came bitcoin.” It is the economic singularity. And we are living in it now. - Ryan Dickherber... ... ATTENTION BFL MINING NEWBS: Just got your Jalapenos in? Wondering how to get the most value for the least hassle? Give BitMinter a try! It's a smaller pool with a fair & low-fee payment method, lots of statistical feedback, and it's easier than EasyMiner! (Yes, we want your hashing power, but seriously, it IS the easiest pool to use! Sign up in seconds to try it!)... ... The idea that deflation causes hoarding (to any problematic degree) is a lie used to justify theft of value from your savings.
|
|
|
|
wumpus
|
|
August 05, 2011, 12:45:52 PM |
|
Assuming we're talking about savings wallets, or other wallets that won't need to be accessed very much, I'm surprised no one has mentioned CDs.
CDs/DVDs are indeed the digital WORM-medium of choice. But do watch out that sometimes they are very short-lived. I've had many CD-ROMs of 5 years ago already fail. I don't know how they compare to USB sticks on average, though... those might be just as bad. |
Bitcoin Core developer [PGP] Warning: For most, coin loss is a larger risk than coin theft. A disk can die any time. Regularly back up your wallet through File → Backup Wallet to an external storage or the (encrypted!) cloud. Use a separate offline wallet for storing larger amounts. |
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1025
|
|
August 05, 2011, 02:44:56 PM |
|
Read this. I describe a way to incrementally detach the wallet from the client. Read the rest of that thread too. It describes my notion of a hardware client, and as an added bonus, Gavin describes a service that would provide a lot of security for regular folks. Actually, the thread was Gavin's, and all of my stuff was off-topic, but whatever. Also, read this thread. And while you are at it, read natman3400's posts, particularly on his project, BitClip. We don't always agree on the details, but his project looks pretty good. |
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
bitcon
Legendary
Offline
Activity: 2212
Merit: 1008
|
|
August 05, 2011, 02:52:27 PM |
|
a couple years ago i put a USB flash drive through the washer and dryer on accident (left it in my pocket) and it still had all my data intact. still use it to this day!
|
|
|
|
|
|
RchGrav
|
|
August 05, 2011, 02:59:37 PM |
|
Assuming we're talking about savings wallets, or other wallets that won't need to be accessed very much, I'm surprised no one has mentioned CDs.
CDs/DVDs are indeed the digital WORM-medium of choice. But do watch out that sometimes they are very short-lived. I've had many CD-ROMs of 5 years ago already fail. I don't know how they compare to USB sticks on average, though... those might be just as bad. Flash media is usually rated by the number of write cycles NOT by the age of the product. As always I am continuing to recommend using the IronKey Product for storing their bitcoin data on. The S200 Series of IronKey has higher quality flash memory has faster / more write cycles than standard USB thumbdrives.. When stored they are UNHACKABLE without your password. When connected to a PC they have a built in backup software that can back the data up to your computer (Encrypted Format) with a single click. In case of loss, the encrypted backups can be restored to an IronKey with a single click. I recommend the use of the IronKey Basic S200 model. https://www.ironkey.com/demo-basichttp://www.google.com/search?q=Ironkey+Basic+S200&tbm=shop&hl=en&aq=f |
4C 6F 6E 67 4C 69 76 65 42 69 74 63 6F 69 6E
Qba'g lbh unir nalguvat orggre gb qb?
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1025
|
|
August 05, 2011, 03:14:44 PM |
|
I love my Ironkey, but I don't imagine it to be secure unless the attacker is a mere mortal. Google "Christopher Tarnovsky" and watch his videos from Blackat. A FIB is not exactly a common piece of hardware, but you can rent time on them in any major city, and in a few years you could probably build one in your garage.
Also, flash chips fail, without warning. Keep backups.
|
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
|
RchGrav
|
|
August 05, 2011, 03:20:02 PM
Last edit: August 05, 2011, 03:43:51 PM by RchGrav |
|
I love my Ironkey, but I don't imagine it to be secure unless the attacker is a mere mortal. Google "Christopher Tarnovsky" and watch his videos from Blackat. A FIB is not exactly a common piece of hardware, but you can rent time on them in any major city, and in a few years you could probably build one in your garage.
Also, flash chips fail, without warning. Keep backups.
Video Link? I have searched EXTENSIVELY looking for evidence of someone successfully hacking an IronKey... I would love to see what they are claiming. The backup feature of the IronKey is one of the features that makes it so great for bitcoin. I realize that ANYTHING is possible, but I can't imagine a technique that could be used to bypass the security used on an IronKey. I do understand that when the volume is mounted on a PC and the data is accessible there is an opportunity for loss, but in a locked state, in storage, or while carried I can't imagine a vulnerability. Thanks kjj EDIT: I found the video where he is removing a thin layer of epoxy from a satellite card using acid and scissors. http://www.youtube.com/watch?v=tnY7UVyaFiQMy understanding of the IronKey is that it's electronics themselves are protected against a number of BUS Based attacks, which will cause their encryption chip to instantly wipe the private keys. (If you get that far.) The type of flash memory used on board is 10-20x longer lived than consumer flash memory in the S200 models. (SLC not MLC?) Also.. my understanding is that the actual encryption keys NEVER leave the actual encryption chip, and the password counter is not susceptible to rollback attacks since it also exists inside the same chip and never enters the system memory. (The unlock application communicates ONLY to the cryptochip & even includes an on screen keyboard if the possibility of a keystroke logger exists.) The IronKey has been on the market for 4 years now, and I have YET to see one documented example of their design being hacked. Please if anyone can find a documented case of IronKey security being circumvented please share.. I will gladly stand corrected. I think I'll shoot an e-mail to Christopher Tarnovsky and ask him for his opinion on the product. |
4C 6F 6E 67 4C 69 76 65 42 69 74 63 6F 69 6E
Qba'g lbh unir nalguvat orggre gb qb?
|
|
|
|
drgr33n
|
|
August 05, 2011, 03:27:33 PM |
|
I feel like a cock for keep saying but use linuxcoin lol !! and make several backups of your wallet. If you use the secure bitcoin client included in linuxcoin your wallet is saved in encrypted space located /.wallet. This file is hidden but does exist. I recently stored some bitcoins on an encrypted wallet and threw it out in the wild to see if anyone would take the bait and steal the coins. So far noone has claimed them lol |
|
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1025
|
|
August 05, 2011, 03:32:49 PM |
|
I don't think he's done anything specific to Ironkey, but he rips apart supposedly secure chips. http://www.youtube.com/watch?v=WXX00tRKOlw&list=PLAA9393191173E134&index=31Watch the videos. The countermeasures that chip makers use to protect their dies are amazing. The way he bypasses all of them is even more amazing. |
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
|
RchGrav
|
|
August 05, 2011, 03:52:49 PM |
|
I feel like a cock for keep saying but use linuxcoin lol !! and make several backups of your wallet. If you use the secure bitcoin client included in linuxcoin your wallet is saved in encrypted space located /.wallet. This file is hidden but does exist. I recently stored some bitcoins on an encrypted wallet and threw it out in the wild to see if anyone would take the bait and steal the coins. So far noone has claimed them lol I have tested LinuxCoin running on an IronKey thumbdrive using the portable version of VirtualBox (found here http://www.vbox.me/) works GREAT. I didnt know enough about the TrustWorthiness of the LinuxCoin distribution to put my 100% trust in it, but it did work very well! Insert and unlock IronKey which has the VirtualBox VM set as an Icon on the IronKey launcher. Loads the LinuxCoin OS inside of a protected VM running from the IronKey device. The one thing I WISH my Ironkey could do is directly boot from the flash... Unfortunately this edition of the IronKey is only available from Lockheed Martin in large quantities and high costs unavailable to the average joe. Group buy? Lol http://www.youtube.com/watch?v=M8syM9phtpA |
4C 6F 6E 67 4C 69 76 65 42 69 74 63 6F 69 6E
Qba'g lbh unir nalguvat orggre gb qb?
|
|
|
|
