Bitcoin Forum
November 05, 2024, 01:17:03 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Protecting my offline wallets from physical theft  (Read 2239 times)
bitcoinrocks (OP)
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000


View Profile
December 06, 2013, 06:58:08 PM
 #1

Currently I have my BTC, LTC, NMC, PPC, and XPM in each of the clients on my Linux computer.  This worries me because if my computer is physically stolen, I would lose access to my coins permanently.  I've read about the various procedures for protecting coins from online attackers, but right now I'd like to protect my coins in the event my computer is stolen.  Should encrypting and backing up each wallet to a series of safe computers somewhere accomplish this?  It's OK if one of the backups is stolen since the backed up wallet is encrypted, right?

The procedure for this in the *-qt clients seems to be Encrypt Wallet and Backup Wallet, and for multibit it seems to be Add Password and Export Private Keys.  Is that correct?
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
December 07, 2013, 12:29:03 AM
 #2

Do that but put them in a encfs file, rar file or truecrypt. Then publish publicly

bitcoinrocks (OP)
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000


View Profile
December 07, 2013, 12:49:57 AM
 #3

I've encrypted each wallet and backed them up.

If the password I use to encrypt my wallets is compromised or otherwise deemed non-secure at some point, do I need to hunt down and delete all backed up copies which used that password?

Why is /home/user/MultiBit/multibit.key only 132 bytes when the wallet backups from all of the other clients are over 50 KB?

Multibit asks me if I want to password-protect the exported file when I Export Private Keys.  Is that redundant if I've already added a password via Add Password?
bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
December 07, 2013, 12:54:55 AM
 #4

Add all the passwords you can, different ones. Double or triple rar.

Also no hunting, simply sweep into new wallet.

StevenS
Full Member
***
Offline Offline

Activity: 206
Merit: 100


View Profile
December 07, 2013, 01:05:44 AM
 #5

If the password I use to encrypt my wallets is compromised or otherwise deemed non-secure at some point, do I need to hunt down and delete all backed up copies which used that password?
If the password is deemed non-secure, and the wallet (private key) that is protected by that password could be available to leaks, then your only choice is to transfer all the BTC from that compromised address to a new, secure one.

If you know the wallet that is protected by that password is still secure on your machine, then you only need to change to a more secure password.

Quote
Why is /home/user/MultiBit/multibit.key only 132 bytes when the wallet backups from all of the other clients are over 50 KB?
MultiBit separates the private key from other wallet data (which may include transactions, balance, etc.) Only the private key is needed to completely restore a wallet.

Quote
Multibit asks me if I want to password-protect the exported file when I Export Private Keys.  Is that redundant if I've already added a password via Add Password?
No. If the private key is exported without a password, then you'll have the encrypted copy in the wallet, and an unencrypted copy in the multibit.key file.

When you export a private key from MultiBit, you choose to add a password or not depending on what you will do with that file. If you will be transferring it over a network, then you should choose a password. However, if you are merely sending it directly to a printer, you can save it without a password, as long as you make sure it is securely deleted after you have printed it. Then store the printout in a safe.

Mycelium is another client I use that has a unique method of backing up. It creates a PDF file with encrypted private key(s) and displays the (secure) encryption password on the screen only. After you print the PDF file, you write the password on the printout with a pen, then store it in a safe. This method ensures that anyone who intercepts the printout before you have it will be unable to use it without the password that is only shown on the screen of your smartphone.
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
December 07, 2013, 03:53:22 AM
 #6

I'm just wondering about your computer. Is it a desktop? Is it a laptop?

When you talk about physical theft, it brings to mind physical security and access to where you actually have your computer.

In any case, you need redundant encrypted backups as theft is only one problem, and probably not your biggest problem. If some disaster hits, you've got it covered. And regardless, as soon as you can, you should sweep all your coins to a new wallet after anything happens.

antimattercrusader
Sr. Member
****
Offline Offline

Activity: 308
Merit: 250



View Profile
December 07, 2013, 04:09:08 AM
 #7

Hard drive failure is the biggest threat. I'd recommend encrypted DVD, and flash disks in several locations, as well as at least one paperwallet hidden somewhere

BTC: 13WYhobWLHRMvBwXGq5ckEuUyuDPgMmHuK
bitcoinrocks (OP)
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000


View Profile
December 07, 2013, 10:54:17 PM
 #8

If the password is deemed non-secure, and the wallet (private key) that is protected by that password could be available to leaks, then your only choice is to transfer all the BTC from that compromised address to a new, secure one.

If you know the wallet that is protected by that password is still secure on your machine, then you only need to change to a more secure password.

What if you back up your private keys along with the rest of your system backups which are then versioned via rdiff-backup?  I would think you'd have to delete all remnants of your private keys from your versioned backups in case they are compromised in the future and used with your non-secure password?  I'm not sure if rdiff-backup will do that but hopefully.


Quote
No. If the private key is exported without a password, then you'll have the encrypted copy in the wallet, and an unencrypted copy in the multibit.key file.

But on *-qt clients, if the wallet is encrypted with a password then the exported wallet will also be encrypted?
bitcoinrocks (OP)
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000


View Profile
December 08, 2013, 04:29:24 PM
 #9

Can anyone confirm the above two things for me?

I also noticed the following:

http://bitcoin.org/en/secure-your-wallet

Quote
Backup your entire wallet

Some wallets use many hidden private keys internally. If you only have a backup of the private keys for your visible Bitcoin addresses, you might not be able to recover a great part of your funds with your backup.

Quote
Make regular backups

You need to backup your wallet on a regular basis to make sure that all recent Bitcoin change addresses and all new Bitcoin addresses you created are included in your backup. However, all applications will be soon using wallets that only need to be backed up once.

Are these both non-issues with Multibit and the *-qt wallets?
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148
Merit: 1014


In Satoshi I Trust


View Profile WWW
December 08, 2013, 04:31:29 PM
 #10

Hard drive failure is the biggest threat. I'd recommend encrypted DVD, and flash disks in several locations, as well as at least one paperwallet hidden somewhere

yes, please dont store all coins on that pc  Undecided !

bitpop
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
December 08, 2013, 07:58:12 PM
 #11

Multibit might be an issue. Qt and armory are seeded

7Priest7
Sr. Member
****
Offline Offline

Activity: 392
Merit: 250


View Profile
December 08, 2013, 08:53:38 PM
 #12

Hard drive failure is the biggest threat. I'd recommend encrypted DVD, and flash disks in several locations, as well as at least one paperwallet hidden somewhere

Modern hard drives are not realistically susceptible to a full fledged crash.
At a software/os level hdd issues can occur, usually due to improper shutdowns.

First of all, I would suggest hdd encryption on the system you are using for offline storage.
That will protect the bitcoins/wallets.

Having a hidden/possibly encrypted private key in paper form would be wise.
You can store a private key with some extra encryption.
Do not disclose how the printed key is encrypted and run it through various algorithms.
Only you would you would how-to decrypt the paper copy and to a observer of the paper it would like nonsense.
It should be pretty darn safe.
You would be able to decrypt and transfer LONG before a thief could.
bitcoinrocks (OP)
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000


View Profile
December 09, 2013, 04:52:33 PM
 #13

Quote
I would suggest hdd encryption on the system you are using for offline storage. That will protect the bitcoins/wallets.

Why encrypt the hard drive to protect the wallet when only the wallet itself needs to be encrypted which is done via the client?
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
December 10, 2013, 02:33:59 AM
 #14

Quote
I would suggest hdd encryption on the system you are using for offline storage. That will protect the bitcoins/wallets.

Why encrypt the hard drive to protect the wallet when only the wallet itself needs to be encrypted which is done via the client?

Encrypted wallets (by the client) do not protect privacy. They only protect the private keys. The bitcoin addresses are still in the open.

If you encrypt your hard drive, no one sees anything.

jbreher
Legendary
*
Offline Offline

Activity: 3038
Merit: 1660


lose: unfind ... loose: untight


View Profile
December 10, 2013, 06:46:38 AM
 #15

Modern hard drives are not realistically susceptible to a full fledged crash.

I would argue strenuously against this assertion. If employed indefinitely, every HDD will fail. Every. Damn. One.

Anyone with a campaign ad in their signature -- for an organization with which they are not otherwise affiliated -- is automatically deducted credibility points.

I've been convicted of heresy. Convicted by a mere known extortionist. Read my Trust for details.
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1617
Merit: 1012



View Profile
December 10, 2013, 07:11:25 AM
 #16

Here is a simple solution that I use:

Place the encrypted wallet into an encrypted RAR/ZIP file protected by a strong passphrase. Put one copy of the file in a safe deposit box (USB drive) and the another copy on some online cloud storage or webmail account. Use a non-obvious name for the file.

Delete all other copies of the wallet. You can optionally do a DoD 3 wipe of the disk that held the wallet.

If it is a savings wallet, you can continue send BTC to the receiving address(es) in the wallet and check the balance on Blockchain.info.

If you ever restore the wallet to spend BTC, make sure to update all the cold backups so that you capture all the change addresses.
bitcoinrocks (OP)
Legendary
*
Offline Offline

Activity: 1372
Merit: 1000


View Profile
December 10, 2013, 03:39:35 PM
 #17

Quote
If you ever restore the wallet to spend BTC, make sure to update all the cold backups so that you capture all the change addresses.

This worries me.  So if I back up my private key and continue to use my wallet, the backed-up private key does not back up my entire balance at some point?
xrturbs
Newbie
*
Offline Offline

Activity: 31
Merit: 0


View Profile
December 10, 2013, 03:51:01 PM
 #18

I have my pc setup with 2x hard drives in a raid mirror , if one drive fails(and hard drives all fail at some point) I put another in and it rebuilds the image. I also backup my wallet .dat files to a USB stick and hide in case pc is stolen
RoxxR
Full Member
***
Offline Offline

Activity: 209
Merit: 148


View Profile
December 10, 2013, 07:17:30 PM
 #19

Quote
If you ever restore the wallet to spend BTC, make sure to update all the cold backups so that you capture all the change addresses.

This worries me.  So if I back up my private key and continue to use my wallet, the backed-up private key does not back up my entire balance at some point?

Depends on your client. If you re using electrum or armory, you re ok.
XBBlade
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
December 10, 2013, 07:24:57 PM
 #20

Harddrive faillure odds are bigger than theft. So backup your wallet on 2 USB sticks to be sure.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!