How do you encrypt/backup your wallet

[Abdussamad]

Could someone clarify this for me: I've encrypted my wallet using BitcoinQT's built in feature. The password has ~150bits of entropy - can I safely store my encrypted wallet.dat in the cloud?

I would add a simple zip encryption too and call it pictures.

Archive encryptions used to be exceptionally weak and vulnerable in the past and zip encryption was particularly weak IIRC. Did anything change in that regard?

I personally use 7zip, which employs AES-256 encryption.
It should be strong enough when the password is long, right?

Not sure about other archive software though.

Yep, good as extra precaution. Just as long as you remember your password

Maybe it's overkill and just creates an unneeded extra step on my part but I'm going to make an archive with 7zip and then use boxcyptor on top that. Also it's stored on my google drive which requires 2 factor authentication through my phone on top of that password. Also the file name is changed to something that won't stand out so even if someone did get access to all the different passwords and my phone they still might have a hard time ever knowing to grab that file.

All of this crap will only make it harder to a) make backups and b) restore from backups and c) recover backups should you ever forget your passwords. In the end you'll be dissuaded from making regular backups and you'll loose coins, so keep it simple. Use the built in encryption in bitcoin-qt and store your backups offline on removable media like USB drives. Sticking it online is asking for trouble.

Also remember to make new backups once every 100 transactions or you'll loose coins. Alternatively you could switch to electrum and only need to make one backup at the start.

[Light]

All of this crap will only make it harder to a) make backups and b) restore from backups and c) recover backups should you ever forget your passwords. In the end you'll be dissuaded from making regular backups and you'll loose coins, so keep it simple. Use the built in encryption in bitcoin-qt and store your backups offline on removable media like USB drives. Sticking it online is asking for trouble.

Also remember to make new backups once every 100 transactions or you'll loose coins. Alternatively you could switch to electrum and only need to make one backup at the start.

Provided he uses a long password (20+) with numbers, different cases and symbols he should be fine with uploading it, as unless his pass is guessed or hit by a dictionary attack he should be fine with uploading it to an online storage site. Plus it means that if he has a fire or somehow loses all his USBs he can always download a copy of his wallet.

[Abdussamad]

All of this crap will only make it harder to a) make backups and b) restore from backups and c) recover backups should you ever forget your passwords. In the end you'll be dissuaded from making regular backups and you'll loose coins, so keep it simple. Use the built in encryption in bitcoin-qt and store your backups offline on removable media like USB drives. Sticking it online is asking for trouble.

Also remember to make new backups once every 100 transactions or you'll loose coins. Alternatively you could switch to electrum and only need to make one backup at the start.

Provided he uses a long password (20+) with numbers, different cases and symbols he should be fine with uploading it, as unless his pass is guessed or hit by a dictionary attack he should be fine with uploading it to an online storage site. Plus it means that if he has a fire or somehow loses all his USBs he can always download a copy of his wallet.

Let's see to crack the wallet you need a copy of the encrypted wallet + the password

1. Offline backups mean to get the copy of the encrypted wallet you need to physically visit his residence/office and grab the backup disks.

2. Online backups mean you need to access his cloud account. You can take your sweet time doing this remotely. Phishing attacks would work in this scenario.

So IMO 1. is much better.

edit: To secure your wallet in your online storage you have to keep a strong password for you wallet file, your storage account *and* your email account because otherwise a thief could use the forgotten password link to get access to your storage account. To secure your offline backup you only need the password for your wallet file and the key to your safe deposit box/storage box whatever where you are keeping your backup media.

[empoweoqwj]

Could someone clarify this for me: I've encrypted my wallet using BitcoinQT's built in feature. The password has ~150bits of entropy - can I safely store my encrypted wallet.dat in the cloud?

I would add a simple zip encryption too and call it pictures.

Archive encryptions used to be exceptionally weak and vulnerable in the past and zip encryption was particularly weak IIRC. Did anything change in that regard?

I personally use 7zip, which employs AES-256 encryption.
It should be strong enough when the password is long, right?

Not sure about other archive software though.

Yep, good as extra precaution. Just as long as you remember your password

Maybe it's overkill and just creates an unneeded extra step on my part but I'm going to make an archive with 7zip and then use boxcyptor on top that. Also it's stored on my google drive which requires 2 factor authentication through my phone on top of that password. Also the file name is changed to something that won't stand out so even if someone did get access to all the different passwords and my phone they still might have a hard time ever knowing to grab that file.

The tricky part is not inventing an amazingly layered protection scheme .... the tricky part is passing the wealth onto your loved ones should the worse come to the worse. We all need to think about that aspect as well. None of us is going to be here for ever unfortunately.

[Light]

Let's see to crack the wallet you need a copy of the encrypted wallet + the password

1. Offline backups mean to get the copy of the encrypted wallet you need to physically visit his residence/office and grab the backup disks.

2. Online backups mean you need to access his cloud account. You can take your sweet time doing this remotely. Phishing attacks would work in this scenario.

So IMO 1. is much better.

edit: To secure your wallet in your online storage you have to keep a strong password for you wallet file, your storage account *and* your email account because otherwise a thief could use the forgotten password link to get access to your storage account. To secure your offline backup you only need the password for your wallet file and the key to your safe deposit box/storage box whatever where you are keeping your backup media.

The problem with 1. is that if you don't store you physical USB (or w/e storage device) somewhere other than your home, if you home burns down or if you lose the backup then your kind of screwed if you do need to rely on your backup. With 2. the only way you actually lose your wallet is if you give out your password (provided it's a proper secure password - not something stupid like 1234) in which case if your dumb enough to give people your password then you deserve to lose your money. It's like if your dumb enough to give people all your bank details don't be surprised if people just empty out your account.

[empoweoqwj]

Let's see to crack the wallet you need a copy of the encrypted wallet + the password

1. Offline backups mean to get the copy of the encrypted wallet you need to physically visit his residence/office and grab the backup disks.

2. Online backups mean you need to access his cloud account. You can take your sweet time doing this remotely. Phishing attacks would work in this scenario.

So IMO 1. is much better.

edit: To secure your wallet in your online storage you have to keep a strong password for you wallet file, your storage account *and* your email account because otherwise a thief could use the forgotten password link to get access to your storage account. To secure your offline backup you only need the password for your wallet file and the key to your safe deposit box/storage box whatever where you are keeping your backup media.

The problem with 1. is that if you don't store you physical USB (or w/e storage device) somewhere other than your home, if you home burns down or if you lose the backup then your kind of screwed if you do need to rely on your backup. With 2. the only way you actually lose your wallet is if you give out your password (provided it's a proper secure password - not something stupid like 1234) in which case if your dumb enough to give people your password then you deserve to lose your money. It's like if your dumb enough to give people all your bank details don't be surprised if people just empty out your account.

1. Create a super-strong encryption password, stick it in bank or with lawyer.
2. Back-up your wallet online, and tell your loved ones (a) how to access it, and (b) who has the password

No scheme is perfect, but that's reasonable.