Bitcoin Forum
November 12, 2024, 05:56:04 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: What are YOU guys doing for security?  (Read 1012 times)
bitpop (OP)
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
January 19, 2014, 09:46:26 PM
 #1

Os? Truecrypt? Paper wallets? How do you do securities?

canth
Legendary
*
Offline Offline

Activity: 1442
Merit: 1001



View Profile
January 19, 2014, 10:14:20 PM
 #2

Os? Truecrypt? Paper wallets? How do you do securities?

My opinion on a solid setup:

  • OS doesn't really matter. Run whatever you have stronger knowledge and comfort with.
  • Use 2 virgin dedicated laptops and a dedicated USB stick. Never use them for anything other than cryptocurrencies.
  • Install Armory on each.
  • The offline laptop never connects to the internet. Disable all networking interfaces including Bluetooth at the driver and service level.
  • The online laptop runs a watching wallet only.
  • Send transactions are initiated on the online laptop, signed by the offline laptop and then sent by the online.

Backups can be handled by digital encrypted on USB stick + paper multi-part backups. Store in 3 or more locations including a safe deposit box.

bitpop (OP)
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
January 19, 2014, 10:20:35 PM
 #3

I was using paper wallets but I'm not fully confident. I'm switching to offline armory.

Though I'm removing the Wi-Fi card and gluing the Ethernet.

DieJohnny
Legendary
*
Offline Offline

Activity: 1639
Merit: 1006


View Profile
January 19, 2014, 10:24:25 PM
 #4

Use a YubiKey and LastPass, inexpensive, one password and physical key.

For Bitcoin I do not use any wallet.dat. i save my private keys in last pass encrypted file.

I also have one private key stored in two safe deposit box

Those who hold and those who are without property have ever formed distinct interests in society
canth
Legendary
*
Offline Offline

Activity: 1442
Merit: 1001



View Profile
January 19, 2014, 11:03:05 PM
 #5

I was using paper wallets but I'm not fully confident. I'm switching to offline armory.

Though I'm removing the Wi-Fi card and gluing the Ethernet.

A paper wallet created with an offline, dedicated laptop is secure but makes for less convenience when you need to send BTC transactions. I'm comfortable with the Armory offline/online setup as a good mix of security and convenience.

canth
Legendary
*
Offline Offline

Activity: 1442
Merit: 1001



View Profile
January 19, 2014, 11:11:00 PM
 #6

Use a YubiKey and LastPass, inexpensive, one password and physical key.

For Bitcoin I do not use any wallet.dat. i save my private keys in last pass encrypted file.

I also have one private key stored in two safe deposit box

LastPass is pretty trustworthy, but when it comes down to large sums money I don't consider any centralized company, subject to possible government coercion good enough. Better to use tools that are open and under full end user control. Aka, TrueCrypt, Password Safe and KeePass.

Also, do you use this same computer for email, gaming, running altcoin wallets? If so, then you're at risk of running targeted malware which could take advantage of any vulnerabilities in LastPass' client side, closed source software.

Sledge
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
January 20, 2014, 01:43:31 AM
 #7

That laptop that you "never connect to the internet" -- if I got my hands on it, I bet I could extract the private keys you made with it. Security concern. After generating keys, it should be erased and then fresh installed (use whatever techniques make this faster of course, like images etc.).
canth
Legendary
*
Offline Offline

Activity: 1442
Merit: 1001



View Profile
January 20, 2014, 01:52:19 AM
 #8

That laptop that you "never connect to the internet" -- if I got my hands on it, I bet I could extract the private keys you made with it. Security concern. After generating keys, it should be erased and then fresh installed (use whatever techniques make this faster of course, like images etc.).

1) If you got your hands on it, I'd probably know it went missing and the coins would be moved before you managed to get the private keys.
2) TrueCrypt + a strong boot password is reasonably hard to overcome. I do not leave it running except when signing transactions.
3) Digital copies of the wallet are stored on TrueCrypt encrypted USB sticks - if you can break into a safe deposit box, again, I'd probably be aware of it before you broke the encryption.

I'm not saying that it's impossible, but I sleep comfortably at night.

bitpop (OP)
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
January 20, 2014, 12:50:31 PM
 #9

There's nothing you can do about physical access except physical access is easy.

canth
Legendary
*
Offline Offline

Activity: 1442
Merit: 1001



View Profile
January 20, 2014, 12:56:31 PM
 #10

There's nothing you can do about physical access except physical access is easy.

Layered encryption is a good challenge to physical access and yes, physical access is relatively easy. As Andreas M Antonopoulos says, "...humans are great at physical security, but we suck at digital security."

bitpop (OP)
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
January 20, 2014, 01:08:13 PM
 #11

There's nothing you can do about physical access except physical access is easy.

Layered encryption is a good challenge to physical access and yes, physical access is relatively easy. As Andreas M Antonopoulos says, "...humans are great at physical security, but we suck at digital security."

Yup. There's the frozen memory and firewire attacks at the physical level, just to begin with.

canth
Legendary
*
Offline Offline

Activity: 1442
Merit: 1001



View Profile
January 20, 2014, 01:16:28 PM
 #12

There's nothing you can do about physical access except physical access is easy.

Layered encryption is a good challenge to physical access and yes, physical access is relatively easy. As Andreas M Antonopoulos says, "...humans are great at physical security, but we suck at digital security."

Yup. There's the frozen memory and firewire attacks at the physical level, just to begin with.

Frozen memory and firewire attacks do not work on a powered down laptop with an encrypted drive protected by a boot PIN. Keep the laptop with the keys powered off and you're much better off.

bitpop (OP)
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
January 20, 2014, 01:20:38 PM
 #13

There's nothing you can do about physical access except physical access is easy.

Layered encryption is a good challenge to physical access and yes, physical access is relatively easy. As Andreas M Antonopoulos says, "...humans are great at physical security, but we suck at digital security."

Yup. There's the frozen memory and firewire attacks at the physical level, just to begin with.

Frozen memory and firewire attacks do not work on a powered down laptop with an encrypted drive protected by a boot PIN. Keep the laptop with the keys powered off and you're much better off.

True and if it's gone, sweep immediately

canth
Legendary
*
Offline Offline

Activity: 1442
Merit: 1001



View Profile
January 20, 2014, 01:30:35 PM
 #14


True and if it's gone, sweep immediately

Exactly. Encryption gives you time to easily beat out even talented thieves from accessing your private keys. Maybe with today's computing power it would take a year to bruteforce a strong password. Maybe in 5 years, it'll take a week. That's fine since by then you'll have distributed your (hopefully) insanely valuable BTC across multiple wallets and addresses.

joele
Legendary
*
Offline Offline

Activity: 1022
Merit: 1000



View Profile
January 20, 2014, 02:32:56 PM
 #15

Store more of my bitcoins in my brain wallet, so I can keep them wherever I go, passphrase words that do not exist on the web and longer than private key. I can easily remember it because it's all personal to me.







bitpop (OP)
Legendary
*
Offline Offline

Activity: 2912
Merit: 1060



View Profile WWW
January 20, 2014, 02:36:42 PM
 #16

Store more of my bitcoins in my brain wallet, so I can keep them wherever I go, passphrase words that do not exist on the web and longer than private key. I can easily remember it because it's all personal to me.









You can add more security by hashing it yourself 1000 extra times

canth
Legendary
*
Offline Offline

Activity: 1442
Merit: 1001



View Profile
January 20, 2014, 04:27:34 PM
 #17

Store more of my bitcoins in my brain wallet, so I can keep them wherever I go, passphrase words that do not exist on the web and longer than private key. I can easily remember it because it's all personal to me.


That's fine for long term storage of 1 or maybe a few wallets - depends upon how solid your memory is. The question is how you will spend your BTC and how you'll manage security when doing these transactions. Eventually you have to deal with having a node on the internet, which is why I feel that the offline/online airgap setup is a good compromise.

shadallion
Full Member
***
Offline Offline

Activity: 304
Merit: 102


View Profile
January 21, 2014, 01:38:04 AM
 #18

I use a bitcoin firesafe (TM)  with a BIP38 brainwallet to store my largest chunk of BTC.
joele
Legendary
*
Offline Offline

Activity: 1022
Merit: 1000



View Profile
January 21, 2014, 02:54:41 AM
 #19

Store more of my bitcoins in my brain wallet, so I can keep them wherever I go, passphrase words that do not exist on the web and longer than private key. I can easily remember it because it's all personal to me.


That's fine for long term storage of 1 or maybe a few wallets - depends upon how solid your memory is. The question is how you will spend your BTC and how you'll manage security when doing these transactions. Eventually you have to deal with having a node on the internet, which is why I feel that the offline/online airgap setup is a good compromise.

True, I believe in the near future we will see new wallet that is hack proof, but for the meantime I store it in paper or brain wallet for long term and some in online app/services for spending.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!