What are YOU guys doing for security?

[bitpop]

Os? Truecrypt? Paper wallets? How do you do securities?

[canth]

Os? Truecrypt? Paper wallets? How do you do securities?

My opinion on a solid setup:

• OS doesn't really matter. Run whatever you have stronger knowledge and comfort with.
• Use 2 virgin dedicated laptops and a dedicated USB stick. Never use them for anything other than cryptocurrencies.
• Install Armory on each.
• The offline laptop never connects to the internet. Disable all networking interfaces including Bluetooth at the driver and service level.
• The online laptop runs a watching wallet only.
• Send transactions are initiated on the online laptop, signed by the offline laptop and then sent by the online.

Backups can be handled by digital encrypted on USB stick + paper multi-part backups. Store in 3 or more locations including a safe deposit box.

[bitpop]

I was using paper wallets but I'm not fully confident. I'm switching to offline armory.

Though I'm removing the Wi-Fi card and gluing the Ethernet.

[DieJohnny]

Use a YubiKey and LastPass, inexpensive, one password and physical key.

For Bitcoin I do not use any wallet.dat. i save my private keys in last pass encrypted file.

I also have one private key stored in two safe deposit box

[canth]

I was using paper wallets but I'm not fully confident. I'm switching to offline armory.

Though I'm removing the Wi-Fi card and gluing the Ethernet.

A paper wallet created with an offline, dedicated laptop is secure but makes for less convenience when you need to send BTC transactions. I'm comfortable with the Armory offline/online setup as a good mix of security and convenience.

[canth]

Use a YubiKey and LastPass, inexpensive, one password and physical key.

For Bitcoin I do not use any wallet.dat. i save my private keys in last pass encrypted file.

I also have one private key stored in two safe deposit box

LastPass is pretty trustworthy, but when it comes down to large sums money I don't consider any centralized company, subject to possible government coercion good enough. Better to use tools that are open and under full end user control. Aka, TrueCrypt, Password Safe and KeePass.

Also, do you use this same computer for email, gaming, running altcoin wallets? If so, then you're at risk of running targeted malware which could take advantage of any vulnerabilities in LastPass' client side, closed source software.

[Sledge]

That laptop that you "never connect to the internet" -- if I got my hands on it, I bet I could extract the private keys you made with it. Security concern. After generating keys, it should be erased and then fresh installed (use whatever techniques make this faster of course, like images etc.).

[canth]

That laptop that you "never connect to the internet" -- if I got my hands on it, I bet I could extract the private keys you made with it. Security concern. After generating keys, it should be erased and then fresh installed (use whatever techniques make this faster of course, like images etc.).

1) If you got your hands on it, I'd probably know it went missing and the coins would be moved before you managed to get the private keys.
2) TrueCrypt + a strong boot password is reasonably hard to overcome. I do not leave it running except when signing transactions.
3) Digital copies of the wallet are stored on TrueCrypt encrypted USB sticks - if you can break into a safe deposit box, again, I'd probably be aware of it before you broke the encryption.

I'm not saying that it's impossible, but I sleep comfortably at night.

[bitpop]

There's nothing you can do about physical access except physical access is easy.

[canth]

There's nothing you can do about physical access except physical access is easy.

Layered encryption is a good challenge to physical access and yes, physical access is relatively easy. As Andreas M Antonopoulos says, "...humans are great at physical security, but we suck at digital security."

[bitpop]

There's nothing you can do about physical access except physical access is easy.

Layered encryption is a good challenge to physical access and yes, physical access is relatively easy. As Andreas M Antonopoulos says, "...humans are great at physical security, but we suck at digital security."

Yup. There's the frozen memory and firewire attacks at the physical level, just to begin with.

[canth]

There's nothing you can do about physical access except physical access is easy.

Layered encryption is a good challenge to physical access and yes, physical access is relatively easy. As Andreas M Antonopoulos says, "...humans are great at physical security, but we suck at digital security."

Yup. There's the frozen memory and firewire attacks at the physical level, just to begin with.

Frozen memory and firewire attacks do not work on a powered down laptop with an encrypted drive protected by a boot PIN. Keep the laptop with the keys powered off and you're much better off.

[bitpop]

There's nothing you can do about physical access except physical access is easy.

Layered encryption is a good challenge to physical access and yes, physical access is relatively easy. As Andreas M Antonopoulos says, "...humans are great at physical security, but we suck at digital security."

Yup. There's the frozen memory and firewire attacks at the physical level, just to begin with.

Frozen memory and firewire attacks do not work on a powered down laptop with an encrypted drive protected by a boot PIN. Keep the laptop with the keys powered off and you're much better off.

True and if it's gone, sweep immediately

[canth]

True and if it's gone, sweep immediately

Exactly. Encryption gives you time to easily beat out even talented thieves from accessing your private keys. Maybe with today's computing power it would take a year to bruteforce a strong password. Maybe in 5 years, it'll take a week. That's fine since by then you'll have distributed your (hopefully) insanely valuable BTC across multiple wallets and addresses.

[joele]

Store more of my bitcoins in my brain wallet, so I can keep them wherever I go, passphrase words that do not exist on the web and longer than private key. I can easily remember it because it's all personal to me.

[bitpop]

Store more of my bitcoins in my brain wallet, so I can keep them wherever I go, passphrase words that do not exist on the web and longer than private key. I can easily remember it because it's all personal to me.

You can add more security by hashing it yourself 1000 extra times

[canth]

Store more of my bitcoins in my brain wallet, so I can keep them wherever I go, passphrase words that do not exist on the web and longer than private key. I can easily remember it because it's all personal to me.

That's fine for long term storage of 1 or maybe a few wallets - depends upon how solid your memory is. The question is how you will spend your BTC and how you'll manage security when doing these transactions. Eventually you have to deal with having a node on the internet, which is why I feel that the offline/online airgap setup is a good compromise.

[shadallion]

I use a bitcoin firesafe (TM)  with a BIP38 brainwallet to store my largest chunk of BTC.

[joele]

Store more of my bitcoins in my brain wallet, so I can keep them wherever I go, passphrase words that do not exist on the web and longer than private key. I can easily remember it because it's all personal to me.

That's fine for long term storage of 1 or maybe a few wallets - depends upon how solid your memory is. The question is how you will spend your BTC and how you'll manage security when doing these transactions. Eventually you have to deal with having a node on the internet, which is why I feel that the offline/online airgap setup is a good compromise.

True, I believe in the near future we will see new wallet that is hack proof, but for the meantime I store it in paper or brain wallet for long term and some in online app/services for spending.