Bitcoin Forum
December 15, 2024, 04:13:16 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Some security questions  (Read 1139 times)
varChar (OP)
Member
**
Offline Offline

Activity: 92
Merit: 10


View Profile
February 10, 2014, 04:34:47 PM
 #1

I will try to get a more secure wallet with some better backups. Thinking of using https://bitcoinarmory.com on a cold computer with some paper/usb backups on my wallet. Or if you have any better recomendation?

But I still got some questions:
How is it possible for a hacker to get the private key from a wallet installation on a hot computer?
Doesn't he still need the password for the wallet so he can get the private key out?
Isn't it unsecure to print a wallet to get a cold paper wallet? Perhaps the printer have som form of cache?
roslinpl
Legendary
*
Offline Offline

Activity: 2212
Merit: 1199


View Profile WWW
February 10, 2014, 10:43:17 PM
 #2

I will try to get a more secure wallet with some better backups. Thinking of using https://bitcoinarmory.com on a cold computer with some paper/usb backups on my wallet. Or if you have any better recomendation?

But I still got some questions:
How is it possible for a hacker to get the private key from a wallet installation on a hot computer?
Doesn't he still need the password for the wallet so he can get the private key out?
Isn't it unsecure to print a wallet to get a cold paper wallet? Perhaps the printer have som form of cache?


1. Armory is very good offline wallet.
2. If you set password for your private keys someone need password to use them
    IF your computer is secure from any hijacks your private keys are safe.
    If someone CAN access into your HDD and copy keys, he can also add some KeyLogger into your system
    and get all of yours passwords.
    So security means - malware free, virus and other shit free. Firewall ON, antivirus ON, self checks ON Smiley
3. Cache in printer hardware is erasing after task is done. Or in bad case - after turn off.
    I never heard about method to take somebodies printer and print his last printed document again.
   

skidvis
Newbie
*
Offline Offline

Activity: 12
Merit: 0


View Profile WWW
February 11, 2014, 12:56:28 AM
 #3

I highly recommend Electrum. I have its Watch-only wallet installed on my main PC and I have the normal wallet on an offline load of Ubuntu.
varChar (OP)
Member
**
Offline Offline

Activity: 92
Merit: 10


View Profile
February 11, 2014, 08:06:09 PM
 #4

I will try to get a more secure wallet with some better backups. Thinking of using https://bitcoinarmory.com on a cold computer with some paper/usb backups on my wallet. Or if you have any better recomendation?

But I still got some questions:
How is it possible for a hacker to get the private key from a wallet installation on a hot computer?
Doesn't he still need the password for the wallet so he can get the private key out?
Isn't it unsecure to print a wallet to get a cold paper wallet? Perhaps the printer have som form of cache?


1. Armory is very good offline wallet.
2. If you set password for your private keys someone need password to use them
    IF your computer is secure from any hijacks your private keys are safe.
    If someone CAN access into your HDD and copy keys, he can also add some KeyLogger into your system
    and get all of yours passwords.
    So security means - malware free, virus and other shit free. Firewall ON, antivirus ON, self checks ON Smiley
3. Cache in printer hardware is erasing after task is done. Or in bad case - after turn off.
    I never heard about method to take somebodies printer and print his last printed document again.


1. Ok! I'll go with that.
2. The reason I wounder is because if I read about one that got scummed. And one reason he thought on was that he had the wallet as a backup on his dropbox. So it's not any dangerous to have it there if the wallet have password on it?
roslinpl
Legendary
*
Offline Offline

Activity: 2212
Merit: 1199


View Profile WWW
February 11, 2014, 08:24:34 PM
 #5

I will try to get a more secure wallet with some better backups. Thinking of using https://bitcoinarmory.com on a cold computer with some paper/usb backups on my wallet. Or if you have any better recomendation?

But I still got some questions:
How is it possible for a hacker to get the private key from a wallet installation on a hot computer?
Doesn't he still need the password for the wallet so he can get the private key out?
Isn't it unsecure to print a wallet to get a cold paper wallet? Perhaps the printer have som form of cache?


1. Armory is very good offline wallet.
2. If you set password for your private keys someone need password to use them
    IF your computer is secure from any hijacks your private keys are safe.
    If someone CAN access into your HDD and copy keys, he can also add some KeyLogger into your system
    and get all of yours passwords.
    So security means - malware free, virus and other shit free. Firewall ON, antivirus ON, self checks ON Smiley
3. Cache in printer hardware is erasing after task is done. Or in bad case - after turn off.
    I never heard about method to take somebodies printer and print his last printed document again.
.

Exacly. As long as nobody know or crack your password.
:-)

1. Ok! I'll go with that.
2. The reason I wounder is because if I read about one that got scummed. And one reason he thought on was that he had the wallet as a backup on his dropbox. So it's not any dangerous to have it there if the wallet have password on it?
Kouye
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


Cuddling, censored, unicorn-shaped troll.


View Profile
February 11, 2014, 08:30:08 PM
 #6

Windows? If so, and if you have 40$ to spend, you should make your own opinion about keyscrambler.
I bought it and am 100% statisfied, so far. Premium edition works with Armory, Bitcoin-Qt, Electrum, and Multibit.
http://www.qfxsoftware.com/ks-windows/which-keyscrambler.htm

I never had a keylogger injected on any of my computer (and I'm online since 1995), but this additional layer makes me feel even more confident. Wink

FD: I don't have interest/link with QFX.

[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition!
I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked.
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218
Merit: 1079


Gerald Davis


View Profile
February 11, 2014, 08:30:58 PM
 #7

2. The reason I wounder is because if I read about one that got scummed. And one reason he thought on was that he had the wallet as a backup on his dropbox. So it's not any dangerous to have it there if the wallet have password on it?

Depends on how secure the password is.  Humans are generally very bad at picking secure passwords.  If you took a hundred random people and asked them for their "Secure" password a good % of those will be on compromised password lists so they can be attacked in a matter of minutes.   A larger group will be simply too short to provide brute force resistance.

So yes the attacker needs the wallet and password but if you wallet is on dropbox and the password for your wallet is the same password you use everywhere (including dropbox) well you probably are going to lose the wallet.

... or if the attacker can trick you into providing the password you are going to lose the wallet.

... of if the attacker can brute force your password because you though SexM@n123 was a secure passord then you are probably going to lose the wallet.
hunnaryb
Hero Member
*****
Offline Offline

Activity: 506
Merit: 500



View Profile
February 11, 2014, 08:39:02 PM
 #8

3. Cache in printer hardware is erasing after task is done. Or in bad case - after turn off.
    I never heard about method to take somebodies printer and print his last printed document again.
 

Can happen if the printer has HDD (the big multipurpose things) so avoid these.

 

▇▇▇▇
▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇
▇▇▇▇▇▇
 
roslinpl
Legendary
*
Offline Offline

Activity: 2212
Merit: 1199


View Profile WWW
February 11, 2014, 08:48:41 PM
 #9

3. Cache in printer hardware is erasing after task is done. Or in bad case - after turn off.
    I never heard about method to take somebodies printer and print his last printed document again.
 

Can happen if the printer has HDD (the big multipurpose things) so avoid these.

Less have that dont have.  I will list here later printers with hdd.
varChar (OP)
Member
**
Offline Offline

Activity: 92
Merit: 10


View Profile
February 13, 2014, 08:11:27 AM
 #10

Windows? If so, and if you have 40$ to spend, you should make your own opinion about keyscrambler.
I bought it and am 100% statisfied, so far. Premium edition works with Armory, Bitcoin-Qt, Electrum, and Multibit.
http://www.qfxsoftware.com/ks-windows/which-keyscrambler.htm

I never had a keylogger injected on any of my computer (and I'm online since 1995), but this additional layer makes me feel even more confident. Wink

FD: I don't have interest/link with QFX.

So it does encrypt every key I press down? "KeyScrambler encrypts your keystrokes in real time in the browsers and apps listed here."
Sounds secure!

My thought was to get a cold computer. The price of the cheapest computer where I live is ~300$.
Because even if it QFX encrypts it still feels a bit unsecure. Proberly there will not be any problem, with or without it.
But even if I have it on a hot computer it does feel a bit unsecure to have the main storage of btc on that computer I do use to everything.


And if I get a cold computer, is there any point to update it to the latest windows update? Is there any idea to install any antivirus/anti malmware program on it?
This by download the programs to a USB.
Kouye
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250


Cuddling, censored, unicorn-shaped troll.


View Profile
February 13, 2014, 09:13:07 AM
 #11

Well, if what you need is cold storage, why bother with a computer? Go for paper wallets, that's cheaper and easier to store. Wink

[OVER] RIDDLES 2nd edition --- this was claimed. Look out for 3rd edition!
I won't ever ask for a loan nor offer any escrow service. If I do, please consider my account as hacked.
varChar (OP)
Member
**
Offline Offline

Activity: 92
Merit: 10


View Profile
February 13, 2014, 09:21:10 AM
 #12

Well, if what you need is cold storage, why bother with a computer? Go for paper wallets, that's cheaper and easier to store. Wink

Had some thoughts in that as well. Perhaps it's enough?
That and that crypto QFX thing should be enough?
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!