Some security questions

[varChar]

I will try to get a more secure wallet with some better backups. Thinking of using https://bitcoinarmory.com on a cold computer with some paper/usb backups on my wallet. Or if you have any better recomendation?

But I still got some questions:
How is it possible for a hacker to get the private key from a wallet installation on a hot computer?
Doesn't he still need the password for the wallet so he can get the private key out?
Isn't it unsecure to print a wallet to get a cold paper wallet? Perhaps the printer have som form of cache?

[roslinpl]

I will try to get a more secure wallet with some better backups. Thinking of using https://bitcoinarmory.com on a cold computer with some paper/usb backups on my wallet. Or if you have any better recomendation?

But I still got some questions:
How is it possible for a hacker to get the private key from a wallet installation on a hot computer?
Doesn't he still need the password for the wallet so he can get the private key out?
Isn't it unsecure to print a wallet to get a cold paper wallet? Perhaps the printer have som form of cache?

1. Armory is very good offline wallet.
2. If you set password for your private keys someone need password to use them
    IF your computer is secure from any hijacks your private keys are safe.
    If someone CAN access into your HDD and copy keys, he can also add some KeyLogger into your system
    and get all of yours passwords.
    So security means - malware free, virus and other shit free. Firewall ON, antivirus ON, self checks ON
3. Cache in printer hardware is erasing after task is done. Or in bad case - after turn off.
    I never heard about method to take somebodies printer and print his last printed document again.
   

[skidvis]

I highly recommend Electrum. I have its Watch-only wallet installed on my main PC and I have the normal wallet on an offline load of Ubuntu.

[varChar]

I will try to get a more secure wallet with some better backups. Thinking of using https://bitcoinarmory.com on a cold computer with some paper/usb backups on my wallet. Or if you have any better recomendation?

But I still got some questions:
How is it possible for a hacker to get the private key from a wallet installation on a hot computer?
Doesn't he still need the password for the wallet so he can get the private key out?
Isn't it unsecure to print a wallet to get a cold paper wallet? Perhaps the printer have som form of cache?

1. Armory is very good offline wallet.
2. If you set password for your private keys someone need password to use them
    IF your computer is secure from any hijacks your private keys are safe.
    If someone CAN access into your HDD and copy keys, he can also add some KeyLogger into your system
    and get all of yours passwords.
    So security means - malware free, virus and other shit free. Firewall ON, antivirus ON, self checks ON
3. Cache in printer hardware is erasing after task is done. Or in bad case - after turn off.
    I never heard about method to take somebodies printer and print his last printed document again.

1. Ok! I'll go with that.
2. The reason I wounder is because if I read about one that got scummed. And one reason he thought on was that he had the wallet as a backup on his dropbox. So it's not any dangerous to have it there if the wallet have password on it?

[roslinpl]

I will try to get a more secure wallet with some better backups. Thinking of using https://bitcoinarmory.com on a cold computer with some paper/usb backups on my wallet. Or if you have any better recomendation?

But I still got some questions:
How is it possible for a hacker to get the private key from a wallet installation on a hot computer?
Doesn't he still need the password for the wallet so he can get the private key out?
Isn't it unsecure to print a wallet to get a cold paper wallet? Perhaps the printer have som form of cache?

1. Armory is very good offline wallet.
2. If you set password for your private keys someone need password to use them
    IF your computer is secure from any hijacks your private keys are safe.
    If someone CAN access into your HDD and copy keys, he can also add some KeyLogger into your system
    and get all of yours passwords.
    So security means - malware free, virus and other shit free. Firewall ON, antivirus ON, self checks ON
3. Cache in printer hardware is erasing after task is done. Or in bad case - after turn off.
    I never heard about method to take somebodies printer and print his last printed document again.
.

Exacly. As long as nobody know or crack your password.
:-)

1. Ok! I'll go with that.
2. The reason I wounder is because if I read about one that got scummed. And one reason he thought on was that he had the wallet as a backup on his dropbox. So it's not any dangerous to have it there if the wallet have password on it?

[Kouye]

Windows? If so, and if you have 40$ to spend, you should make your own opinion about keyscrambler.
I bought it and am 100% statisfied, so far. Premium edition works with Armory, Bitcoin-Qt, Electrum, and Multibit.
http://www.qfxsoftware.com/ks-windows/which-keyscrambler.htm

I never had a keylogger injected on any of my computer (and I'm online since 1995), but this additional layer makes me feel even more confident.

FD: I don't have interest/link with QFX.

[DeathAndTaxes]

2. The reason I wounder is because if I read about one that got scummed. And one reason he thought on was that he had the wallet as a backup on his dropbox. So it's not any dangerous to have it there if the wallet have password on it?

Depends on how secure the password is.  Humans are generally very bad at picking secure passwords.  If you took a hundred random people and asked them for their "Secure" password a good % of those will be on compromised password lists so they can be attacked in a matter of minutes.   A larger group will be simply too short to provide brute force resistance.

So yes the attacker needs the wallet and password but if you wallet is on dropbox and the password for your wallet is the same password you use everywhere (including dropbox) well you probably are going to lose the wallet.

... or if the attacker can trick you into providing the password you are going to lose the wallet.

... of if the attacker can brute force your password because you though SexM@n123 was a secure passord then you are probably going to lose the wallet.

[hunnaryb]

3. Cache in printer hardware is erasing after task is done. Or in bad case - after turn off.
    I never heard about method to take somebodies printer and print his last printed document again.
 

Can happen if the printer has HDD (the big multipurpose things) so avoid these.

[roslinpl]

3. Cache in printer hardware is erasing after task is done. Or in bad case - after turn off.
    I never heard about method to take somebodies printer and print his last printed document again.
 

Can happen if the printer has HDD (the big multipurpose things) so avoid these.

Less have that dont have.  I will list here later printers with hdd.

[varChar]

Windows? If so, and if you have 40$ to spend, you should make your own opinion about keyscrambler.
I bought it and am 100% statisfied, so far. Premium edition works with Armory, Bitcoin-Qt, Electrum, and Multibit.
http://www.qfxsoftware.com/ks-windows/which-keyscrambler.htm

I never had a keylogger injected on any of my computer (and I'm online since 1995), but this additional layer makes me feel even more confident.

FD: I don't have interest/link with QFX.

So it does encrypt every key I press down? "KeyScrambler encrypts your keystrokes in real time in the browsers and apps listed here."
Sounds secure!

My thought was to get a cold computer. The price of the cheapest computer where I live is ~300$.
Because even if it QFX encrypts it still feels a bit unsecure. Proberly there will not be any problem, with or without it.
But even if I have it on a hot computer it does feel a bit unsecure to have the main storage of btc on that computer I do use to everything.


And if I get a cold computer, is there any point to update it to the latest windows update? Is there any idea to install any antivirus/anti malmware program on it?
This by download the programs to a USB.

[Kouye]

Well, if what you need is cold storage, why bother with a computer? Go for paper wallets, that's cheaper and easier to store.

[varChar]

Well, if what you need is cold storage, why bother with a computer? Go for paper wallets, that's cheaper and easier to store.

Had some thoughts in that as well. Perhaps it's enough?
That and that crypto QFX thing should be enough?