Don't let too many coins in your wallet.dat, store them in a crypted bitsafe.dat

[Pygy]

I suggested it in another thread, but I think it warrants its own topic.

A serious problem with the bitcoin system is a wallet.dat can be stolen and emptied by a third party.

To solve this problem, a good practice is to create a second wallet, encrypt it with truecrypt and keep it offline. You can unload there your everyday wallet when it becomes too fat.

I suggest calling such a file bitsafe.dat, since it mirrors the real life use of these objects.

It would be nice if the Bitcoin client supported that functionality, ie

• The ability to create a bitsafe
• The ability to load such a safe from a reomte drive.

[no to the gold cult]

I don't see what the big deal is, just archive encrypt your wallet and rename it tentacle-porn or whatever.

[deadlizard]

I don't see what the big deal is, just archive encrypt your wallet and rename it tentacle-porn or whatever.

Shit, I've been compromised 

[Pygy]

It is not a technical, but a social/UX issue.

The idea is to encourage good practice for the layman.

I think that this routine must be advertised widely, especially to non-technical people, unless you want to read horror stories all over the place. Providing a minimal resistance path for it out of the box would be good for Bitcoin in the long run.

Giving meaningful names to the key files doesn't hurt.

[ryepdx]

Providing a minimal resistance path for it out of the box would be good for Bitcoin in the long run.

Well said. When a user gets burned, it's generally safe to assume that they're going to blame the product. For example, I hear people complaining all the time about how slow and unreliable their Windows boxes are, never mind that they spend hours each day downloading torrents without decent virus protection. Good security practices should, as much as possible, be done for the user, not by the user.

[MrBison]

Well, having a form of (optional) password protection would be very very nice.

I think that's one of the features Bitcoin must get ASAP. Encrypting your wallet.dat and asking for a password / keyfile (only it should not be generated, so any file you have can be used as one, a-la TrueCrypt) upon each load.