A question about my bitcoin balance

[DireWolfM14]

I'm thinking on uploading my rar on some google drives and mega accounts. Can't be lost then. And if course save it on hardware too.

I use redundant backups, multiple encrypted digital backups as well as paper backups, but I would never store my seed phrase on a cloud drive.  Google isn't likely to flounder and go out of business, but they are very likely to get hacked.  If they do get hacked, it may be weeks, months, or even years before they are aware of, and disclose the hack.  In such a case you have to rely on the veracity of your encryption to protect your funds.  I think it's safest to just take that risk out of the equation.  

I'm a firm believer in physical backups on paper, it's really the safest way to store your seed.  I store my paper backups in a fire-resistant document bag, which in turn is in fire-resistant safe.  Fire resistant document bags and small document safes can be found for affordable prices.

[1714157536]

1714157536

[1714157536]

1714157536

[1714157536]

1714157536

[BlackHatCoiner]

I'm thinking on uploading my rar on some google drives and mega accounts. Can't be lost then. And if course save it on hardware too.

I use redundant backups, multiple encrypted digital backups as well as paper backups, but I would never store my seed phrase on a cloud drive.  Google isn't likely to flounder and go out of business, but they are very likely to get hacked.  If they do get hacked, it may be weeks, months, or even years before they are aware of, and disclose the hack.  In such a case you have to rely on the veracity of your encryption to protect your funds.  I think it's safest to just take that risk out of o the equation. 

I'm a firm believer in physical back ups on paper, it's really the safest way to store your seed.  I store my paper backups in a fire-resistant document bag, which in turn is in fire-resistant safe.  Fire resistant document bags and small document safes can be found for affordable prices.

How exactly can a hacker bypass 2 hash algorithms with passwords like "asdojiio89wd89A89S98yasbk2ejk"? And why to do it on a rar called "college.rar"

[DireWolfM14]

How exactly can a hacker bypass 2 hash algorithms with passwords like "asdojiio89wd89A89S98yasbk2ejk"? And why to do it on a rar called "college.rar"

I'm not saying it would be easy to hack google or break your encryption, I'm just saying it adds risk.  Why add risk when you can avoid it?

Cryptocurrency is all about being in control of your funds, and not relying on anyone else for the security of those funds.  That can be good and bad, because the security of those funds is all determined by your actions.

[MrFreeDragon]

The question is about 1BTC  
No need to oversecure it. Saving on cloud drive also could be fine, however just encrypt the data before uploading it there. And make the offline bacup also.

Short example of ecnryption with online tool https://encode-decode.com/aes256-encrypt-online/

Encryption secret (the one used to encrypt): BlackHatCoiner
Then store the message on cloud drive in this format:

Code:

l/e5nTbRjziT5lTT+VSJ9RQecY01EM7+vbUinVywjdLsnQmaayK5Krq2WP51PXa9kQauKfPUKffr/cv3/9ivL99m9wXESq99OS/KqI45du6LbuvLhDF9y1ZnMyzUJsX1eZoGTfkDlgh8X/KOLzjeNg==

For encryption/decryption other cipthers/tools could be used of course.

EDIT: added code tag for the encrypted string

[BlackHatCoiner]

The question is about 1BTC  
No need to oversecure it. Saving on cloud drive also could be fine, however just encrypt the data before uploading it there. And make the offline bacup also.

Short example of ecnryption with online tool https://encode-decode.com/aes256-encrypt-online/

Encryption secret (the one used to encrypt): BlackHatCoiner
Then store the message on cloud drive in this format:

Code:

l/e5nTbRjziT5lTT+VSJ9RQecY01EM7+vbUinVywjdLsnQmaayK5Krq2WP51PXa9kQauKfPUKffr/cv3/9ivL99m9wXESq99OS/KqI45du6LbuvLhDF9y1ZnMyzUJsX1eZoGTfkDlgh8X/KOLzjeNg==

For encryption/decryption other cipthers/tools could be used of course.

EDIT: added code tag for the encrypted string

Doesn't rar encrypts on hash format? Like MD5("black") = 1ffd9e753c8054cc61456ac7fac1ac89

[Lakai01]

Short example of ecnryption with online tool https://encode-decode.com/aes256-encrypt-online/

For the over-cautious among us :
Having your data encrypted using an online tool is not necessarily a good idea, you don't know if the data is stored somewhere in plain text. The chances are of course extremely small that the person in question will then also come into possession of the *.rar file.

But there are enough tools that allow offline encryption, you don't necessarily have to use an online tool. openssl is one of the most popular and most common tools for this.

Edit: Added a link to openssl

[BlackHatCoiner]

Short example of ecnryption with online tool https://encode-decode.com/aes256-encrypt-online/

For the over-cautious among us :
Having your data encrypted using an online tool is not necessarily a good idea, you don't know if the data is stored somewhere in plain text. The chances are of course extremely small that the person in question will then also come into possession of the *.rar file.

But there are enough tools that allow offline encryption, you don't necessarily have to use an online tool. openssl is one of the most popular and most common tools for this.

Edit: Added a link to openssl

To be honest, I trust the cloud more than my pc. Not because of malwares or viruses. Because of computer's life. If the computer crashes I will lose the rar => I will lose my bitcoins. So better uploading to an almost trillion dollar company hoster.

[o_e_l_e_o]

To be honest, I trust the cloud more than my pc.

You're not just trusting the cloud servers not to experience hardware failure though. You are trusting the security of their servers. You are trusting the security of your upload. You are trusting the security of their transfers and back ups. You are trusting all their employees. You are trusting everyone who contributed to the code of your RAR archiver. You are trusting everyone who contributed to the code of whatever encryption algorithm your RAR archiver uses.

Even if you still trust all of that more than your own PC, why do it when there is another, simpler option - writing it down on paper - which doesn't require any trust whatsoever?

[MrFreeDragon]

-snip-
But there are enough tools that allow offline encryption, you don't necessarily have to use an online tool. openssl is one of the most popular and most common tools for this.
-snip-

Agree that openssl offline is better. However keep in mind that here we are helping TC with the best solution.
Working with openssl in command line will not make him happy, i beleive.

Oh yes, you also forget to add that the encrypted with openssl content should be copied to the encrypted volume (made with TrueCrypt or its forks after they stopped) and that volume later copied to the cloud 

[DireWolfM14]

The question is about 1BTC  
No need to oversecure it. Saving on cloud drive also could be fine, however just encrypt the data before uploading it there. And make the offline bacup also.

Short example of ecnryption with online tool https://encode-decode.com/aes256-encrypt-online/

Encryption secret (the one used to encrypt): BlackHatCoiner
Then store the message on cloud drive in this format:

Code:

l/e5nTbRjziT5lTT+VSJ9RQecY01EM7+vbUinVywjdLsnQmaayK5Krq2WP51PXa9kQauKfPUKffr/cv3/9ivL99m9wXESq99OS/KqI45du6LbuvLhDF9y1ZnMyzUJsX1eZoGTfkDlgh8X/KOLzjeNg==

For encryption/decryption other cipthers/tools could be used of course.

EDIT: added code tag for the encrypted string

I'm sorry, MrFreeDragon, I don't mean to put you on the spot, but this is absolutely the most ludicrous advice one can give.  You're telling people to enter their seed phrase into a web form?  Allow a third party to encrypt it?  Then store it on another third party's server?  That's the worst of bad practices all bundled up in one post. 

[BlackHatCoiner]

To be honest, I trust the cloud more than my pc.

You're not just trusting the cloud servers not to experience hardware failure though. You are trusting the security of their servers. You are trusting the security of your upload. You are trusting the security of their transfers and back ups. You are trusting all their employees. You are trusting everyone who contributed to the code of your RAR archiver. You are trusting everyone who contributed to the code of whatever encryption algorithm your RAR archiver uses.

Really? Read what you're actually writing. Don't you trust everyone contributed to the code of winrar? What exactly are you trusting anyway.

May I ask you something? Do you use pure bitcoin core with the entire blockchain downloaded? Because why trusting a wallet like electrum huh?

Some things are surely trusted. I can always fault something else. Why should I trust windows OS internet connected for example?

[o_e_l_e_o]

Don't you trust everyone contributed to the code of winrar?

I don't use WinRAR.

Because why trusting a wallet like electrum huh?

Electrum is open source. WinRAR and Google's Cloud Servers are not.

Why should I trust windows OS internet connected for example?

You shouldn't. Use Linux.

[MrFreeDragon]

-snip-
I'm sorry, MrFreeDragon, I don't mean to put you on the spot, but this is absolutely the most ludicrous advice one can give.  You're telling people to enter their seed phrase into a web form?  Allow a third party to encrypt it?  Then store it on another third party's server?  That's the worst of bad practices all bundled up in one post. 

I agree with you. I just wanted to show the form how the encrypted key looks like )
TC wants to store the key online in the cloud. The best solution to do it - is to encrypt it.

And once more: the story is about 1BTC funds. The approach is different to store 1BTC and 100BTC or 1000BTC. I do not think that to have a copy of the private key (encrypted one) in the cloud is a bad idea. It makes sence.
Yes, it is not secure, yes it has the risks...

BUT, do you think that peope use only open sourced systems and open sourced software? No, they use messengers, use trackers, use intellectual home systems, etc, etc. People have many many evidences of their life. Even you make all the encryption offline at the dark room, you are not guaranteed that your system is clear from backdoors...

So, let us not be so paranoic and give the topic creator the practical solution. If he wants to store the key in the cloud, so I just recommend him to encrypt it before uploading online. But you are right, DireWolfM14, the encryption should be performed offline with the trust tools rather than online.

[pooya87]

BUT, do you think that peope use only open sourced systems and open sourced software? No, they use messengers, use trackers, use intellectual home systems, etc, etc. People have many many evidences of their life. Even you make all the encryption offline at the dark room, you are not guaranteed that your system is clear from backdoors...

that doesn't mean they should continue having their false habits when it comes to handling valuable bitcoin and its storage. instead they should start learning how to give up those wrong habits and learn more about security. otherwise they will end up with a bad experience like many others which you can find in tech support board.

[o_e_l_e_o]

Yes, it is not secure, yes it has the risks...

If you agree it is not secure and is risky, then why are you advocating for it when there are more secure and less risky (not to mention simpler) options available?

Even you make all the encryption offline at the dark room, you are not guaranteed that your system is clear from backdoors...

You are essentially saying that since you can't absolutely guarantee that your airgapped, offline, encrypted wallet won't ever be hacked, then what's the point in even trying, and just save your data on the cloud, which is nonsense. I can't guarantee that if I smash my car in to a wall I'll live, but that doesn't mean I'm going to take out the airbags and stop wearing my seat belt.

There is no system in the world that is 100% safe, and yes, that includes airgapped wallets. But if the risk of two methods being hacked is 0.001% and 1% respectively, then I know which one I'm going to be choosing.

[MrFreeDragon]

-snip-
If you agree it is not secure and is risky, then why are you advocating for it when there are more secure and less risky (not to mention simpler) options available?
-snip-

Ok, I think I should stop advocating mysel. The main purpose was to say that the key should be encrypted before saving online in the cloud. For demonstration purposes I used the online tool (as it is also very easy to verify for followers of this topic).

We do not know the real intentions of TC to save the key online... Imagine that someone is expected to be arrested and put to prison. Probably by mistake. But knowing that all his computers, usb drives, papers, assets, disks, etc would be confiscated, the better solution is to convert the assets to crypto and save the keys online. And retreive the keys after 3-5 years...  Yes, it is the fantasy flow, but who knows....

[stompix]

And once more: the story is about 1BTC funds. The approach is different to store 1BTC and 100BTC or 1000BTC. I do not think that to have a copy of the private key (encrypted one) in the cloud is a bad idea. It makes sence.

I don't understand why we should have a different approach when you store money, but even so, there is a big difference in leaving them totally unprotected and doing a lot of things that aren't really helping and sometimes make thing worse. Besides, even this 1-100 BTC difference makes no sense as long as we don't have a clue who the user is and how much that means for him.

Yes, it is not secure, yes it has the risks...

Then why do it?
It like if you have a 500$ car you leave the doors open and when you have a brand new one you lock it and here you go, it's safe, although you have left it in a field 10 miles from home with the windows opened. Yeah, it's safe, if nobody takes it, if nothing happens! and you don't store things securely based on the fact that nothing unusual will happen, you try and protect yourself from those things!
Going through multiple steps that each pose risks is accentuating the problem not solving it.

So, let us not be so paranoic and give the topic creator the practical solution.

I would call this not practical but more like, do a lot of things to make it look complicated and secure when it's not.  

Imagine that someone is expected to be arrested and put to prison. Probably by mistake. But knowing that all his computers, usb drives, papers, assets, disks, etc would be confiscated, the better solution is to convert the assets to crypto and save the keys online. And retreive the keys after 3-5 years...  Yes, it is the fantasy flow, but who knows....

If you store them with google drive... you're better with a piece of paper in the cookie jar.

[cryptoworld99]

Let's say I have 1BTC and I delete my Electrum wallet but I have saved my public and private keys first.

If I download another wallet and insert my keys, will I still have my bitcoin?

I'm trying to figure out what confirms the ownership.

Yes, you will still have your funds.

You can use services like https://coinb.in/ or something else to spend from it.

Or if you have more technical knowledge, download a bitcoin node run the command bitcoin-cli importprivkey "privatekeyhere" this will import private keys to your node, and you can just type in bitcoin-cli listunspent to get your balance.

to spend bitcoin-cli sendtoaddress 0.00345 addresshere

before you spend set a miner fee, bitcoin-cli settxfee 0.001

[pooya87]

You can use services like https://coinb.in/ or something else to spend from it.

services like this one and many else (specially if they were written in Javascript and ran inside a browser) should only be used for options that can not be found anywhere else. for example as an online tool to verify signed messages, or to play around with OP_CLV. for anything else such as spending your bitcoins you must always use a proper wallet, preferably desktop wallet and if possible use it offline.

[MrFreeDragon]

You can use services like https://coinb.in/ or something else to spend from it.

services like this one and many else (specially if they were written in Javascript and ran inside a browser) should only be used for options that can not be found anywhere else. for example as an online tool to verify signed messages, or to play around with OP_CLV. for anything else such as spending your bitcoins you must always use a proper wallet, preferably desktop wallet and if possible use it offline.

What is wrong with this exact service? It is open source, and also could be downloaded and used offline for transaction signing. As soon as the transaction is signed it could be pushed online with other avilable services (like this https://www.blockchain.com/btc/pushtx)