Bitcoin Forum
December 10, 2016, 07:13:06 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Wallet security and inheritance  (Read 849 times)
BrightAnarchist
Donator
Legendary
*
Offline Offline

Activity: 853



View Profile
December 11, 2011, 11:43:36 PM
 #1

So I am infamously an early adopter who stored a lot of bitcoins on MyBitcoin, which of course were stolen.

This time around I wish to keep them secure! So here is what I have done, please let me know how secure I am being, and if there's anything else I can do:

(1) Created a password-protected wallet with 20 addresses using a 20+ char password with a mix of letter, symbols, numbers

(2) send all my old btc to one of the addresses in this wallet

(3) copied the wallet.dat, renamed to obfuscate, and encrypted again with 7-zip ( a different password, but only 10+ chars this time ). uploaded this to several servers as a backup. [main purpose is to obfuscate the fact that it's even a wallet at all]

(4) never use the password for my local wallet (i.e. *assume* that I have a keylogger installed). yet, use this password at boot time (for TrueCrypt), which means I will not forget it (which would be a bigger problem than theft)

(5) created a second wallet for "checking", which I do enter the password from time-to-time the client to spend bitcoins

(6) if I ever need to tap my savings wallet, I will use a linux liveCD to ensure that I do not have a keylogger tracing the password. I simply send coins over to checking)

(7) use btcbalance.net to monitor the addresses regularly

Not sure what else I can do to be safe. Any other ideas would be greatly appreciated, thanks!

[Btw, the last step which I haven't done, is to find a way to relinquish control of the coins to the persons(s) I have outlined in my will. I'm thinking right now I just have to  trust someone with the information. But in the future, a cool idea might be a time-release data website of some sort, where a family member would use their login to check for information -- information which I put in for them yet which I must login every 6 months or something to keep the timer reset so they cannot access it. If I don't login in a 6-month period, I'm presumed dead, and they get the necessary info to access their inherited coins.]
1481353986
Hero Member
*
Offline Offline

Posts: 1481353986

View Profile Personal Message (Offline)

Ignore
1481353986
Reply with quote  #2

1481353986
Report to moderator
1481353986
Hero Member
*
Offline Offline

Posts: 1481353986

View Profile Personal Message (Offline)

Ignore
1481353986
Reply with quote  #2

1481353986
Report to moderator
1481353986
Hero Member
*
Offline Offline

Posts: 1481353986

View Profile Personal Message (Offline)

Ignore
1481353986
Reply with quote  #2

1481353986
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481353986
Hero Member
*
Offline Offline

Posts: 1481353986

View Profile Personal Message (Offline)

Ignore
1481353986
Reply with quote  #2

1481353986
Report to moderator
1481353986
Hero Member
*
Offline Offline

Posts: 1481353986

View Profile Personal Message (Offline)

Ignore
1481353986
Reply with quote  #2

1481353986
Report to moderator
Revalin
Hero Member
*****
Offline Offline

Activity: 728


165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g


View Profile
December 12, 2011, 12:37:35 AM
 #2

It depends on your level of paranoia and how much money you're storing.

If I had a large number of coins (value > USD$50k), I'd buy a netbook and dedicate it to the sole purpose of signing spends.  This safeguards you against virtually any virus or network exploit.  Above USD$250k I would invest in some physical security to prevent someone from installing a hardware keylogger in the netbook - any good home safe will be tamper-evident.  Above USD$2M I'd look at more extensive physical security, but this won't be a widespread problem at current prices.

I suggest making paper copies of your wallets.  A printout of a hexdump of the .7z will do.  Keep copies at two or more locations.  This safeguards against your wallet getting wiped from multiple sites by a virus.

Your TrueCrypt password is vulnerable to hardware keyloggers, and a hashed (or raw, in some cases) copy is stored in memory while the computer is running, so it's vulnerable to trojans.  I would not store your encrypted wallet on that machine.  Such an attack isn't too likely as an automated virus, but an attacker specifically targeting you (perhaps because they noticed you have a large wallet and they're looking for ways to decrypt it) would be a problem.

I suggest multi-factor security: encrypt your wallet with a strong, randomly-generated password.  Store that password in a text file and encrypt it with your TrueCrypt password, then put it on a USB drive.  Only insert this drive when running the LiveCD (or in the netbook).  Store copies (paper hexdumps are fine) in a safe deposit box, a friend's house, etc.  This creates much stronger hacker-proofing (an attacker needs to get both the physical offline copy of the data AND your TrueCrypt password), while still only making you remember a frequently-used password.  If you have a large enough wallet people breaking and entering is a plausible threat, definitely store these copies at a secure offsite location.

If James Bond himself is watching you, I can show you practices that would make the NSA proud, but trust me, it ain't worth it.  Smiley

Coming back from paranoia-land, I don't know how well-reviewed the client's encryption system is.  Is there any reason to store a high-value savings wallet online at all?  Keep it on a USB drive and only connect it when necessary.  Keep a smaller "checking account" wallet online for daily use.

      War is God's way of teaching Americans geography.  --Ambrose Bierce
Bitcoin is the Devil's way of teaching geeks economics.  --Revalin 165YUuQUWhBz3d27iXKxRiazQnjEtJNG9g
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!