Securing wallet.dat

[FrodoMiner]

Hi there,

my idea is to create a Linux VM, move my wallet.dat to it - and then make it read only.

The Bitcoin folder is in a volatile file system.

Would that work?

Would I create (too much) additional network traffic since all my blkxyz.dat files are created from scratch every time I boot up my VM ?

Would that be unfair on all the other Bitcoin users that permanently store those blk.dat files ?

cheers,
F.

[1715381696]

1715381696

[1715381696]

1715381696

[jake262144]

That makes no sense.

Why would you go to such drastic measures when you can encrypt your wallet with a passphrase using the bitcoin client?
Choose a decent passphrase and you're good to go.
Just please make sure your machine stays malware-free, ok?

Remember that if your main machine gets infected, a VM running inside it might not protect you.
A VM can be used with great success to contain a threat, not to keep a threat already present in the parent machine outside.

There is no gain in keeping the block chain on a volatile FS and re-downloading it all the time.
Keep the block chain on the persistent FS and limit your worries to the wallet file.

Also, why make the wallet file read-only??
The client will want to write changes to your wallet with every transaction you make and "read" is the only privilege the malware really needs.


If built-in AES encryption doesn't seem enough, you could always use TrueCrypt and mount your Serpent-Twofish-AES-encrypted wallet using the command line.
Alternatively, you could keep the wallet on a LUKS-encrypted volume. This way you can have multiple keys and revoke them if necessary.
Or, use the good-old gpg for securing the wallet further.
There are countless possibilities.

[codymanix]

Anybody who can copy or read your wallet.dat can transfer all your money to any bitcoin address he wants.
Therefore you should use the wallet encryption feature include in the standard bitcoin client.