Bitcoin Forum
December 04, 2016, 08:23:36 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Mtgox Yubikey and storage  (Read 1847 times)
Hexadecibel
Human Intranet Liason
VIP
Hero Member
*
Offline Offline

Activity: 536


I still <3 u Satoshi


View Profile
February 02, 2012, 04:32:23 AM
 #1

I recently bought bitcoins on Mt.gox, but have been hesitant to send them to my wallet. I found out that they had a physical authentication device that you can bind to your exchange account. Is this sort of security good enough to store a fair quantity on the exchange?

I was also thinking of converting them into physical bitcoins and perhaps putting them in a safe deposit box, though I don't know much more about that process other than its possibility.
1480883016
Hero Member
*
Offline Offline

Posts: 1480883016

View Profile Personal Message (Offline)

Ignore
1480883016
Reply with quote  #2

1480883016
Report to moderator
1480883016
Hero Member
*
Offline Offline

Posts: 1480883016

View Profile Personal Message (Offline)

Ignore
1480883016
Reply with quote  #2

1480883016
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480883016
Hero Member
*
Offline Offline

Posts: 1480883016

View Profile Personal Message (Offline)

Ignore
1480883016
Reply with quote  #2

1480883016
Report to moderator
1480883016
Hero Member
*
Offline Offline

Posts: 1480883016

View Profile Personal Message (Offline)

Ignore
1480883016
Reply with quote  #2

1480883016
Report to moderator
1480883016
Hero Member
*
Offline Offline

Posts: 1480883016

View Profile Personal Message (Offline)

Ignore
1480883016
Reply with quote  #2

1480883016
Report to moderator
bitcool
Legendary
*
Offline Offline

Activity: 1441

Live and enjoy experiments


View Profile
February 02, 2012, 04:59:56 AM
 #2

I recently bought bitcoins on Mt.gox, but have been hesitant to send them to my wallet. I found out that they had a physical authentication device that you can bind to your exchange account. Is this sort of security good enough to store a fair quantity on the exchange?

I was also thinking of converting them into physical bitcoins and perhaps putting them in a safe deposit box, though I don't know much more about that process other than its possibility.

With Yubikey, I feel account access is pretty safe, however the risks of storing large amount of bitcoins with exchange also include other types of risk such as business failure, government intervention, etc.
A word of advice, even gold & silver can be stolen, and no technology is 100% safe.
Hexadecibel
Human Intranet Liason
VIP
Hero Member
*
Offline Offline

Activity: 536


I still <3 u Satoshi


View Profile
February 02, 2012, 05:31:02 AM
 #3

Quote
With Yubikey, I feel account access is pretty safe, however the risks of storing large amount of bitcoins with exchange also include other types of risk such as business failure, government intervention, etc.
A word of advice, even gold & silver can be stolen, and no technology is 100% safe.

Business failure is a risk I did consider, but have thought acceptable considering how much of the exchange market mtgox has.

Government intervention though; is there legislation in Japan at the moment that would affect mtgox?

I suppose if something like that came down the pipe I would be able to move my BTC out of the exchange account before the fact.

I would love to know how to make my own physical bitcoins. I know casascius (https://www.casascius.com/) can make some really spiffy physical coins, but even he admits there is some risk as he does have access to "the private key", which I guess means if he really wanted to he could take your BTC. I would rather just be able to make my own and store them like savings bonds.

memvola
Hero Member
*****
Offline Offline

Activity: 896


View Profile
February 02, 2012, 05:36:39 AM
 #4

If you don't trust your own devices, you can create bitcoin addresses just for your savings and store the private keys offline. You then can keep some coins on MtGox for your daily expenditures or trading and send the excess to your savings address or addresses. When you want to access your savings, you just need to import the corresponding private key to your wallet. You can even redeem a private key through MtGox.

There are many ways to create key pairs, one of them being https://www.bitaddress.org though what I normally do is create a wallet with the standard Bitcoin client, generate keys, close the client, encrypt the wallet and distribute it to multiple online/offline places (edit: and optionally delete the local wallet afterwards). If you prefer the bitaddress route, I'd suggest you keep multiple copies of the private keys in whatever form you prefer.

Also: https://en.bitcoin.it/wiki/Paper_wallet , http://printcoins.com/
bitcool
Legendary
*
Offline Offline

Activity: 1441

Live and enjoy experiments


View Profile
February 02, 2012, 05:48:11 AM
 #5


Government intervention though; is there legislation in Japan at the moment that would affect mtgox?

Not as I know of. US gov is far more bigger risk. megaupload saga is a telltale warning sign:
http://technologyspectator.com.au/industry/internet/megaupload-users-set-lose-their-data
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
February 02, 2012, 06:11:03 AM
 #6

I use Paper Wallets to store my bitcoins.

Paper Wallets are king.

Print them from a computer that has no internet access.

If you know how, print them from a brand new freshly formatted computer that has never been online, where you copied the .html file from BitAddress.org to a flash drive.  The html file runs just fine from your local hard drive and generates unlimited paper wallets with no need for internet access.

When the bitaddress html file says move the mouse around to generate randomess, don't ignore this: move the mouse around the browser window crazily.

Do it as I just explained, and your bitcoins should be airtight.

Don't store large numbers of bitcoins on exchanges unless you have to or unless you intend to trade them soon.  Their building could burn down, the staff could go somewhere and crash in a plane, anything.  Your bitcoins on a paper wallet stay under your control.

You can get the bitcoins out of the paper wallet simply by redeeming the private key on MtGox.  Simply "add funds" and choose "redeem private key".

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
jake262144
Full Member
***
Offline Offline

Activity: 210


View Profile
February 02, 2012, 10:32:47 AM
 #7

...or your account might get locked out due to the "anti-money-laundering" procedures, a.k.a. user-harassment procedures.
Eventually you'll regain access but additional costs may be necessary to get the required paperwork translated/notarized).
Personally, I wouldn't store 5 Bitcoins at MtGox... by definition, exchanges are not meant for storage.
Hexadecibel
Human Intranet Liason
VIP
Hero Member
*
Offline Offline

Activity: 536


I still <3 u Satoshi


View Profile
February 02, 2012, 02:15:50 PM
 #8

Paper wallet sounds like what im looking for. Thank you everyone for your input!

But say Godzilla destroys the mtgox facility, how would I redeem my bitcoins?
memvola
Hero Member
*****
Offline Offline

Activity: 896


View Profile
February 02, 2012, 03:54:37 PM
 #9

Paper wallet sounds like what im looking for. Thank you everyone for your input!

But say Godzilla destroys the mtgox facility, how would I redeem my bitcoins?

You actually don't have to "redeem" a private key, it's already an awkward way of doing it. You can import the key to the client of your choice directly and continue using the same address.

EDIT: To clarify, as long as you have the private keys, there will always be a way to access your coins. Don't worry about that. You can see your balances through https://blockexplorer.com/ or http://blockchain.info/ until that time. I don't prefer to suggest a client, because bitcoin tools are constantly evolving. The official Bitcoin client will probably support importing of private keys in the near future for instance (you can do it now, but you'd have to use an external tool for it). If you just want to get a feel of it, you can use the import feature of https://strongcoin.com/ . Also, to add to casascius' post, if you really want to do this operation on a clean system, just boot with a live CD.
KoKos
Newbie
*
Offline Offline

Activity: 26


View Profile
February 02, 2012, 04:05:43 PM
 #10

Keep your bitcoins on your own source. What if mtgox website goes down?? you will sit there emailing hoping that they will give em back and nothing you can do.
Hexadecibel
Human Intranet Liason
VIP
Hero Member
*
Offline Offline

Activity: 536


I still <3 u Satoshi


View Profile
February 03, 2012, 02:54:02 AM
 #11

I have created a paper wallet, but now I think I may have a stupid question:

What if someone generates an identical bitcoin address to my own? Wont they get a private key to that address?
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
February 03, 2012, 03:02:44 AM
 #12

I have created a paper wallet, but now I think I may have a stupid question:

What if someone generates an identical bitcoin address to my own? Wont they get a private key to that address?

This will never happen.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Hexadecibel
Human Intranet Liason
VIP
Hero Member
*
Offline Offline

Activity: 536


I still <3 u Satoshi


View Profile
February 03, 2012, 03:12:47 AM
 #13

Quote
This will never happen.


Excellent... ummm... how does that work then?
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
February 03, 2012, 04:04:43 AM
 #14

Quote
This will never happen.


Excellent... ummm... how does that work then?

It's a probability thing.  THe probability of it happening is so low as to be negligible.

Even if you could generate a trillion addresses every second for the rest of your life, generating someone else's address is still less probable than the chance that Barack Obama will pick you up as a hitchhiker, take you to a gas station, where you'll buy the winning lottery ticket for Mega Millions at 12:12pm on 12/12/12 with a ten-dollar bill that fell out of an overhead helicopter into your shirt pocket while the Pope is simultaneously being struck by lightning.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Hexadecibel
Human Intranet Liason
VIP
Hero Member
*
Offline Offline

Activity: 536


I still <3 u Satoshi


View Profile
February 03, 2012, 04:17:04 AM
 #15

Quote
...winning lottery ticket for Mega Millions at 12:12pm on 12/12/12 while simultaneously being struck by lightning.

Sounds like something that would happen to me. You forgot the part where I survive with mild brain damage and the winning ticket was consumed in the lightning strike.

But, I created my paper wallet and started transferring my bitcoins. Tomorrow, that paper wallet is going into a safe deposit box Cheesy
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
February 03, 2012, 04:17:48 AM
 #16

Quote
...winning lottery ticket for Mega Millions at 12:12pm on 12/12/12 while simultaneously being struck by lightning.

Sounds like something that would happen to me. You forgot the part where I survive with mild brain damage and the winning ticket was consumed in the lightning strike.

But, I created my paper wallet and started transferring my bitcoins. Tomorrow, that paper wallet is going into a safe deposit box Cheesy

I embellished my story at the last second before you replied =)

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Hexadecibel
Human Intranet Liason
VIP
Hero Member
*
Offline Offline

Activity: 536


I still <3 u Satoshi


View Profile
February 03, 2012, 04:38:11 AM
 #17

Quote
I embellished my story at the last second before you replied =)

confound you!
Hexadecibel
Human Intranet Liason
VIP
Hero Member
*
Offline Offline

Activity: 536


I still <3 u Satoshi


View Profile
February 03, 2012, 05:38:51 AM
 #18

So I just tried to deposit some BTC into my paper wallet, but the funds were re-deposited back into my exchange account immediately.

is this because I used the private key on that address already?

Edit: Ok I was unlazy for a moment and googled it. Turns out Mtgox will keep the private key and auto deposit any coins sent to that address. oops!
casascius
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1344


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
February 03, 2012, 05:52:25 AM
 #19

So I just tried to deposit some BTC into my paper wallet, but the funds were re-deposited back into my exchange account immediately.

is this because I used the private key on that address already?

Edit: Ok I was unlazy for a moment and googled it. Turns out Mtgox will keep the private key and auto deposit any coins sent to that address. oops!

OK, big warning: ONLY USE A PAPER WALLET ADDRESS ONCE.

You can send BTC to it unlimited times, but... once you have typed a private key into a computer, for any reason whatsoever, NEVER USE THE ADDRESS AGAIN.... you lose much of your protection if you don't heed this.

paper is cheap, print yourself a stack.

I should probably suggest that as a warning to be printed on each paper wallet.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper wallets instead.
Beaflag VonRathburg
Sr. Member
****
Offline Offline

Activity: 472



View Profile
February 04, 2012, 08:15:28 AM
 #20

I use Paper Wallets to store my bitcoins.

Paper Wallets are king.

Print them from a computer that has no internet access.

If you know how, print them from a brand new freshly formatted computer that has never been online, where you copied the .html file from BitAddress.org to a flash drive.  The html file runs just fine from your local hard drive and generates unlimited paper wallets with no need for internet access.

When the bitaddress html file says move the mouse around to generate randomess, don't ignore this: move the mouse around the browser window crazily.

Do it as I just explained, and your bitcoins should be airtight.

Don't store large numbers of bitcoins on exchanges unless you have to or unless you intend to trade them soon.  Their building could burn down, the staff could go somewhere and crash in a plane, anything.  Your bitcoins on a paper wallet stay under your control.

You can get the bitcoins out of the paper wallet simply by redeeming the private key on MtGox.  Simply "add funds" and choose "redeem private key".

I read the sticky at the top of the section, but this seems like a much forward way of storing coins. I appreciate your input on this as I'd been thinking of something simple and you pretty much nailed it.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!