Bitcoin Forum
December 09, 2016, 11:30:27 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Most people are not capable of keeping their wallets safe?  (Read 5451 times)
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
April 28, 2011, 05:10:37 PM
 #21

I like to keep three copies of my wallet file. One I encrypt and leave in the /.bitcoin (in linux) folder then delete the original, not just move to trash. Then I make two copies of the encrypted file and store one on a remote server, the other on a USB stick well hidden. That is a lot of hassle, but what else can i do?

r u not worried about that encrypted wallet on your computer while u surf?
1481326227
Hero Member
*
Offline Offline

Posts: 1481326227

View Profile Personal Message (Offline)

Ignore
1481326227
Reply with quote  #2

1481326227
Report to moderator
1481326227
Hero Member
*
Offline Offline

Posts: 1481326227

View Profile Personal Message (Offline)

Ignore
1481326227
Reply with quote  #2

1481326227
Report to moderator
1481326227
Hero Member
*
Offline Offline

Posts: 1481326227

View Profile Personal Message (Offline)

Ignore
1481326227
Reply with quote  #2

1481326227
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481326227
Hero Member
*
Offline Offline

Posts: 1481326227

View Profile Personal Message (Offline)

Ignore
1481326227
Reply with quote  #2

1481326227
Report to moderator
1481326227
Hero Member
*
Offline Offline

Posts: 1481326227

View Profile Personal Message (Offline)

Ignore
1481326227
Reply with quote  #2

1481326227
Report to moderator
Alex Beckenham
Full Member
***
Offline Offline

Activity: 154


View Profile
April 28, 2011, 05:12:30 PM
 #22

I like to keep three copies of my wallet file. One I encrypt and leave in the /.bitcoin (in linux) folder then delete the original, not just move to trash. Then I make two copies of the encrypted file and store one on a remote server, the other on a USB stick well hidden. That is a lot of hassle, but what else can i do?

Well, if you're using truecrypt, you could follow the paranoid recommendations in their docs and never file-copy a container (Instead, you should make 3 different containers from scratch, then copy your files into each of them separately).

RodeoX
Legendary
*
Offline Offline

Activity: 2114


The revolution will be monetized!


View Profile
April 28, 2011, 07:01:50 PM
 #23

r u not worried about that encrypted wallet on your computer while u surf?
Yes. yes I am.  Cry   However I only fire up bitcoin when sending/receiving money. hope that mitigates my risk somewhat.

I like to keep three copies of my wallet file. One I encrypt and leave in the /.bitcoin (in linux) folder then delete the original, not just move to trash. Then I make two copies of the encrypted file and store one on a remote server, the other on a USB stick well hidden. That is a lot of hassle, but what else can i do?

Well, if you're using truecrypt, you could follow the paranoid recommendations in their docs and never file-copy a container (Instead, you should make 3 different containers from scratch, then copy your files into each of them separately).
That's good advice.  I actually take some other steps that I will keep secret here. My most effective precaution is my Bit-poverty.
 Grin

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin=https://bitcointalk.org/index.php?topic=1610684
newguy05
Hero Member
*****
Offline Offline

Activity: 517


View Profile
June 09, 2011, 09:21:30 PM
 #24


If Alice owes Bob 100 btc and her wallet contains exactly 100 btc, she may just email him her wallet.dat.

Now it's stored unencrypted in both parties email accounts...

Plus Bob possibly now gets any future money intended for Alice as he has those old keys.


You cant fix stupid, that's like saying if alice owe bob $1000 and her bank account contains exactly $1000. She may just email her bank account login/password + debt card to him.  Then continue to deposit money into the bank account. Does that make any sense?

All average joe needs to do is install the bitcoin client on a usb dongle, plug it in when need to use and unplug immediately when done.   It's no safer/riskier than logging into your bank account from your pc.  It's expected the average user has antivirus running and keep their computer reasonably secure, if your computer is completely exposed with tons of virus/trojans, then anything on it gets compromised.

I think bitcoin is just fine the way it is.
rebuilder
Legendary
*
Offline Offline

Activity: 1618



View Profile
June 09, 2011, 09:38:20 PM
 #25

I think it's a great idea to store an encrypted backup of your wallet in dropbox. HOWEVER, this only solves the I-lost-my-money-because-of-a-hard-drive-crash-or-fire problem, not the someone-hacked-my-computer-and-took-my-money problem.

If you store the wallet directly in an encrypted container and only mount that it when you need to send coins, that mitigates the risk. It still won't help against keyloggers, though. At the very least it's probably a good idea to schedule password changes for the container, and you'd probably want to do that change with a livecd. In fact, only mounting that container in an OS run off a CD should, provided that OS is clean, give a lot of peace of mind. There's hardware keyloggers of course, but I at least think it's unlikely someone would break into my home and install one without me noticing.

Bottom line, keep at least two wallets, one for spending and one as a vault, following more stringent security practices. You don't want to have to go home and boot up from a CD every time you want to spend some coins, so having small sums more readily available is a good idea.

Selling out to advertisers shows you respect neither yourself nor the rest of us.
---------------------------------------------------------------
Too many low-quality posts? Mods not keeping things clean enough? Self-moderated threads let you keep signature spammers and trolls out!
k
Sr. Member
****
Offline Offline

Activity: 452


View Profile
June 09, 2011, 09:50:13 PM
 #26

would it be possible or useful to back up everyones wallet somehow in an encrypted form in the block chain such that it would always be an up to date backup and also accessible from anywhere running bitcoin. you would be forced to use a strong password/phrase somehow.

maybe a completely stupid idea. just seems appealing that you could go to any computer with bitcoin on it, enter you're passphrase and voila, you have access to your wallet.  actually just writing this now thinking that this would be pretty stupid as there could be all sorts of spyware/key loggers on an unknown computer.
theboos
Member
**
Offline Offline

Activity: 87


View Profile
June 09, 2011, 10:02:51 PM
 #27

We can expect Joe Sixpack and Grandma to learn about computer security if they own a computer. If I buy a house, it's perfectly reasonable to expect me to learn how to lock the doors and set an alarm. I agree that Bitcoin should be made more accessible so the security skills involved in computer usage transfer over, but a sufficiently stupid user will lose his bitcoins, and that seems perfectly fair.

The essentials of Bitcoin security are:
  • Wallet.dat contains your money. If someone else has it, he will be able to use your bitcoins. If you lose it, your bitcoins are gone forever. If you keep it secure, NOBODY but you will be able to use your bitcoins.
  • If you encrypt wallet.dat, keep the password secure. If someone else has your password and your encrypted wallet.dat, he will be able to use your bitcoins. If you lose your password, your bitcoins are gone forever. If you keep your password secure, NOBODY but you will be able to use your bitcoins.

All else follows. If you get a virus, your wallet.dat is vulnerable. If you don't back up your wallet.dat, you won't be able to get it back. If you tell someone your password or make an easily crackable password, someone will be able to spend your bitcoins. It's our job to make the essentials of Bitcoin security obvious, but nothing more. If someone doesn't understand the basics of computer security, they shouldn't be using one in the first place.
theboos
Member
**
Offline Offline

Activity: 87


View Profile
June 09, 2011, 10:06:03 PM
 #28

would it be possible or useful to back up everyones wallet somehow in an encrypted form in the block chain such that it would always be an up to date backup and also accessible from anywhere running bitcoin. you would be forced to use a strong password/phrase somehow.

maybe a completely stupid idea. just seems appealing that you could go to any computer with bitcoin on it, enter you're passphrase and voila, you have access to your wallet.  actually just writing this now thinking that this would be pretty stupid as there could be all sorts of spyware/key loggers on an unknown computer.

Better idea is to widely distribute your encrypted wallet.dat (P2P file storage comes to mind) and then download it if you move to a new computer. This protects fairly well from loss but you still need to remember your password (obviously).
FlipPro
Legendary
*
Offline Offline

Activity: 1372



View Profile WWW
June 09, 2011, 10:16:25 PM
 #29

I have a quick question, that I don't understand very well, but that's probably simple. When you make a backup of your "bitcoins" are you making a backup of a note, that says the system owes you that many bitcoins? Or are you backing up the actual bitcoins themselves? Also what happens if you transport these bitcoins from computer to computer? Do they transfer over even if the computer ID'S are different? And finally is there a 100% full proof solution to self management of the bitcoins in ones wallet, or than the online services mentioned ?

Tweet For Coins http://uptweet.com
phatsphere
Hero Member
*****
Offline Offline

Activity: 739


View Profile
June 09, 2011, 10:31:20 PM
 #30

I have a quick question, that I don't understand very well, but that's probably simple. When you make a backup of your "bitcoins" are you making a backup of a note, that says the system owes you that many bitcoins? Or are you backing up the actual bitcoins themselves?

No, technically, there are no bitcoins in a file and there are also no bitcoins really floating around. The system is based on transactions. They have two ends: input and output and they form long chains which are public knowlege. (see blockexplorer website)
Your actual wallet contains the private keys to all the addresses, from where you would be able to send money to somebody else. I.e. the open ends of transactions where you can proof that you are the receiver and you are able to append another chain to somebody else (and also yourself, too).
Where does the chain start? Well, each new generated block ("mining") starts with a loose end.

Your backup basically contains those private keys and about 100 more which will be used for future transactions. So, even when you loose your wallet file and your backup is some transactions behind, you should not loose something.

Quote
Also what happens if you transport these bitcoins from computer to computer? Do they transfer over even if the computer ID'S are different? And finally is there a 100% full proof solution to self management of the bitcoins in ones wallet, or than the online services mentioned ?

Well, the client reads the wallet file and checks all transactions if it is able to append to the chains. Then it sums up all the amounts in the open ends. I don't know what you mean with computer ID ... that's irrelevant. The wallet file is client dependent (assuming there will be independent and completely different btc clients in the future ... so you have to make sure that the wallet file can be read by the client software, that's all)

Self management depends on you. The file itself is unencrypted ... which is a flaw in the system. Hence, you have to make sure that nobody could use it if your hard-drive is stolen ... hence disk encryption. When you upload it somewhere, make sure that you encrypt the file prior to sending it.

Final words, I'm also a newbie, so, maybe somebody will correct me on some details Wink
Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
June 09, 2011, 11:03:34 PM
 #31

Final words, I'm also a newbie, so, maybe somebody will correct me on some details Wink
Really? That just about nailed it. Good job!

TTBit
Legendary
*
Offline Offline

Activity: 1136


View Profile
June 09, 2011, 11:22:35 PM
 #32

If bitcoin could be put on an ironkey like device, would that help?

https://www.ironkey.com/

good judgment comes from experience, and experience comes from bad judgment
lemonginger
Full Member
***
Offline Offline

Activity: 210


firstbits: 121vnq


View Profile
June 09, 2011, 11:27:50 PM
 #33

yes bitcoins will never see mainstream adoption as long as people can literally delete a file or forget a password and lose all their money, no matter what you geeks think. I agree that more services like mybitcoin will emerge, and I suspect the next iterations o cryptocurrencies (the ones that do catch on after BTC crashes and burns) will have much different ways of dealing with this.

It simply isn't reasonable to ask people to take the risk that their money can disappear because of an unbacked-up file.

MacFall
Member
**
Offline Offline

Activity: 84


Agorist


View Profile WWW
June 10, 2011, 03:17:41 AM
 #34

All average joe needs to do is install the bitcoin client on a usb dongle, plug it in when need to use and unplug immediately when done.

...Except as I just found out, that requires running bitcoin.exe with cmd with modifying instructions to relocate the data directory to the USB dongle, which is a real bitch. Average Joe doesn't even know what the F cmd is, much less how to use it.

I don't think it would be hard* to add something onto the client that will do that for the user automatically (on install have an option to run it from C:/ or elsewhere), and it would go MILES towards helping Average Joes and Janes use bitcoin securely more easily. Without ease of use, bitcoin will remain a niche commodity - and bitcoin needs greater market depth more than anything else.

*Note: I say this as a non-programmer. I have no idea how hard it would actually be. But I can't see why it would be hard.

No king but Christ; no law but Liberty!

Fledge Press: Pro-Liberty Fiction and Art
1JBmYmG2U5ETj8BXZUBCXDKWCQcFoERBNP
theboos
Member
**
Offline Offline

Activity: 87


View Profile
June 10, 2011, 03:27:18 AM
 #35

It simply isn't reasonable to ask people to take the risk that their money can disappear because of an unbacked-up file.

We don't ask anyone to take that risk.

This is the price of ultimately controlling your own money. Bitcoin makes it possible to store money in a single file; anyone who does not like this should not be using Bitcoin. If you are likely to forget a password, don't encrypt the file, but risk theft. If you don't want to back up a file, try your luck with the longevity of a hard drive. This entire thread is debating a security "threat" that is inherent in any system which gives you direct possession of anything.

lemonginger
Full Member
***
Offline Offline

Activity: 210


firstbits: 121vnq


View Profile
June 10, 2011, 05:30:32 AM
 #36

We don't ask anyone to take that risk.

This is the price of ultimately controlling your own money. Bitcoin makes it possible to store money in a single file; anyone who does not like this should not be using Bitcoin. If you are likely to forget a password, don't encrypt the file, but risk theft. If you don't want to back up a file, try your luck with the longevity of a hard drive. This entire thread is debating a security "threat" that is inherent in any system which gives you direct possession of anything.

That's fine, if you want bitcoin to only be used by libertarian nerds.

TraderTimm
Legendary
*
Offline Offline

Activity: 1652



View Profile
June 10, 2011, 06:24:26 AM
 #37


That's fine, if you want bitcoin to only be used by libertarian nerds.


That's what I like about you, no broad generalizations. Because, as we both know, only someone who has no argument to stand behind resorts to that kind of thing.

fortitudinem multis - catenum regit omnia
Ian Maxwell
Full Member
***
Offline Offline

Activity: 140



View Profile WWW
June 10, 2011, 06:52:01 AM
 #38

The phrase "BITCOIN IS LIKE CASH" needs to be drummed into people from the day they download the client, if not sooner.

If you lose your cash, it's your problem.
If your cash is destroyed in a fire, it's your problem.
If you lock your cash in a safe and lose the key, it's your problem.
If you give someone your cash and he doesn't deliver, it's your problem.

But I agree that right now most people can't keep their wallets safe. Most people never back anything up, and eventually lose all their data as a result. Backup solutions are getting better and easier to use, but most people still aren't using them. Hell, I should know better, but I didn't get a wallet backup into place until I noticed that with the appreciation I suddenly had a lot of money invested in them, and I still don't have a real system.

There may actually be a business opening here for a secure wallet backup service that uses client-side encryption. (The client software would of course have to be open source, to prove it really was encrypting the data.) But then we'd still be trusting ordinary users to know the difference between a legitimate backup service and a scam. Personal responsibility is always dangerous in this way.

Ian Maxwell
PGP key | WoT rating
phatsphere
Hero Member
*****
Offline Offline

Activity: 739


View Profile
June 10, 2011, 01:59:31 PM
 #39

Final words, I'm also a newbie, so, maybe somebody will correct me on some details Wink
Really? That just about nailed it. Good job!

Thx. I've a master in mathematics, that helps understanding the paper and the crypto background  Grin
phatsphere
Hero Member
*****
Offline Offline

Activity: 739


View Profile
June 10, 2011, 02:03:55 PM
 #40

It simply isn't reasonable to ask people to take the risk that their money can disappear because of an unbacked-up file.


exactly what i think. my "dream" is some kind of banking or credit card, that has an intrinsic unique key and a passphrase -- just like EC cards today have. your actual wallet is stored at a central bank and thats where the real transaction happens.
the device where you put the card in just get's a token for verification and that also enables instant payouts. especially, the "bank", where your wallet actually is, pays for you and also manages your wallet to get the confirmations later.

even better: replace "card" with "smartphone"
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!