My Bitcoins are not stolen ..

[bitcoinkerala]

I see alot of posts in general forum as well as Indian forum about Bitcoins getting stolen .. I am gonna explain how I store my Bitcoins .. Please find any fault with this method, and make sure to comment

This is what I follow (Semi Cold Storage)

A dedicated laptop with finger print scanner.
Installed Original Windows 8.1 ( pirated may have keyloggers)
this laptop is only for syncing Bitcoin Core ... The wallet in this PC will be used to only receive funds.
No web browsing .. Strictly syncing Bitcoin Core
copy of wallet.dat double encrypted and stored offline. (Bank Locker , not in India , just in case of natural disaster)
Daily backup of wallet.dat  to secure online storage (never use dropbox / google drive)  PM for details on this ( do not want to share in public)
password for wallet.dat not stored online , not written on papers.. use brain wallet .. make sure its 20 characters with atleast 5 special characters
All accounts made should for online storage should be new , never used , onetime password .. activated with 2FA from Android Phone
Do not Root your android phone , do not install random apps , and NEVER install anything from outside the PLAYSTORE
No WIFI .. I even removed WIFI Drivers .. Only Ethernet connection.
Firewall Installed (home network)
Just for fun - Installed Hitman Pro and Norton 360
Laptop is connected to Internet maybe once a week  , remaining time switched off and battery removed . Use http://blockchain.info/ to check daily


Never share your real identity online .. hackers can just hack your facebook account and ask for bitcoin .. 2FA , ALWAYS

BK

[franky1]

double encryption is ok.. unless the encryption becomes corrupt. or you get amnesia. Alzheimer's and forget passwords.

i would still have passwords wrote down. but done in a way that is not obvious.

some people have a random book in their house and they use the first letter of every line of a certain page to make up the password.

so for instance this post will make up the password 'dissoo'. but yea, choose a novel with atleast 20 lines per page, one of those small print novals.

or have the first letter of the first word of each page and have a 200 page novel to create a 200 character password

other methods for online passwords is to have a simple sha hashing script (check sourcecode), use the novel words idea then add the websites name to that password. and SHA it

EG
SHA("bitcointalkdissoo")

And use that sha'd phrase as the password you type into websites, that way each site is unique

[LogicalUnit]

I don't understand why you have paranoid security on your online computer. The whole point of cold storage is to remove the private keys from the online computer so there is nothing to steal if it is ever compromised.

Here's a simpler and more reliable method.

Online Computer (must be connected to the internet)
1) Download and install Bitcoin Core
2) Download and install Bitcoin Armory.
3) Use Armory's built-in package verification to ensure you have the true installer version
4) Download the blockchain. . . .

Offline computer (no network connections of any kind)
1) Install a legit copy of Windows
2) Full format a USB stick
3) Install the verified Bitcoin Armory package from the USB stick.
4) Create a wallet
5) Create a paper backup. Write down the numbers on a piece of paper -- don't print it.  
6) Export a "watching-only" wallet to the USB stick

Online computer:
1) Import the watching only wallet
2) You're done.

The online computer will show wallet transactions and balance. You can use it to create unsigned transactions.

Use a clean USB stick to sign the transactions with the offline computer.

Use the online computer to broadcast your signed transactions.

[zeetubes]

some people have a random book in their house and they use the first letter of every line of a certain page to make up the password.

remember this letter from Arnold to the California State Legislature? Using the first letter of each line, there was a hidden message which he said was just an unfortunate coincidence.
-
Originally Posted by The Governator

For a year now, I've been asking for more substantive bills.
Under our system of government, it is important that we maintain our priorities.
Care must be used in managing the budget of the state.
Keynes is not an excuse for fiscal irresponsibility.

Yet whenever I try to pass fiscally sound legislation, I am thwarted.
On several occasions, we have had to borrow massive amounts of money.
Under my authority, I therefore veto this bill.

[redhawk979]

Sounds so much simpler than a credit card.

[LogicalUnit]

Sounds so much simpler than a credit card.

Which never get stolen and have no fraud. . .

[AliceWonder]

I use a brainwallet with the passphrase 'password qwerty'

[AliceWonder]

Sounds so much simpler than a credit card.

I didn't read all that but it is pretty simple.

Print a bunch of paper wallets. Public address on outside. Keep a stack of them in a locked box.

When you acquire a bunch of coins, send them to the paper wallets, breaking them into 0.25 BTC groups.

Don't keep more that 0.25 BTC in your software wallet.

Then when you need to spend, open an envelope and import the private key within.

It really is simple, and for lots - you can store them in a safety deposit box long term.

Not difficult and even if you are hacked, they only get whatever piddle amount you have in your software wallet.

[bryant.coleman]

Are you sure that the Original Windows 8.1 prevents all types of Keyloggers? I am using that OS along with Kasper. Am I safe? Do I need to take any additional protection to secure my system?

[AliceWonder]

Are you sure that the Original Windows 8.1 prevents all types of Keyloggers? I am using that OS along with Kasper. Am I safe? Do I need to take any additional protection to secure my system?

It does not prevent all types of keyloggers.

I think what the OP meant was that if you use a pirated copy, it may have one.

Using pirated software in general is very very dangerous. If too cheap to buy software, use Linux.

[eid]

I don't understand why you have paranoid security on your online computer. The whole point of cold storage is to remove the private keys from the online computer so there is nothing to steal if it is ever compromised.

Here's a simpler and more reliable method.

Online Computer (must be connected to the internet)
1) Download and install Bitcoin Core
2) Download and install Bitcoin Armory.
3) Use Armory's built-in package verification to ensure you have the true installer version
4) Download the blockchain. . . .

Offline computer (no network connections of any kind)
1) Install a legit copy of Windows
2) Full format a USB stick
3) Install the verified Bitcoin Armory package from the USB stick.
4) Create a wallet
5) Create a paper backup. Write down the numbers on a piece of paper -- don't print it.  
6) Export a "watching-only" wallet to the USB stick

Online computer:
1) Import the watching only wallet
2) You're done.

The online computer will show wallet transactions and balance. You can use it to create unsigned transactions.

Use a clean USB stick to sign the transactions with the offline computer.

Use the online computer to broadcast your signed transactions.

For those without an extra computer, you can install linux on a usb stick and use that. I'm quite the linux noob and I managed it.


Can you explain what is wrong with printing the paper backup?


Thanks.

[LogicalUnit]

Can you explain what is wrong with printing the paper backup?
Thanks.

Because the document can theoretically be recovered from the printer queue. Especially risky if you are using a network printer.

See here: http://www.ehow.com/how_6616927_recover-printed-files.html

[eid]

Can you explain what is wrong with printing the paper backup?
Thanks.

Because the document can theoretically be recovered from the printer queue. Especially risky if you are using a network printer.

See here: http://www.ehow.com/how_6616927_recover-printed-files.html

OK I've deleted the print spool (linux directions here: http://superuser.com/questions/155933/is-there-an-approved-way-to-clear-var-cups-cache-on-a-unix-system)


It didn't say anything on your link about network printers. Can you elaborate (my printer is connected directly to the router)?

[jonanon]

Surely having to go to such lengths to protect your Bitcoin is only going to make it harder for mass adoption?

[LogicalUnit]

It didn't say anything on your link about network printers. Can you elaborate?

A network packet sniffer can be used to intercept/eavesdrop print data. See here: http://www.pcworld.com/article/254518/your_printer_could_be_a_security_sore_spot.html

[eid]

It didn't say anything on your link about network printers. Can you elaborate?

A network packet sniffer can be used to intercept/eavesdrop print data. See here: http://www.pcworld.com/article/254518/your_printer_could_be_a_security_sore_spot.html

Saved copies on the internal storage: If your printer has an internal drive, it can store print jobs, scans, copies, and faxes. If someone steals the printer, or if you throw it out before properly erasing the data, someone might recover the saved documents.

That's worrying; I'll look into it. Thanks for the help.



eidt: Actually I remember I didn't use the network printer as I was printing from an offline OS. The printer I used (Canon MP480) doesn't appear to have an internal drive)

[bryant.coleman]

Are you sure that the Original Windows 8.1 prevents all types of Keyloggers? I am using that OS along with Kasper. Am I safe? Do I need to take any additional protection to secure my system?

It does not prevent all types of keyloggers.

I think what the OP meant was that if you use a pirated copy, it may have one.

Using pirated software in general is very very dangerous. If too cheap to buy software, use Linux.

OK... I am using original Windows 8. What should I do to prevent someone stealing my passwords and codes using a Keylogger? Can Kasper prevent these keylogger attacks?

[techman]

I printed wallet with 3D printer, QR code and private adreses. I keep them all safety.

[tayfun73]

Surely having to go to such lengths to protect your Bitcoin is only going to make it harder for mass adoption?

Quoted for truth

[co5hike]

Surely having to go to such lengths to protect your Bitcoin is only going to make it harder for mass adoption?

Hardware wallets might help in future to use Bitcoin safely even on compromised computers.