Bitcoin Forum
November 13, 2024, 02:10:03 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: My Bitcoins are not stolen ..  (Read 4137 times)
This is a self-moderated topic. If you do not want to be moderated by the person who started this topic, create a new topic.
bitcoinkerala (OP)
Member
**
Offline Offline

Activity: 84
Merit: 10

https://btcjam.com/users/39914


View Profile WWW
July 20, 2014, 02:38:10 AM
 #1

I see alot of posts in general forum as well as Indian forum about Bitcoins getting stolen .. I am gonna explain how I store my Bitcoins .. Please find any fault with this method, and make sure to comment

This is what I follow (Semi Cold Storage)

A dedicated laptop with finger print scanner.
Installed Original Windows 8.1 ( pirated may have keyloggers)
this laptop is only for syncing Bitcoin Core ... The wallet in this PC will be used to only receive funds.
No web browsing .. Strictly syncing Bitcoin Core
copy of wallet.dat double encrypted and stored offline. (Bank Locker , not in India , just in case of natural disaster)
Daily backup of wallet.dat  to secure online storage (never use dropbox / google drive)  PM for details on this ( do not want to share in public)
password for wallet.dat not stored online , not written on papers.. use brain wallet .. make sure its 20 characters with atleast 5 special characters
All accounts made should for online storage should be new , never used , onetime password .. activated with 2FA from Android Phone
Do not Root your android phone , do not install random apps , and NEVER install anything from outside the PLAYSTORE
No WIFI .. I even removed WIFI Drivers .. Only Ethernet connection.
Firewall Installed (home network)
Just for fun - Installed Hitman Pro and Norton 360
Laptop is connected to Internet maybe once a week  , remaining time switched off and battery removed . Use http://blockchain.info/ to check daily


Never share your real identity online .. hackers can just hack your facebook account and ask for bitcoin .. 2FA , ALWAYS

BK

franky1
Legendary
*
Offline Offline

Activity: 4396
Merit: 4761



View Profile
July 20, 2014, 03:07:36 AM
 #2

double encryption is ok.. unless the encryption becomes corrupt. or you get amnesia. Alzheimer's and forget passwords.

i would still have passwords wrote down. but done in a way that is not obvious.

some people have a random book in their house and they use the first letter of every line of a certain page to make up the password.

so for instance this post will make up the password 'dissoo'. but yea, choose a novel with atleast 20 lines per page, one of those small print novals.

or have the first letter of the first word of each page and have a 200 page novel to create a 200 character password Cheesy

other methods for online passwords is to have a simple sha hashing script (check sourcecode), use the novel words idea then add the websites name to that password. and SHA it

EG
SHA("bitcointalkdissoo")

And use that sha'd phrase as the password you type into websites, that way each site is unique

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
LogicalUnit
Sr. Member
****
Offline Offline

Activity: 299
Merit: 250


View Profile
July 20, 2014, 03:17:58 AM
 #3

I don't understand why you have paranoid security on your online computer. The whole point of cold storage is to remove the private keys from the online computer so there is nothing to steal if it is ever compromised.

Here's a simpler and more reliable method.

Online Computer (must be connected to the internet)
1) Download and install Bitcoin Core
2) Download and install Bitcoin Armory.
3) Use Armory's built-in package verification to ensure you have the true installer version
4) Download the blockchain. . . .

Offline computer (no network connections of any kind)
1) Install a legit copy of Windows
2) Full format a USB stick
3) Install the verified Bitcoin Armory package from the USB stick.
4) Create a wallet
5) Create a paper backup. Write down the numbers on a piece of paper -- don't print it.  
6) Export a "watching-only" wallet to the USB stick

Online computer:
1) Import the watching only wallet
2) You're done.

The online computer will show wallet transactions and balance. You can use it to create unsigned transactions.

Use a clean USB stick to sign the transactions with the offline computer.

Use the online computer to broadcast your signed transactions.
zeetubes
Sr. Member
****
Offline Offline

Activity: 371
Merit: 250


View Profile
July 20, 2014, 03:32:12 AM
 #4


some people have a random book in their house and they use the first letter of every line of a certain page to make up the password.



remember this letter from Arnold to the California State Legislature? Using the first letter of each line, there was a hidden message which he said was just an unfortunate coincidence.
-
Originally Posted by The Governator

For a year now, I've been asking for more substantive bills.
Under our system of government, it is important that we maintain our priorities.
Care must be used in managing the budget of the state.
Keynes is not an excuse for fiscal irresponsibility.

Yet whenever I try to pass fiscally sound legislation, I am thwarted.
On several occasions, we have had to borrow massive amounts of money.
Under my authority, I therefore veto this bill.
redhawk979
Sr. Member
****
Offline Offline

Activity: 271
Merit: 250


View Profile
July 20, 2014, 05:00:08 AM
 #5

Sounds so much simpler than a credit card.
LogicalUnit
Sr. Member
****
Offline Offline

Activity: 299
Merit: 250


View Profile
July 20, 2014, 05:14:31 AM
 #6

Sounds so much simpler than a credit card.

Which never get stolen and have no fraud. . .
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
July 20, 2014, 05:26:07 AM
 #7

I use a brainwallet with the passphrase 'password qwerty'

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
July 20, 2014, 05:31:49 AM
 #8

Sounds so much simpler than a credit card.

I didn't read all that but it is pretty simple.

Print a bunch of paper wallets. Public address on outside. Keep a stack of them in a locked box.

When you acquire a bunch of coins, send them to the paper wallets, breaking them into 0.25 BTC groups.

Don't keep more that 0.25 BTC in your software wallet.

Then when you need to spend, open an envelope and import the private key within.

It really is simple, and for lots - you can store them in a safety deposit box long term.

Not difficult and even if you are hacked, they only get whatever piddle amount you have in your software wallet.

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
bryant.coleman
Legendary
*
Offline Offline

Activity: 3766
Merit: 1217


View Profile
July 20, 2014, 06:49:46 AM
 #9

Are you sure that the Original Windows 8.1 prevents all types of Keyloggers? I am using that OS along with Kasper. Am I safe? Do I need to take any additional protection to secure my system?
AliceWonder
Full Member
***
Offline Offline

Activity: 168
Merit: 100



View Profile
July 20, 2014, 06:59:31 AM
 #10

Are you sure that the Original Windows 8.1 prevents all types of Keyloggers? I am using that OS along with Kasper. Am I safe? Do I need to take any additional protection to secure my system?

It does not prevent all types of keyloggers.

I think what the OP meant was that if you use a pirated copy, it may have one.

Using pirated software in general is very very dangerous. If too cheap to buy software, use Linux.

QuarkCoin - what I believe bitcoin was intended to be. On reddit: http://www.reddit.com/r/QuarkCoin/
eid
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


View Profile
July 20, 2014, 07:43:33 AM
 #11

I don't understand why you have paranoid security on your online computer. The whole point of cold storage is to remove the private keys from the online computer so there is nothing to steal if it is ever compromised.

Here's a simpler and more reliable method.

Online Computer (must be connected to the internet)
1) Download and install Bitcoin Core
2) Download and install Bitcoin Armory.
3) Use Armory's built-in package verification to ensure you have the true installer version
4) Download the blockchain. . . .

Offline computer (no network connections of any kind)
1) Install a legit copy of Windows
2) Full format a USB stick
3) Install the verified Bitcoin Armory package from the USB stick.
4) Create a wallet
5) Create a paper backup. Write down the numbers on a piece of paper -- don't print it.  
6) Export a "watching-only" wallet to the USB stick

Online computer:
1) Import the watching only wallet
2) You're done.

The online computer will show wallet transactions and balance. You can use it to create unsigned transactions.

Use a clean USB stick to sign the transactions with the offline computer.

Use the online computer to broadcast your signed transactions.

For those without an extra computer, you can install linux on a usb stick and use that. I'm quite the linux noob and I managed it.


Can you explain what is wrong with printing the paper backup?


Thanks.
LogicalUnit
Sr. Member
****
Offline Offline

Activity: 299
Merit: 250


View Profile
July 20, 2014, 07:52:45 AM
 #12

Can you explain what is wrong with printing the paper backup?
Thanks.

Because the document can theoretically be recovered from the printer queue. Especially risky if you are using a network printer.

See here: http://www.ehow.com/how_6616927_recover-printed-files.html
eid
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


View Profile
July 20, 2014, 08:03:46 AM
 #13

Can you explain what is wrong with printing the paper backup?
Thanks.

Because the document can theoretically be recovered from the printer queue. Especially risky if you are using a network printer.

See here: http://www.ehow.com/how_6616927_recover-printed-files.html

OK I've deleted the print spool (linux directions here: http://superuser.com/questions/155933/is-there-an-approved-way-to-clear-var-cups-cache-on-a-unix-system)


It didn't say anything on your link about network printers. Can you elaborate (my printer is connected directly to the router)?
jonanon
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile
July 20, 2014, 08:07:18 AM
 #14

Surely having to go to such lengths to protect your Bitcoin is only going to make it harder for mass adoption?
LogicalUnit
Sr. Member
****
Offline Offline

Activity: 299
Merit: 250


View Profile
July 20, 2014, 08:07:32 AM
 #15

It didn't say anything on your link about network printers. Can you elaborate?

A network packet sniffer can be used to intercept/eavesdrop print data. See here: http://www.pcworld.com/article/254518/your_printer_could_be_a_security_sore_spot.html
eid
Hero Member
*****
Offline Offline

Activity: 616
Merit: 500


View Profile
July 20, 2014, 08:12:05 AM
Last edit: July 20, 2014, 10:11:42 AM by eid
 #16

It didn't say anything on your link about network printers. Can you elaborate?

A network packet sniffer can be used to intercept/eavesdrop print data. See here: http://www.pcworld.com/article/254518/your_printer_could_be_a_security_sore_spot.html


Quote
Saved copies on the internal storage: If your printer has an internal drive, it can store print jobs, scans, copies, and faxes. If someone steals the printer, or if you throw it out before properly erasing the data, someone might recover the saved documents.



That's worrying; I'll look into it. Thanks for the help.



eidt: Actually I remember I didn't use the network printer as I was printing from an offline OS. The printer I used (Canon MP480) doesn't appear to have an internal drive)
bryant.coleman
Legendary
*
Offline Offline

Activity: 3766
Merit: 1217


View Profile
July 20, 2014, 09:34:24 AM
 #17

Are you sure that the Original Windows 8.1 prevents all types of Keyloggers? I am using that OS along with Kasper. Am I safe? Do I need to take any additional protection to secure my system?

It does not prevent all types of keyloggers.

I think what the OP meant was that if you use a pirated copy, it may have one.

Using pirated software in general is very very dangerous. If too cheap to buy software, use Linux.

OK... I am using original Windows 8. What should I do to prevent someone stealing my passwords and codes using a Keylogger? Can Kasper prevent these keylogger attacks?
techman
Legendary
*
Offline Offline

Activity: 1020
Merit: 1027


View Profile
July 20, 2014, 09:36:45 AM
 #18

I printed wallet with 3D printer, QR code and private adreses. I keep them all safety.

tayfun73
Newbie
*
Offline Offline

Activity: 34
Merit: 0


View Profile
July 20, 2014, 11:04:44 AM
 #19

Surely having to go to such lengths to protect your Bitcoin is only going to make it harder for mass adoption?


Quoted for truth
co5hike
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000



View Profile
July 20, 2014, 11:19:57 AM
 #20

Surely having to go to such lengths to protect your Bitcoin is only going to make it harder for mass adoption?

Hardware wallets might help in future to use Bitcoin safely even on compromised computers.
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!