Bitcoin is like cash under the mattress

[jonald_fyookball]

The bitcoins ARE safely stored on the block chain today but if someone loses a bitcoin address then those bitcoins are lost.

This is a feature of Bitcoin, not a flaw.   You MUST have your private key to access your coins.
 

Sure, that the bitcoins are safely stored on the block chain is a feature. Having to at the same time store private keys, on the other hand, is a major flaw not a feature.

I hear you , but that's how it works.  Bitcoin is based on public-key cryptography.
You would have to completely re-invent Bitcoin in order to do away with private keys.

To give you an analogy: "Cars are great, but the fact they have engines is a major flaw, because engines can break and need fuel." 

[phillipsjk]

To just throw up one's hands in resignation and store the bitcoins under the mattress is like going back to the days of Gutenberg. So we have this powerful new technology of Bitcoin and we stored the coins.... on paper?! How pathetic is that?

Not sure if you are just clueless or trolling.

Paper is recommended because it is cheap and reasonably reliable if kept dry. Modern computers are also inherently insecure. That is why the advice is to store your private keys for savings on something that can be readily observed and secured (in more than one physical location).

Storing Bitcoin on paper is superior to storing money under your mattress because you can redundantly split the keys into several locations.

The difficulty is that ideally, you want some way to seal these pieces in a tamper-evident way. I have tried signing the seal on my envelopes, but am not sure how secure that really is. I saw an hour long talk about a year ago on Youtube about various types of seals. Essentially, if security is extremely important, you want to compare high resolution before and after photographs of a seal that exhibits tool-marks. Most truck seals are apparently modified zip-ties.

Technically, I think Bitcoins are stored in the block-chain: and are public information. What you have to secure are the private keys for moving those Bitcoins.

[Anders]

To just throw up one's hands in resignation and store the bitcoins under the mattress is like going back to the days of Gutenberg. So we have this powerful new technology of Bitcoin and we stored the coins.... on paper?! How pathetic is that?

Not sure if you are just clueless or trolling.

Paper is recommended because it is cheap and reasonably reliable if kept dry. Modern computers are also inherently insecure. That is why the advice is to store your private keys for savings on something that can be readily observed and secured (in more than one physical location).

Storing Bitcoin on paper is superior to storing money under your mattress because you can redundantly split the keys into several locations.

The difficulty is that ideally, you want some way to seal these pieces in a tamper-evident way. I have tried signing the seal on my envelopes, but am not sure how secure that really is. I saw an hour long talk about a year ago on Youtube about various types of seals. Essentially, if security is extremely important, you want to compare high resolution before and after photographs of a seal that exhibits tool-marks. Most truck seals are apparently modified zip-ties.

Technically, I think Bitcoins are stored in the block-chain: and are public information. What you have to secure are the private keys for moving those Bitcoins.

But splitting up the codes on several papers is even more burdensome. Like having to store cash under several mattresses.

Don't get me wrong. I understand that some people want to manage the security of their bitcoins themselves. Just like how some people want to own and store gold physically themselves. The problem is when Bitcoin should be used as a more general currency. Then it needs to become much more convenient to keep safe.

[Anders]

I have lost a small amount of bitcoins. Just because at the time (2011) it wasn't worth much so I forgot about having it stored on my computer.

Today if I would invest in bitcoins I would store the private keys in plain text on Google Drive and have encrypted keys stored locally on my computer with the key for that stored on another cloud provider than Google. That would work and would be convenient enough, but for using Bitcoin as an ordinary currency for shopping etc it would be too inconvenient.

A hardware Bitcoin wallet would perhaps make it easier for small transactions, yet still not convenient enough.

[gelar24]

and how would an ID system work? the best option we have now for easy security is an ETF. otherwise, if you don't know how to manage your coins, you shouldn't be having them in the first place. it would be nice if everybody knew how to protect their coins, but that's just not the case.

yes this is a big risk playing virtual currency can be lost suddenly.

but I also hope that the future can work and save bitcoin securely with any system it

[bitkilo]

For an easy way to store coins you might want to look at something like the wallet by Trezor, i'll be ordering one soon. It took me awhile to learn about off line storage and things but after a couple of dozen videos on youtube and practice i picked it up, and if i can pick it up then anyone should be able to, but i really dont think we need some sort of ID system or bitcoin bank.

[Anders]

Just to irritate all of you Bitcoin fans (I'm a Bitcoin fan too, but for the technology, not for its economics):

I will use eurocoins instead of bitcoins if that becomes available, IF they use secure personal IDs in the block chain. Banks and other mainstream financial services will accept the regulated eurocoins and shun the unregulated bitcoins. Shops, restaurants and online retailers etc will accept eurocoins and reject bitcoins.

Of course the personal IDs will have to be encrypted or else criminals could find out who owns each eurocoin.

Think about it: the NSA can already most likely track all your bitcoin transactions. Bitcoin will remain valuable only as a collective item without much other practical use.

[jonald_fyookball]

Just to irritate all of you Bitcoin fans (I'm a Bitcoin fan too, but for the technology, not for its economics):

I will use eurocoins instead of bitcoins if that becomes available, IF they use secure personal IDs in the block chain. Banks and other mainstream financial services will accept the regulated eurocoins and shun the unregulated bitcoins. Shops, restaurants and online retailers etc will accept eurocoins and reject bitcoins.

Of course the personal IDs will have to be encrypted or else criminals could find out who owns each eurocoin.

Think about it: the NSA can already most likely track all your bitcoin transactions. Bitcoin will remain valuable only as a collective item without much other practical use.

At this point, you are just trolling.

[phillipsjk]

But splitting up the codes on several papers is even more burdensome. Like having to store cash under several mattresses.

Don't get me wrong. I understand that some people want to manage the security of their bitcoins themselves. Just like how some people want to own and store gold physically themselves. The problem is when Bitcoin should be used as a more general currency. Then it needs to become much more convenient to keep safe.

M of N transactions allow you and a payment processor to share the security burden. Both you and the provider get a "hot" key for day-to-day spending, while you keep a third key in cold storage in case something ever happens to either of the "hot" keys.

Currently BitGo and Green Address listed here appear to implement 2 of 2 transactions (meaning no cold storage back-up). According to the Green Address FAQ funds can be recovered if they go out of business because they use a nlocktime transaction to let you retrieve the funds. In this case you should have off-site backups of your "hot" keys.

But what happens if your service goes away? Will I lose my coins?
    GreenAddress signs each transaction with its own key in addition to client-side signing by user's keys, and funds are stored in 2-of-2 multisignature outputs requiring both signatures to spend. The drawback of it is that you cannot control your funds without GreenAddress' signature, so you are right to worry that you can lose your coins.

    But! We have solved this issue by providing nLockTime transactions which essentially make deposits 'expire' after some time, which allows redeeming them without our intervention after this pre-set period of time. It is enabled by default when you have email notifications and two factor enabled.

    This allows you to keep your ease of mind even in case GreenAddress disappears with its keys.

    It also means that every time the funds expire the user has to re-transfer them. This can be automated on login and notified in advance via email or manually done.

    For redeeming the funds after expiration, you can use a tool we've developed specifically for this purpose - see Gentle and its project on GitHub. It's open source!

[Anders]

Just to irritate all of you Bitcoin fans (I'm a Bitcoin fan too, but for the technology, not for its economics):

I will use eurocoins instead of bitcoins if that becomes available, IF they use secure personal IDs in the block chain. Banks and other mainstream financial services will accept the regulated eurocoins and shun the unregulated bitcoins. Shops, restaurants and online retailers etc will accept eurocoins and reject bitcoins.

Of course the personal IDs will have to be encrypted or else criminals could find out who owns each eurocoin.

Think about it: the NSA can already most likely track all your bitcoin transactions. Bitcoin will remain valuable only as a collective item without much other practical use.

At this point, you are just trolling.

Ha ha. No, seriously. I'm looking at it from a conspiracy power elite perspective. Bitcoin is just a pilot project. And eurocoin is just a stepping stone to a global digital currency. See through the power elite, I can. :Yoda voice:

[Anders]

But splitting up the codes on several papers is even more burdensome. Like having to store cash under several mattresses.

Don't get me wrong. I understand that some people want to manage the security of their bitcoins themselves. Just like how some people want to own and store gold physically themselves. The problem is when Bitcoin should be used as a more general currency. Then it needs to become much more convenient to keep safe.

M of N transactions allow you and a payment processor to share the security burden. Both you and the provider get a "hot" key for day-to-day spending, while you keep a third key in cold storage in case something ever happens to either of the "hot" keys.

Currently BitGo and Green Address listed here appear to implement 2 of 2 transactions (meaning no cold storage back-up). According to the Green Address FAQ funds can be recovered if they go out of business because they use a nlocktime transaction to let you retrieve the funds.

But what happens if your service goes away? Will I lose my coins?
    GreenAddress signs each transaction with its own key in addition to client-side signing by user's keys, and funds are stored in 2-of-2 multisignature outputs requiring both signatures to spend. The drawback of it is that you cannot control your funds without GreenAddress' signature, so you are right to worry that you can lose your coins.

    But! We have solved this issue by providing nLockTime transactions which essentially make deposits 'expire' after some time, which allows redeeming them without our intervention after this pre-set period of time. It is enabled by default when you have email notifications and two factor enabled.

    This allows you to keep your ease of mind even in case GreenAddress disappears with its keys.

    It also means that every time the funds expire the user has to re-transfer them. This can be automated on login and notified in advance via email or manually done.

    For redeeming the funds after expiration, you can use a tool we've developed specifically for this purpose - see Gentle and its project on GitHub. It's open source!

Sounds too complicated for the average Joe and your ordinary soccer mom. People in general just want to click 'Pay' and be done, without having to be concerned about security details.

[phillipsjk]

I have lost a small amount of bitcoins. Just because at the time (2011) it wasn't worth much so I forgot about having it stored on my computer.

Today if I would invest in bitcoins I would store the private keys in plain text on Google Drive and have encrypted keys stored locally on my computer with the key for that stored on another cloud provider than Google. That would work and would be convenient enough, but for using Bitcoin as an ordinary currency for shopping etc it would be too inconvenient.

A hardware Bitcoin wallet would perhaps make it easier for small transactions, yet still not convenient enough.

Trust no one. "Cloud storage" is not secure enough to store keys in plain-text.

Thousands of Bitcoins stolen in a hack on Linode Posted 2 Mar 2012 | 22:29 GMT

I advise against encryption for cold storage as well though: you are trying to keep your coins secure against two contradictory things: theft and data loss. If your encryption key for your encryption keys is complex enough to make dictionary attacks difficult, you will forget it.

[phillipsjk]

I do think it would be cool if there was some big Bitcoin bank that paid interest.

You mean like this?

 (Malicious link removed) Blockchain-offers-loans-up-to-10-bitcoins-and-savings-accounts-to-its-users

That (indirectly) links to a phishing site!

Code:

<Michail1> That isn't the Wall Street Journal
<Amphibian> 'the-wsj.org' doesn't sound like a legit url to me
* julianor (~j@netifera.com) has joined #bitcoin
<Michail1> the-wsj.org and the-wsj.com are scam sites.

[Anders]

I have lost a small amount of bitcoins. Just because at the time (2011) it wasn't worth much so I forgot about having it stored on my computer.

Today if I would invest in bitcoins I would store the private keys in plain text on Google Drive and have encrypted keys stored locally on my computer with the key for that stored on another cloud provider than Google. That would work and would be convenient enough, but for using Bitcoin as an ordinary currency for shopping etc it would be too inconvenient.

A hardware Bitcoin wallet would perhaps make it easier for small transactions, yet still not convenient enough.

Trust no one. "Cloud storage" is not secure enough to store keys in plain-text.

Thousands of Bitcoins stolen in a hack on Linode Posted 2 Mar 2012 | 22:29 GMT

I advise against encryption for clod storage as well though: you are trying to keep your coins secure against two contradictory things: theft and data loss. If your encryption key for your encryption keys is complex enough to make dictionary attacks difficult, you will forget it.

I think Google Drive is safe BUT I came to think about a horrible security risk. For convenience I have the passwords stored in the browser and if my computer gets stolen they can perhaps log in to my Google Drive! Scary.

[phillipsjk]

Sounds too complicated for the average Joe and your ordinary soccer mom. People in general just want to click 'Pay' and be done, without having to be concerned about security details.

That is what PayPal is for. Note that their Terms of Service state that they never have to pay the vendor.

[Anders]

I advise against encryption for cold storage as well though: you are trying to keep your coins secure against two contradictory things: theft and data loss. If your encryption key for your encryption keys is complex enough to make dictionary attacks difficult, you will forget it.

I forgot to reply to the above quote. That's why I would store that master key on another cloud storage than Google. So if I lose the Google Drive plain text private keys, I can recreate them with the master key stored on another cloud storage. No key for me to have to remember or keep secure myself.

[jonald_fyookball]

Just to irritate all of you Bitcoin fans (I'm a Bitcoin fan too, but for the technology, not for its economics):

I will use eurocoins instead of bitcoins if that becomes available, IF they use secure personal IDs in the block chain. Banks and other mainstream financial services will accept the regulated eurocoins and shun the unregulated bitcoins. Shops, restaurants and online retailers etc will accept eurocoins and reject bitcoins.

Of course the personal IDs will have to be encrypted or else criminals could find out who owns each eurocoin.

Think about it: the NSA can already most likely track all your bitcoin transactions. Bitcoin will remain valuable only as a collective item without much other practical use.

At this point, you are just trolling.

Ha ha. No, seriously. I'm looking at it from a conspiracy power elite perspective. Bitcoin is just a pilot project. And eurocoin is just a stepping stone to a global digital currency. See through the power elite, I can. :Yoda voice:

I don't think it will work.  Not only is Bitcoin itself decentralized, but so is information.
The more people who find out about "eurocoin", the more they will hear of Bitcoin
and want to know why the powers that be say they can't have it.

People will choose freedom over control by the elites.  If they try to ban it, it will
move more commerce underground and decrease tax revenues.  

Also dont forget it is only the very top of the pyramid that benefits from
controlling everyone else.  We are already seeing members of Congress
support Bitcoin, because they want in on the action too.  

On a seperate note, it is HORRIBLE idea to store your private keys
unencrypted in the cloud.  A forum member just had over 1000 BTC hacked
that way , just a few weeks ago (Klee).    

Not sure why you want to complicate Bitcoin security.  You've been
given the proven methods to do it correctly but you don't seem
to want to listen.

[cdog]

What is needed is for the bitcoins to be automatically secure.

Thats impossible, because it would require transactions to be reversible in the case of fraud, which would destroy fungibility and the entire point of Bitcoin.

You wouldnt leave your wallet with physical currency lying out on the street. If you use a secure password for your Bitcoin, and dont forget it, the likelyhood of theft is extremely low.

Dont worry about losing your Bitcoin wallet. Worry about losing your password, because your wallet.dat file is worthless without it.

And check this site out: https://howsecureismypassword.net/

[jbreher]

And check this site out: https://howsecureismypassword.net/

Are you suggesting that someone enter their password into some unknown online 'steal check my password' utility? Really?

[Anders]

Not sure why you want to complicate Bitcoin security.  You've been
given the proven methods to do it correctly but you don't seem
to want to listen.

Because information technology can be used as a tool that removes the burden of manual labor. It's a LOT of tedious work today to have to manage the safety of personally owned bitcoins. I would want to have all that personal safety handled by an automatic and trustless system.

What may happen is perhaps that services like Coinbase will be how most people will deal with their bitcoins.

Here is an interview with the founder of Coinbase: Is Bitcoin the Future of Money? - SXSW Interactive 2014 (Full Session) -- https://www.youtube.com/watch?v=HD-ahgTkGvs

And PayPal may in the future have online Bitcoin wallets, I don't know. Although that may work in practice it's still the old trust paradigm. It's like printing emails on paper and sending them via postal delivery.