.

[Ender985]

[redacted]

[1714859798]

1714859798

[1714859798]

1714859798

[1714859798]

1714859798

[1714859798]

1714859798

[1714859798]

1714859798

[Haplo]

Hrm dunno, that would probably work but then you still have the problem of having your hardware stolen. I'd prefer storing my "main" wallet compressed/encrypted somewhere on a random server in timbuktu where nobody would ever look. Hell you could even just leave it (without identifying marks) in an email file in a random email account in the timbuktu of your choice and do just fine. That way your money isn't tied up with your physical location or other passwords.

[Xanax]

I don't any point to or not to.

[ELT]

A friend of mine did something similar, but I would rather just use a spend wallet and a savings wallet that sits offline somewhere.  I am moving towards splitting of the two wallets like that.  Again, the computer with the VM gets stolen then its no different than just being on your computer in a sense.

[amytron]

I'm going to do that with mine

[Skrivitor]

Does anyone have experience with Box.net?  5 to 50GB free.
I think my strategy will be to have a USB drive with a VirturalBox linux/wallet.
I will need a good sync solution for the wallet to the cloud.  It would really suck to transfer all your coins over and forget to back it up.

[guruvan]

To properly have an online vps wallet seems a little cumbersome to do safely. And prone to attract thieves (as per the Linode heist a few weeks ago). I'd certainly not keep any more money in it than absolutely necessary. (BTC40K+ was a lot of money)

I'd prefer to be in a position to completely monitor all network traffic in or out if I need to handle any significant amounts of funds.

Unless I need it to accept payment as a merchant, I'd rather have a little pocket change in a phone or laptop, and keep other monies offline, in encrypted containers (backed up into differently keyed containers) 

Armory looks very promising when it gets out of alpha for offline storage.

[Red Emerald]

You should look at armory.  The offline transactions keep your private keys from ever being on a system that is connected to the internet.  It means you need 2 computers, but it is the most secure way to keep your coins.

[Jello]

If your (main OS) gets compromised, wouldn't the hacker still have access to your wallet?

[jake262144]

...
As far as I understand, installing a clean OS is one of the best ways to guarantee you are not already compromised by trojans or keyloggers and, if your real OS gets compromised, they would have a hard time reaching inside the virtual machine and getting to the wallet.
...

Actually, you have it all backwards: a compromised host OS might very well have access to each and every file in the virtual machine - it's only a matter of what capabilities the malware has.
Your approach raises the bar by making your machine non-standard, but no VM vendor can guarantee that the clean virtual machine will remain safe when ran on a compromised system.
While an additional degree of security is certainly nice to have, you should not depend on it.

Virtual machines are usually deployed in exactly the opposite scenarios: to contain a threat and prevent it from leaking to the host OS.

[anu]

It's a sensible approach to run a wallet for day-to-day use with only an amount on it you can afford to loose.

But if you have large amounts in cold storage, use only a dedicated machine not connected to the net. Have multiple wallets on it and when you use one wallet to send Bitcoins, empty it completely and throw it away.

(In case you are wondering - there is no need to connect a wallet to the Internet to send money to it. Only to send money from it.)

[Ender985]

[redacted]

[01BTC10]

If your host is compromised a virtual machine is not that good. A live USB linux distros that you boot only to use your wallet would do better.

[anu]

However after thinking about it for a while, probably the safest way to generate a truly 'safe wallet' would be to use a live-cd ubuntu, as someone in this board already suggested, since it makes it irrelevant if your original OS is already compromised, generate a bunch of receive addresses, and then take the wallet.dat, encrypt it and spread it around. If you ever need to send coins from that wallet just fire a live-cd again, use that wallet.dat and then, as you suggest, throw it away and start a new one.

A live CD probably fits the definition of dedicated machine. It's your taste if you want to encrypt your wallets. You may also use paper backups and store them into a safe. I use deterministic wallets for cold storage and keep the seed phrase only in my head. Steal it from there!

[Skrivitor]

If your host is compromised a virtual machine is not that good. A live USB linux distros that you boot only to use your wallet would do better.

Okay, so a separate box partitions the security.  Maybe a RaspberryPi (or similar) box that is only booted when transacting with the Bitcoin wallet. 

Interactions with the wallet box could be done using Teamviewer or similar remote desktop, that would make the UI a lot like a Virtual machine.  Would you enable Wake on Lan in the wallet box to make it convenient to initialize?