Bitcoin Forum
December 04, 2016, 08:15:41 AM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: A secure wallet storage system?  (Read 1444 times)
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 12, 2011, 03:10:14 AM
 #1

I know that many of you wouldn't trust a company to store your wallet information in any shape or form.  But, I would like to ask that those of you who WOULD be interested, tell me what features/requirements you would like to see in such a service.

For example:
- REQUIRE files to be pre-encrypted on the client end by some 4096-bit standard encryption process.  Would need to be easy and accessible to even the most noobish of computer users
- After verification that the wallet file is encrypted, accept it as an upload
- Further encrypt the file on the server end.
- Hash filenames, and insert 50,000+ fake wallets with hashed file names as well. (would this help though?)
- REQUIRE strong passwords to access accounts/wallets
- If requested prior to wallet upload, can add in optional proof of ownership, to where a person would have to talk to the company directly to retrieve their wallet.
- Storage facility with server(s) would be under lock and key at all times.
- Daily physical offsite backup of all data, also under lock and key.
- Complete drive and server redundancies (RAID5 on two separate servers storing the same information)

I wouldn't trust any online host to do this, so I would do it all myself.  That's why I am talking about specifics with hardware setups, etc.

Thoughts?  Bad idea/good idea?  Any security features to add/remove?
1480839341
Hero Member
*
Offline Offline

Posts: 1480839341

View Profile Personal Message (Offline)

Ignore
1480839341
Reply with quote  #2

1480839341
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480839341
Hero Member
*
Offline Offline

Posts: 1480839341

View Profile Personal Message (Offline)

Ignore
1480839341
Reply with quote  #2

1480839341
Report to moderator
1480839341
Hero Member
*
Offline Offline

Posts: 1480839341

View Profile Personal Message (Offline)

Ignore
1480839341
Reply with quote  #2

1480839341
Report to moderator
Enochian
Full Member
***
Offline Offline

Activity: 126


View Profile
May 12, 2011, 07:29:27 AM
 #2

I know that many of you wouldn't trust a company to store your wallet information in any shape or form. 

If the wallet is encrypted, then the security of where it is stored is immaterial.  You don't need to both encrypt it, and then store it in Fort Knox.

I gpg encrypted my wallet with a password, and stuck a copy in the file area of a Yahoo Group I own.

I also printed out the private key and address for each wallet key on a sheet of paper, and hid the paper somewhere in my residence.  Since bitcoin generates 100 keys in advance of use, if push comes to shove, I can get my coins back, even months from now, should some disaster befall my computer hard drive.

Beyond that, I'm not particularly worried about my bitcoins getting blackholed due to some unforseen circumstance.

I doubt there is any market for extreme offsite wallet storage.







SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 12, 2011, 07:47:33 AM
 #3

I know that many of you wouldn't trust a company to store your wallet information in any shape or form. 

If the wallet is encrypted, then the security of where it is stored is immaterial.  You don't need to both encrypt it, and then store it in Fort Knox.

I gpg encrypted my wallet with a password, and stuck a copy in the file area of a Yahoo Group I own.

I also printed out the private key and address for each wallet key on a sheet of paper, and hid the paper somewhere in my residence.  Since bitcoin generates 100 keys in advance of use, if push comes to shove, I can get my coins back, even months from now, should some disaster befall my computer hard drive.

Beyond that, I'm not particularly worried about my bitcoins getting blackholed due to some unforseen circumstance.

I doubt there is any market for extreme offsite wallet storage.
So the encryption you use is 100% unbreakable?  I thought all encryption could be broken, given enough time...

Oh well then, if that's the case, you're probably right - there wouldn't be much market for this!
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
May 12, 2011, 07:50:51 AM
 #4

I know that many of you wouldn't trust a company to store your wallet information in any shape or form. 

If the wallet is encrypted, then the security of where it is stored is immaterial.  You don't need to both encrypt it, and then store it in Fort Knox.

I gpg encrypted my wallet with a password, and stuck a copy in the file area of a Yahoo Group I own.

I also printed out the private key and address for each wallet key on a sheet of paper, and hid the paper somewhere in my residence.  Since bitcoin generates 100 keys in advance of use, if push comes to shove, I can get my coins back, even months from now, should some disaster befall my computer hard drive.

Beyond that, I'm not particularly worried about my bitcoins getting blackholed due to some unforseen circumstance.

I doubt there is any market for extreme offsite wallet storage.
So the encryption you use is 100% unbreakable?  I thought all encryption could be broken, given enough time...

Oh well then, if that's the case, you're probably right - there wouldn't be much market for this!
almost every encryption is breakable, but if the expected time to break it is 10^6 years who cares Smiley
dirtflower
Newbie
*
Offline Offline

Activity: 8


View Profile
May 12, 2011, 07:56:49 AM
 #5


I also printed out the private key and address for each wallet key on a sheet of paper, and hid the paper somewhere in my residence.  Since bitcoin generates 100 keys in advance of use, if push comes to shove, I can get my coins back, even months from now, should some disaster befall my computer hard drive.

noob here - How  do you find your private key and address for each wallet key?  I was looking at the wallet.dat and it is binary?  Also if you had to restore to a new computer from the print out how would you do that? 

Get a 10% lifetime discount on trading at "TradeHill" via:  *Link Removed*
SgtSpike
Legendary
*
Offline Offline

Activity: 1344



View Profile
May 12, 2011, 08:00:05 AM
 #6

I know that many of you wouldn't trust a company to store your wallet information in any shape or form. 

If the wallet is encrypted, then the security of where it is stored is immaterial.  You don't need to both encrypt it, and then store it in Fort Knox.

I gpg encrypted my wallet with a password, and stuck a copy in the file area of a Yahoo Group I own.

I also printed out the private key and address for each wallet key on a sheet of paper, and hid the paper somewhere in my residence.  Since bitcoin generates 100 keys in advance of use, if push comes to shove, I can get my coins back, even months from now, should some disaster befall my computer hard drive.

Beyond that, I'm not particularly worried about my bitcoins getting blackholed due to some unforseen circumstance.

I doubt there is any market for extreme offsite wallet storage.
So the encryption you use is 100% unbreakable?  I thought all encryption could be broken, given enough time...

Oh well then, if that's the case, you're probably right - there wouldn't be much market for this!
almost every encryption is breakable, but if the expected time to break it is 10^6 years who cares Smiley
Good point.   Cool
vuce
Sr. Member
****
Offline Offline

Activity: 476


View Profile
May 12, 2011, 08:04:45 AM
 #7


I also printed out the private key and address for each wallet key on a sheet of paper, and hid the paper somewhere in my residence.  Since bitcoin generates 100 keys in advance of use, if push comes to shove, I can get my coins back, even months from now, should some disaster befall my computer hard drive.

noob here - How  do you find your private key and address for each wallet key?  I was looking at the wallet.dat and it is binary?  Also if you had to restore to a new computer from the print out how would you do that? 
afaik wallet.dat is in fact a berkeley db file.
Enochian
Full Member
***
Offline Offline

Activity: 126


View Profile
May 12, 2011, 01:30:29 PM
 #8

noob here - How  do you find your private key and address for each wallet key?  I was looking at the wallet.dat and it is binary?  Also if you had to restore to a new computer from the print out how would you do that? 

There's a wallet dumping feature in Gavin's Bitcointools.  You'll need to make a small edit to print the entire private key record in hex.

The private key is 32 bytes at the beginning of the PRIKEY records, after some fixed bytes that are the same for every record.  The public key is an 04 byte followed by a big endian coordinate pair produced by Elliptic Curve Point Multiplication of the private key by G, the generator.  The address is the base58 encode of the checksummed RIPEMD160 SHA256 of the public key with a zero prepended.  Checksums are the first four bytes of a double SHA256 of the record being checksummed.  The public key is also the last 65 bytes of the private key record, which is a nice check you haven't made a mistake.

If I needed to make a new wallet, I'd probably hack something together in Python. 

LanceRushing
Newbie
*
Offline Offline

Activity: 6


View Profile
May 12, 2011, 06:04:32 PM
 #9

Look at the details on how lastpass handles storage of the user's password database.

They are supposedly near a million users, all who trust a browser plugin to encrypt and upload all of their stuff.

I don't think the majority of the current bitcoin users will need (or want) to use a wallet storage option, but the rest of the world would.

-Lance
compro01
Hero Member
*****
Offline Offline

Activity: 485


View Profile
May 12, 2011, 11:15:57 PM
 #10

simple & secure method for wallet backup

Quote
cd ~/.bitcoin && mcrypt -a serpent wallet.dat && curl --upload-file "wallet.nc" http://ftp://ftp.walletbackup.com --user username:password
enter passphrase : ***************

So the encryption you use is 100% unbreakable?  I thought all encryption could be broken, given enough time...

technically yes (a brute force attack will always work, given enough time), but for the purposes of modern encryption algorithms (AES, Serpent, etc.), "enough time", barring massive undiscovered weaknesses in the algorithm or an incredible leap in computing power, is longer than the expected lifespan of the universe.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!