Bitcoin Forum
December 10, 2016, 05:03:27 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Bitcoin Backup Screenshots  (Read 1903 times)
Rage
Member
**
Offline Offline

Activity: 76



View Profile
May 16, 2011, 04:19:36 AM
 #1

So a few months ago, there was a guy talking about writing a program to securely encrypt and backup your wallet to the cloud. I don't think I've seen any movement on the project so I've taken it up myself. BitCoin Backup will allow you to securely backup and restore your wallet to and from the cloud. Your wallet file will be encrypted using AES256 encryption before it's transmitted (no Dropbox funniness here!) and will be stored on a Truecrypt secured Linux file system.

Here are the first screenshots. Should be available by tomorrow night. I'll need testers so if anyone is interested just let me know.

http://picpaste.com/bitcoin-backup-backup-wallet.png
http://picpaste.com/bitcoinbackup-main-screen.png
http://picpaste.com/bitcoinbackup-restore-wallet.png

Rage
1481389407
Hero Member
*
Offline Offline

Posts: 1481389407

View Profile Personal Message (Offline)

Ignore
1481389407
Reply with quote  #2

1481389407
Report to moderator
1481389407
Hero Member
*
Offline Offline

Posts: 1481389407

View Profile Personal Message (Offline)

Ignore
1481389407
Reply with quote  #2

1481389407
Report to moderator
1481389407
Hero Member
*
Offline Offline

Posts: 1481389407

View Profile Personal Message (Offline)

Ignore
1481389407
Reply with quote  #2

1481389407
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481389407
Hero Member
*
Offline Offline

Posts: 1481389407

View Profile Personal Message (Offline)

Ignore
1481389407
Reply with quote  #2

1481389407
Report to moderator
Comepradz
Jr. Member
*
Offline Offline

Activity: 49



View Profile
May 16, 2011, 04:32:02 AM
 #2

Can I run it in windows? open source?

This signature contains 37 characters
wenaLIZZ
Newbie
*
Offline Offline

Activity: 1


View Profile
May 16, 2011, 05:01:04 AM
 #3

I was looking at this for weeks. Really need to have one of those.
gmaxwell
Moderator
Legendary
*
qt
Offline Offline

Activity: 2030



View Profile
May 16, 2011, 05:03:55 AM
 #4

So a few months ago, there was a guy talking about writing a program to securely encrypt and backup your wallet to the cloud. I don't think I've seen any movement on the project so I've taken it up myself. BitCoin Backup will allow you to securely backup and restore your wallet to and from the cloud. Your wallet file will be encrypted using AES256 encryption before it's transmitted (no Dropbox funniness here!) and will be stored on a Truecrypt secured Linux file system.

Hard to give any kind of security review without seeing the source—  but a few comments:

Users choose terrible passwords almost universally. It's silly to blame them because they're not changing.   As a result, if you're encrypting something using a password without strengthening you are going to basically be insecure. Please use password strengthening.  I recommend scrypt (http://www.tarsnap.com/scrypt/scrypt-1.1.6.tgz) which is described in this paper: http://www.tarsnap.com/scrypt/scrypt.pdf

The size of someone's wallet leaks information because it grows as you get/send TX but not otherwise.  Someone with access to the "cloud" storage file sizes could potentially backtrack an ID to a user by correlating the change in backup size with activity on the ID.  This is really hard to prevent completely, but it's quiet easy to drastically reduce the amount of information available: Before encrypting pad the size up to some increment.  This will hide some the least significant bits of the size, which have the most entropy. A rounding increment of 4kb wouldn't even use any more space on many filesystems, though a larger one will provide more confidentiality.
Rage
Member
**
Offline Offline

Activity: 76



View Profile
May 16, 2011, 05:47:08 AM
 #5

Can I run it in windows? open source?

Yes, will be open source and run on Windows, Linux, and Mac.  :-)
Rage
Member
**
Offline Offline

Activity: 76



View Profile
May 16, 2011, 05:57:06 AM
 #6

Hard to give any kind of security review without seeing the source—  but a few comments:

Source should be available this week :-) I'm going to put it up on Gitorious. Seems to be the hot place for BTC related projects!

Quote
Users choose terrible passwords almost universally. It's silly to blame them because they're not changing.   As a result, if you're encrypting something using a password without strengthening you are going to basically be insecure. Please use password strengthening.  I recommend scrypt (http://www.tarsnap.com/scrypt/scrypt-1.1.6.tgz) which is described in this paper: http://www.tarsnap.com/scrypt/scrypt.pdf

Very true and I'm taking that into consideration when I'm writing. On one hand, I really wanted to take the attitude that YOU are responsible for choosing a good password but, let's be honest, that's not really fair for users. So yes, I'm going to use padding and strengthening.  I've got a great module that does some great work with strengthening and I'll have a look at the one you linked to here too.

Quote
The size of someone's wallet leaks information because it grows as you get/send TX but not otherwise.  Someone with access to the "cloud" storage file sizes could potentially backtrack an ID to a user by correlating the change in backup size with activity on the ID.  This is really hard to prevent completely, but it's quiet easy to drastically reduce the amount of information available: Before encrypting pad the size up to some increment.  This will hide some the least significant bits of the size, which have the most entropy. A rounding increment of 4kb wouldn't even use any more space on many filesystems, though a larger one will provide more confidentiality.

Excellent points and I appreciate the feedback. I was thinking 4kb would be good too since it's not very large and most filesystems wouldn't even blink at it.  Although, to be honest, the wallet is so small I could almost add an arbitrary bit of padding and it not be a problem.

Thanks!
Rage
Nesetalis
Sr. Member
****
Offline Offline

Activity: 420



View Profile
May 16, 2011, 06:11:52 AM
 #7

oh this is a delicious idea.. I've been poking around wondering about storing things in the cloud securely.
Good luck.
and a side note, toward password.. make it a minimum of 8 characters maximum of 200, must contain letters numbers and atleast one extra character..
may annoy a user or two, and some one may forget their password... but /you/ wont be to blame for their security.

ZOMG Moo!
FooDSt4mP
Full Member
***
Offline Offline

Activity: 182


View Profile
May 16, 2011, 07:04:48 AM
 #8

So a few months ago, there was a guy talking about writing a program to securely encrypt and backup your wallet to the cloud. I don't think I've seen any movement on the project so I've taken it up myself. BitCoin Backup will allow you to securely backup and restore your wallet to and from the cloud. Your wallet file will be encrypted using AES256 encryption before it's transmitted (no Dropbox funniness here!) and will be stored on a Truecrypt secured Linux file system.

Hard to give any kind of security review without seeing the source—  but a few comments:

Users choose terrible passwords almost universally. It's silly to blame them because they're not changing.   As a result, if you're encrypting something using a password without strengthening you are going to basically be insecure. Please use password strengthening.  I recommend scrypt (http://www.tarsnap.com/scrypt/scrypt-1.1.6.tgz) which is described in this paper: http://www.tarsnap.com/scrypt/scrypt.pdf

The size of someone's wallet leaks information because it grows as you get/send TX but not otherwise.  Someone with access to the "cloud" storage file sizes could potentially backtrack an ID to a user by correlating the change in backup size with activity on the ID.  This is really hard to prevent completely, but it's quiet easy to drastically reduce the amount of information available: Before encrypting pad the size up to some increment.  This will hide some the least significant bits of the size, which have the most entropy. A rounding increment of 4kb wouldn't even use any more space on many filesystems, though a larger one will provide more confidentiality.

The wallet only stores addresses, so transactions don't change it.  And the owner is the only one who can create a new address.

As we slide down the banister of life, this is just another splinter in our ass.
lulzplzkthx
Sr. Member
****
Offline Offline

Activity: 322



View Profile WWW
May 17, 2011, 03:21:50 AM
 #9

I was actually thinking about starting a project just like this today, and then remembered my solution: I use SpiderOak and just have it set to backup my wallet.dat. It keeps the last few versions, meaning I don't have to worry about corruption, and it encrypts ALL of the files backed up.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!