How do you protect your wallet and backup file?

[shorena]

First, sorry for the late answer, didnt have the time for a length reply earlier. I see you got the partial quotes now

-snip-
Did you install armory on a second computer? Whats the difference between this and having it on your daily use computer if the security is so good?

Yes, I used a different machine for that because I wanted to test how it would perform on old mobile hardware. Not as cold storrage but as a form of semi cold storrage but with a dedicated machine. I still think its as secure as it gets on a daily use computer, but as daily use computers go there is a higher risk for infections. That might not even be my fault. My main machine is also used by guests or family members, it takes USB devices from different people and not all of them know what they are doing when it comes to virusprotection. It is something I want to prepare for, but since I dont have that much to worry about cold storrage yet, I though about a dedicated machine. Another reason for testing armory was that it allows multisig and AFAIK its the only wallet thats currently supporting this. Would be nice to set up an address for the family that would require multiple passwords/keys to spend the funds.

In my electrum wallet, I am using a few different addresses, so if I am going to check that my coins are in my wallet and not wanting to plug in my external hardware to my computer, I would need to check upon a few different addresses. Is there any good and simple way to do this on with a when having a few addresses?

Well the more addresses the more painfull it is to check the pages manually. I wrote a little Javaprogramm [1] a while back that is looking up a list of addresses via the blockchain.info API. Its basically just checking the site for you for each of the addresses and creates a file where it lists all balances
per address. Not sure if this is usefull for you, but it should be still downloadable via mega and the source is included.

Also, do you recomend to use one address only once? And does electrum generate new addresses or how does it work? I can't notice that one my self because I don't really keep a track of the address strings.

I use a new address for every source of bitcoin. E.g. each signature campaign that paid me got its own address, the address in my profile changes from time to time. That way I know where the coins came from when I check in bitcoin core. IIRC electrum has something like this as well. Its just a little label because I wouldnt be able to remember the address string either. This also helps a bit with privacy, because if I gave everyone the same address theyd know how much I received and spend etc.

Not necessary the way you described it would be semi-cold. You have a wallet that has the private keys and when you want to spend bitcoin it is online (hot), but most of the time you keep your wallet offline (cold) and check in from time to time, but you do so without using your wallet. Its not proper cold storrage as that usually implys that the machine storring your private keys is never online. It could be a old machine sitting in a corner, turned off. When you want to spend coins you create a transaction with your regular wallet (hot) on your main machine thats online and daily used. This machine however can only create an unsigned transaction as it has no access to the private keys. It only knows which addresses you have private keys for somewhere else and monitors them for you. You would then copy that unsigned transaction to the offline machine, get it signed and copy it back to the online machine to broadcast it to the network.
Your semi cold version offers a little less security, but you also only need a single machine, with an external storrage for the wallet file. The external storrage could e.g. be an USB stick that you use for your wallet file only and keep it in a safe place.

I do understand the first few lines but when it comes to the part where you mention When you want to spend coins you create.. can you please explain this a bit more? And the trezor wallet, it does all this work right?

Yes, trezor would do this for you. The idea of hot and cold wallet is that you have two machines. One called cold because it is offline, where you have the private keys and one call hot because it is online, but it only knows the addresses not the private keys. Thus you have one wallet - the hot one - that knows how much bitcoin you can spend and one wallet that is actually able to confirm the spending of the coins. The way bitcoin works is that if you want to spend bitcoin you need to sign the transaction with your private key in order to make it legit. Otherwise anyone could spend your coins. Now in order to spend both machines have to work together. The cold wallet can not just create a transaction because it does not know how much bitcoin you have etc.; the hot wallet can create a transaction, but cant sign it because it has no access to the private keys. So in order to actually spend coins you have to create a new transaction with the hot wallet, transfer that unsigned transaction to the cold wallet, get it signed and transfer it back to let the network know about it. Trezor would be the cold wallet in this case, connected via USB to the hot wallet. The private keys never leave the device, it gets an unsigned transaction from the computer, signs and returns it. A virus would have to infect the Trezor in order to access your private keys and be able to spend your coins.

Do you have paperwallets?

I had several they are all empty now, but I might create more once my coin arrives.

It seems like a bit of more work, but do they expire? Because I don't understand what you meant by that 60 day thing. Are the private keys just on a paper?

No they dont expire. Sorry for the confusion. I rented my signature for 60 days to silverwallets.com . My reward is that I got one for their coins that can hold a paperwallet behind a sticker. A paperwallet is just a private key printed on paper, yes.

But what is the actual wallet, because the coins must be on a wallet, but without the private keys, right? And when you want to use the wallet, you need to type in the private keys you have on your printed paper right? I think I am wrong on this one, not sure.

There is no actual wallet, as in software. Most - if not all - wallets can however import the private key that is on paper. Its similar to the cold wallet idea. You have a private key on paper, so its offline and can not be attacked by a virus. You could lose it, it could burn in a fire, etc. Its not 100% either but it protects against all digital attacks. You can use the address to send coins there as much as you want without the need for the private key, only when you want to spend the coin you will type the private key into a secure and clean machine and create a transaction. It is very important that this transaction has to spend all the coins on the paperwallet, because the way bitcoin works there is something called change and not all wallets handle it the same, which could result in a loss. Let me try to explain change with an analogy. Bitcoin you receive is like a lump of gold. This lump can only be used entirely, if its worth 1 BTC and you want to spend 0.5 you need to melt it down and create two entirely new lumps of gold. One for the person you want to pay and one for you. Now some wallets just return your lump to the address it "came" from. The problem with this is that bitcoin does not use addresses on a protocoll level, its just an abstraction to help us humans understand what is happening. So back to the paperwallet. You have 1 BTC on it, want to spend 0.5 and the change either goes "back" or to a new address depending on the wallet software you use to do this. In any case your paperwallet should not be used again, but its better to create a new one and send the change there.



[1] https://bitcointalk.org/index.php?topic=736607.msg8355029#msg8355029

[goldsun]

First, sorry for the late answer, didnt have the time for a length reply earlier. I see you got the partial quotes now

It's all good! I haven't been active here myself because I feel that I am getting a bit tired of just reading threads and watching the btc charts.

Yes, I used a different machine for that because I wanted to test how it would perform on old mobile hardware. Not as cold storrage but as a form of semi cold storrage but with a dedicated machine. I still think its as secure as it gets on a daily use computer, but as daily use computers go there is a higher risk for infections. That might not even be my fault. My main machine is also used by guests or family members, it takes USB devices from different people and not all of them know what they are doing when it comes to virusprotection. It is something I want to prepare for, but since I dont have that much to worry about cold storrage yet, I though about a dedicated machine. Another reason for testing armory was that it allows multisig and AFAIK its the only wallet thats currently supporting this. Would be nice to set up an address for the family that would require multiple passwords/keys to spend the funds.

So with armory, you can set up a address that require you to type multiply passwords before you want to spend the funds? Extra security right?

Well the more addresses the more painfull it is to check the pages manually. I wrote a little Javaprogramm [1] a while back that is looking up a list of addresses via the blockchain.info API. Its basically just checking the site for you for each of the addresses and creates a file where it lists all balances
per address. Not sure if this is usefull for you, but it should be still downloadable via mega and the source is included.

I will try to check it out and see if it will suite me.

I use a new address for every source of bitcoin. E.g. each signature campaign that paid me got its own address, the address in my profile changes from time to time. That way I know where the coins came from when I check in bitcoin core. IIRC electrum has something like this as well. Its just a little label because I wouldnt be able to remember the address string either. This also helps a bit with privacy, because if I gave everyone the same address theyd know how much I received and spend etc.

Yeah, it's a bit more privacy than having all your coins transfered to one address. Maybe it will blend in with everyone elses transactions but I still prefer a bit more security. But I don't understand the signature thing.

Yes, trezor would do this for you. The idea of hot and cold wallet is that you have two machines. One called cold because it is offline, where you have the private keys and one call hot because it is online, but it only knows the addresses not the private keys. Thus you have one wallet - the hot one - that knows how much bitcoin you can spend and one wallet that is actually able to confirm the spending of the coins. The way bitcoin works is that if you want to spend bitcoin you need to sign the transaction with your private key in order to make it legit. Otherwise anyone could spend your coins. Now in order to spend both machines have to work together. The cold wallet can not just create a transaction because it does not know how much bitcoin you have etc.; the hot wallet can create a transaction, but cant sign it because it has no access to the private keys. So in order to actually spend coins you have to create a new transaction with the hot wallet, transfer that unsigned transaction to the cold wallet, get it signed and transfer it back to let the network know about it. Trezor would be the cold wallet in this case, connected via USB to the hot wallet. The private keys never leave the device, it gets an unsigned transaction from the computer, signs and returns it. A virus would have to infect the Trezor in order to access your private keys and be able to spend your coins.

So instead of all the hassle with offline transactions etc, it's better to have a Trezor, for example. Or just plug the external hardware into a hot machine and be sure that the machine don't have any malwares or viruses. Because even I don't understand this so much even though you explained it well. So how could average joe understand this lol.

There is no actual wallet, as in software. Most - if not all - wallets can however import the private key that is on paper. Its similar to the cold wallet idea. You have a private key on paper, so its offline and can not be attacked by a virus. You could lose it, it could burn in a fire, etc. Its not 100% either but it protects against all digital attacks. You can use the address to send coins there as much as you want without the need for the private key, only when you want to spend the coin you will type the private key into a secure and clean machine and create a transaction. It is very important that this transaction has to spend all the coins on the paperwallet, because the way bitcoin works there is something called change and not all wallets handle it the same, which could result in a loss. Let me try to explain change with an analogy. Bitcoin you receive is like a lump of gold. This lump can only be used entirely, if its worth 1 BTC and you want to spend 0.5 you need to melt it down and create two entirely new lumps of gold. One for the person you want to pay and one for you. Now some wallets just return your lump to the address it "came" from. The problem with this is that bitcoin does not use addresses on a protocoll level, its just an abstraction to help us humans understand what is happening. So back to the paperwallet. You have 1 BTC on it, want to spend 0.5 and the change either goes "back" or to a new address depending on the wallet software you use to do this. In any case your paperwallet should not be used again, but its better to create a new one and send the change there.

So a paper wallet don't have an actual wallet. It's just the private keys, taken apart and put on a printed paper. And when I want to use it, I also need to remember the wallet address if I need to send coins to my paper wallet, but the private keys aren't needed.

Electrum wallet handles it the way it should, right? Because that change think, does it only go for paperwallets?

BTW, you mentioned bitcore and armory, do you use them instead of electrum, or are they just alternatives to electrum?

[Tafelpoot]

The public key is a subset of the private key.
The bitcoin address is the hash of of the public key.

This means that your public key and bitcoin address can be derived from the private key.

The electrum seed generates a series of private keys.
This means all the private keys of a wallet can be generated from 1 seed.

The electrum master public key is derived from the seed.
All the public keys can be derived from it, and in turn, all your bitcoin addresses.

Conclusion:
- Just backup your 12 word seed. (13 words for electrum 2.0 HD wallets).
- Do not export private keys of an electrum wallet unless you really know what you are doing. There are tools that derive all your other private keys based on a single electrum private key.
- Use a watch-only wallet based on the master public key for wallets on PCs you use a lot.

[shorena]

-snip-
So with armory, you can set up a address that require you to type multiply passwords before you want to spend the funds? Extra security right?

I never got that far in actually using it, but thats how I understood it yes.

Yeah, it's a bit more privacy than having all your coins transfered to one address. Maybe it will blend in with everyone elses transactions but I still prefer a bit more security. But I don't understand the signature thing.

Thats just someting I do on this forum. I sell my signature (below my posts) to advertisers. It has nothing to do with bitcoin per se. Sorry if this is a source for continued confusion. It was ment as an example of income.

So instead of all the hassle with offline transactions etc, it's better to have a Trezor, for example. Or just plug the external hardware into a hot machine and be sure that the machine don't have any malwares or viruses. Because even I don't understand this so much even though you explained it well. So how could average joe understand this lol.

I never had a Trezor to test this, but my understand is pretty much what you describe. As long as the host is not infected durring the creation of a transaction you are golden. You keep the Trezor around and only need to plug it in to send bitcoin.

So a paper wallet don't have an actual wallet. It's just the private keys, taken apart and put on a printed paper. And when I want to use it, I also need to remember the wallet address if I need to send coins to my paper wallet, but the private keys aren't needed.

Usually the address is also printed on the paper, but yes it makes sense to keep the address in multiple places.

Electrum wallet handles it the way it should, right? Because that change think, does it only go for paperwallets?

Electrum handles change as a good wallet should, by default. As in: it creates a new address for every time a change transaction occurs. Here [1] is a very good explanation (IMHO) with pictures.

BTW, you mentioned bitcore and armory, do you use them instead of electrum, or are they just alternatives to electrum?

Currently I use bitcoin core for most things bitcoin, but I plan to change that. I am not entirely sure if I want to use armory hot/cold or electrum hot/cold in the future. I have an old laptop around to experiment with and by its age and performance I will probably end up using electrum. On the other hand I really like the multisig features of armory and the performance should be no issue for cold storrage. There is also this even older netbook that I might use. So I could use both armory and electrum for a while and decide later. Decisions, decisions and little time to actually set thigns in motion. The easiest and fastes setup is Electrum, no questions asked.

-snip-
- Do not export private keys of an electrum wallet unless you really know what you are doing. There are tools that derive all your other private keys based on a single electrum private key.

Nice summary, just some nitpicking. AFAIK this attack also requires the master public key, which is usually easier to get though. The point "do not mess around with private keys" still stands ofc.


[1] search for "Seeds and Change Addresses" http://bitzuma.com/posts/a-beginners-guide-to-the-electrum-bitcoin-wallet/

[Bernard Lerring]

If you don't want to use a paper wallet (and I can't see why you wouldn't) and have a significant amount of BTC in your Electrum wallet you could always use Tails.

Download the latest .iso and create a Tails live USB stick. Then boot into Tails, connect your internet, go to the Electrum page in Tails' web browser. Download and run Electrum and restore your wallet from your 12 word seed (written on a piece of paper, or however you like to store it).

When you're done using Electrum, close down Tails and it wipes everything it has done. It doesn't touch your hard disk and even performs a memory wipe. There is no trace of what you have done in Tails anywhere on your computer.

When you reboot back into your usual OS there is no trace of anything you've done in Tails.

I would use this method if you have a large amount of BTC in a Electrum wallet that you only use once every couple of days/weeks.

You can have a permanent Electrum wallet (with a different seed to your big one, containing a smaller amount of BTC on your regular OS for shopping etc.

[goldsun]

I never had a Trezor to test this, but my understand is pretty much what you describe. As long as the host is not infected durring the creation of a transaction you are golden. You keep the Trezor around and only need to plug it in to send bitcoin.

A trezor can not be infected with virus right? If my personal everyday computer have virus, and I plug in the Trezor, it doesn't infect the Trezor right? But with a external harddrive, it could?

Electrum handles change as a good wallet should, by default. As in: it creates a new address for every time a change transaction occurs. Here [1] is a very good explanation (IMHO) with pictures. 

I think I asked earlier in the thread about if electrum creates new addresses, because I didn't keep track of all of them. But it looks like it does.

I read through the link you attached, but didn't understand the most of the Seeds and Change Addresses part. However, I think I shouldn't even bother to mess with that one, then hopefully, all my coins are safe.

And yeah, don't bother with private keys either, if you use a wallet like electrum with a seed. Just keep a copy or two of the seed, and it should be good!

[goldsun]

If you don't want to use a paper wallet (and I can't see why you wouldn't) and have a significant amount of BTC in your Electrum wallet you could always use Tails.

Download the latest .iso and create a Tails live USB stick. Then boot into Tails, connect your internet, go to the Electrum page in Tails' web browser. Download and run Electrum and restore your wallet from your 12 word seed (written on a piece of paper, or however you like to store it).

When you're done using Electrum, close down Tails and it wipes everything it has done. It doesn't touch your hard disk and even performs a memory wipe. There is no trace of what you have done in Tails anywhere on your computer.

When you reboot back into your usual OS there is no trace of anything you've done in Tails.

I would use this method if you have a large amount of BTC in a Electrum wallet that you only use once every couple of days/weeks.

You can have a permanent Electrum wallet (with a different seed to your big one, containing a smaller amount of BTC on your regular OS for shopping etc.

Thanks for your info!

So Tails is a OS. And anything done on Tails, are not stored on my computer. But on Tails, I should only install the electrum wallet, and nothing else, right?

[shorena]

A trezor can not be infected with virus right? If my personal everyday computer have virus, and I plug in the Trezor, it doesn't infect the Trezor right? But with a external harddrive, it could?

Well, technically a Trezor could be infected like any other computer, it has a CPU [1] so it can be programmed to do different things. BUT(!) its way easier to find a loophole in a complex machine than it is in a slim machine. Its easier to make a mistakes if you write several million lines of code (modern OS) than it is if you write a few tousand lines of code. I am not sure how many lines of code Trezor actually needs to work, but its a different dimension than an operationsystem. The other things is that its more likely for someone to write malware for a broadly used OS than it is for special purpose hardware. If you have to infect a few million machines to find a single trezor, dont bother, see what the few million machines have to offer. Thats why there are so many viruses for Windows and so little for the other systems.
So as everything technical its not 100% safe, but better than the HD. The harddrive can be read as soon as the system its plugged into is under control. Trazor has to be broken seperately. Like a safe behind a metal door vs. a desk behind a metal door (HDD).

I read through the link you attached, but didn't understand the most of the Seeds and Change Addresses part. However, I think I shouldn't even bother to mess with that one, then hopefully, all my coins are safe.

Yep, just keep it in the default setting and you are fine.

And yeah, don't bother with private keys either, if you use a wallet like electrum with a seed. Just keep a copy or two of the seed, and it should be good!

Thats why I like Electrum so much. Armory would require constant new backups. I recently installed mSIGNA its slim but needs a local (or remote) bitcoin core to work with, supports multi sig and all the nice stuff. The userinterface is a bit complex though. *sigh* by the time I found my perfect wallet there will be 10 more to test.

So Tails is a OS. And anything done on Tails, are not stored on my computer. But on Tails, I should only install the electrum wallet, and nothing else, right?

Yes, its usually on a DVD (safer because it cant be modified) or USB (more convienient as it allows to store extra data) and is booted into your memory. Thus it does not access your HD because its not actually installed. As long as you trust the hardware you could use it on any machine, even an infected one. The only problem I currently see is that you have to get electrum once you booted tails, but that might change with the next version [2] of tails.


[1] http://doc.satoshilabs.com/trezor-faq/overview.html
[2] https://labs.riseup.net/code/issues/6739

[goldsun]

Yes, its usually on a DVD (safer because it cant be modified) or USB (more convienient as it allows to store extra data) and is booted into your memory. Thus it does not access your HD because its not actually installed. As long as you trust the hardware you could use it on any machine, even an infected one. The only problem I currently see is that you have to get electrum once you booted tails, but that might change with the next version [2] of tails.


[1] http://doc.satoshilabs.com/trezor-faq/overview.html
[2] https://labs.riseup.net/code/issues/6739

Can't I just install electrum on tails, and save it? So I don't have to get it everytime? I am not sure if I understood your last sentence.

You also talked about multisig, I don't understand what it is. Could you explain it briefly?

[shorena]

Can't I just install electrum on tails, and save it? So I don't have to get it everytime? I am not sure if I understood your last sentence.

Its possible to modify a live system before you burn it to a DVD, but its probably considered advanced.

You also talked about multisig, I don't understand what it is. Could you explain it briefly?

Multi-sig as in multiple signatures. Usually there is a single private key that signs a transaction. This signature makes it valid and allows you to spend the funds. This is basically what happens every time you spend bitcoin. You unlock your private key, use it to sign a transaction and broadcast said transaction.
The idea with multi-sig is that you need more than one private key to make a valid transaction. E.g. for escrow services a multi-sig system can be created where the seller (S) has a private key, the buyer (B) has a private key and the person doing the escrow (E) has a private key.
The typical design would be that they all create a single address and every two of them can spend the funds "2 of 3 multi-sig". These addresses would start with 3 instead of 1 like this[2]. The 3 has nothing to do with the amount of keys used. The 3 indicates that its a pay to script address [3] instead of a "normal" pay to pubkey hash address.

On the protocol level bitcoin is "just" signatures, scripts and transactions thus its possible to create an address which funds can be spend if the transaction spending them is signed by 2 of the 3 possible private keys. So in our escrow case, B sends the funds to the address, S sends the goods. If everything is how B expencted it to be B can sign a transaction and pass it to S to sign it as well and the coins are spend (usually to S).
If something goes wrong B and/or S can contact E to decide where the funds should go. Neither B nor S can spend the funds alone, thus E can listen to all arguments and finally make a decision where the funds should be send to by signing the correcsponding transaction.
E.g. OpenBazaar [1] will use this (mostly automated) as part of a mechanism to resolve dispute between B and S.

[1] https://gist.github.com/drwasho/405d51bd1b1a32e38145
[2] donation address for the darkwallet project: https://www.blocktrail.com/BTC/address/31oSGBBNrpCiENH3XMZpiP6GTC4tad4bMy
[3] https://en.bitcoin.it/wiki/Pay_to_script_hash

[goldsun]

Can't I just install electrum on tails, and save it? So I don't have to get it everytime? I am not sure if I understood your last sentence.

Its possible to modify a live system before you burn it to a DVD, but its probably considered advanced.

You also talked about multisig, I don't understand what it is. Could you explain it briefly?

Multi-sig as in multiple signatures. Usually there is a single private key that signs a transaction. This signature makes it valid and allows you to spend the funds. This is basically what happens every time you spend bitcoin. You unlock your private key, use it to sign a transaction and broadcast said transaction.
The idea with multi-sig is that you need more than one private key to make a valid transaction. E.g. for escrow services a multi-sig system can be created where the seller (S) has a private key, the buyer (B) has a private key and the person doing the escrow (E) has a private key.
The typical design would be that they all create a single address and every two of them can spend the funds "2 of 3 multi-sig". These addresses would start with 3 instead of 1 like this[2]. The 3 has nothing to do with the amount of keys used. The 3 indicates that its a pay to script address [3] instead of a "normal" pay to pubkey hash address.

On the protocol level bitcoin is "just" signatures, scripts and transactions thus its possible to create an address which funds can be spend if the transaction spending them is signed by 2 of the 3 possible private keys. So in our escrow case, B sends the funds to the address, S sends the goods. If everything is how B expencted it to be B can sign a transaction and pass it to S to sign it as well and the coins are spend (usually to S).
If something goes wrong B and/or S can contact E to decide where the funds should go. Neither B nor S can spend the funds alone, thus E can listen to all arguments and finally make a decision where the funds should be send to by signing the correcsponding transaction.
E.g. OpenBazaar [1] will use this (mostly automated) as part of a mechanism to resolve dispute between B and S.

[1] https://gist.github.com/drwasho/405d51bd1b1a32e38145
[2] donation address for the darkwallet project: https://www.blocktrail.com/BTC/address/31oSGBBNrpCiENH3XMZpiP6GTC4tad4bMy
[3] https://en.bitcoin.it/wiki/Pay_to_script_hash

I see that it's mostly used by 3rd party services right? Like it's not really necessary for me to touch the multisig thing? It seems like bitcoin is simple, but yet it's a bit more complex than what it kinda looks like because it's not just buy and spend/save. It's alot about security.

Seems like I got all my questions answered, it took a bit more than a month. Thank you for taking time answering and explaining all this!

[shorena]

-snip-
I see that it's mostly used by 3rd party services right? Like it's not really necessary for me to touch the multisig thing? It seems like bitcoin is simple, but yet it's a bit more complex than what it kinda looks like because it's not just buy and spend/save. It's alot about security.

No, its not actually needed to look into multisig for personal use IMHO.

Seems like I got all my questions answered, it took a bit more than a month. Thank you for taking time answering and explaining all this!

Sure