Bitcoin Forum
December 14, 2017, 10:13:04 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: [IDEA] BitBackup  (Read 894 times)
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
July 30, 2012, 12:19:34 AM
 #1

I am putting this here for future reference, loss of coins is a real problem in the community, and let's face it, most people want it easy, so also with backups.

What I propose is the following piece of software, it could be made in QT or Java to run on a multitude of platforms.

- Open source (so it could be verified nothing nefarious is going on.
- Free remote backup of encrypted wallets, possibly also encrypted with users private PGP key too, this should be redundant, I thought of 3 different servers. A small fee could be charged by such backup server operators to cover costs. Or free accounts with lesser features, and premium accounts with more features.
- Option to copy wallet to a safe location on disk or external media.
- Option to give wallets nicknames, so they could be swapped.
- Option to save to a paper wallet.
- Some kind of emergency restoration feature (perhaps a physical yubi-key could save the passphrase.)

In short, keep all secrets (walletpassphrase, PGP-keys) local, but spread the risk (wallets), ideally extra copy of wallet on another location on same harddisk, +on external media, + 3 remote locations.

By doing it open source, those interested can verify nothing nefarious goes on, and most users can just happily use the program. These features could also be plugged into the main client, or as an addition to the standard client, perhaps there should be a 'plugin API' to the standard client, and there could be one repository with 'verified' plugins that are verified by community members, still it should all be open source.

I'd love to do this, but at the moment, my hands are tied with other projects, but I'll keep it here in the event I'll get back to this idea again in the future. I don't think this is a big commercial project, but it would benefit the community.

I haven't checked if something like this already exists. But the point is: It should be supereasy to use for newbs, all point and click.

1513246384
Hero Member
*
Offline Offline

Posts: 1513246384

View Profile Personal Message (Offline)

Ignore
1513246384
Reply with quote  #2

1513246384
Report to moderator
1513246384
Hero Member
*
Offline Offline

Posts: 1513246384

View Profile Personal Message (Offline)

Ignore
1513246384
Reply with quote  #2

1513246384
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
NRF
Sr. Member
****
Offline Offline

Activity: 301



View Profile
July 30, 2012, 05:54:04 AM
 #2

This may sound insane but until you get your project underway,

You could put it all into a truecrypt container with a strong password and keyfile and seed it with bittorrent.  Seed it on every computer you own, ask your friends to seed it. upload it to pirate bay, title it bitcoin wallet.dat with 1000 bitcoin's in it.  Even ask people here to seed it.

Bittorrent is great like that (As long as your password isn't "1234" ).

Regardless, I would look into the bittorrent protocol to do the actual work behind what you propose.

      ▀███   ███   ████    ▄██████▄
       ████ █████ █████▄  ███▀  ▀███
        ███▄██▀██▄██████  ██████████
        ▀█████ █████▀████ ███▄  ▄▄▄
         ▀███   ███▀  ███▄ ▀██████▀▀
                      ▀███
███▄████▄     ▄█████▄  ████   ███   ███▀ ▄██████▄  ███▄██
████▀▀▀███▄ ▄███▀▀▀███▄ ███  █████  ███ ███▀  ▀███ █████▀
███     ███ ███     ███ ▀███ █████ ███  ██████████ ███
███▄   ▄███ ███▄   ▄███  ▀█████▀█████▀  ███▄  ▄▄▄  ███
█████████▀   ▀███████▀    ████▀ ▀████   ▀████████▀ ███
███ ▀▀▀▀       ▀▀▀▀▀       ▀▀▀   ▀▀▀      ▀▀▀▀▀▀   ▀▀▀
███
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
July 30, 2012, 06:11:32 AM
 #3

- Free remote backup of encrypted wallets, possibly also encrypted with users private PGP key too, this should be redundant, I thought of 3 different servers. A small fee could be charged by such backup server operators to cover costs. Or free accounts with lesser features, and premium accounts with more features.

That scares me knowing my wallet is on a site, without any trust, or knowing the encryption, I would be one of these people who wait a while before doing it.

Regardless, I would look into the bittorrent protocol to do the actual work behind what you propose.

Bittorrent protocol do what work? Give my wallet to everyone. Bittorrent protocol has no purpose in this, and just seed your wallet to anyone who can crack the code. Even if it is in a truecypt container, i don't want other computers that I don't give permission to have it.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
NRF
Sr. Member
****
Offline Offline

Activity: 301



View Profile
July 30, 2012, 06:56:19 AM
 #4

Bittorrent protocol do what work? Give my wallet to everyone. Bittorrent protocol has no purpose in this, and just seed your wallet to anyone who can crack the code. Even if it is in a truecypt container, i don't want other computers that I don't give permission to have it.

The actual distribution of the files, bittorrent is a very robust P2P way (and open source) of storing information.  It can be used in many more ways than just downloading movies and music. 

It could be used as a storage mechanism that fits Herodes proposal.

If, as you say " i don't want other computers that I don't give permission to have it" what Herodes proposes is probably not for you.  I think it is quite a good idea and already do something similar using bittorrent, its not an application though, just bittorrent and bash scripts running on geographically distributed computers.

      ▀███   ███   ████    ▄██████▄
       ████ █████ █████▄  ███▀  ▀███
        ███▄██▀██▄██████  ██████████
        ▀█████ █████▀████ ███▄  ▄▄▄
         ▀███   ███▀  ███▄ ▀██████▀▀
                      ▀███
███▄████▄     ▄█████▄  ████   ███   ███▀ ▄██████▄  ███▄██
████▀▀▀███▄ ▄███▀▀▀███▄ ███  █████  ███ ███▀  ▀███ █████▀
███     ███ ███     ███ ▀███ █████ ███  ██████████ ███
███▄   ▄███ ███▄   ▄███  ▀█████▀█████▀  ███▄  ▄▄▄  ███
█████████▀   ▀███████▀    ████▀ ▀████   ▀████████▀ ███
███ ▀▀▀▀       ▀▀▀▀▀       ▀▀▀   ▀▀▀      ▀▀▀▀▀▀   ▀▀▀
███
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
July 30, 2012, 07:05:42 AM
 #5

The actual distribution of the files, bittorrent is a very robust P2P way (and open source) of storing information.  It can be used in many more ways than just downloading movies and music. 

It could be used as a storage mechanism that fits Herodes proposal.

If, as you say " i don't want other computers that I don't give permission to have it" what Herodes proposes is probably not for you.  I think it is quite a good idea and already do something similar using bittorrent, its not an application though, just bittorrent and bash scripts running on geographically distributed computers.

I actually know bittorrent very well, I have use it to move files around IE: not music, movies or file sharing, but bittorrent is very open and cause of that it can easily be tricked into giving all torrent hashes and then you can just download the files and that scares the SHIT out of me.

Also herodes probably wants tinfoil dudes like me to validate his service.

Wallet files aren't very large and bittorrent would be no gained benefits to a project like this. Actually it be a security risk. I think the best way to move files around would be post, with SSL and encryption before sending it off. Don't over think things like this, just focus on security, I know I wouldn't want to work on a project like this, be prepare to not sleep at night, over think simple things, and have people yell at you if you get hacked or lose a wallet.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
NRF
Sr. Member
****
Offline Offline

Activity: 301



View Profile
July 30, 2012, 07:32:01 AM
 #6

HTTP post has no concept of replication, storage, fault tolerance and even with SSL has far less encryption then the bittorrent protocol is capable of.

Writing an app to do all of this is of course possible, but why re-invent the wheel (with possible dangerous bo bo's) when there is an extensively audited and trusted open source alternative with library's written in just about a bijilion languages?

Still, I do like tin foil hat's, the girls love em.

      ▀███   ███   ████    ▄██████▄
       ████ █████ █████▄  ███▀  ▀███
        ███▄██▀██▄██████  ██████████
        ▀█████ █████▀████ ███▄  ▄▄▄
         ▀███   ███▀  ███▄ ▀██████▀▀
                      ▀███
███▄████▄     ▄█████▄  ████   ███   ███▀ ▄██████▄  ███▄██
████▀▀▀███▄ ▄███▀▀▀███▄ ███  █████  ███ ███▀  ▀███ █████▀
███     ███ ███     ███ ▀███ █████ ███  ██████████ ███
███▄   ▄███ ███▄   ▄███  ▀█████▀█████▀  ███▄  ▄▄▄  ███
█████████▀   ▀███████▀    ████▀ ▀████   ▀████████▀ ███
███ ▀▀▀▀       ▀▀▀▀▀       ▀▀▀   ▀▀▀      ▀▀▀▀▀▀   ▀▀▀
███
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
████
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
July 30, 2012, 01:54:52 PM
 #7

Nice suggestions on the storage part of this project.
The encryption methods used would be known, and the source code would be available.

Chosing strong walletpassphrases + using strong encryption on the entire wallet (after it's already protected by a walletpassphrase), and keeping the secrets only on the client side, client could of course make multiple backups of his wallet pass phrase and/or private PGP-key and store it in safe locations.

Point is, if it's done correctly, cracking the encryption and the wallet pass phrase, should be practically impossible.

Just imagine having your wallet pass phrase set to 'Santa Claus loves all children in the world!' and then encrypt it with a private PGP-key holding the keyphrase 'I met my wife Alice at Garden Inn'.

To get access to the wallet and transfer the coins, the attacker would need.

1. Access to the PGP-encrypted wallet.dat (trivial, esp. if you have access to a storage server, or it's stored with bittorrent and you can download it)
2. Access to the private PGP key of the wallet owner. (Very hard, local computer needs to be compromised, and if local computer is compromised anyway, it might be game over anyway)
3. Access to the passphrase for the private PGP key.
4. Now that the attacker has decrypted the wallet, and it can now be acessed, apart from sending coins, which would need the wallet pass phrase.
5. Wallet passhrase would need to be cracked.

Brute force of long passhrases are computably unfeasible, you could check with the calculator here:
https://www.grc.com/haystack.htm. I guess a variant where you combine a dictionary attack with bruteforcing (words instead of letters) would be quicker, but instead of 'I met my wife Alice at Garden inn', using something like '#¤&%554ll_\44DFss-@3-6\\' for the passphrase would take 93.83 billion trillion trillion centuries assuming 1000 brute force attempts pr. second.

To give peace to the user, such a calculator could even be included with the program, so the user could check the strength of his passphrases.

Obviously for such a project, a more specific draft would have to be made, and input from the community would be required.

So in many cases it would be actually a larger likelyhood of the users residence to burn down than having those wallets being cracked. The only ones being afraid of storing their wallet online would be those who doesn't understand the technology properly. Use weak protection and distribute the wallet, and do expect to lose the coins. Done right, the danger is in my view so small that it is non existant.

But anyway, perhaps something like this is already worked on, or partly or fully incorporated in existing software.
gweedo
Legendary
*
Offline Offline

Activity: 1246


Java, PHP, HTML/CSS Programmer for Hire!


View Profile WWW
July 30, 2012, 04:30:09 PM
 #8

HTTP post has no concept of replication, storage, fault tolerance and even with SSL has far less encryption then the bittorrent protocol is capable of.

Writing an app to do all of this is of course possible, but why re-invent the wheel (with possible dangerous bo bo's) when there is an extensively audited and trusted open source alternative with library's written in just about a bijilion languages?

Still, I do like tin foil hat's, the girls love em.
Cause bittorrent is way too open, and HTTP post with SSL and encryption of the file before sending is actually industry standard for handling files like that. You still would need to have some replication on the server-side and it is better to know where the files are going than, storage as I said no one wants there wallet in the hands of anyone that has no permission, encrypted or not, fault tolerance actually bittorrent would make your fault tolerance one point of fail cause if the tracker goes down you can't get your wallet, and not all trackers are that stable, and bittorrent's encryption has been crack with deep analytic by ISPs, where SSL has been proven all this time.

Nice suggestions on the storage part of this project.
The encryption methods used would be known, and the source code would be available.

Chosing strong walletpassphrases + using strong encryption on the entire wallet (after it's already protected by a walletpassphrase), and keeping the secrets only on the client side, client could of course make multiple backups of his wallet pass phrase and/or private PGP-key and store it in safe locations.

Point is, if it's done correctly, cracking the encryption and the wallet pass phrase, should be practically impossible.

Just imagine having your wallet pass phrase set to 'Santa Claus loves all children in the world!' and then encrypt it with a private PGP-key holding the keyphrase 'I met my wife Alice at Garden Inn'.

To get access to the wallet and transfer the coins, the attacker would need.

1. Access to the PGP-encrypted wallet.dat (trivial, esp. if you have access to a storage server, or it's stored with bittorrent and you can download it)
2. Access to the private PGP key of the wallet owner. (Very hard, local computer needs to be compromised, and if local computer is compromised anyway, it might be game over anyway)
3. Access to the passphrase for the private PGP key.
4. Now that the attacker has decrypted the wallet, and it can now be acessed, apart from sending coins, which would need the wallet pass phrase.
5. Wallet passhrase would need to be cracked.

Brute force of long passhrases are computably unfeasible, you could check with the calculator here:
https://www.grc.com/haystack.htm. I guess a variant where you combine a dictionary attack with bruteforcing (words instead of letters) would be quicker, but instead of 'I met my wife Alice at Garden inn', using something like '#¤&%554ll_\44DFss-@3-6\\' for the passphrase would take 93.83 billion trillion trillion centuries assuming 1000 brute force attempts pr. second.

To give peace to the user, such a calculator could even be included with the program, so the user could check the strength of his passphrases.

Obviously for such a project, a more specific draft would have to be made, and input from the community would be required.

So in many cases it would be actually a larger likelyhood of the users residence to burn down than having those wallets being cracked. The only ones being afraid of storing their wallet online would be those who doesn't understand the technology properly. Use weak protection and distribute the wallet, and do expect to lose the coins. Done right, the danger is in my view so small that it is non existant.

But anyway, perhaps something like this is already worked on, or partly or fully incorporated in existing software.

I think this would be an extremely difficult project not the coding part, but to be secured 24/7 and if you do have a breach that you can respond fast, and make it difficult if one server is breach to get to other servers. Also trust some people me included would wait to see what some of the users say. You probably want to get a pen tester on board so any changes that would be getting pushed out can be checked and hopefully he be a strong pen tester and maybe worked on this stuff before or for a bank.

Want to earn 2500 SATOSHIS per hour? Come Chat and Chill in https://goseemybits.com/lobby
Herodes
Hero Member
*****
Offline Offline

Activity: 868


View Profile
July 30, 2012, 07:13:05 PM
 #9

Agree with the comments. This would be a project that would be needed to be done seriously if done at all.

At the moment I don't have the time, but obv. all critism would have to be answered for such a project to suceed.

I think such a 'newbe' and friendly solution will be developed eventually.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!