@etotheipi
The offline computer can have an offline antivirus, anti-malware, anti-rootkit software installed. It is updated by virus definition files offline through the USB. Serial cables (as in the RS232?) are non-existent on modern computers and you can consider them obsolete.
Personally, I don't have enough bitcoins to justify an offline computer for the purpose of cold storage, and I think I know relatively enough about malware to prevent it from affecting my daily computer usage despite not having installed anti-virus software (they slow down my computer so much that I notice it.)
Your software is interesting though and I might just download and try it out.
@fivemileshigh
That's almost how I do it. I generated some key pairs and they're backed up on paper and encrypted and rar'd with recovery records, and then protected from damage. I haven't actually printed them out to paper but will do it soon.
A piece of paper, printed using a dot-matrix impact printer (because laser toner sticks and inkjets smudge), optionally laminated, stored in a folder or envelope, in a safe is cheaper than a used mini laptop / netbook.
I'm actually looking for a decent font to print out my private keys and so far I've come up with Courier, Consolas and Lucida (fax / mono). I prefer monospaced font for this purpose.
Topic: . - page 2. (Read 64509 times)
I made a pretty comprehensive tutorial for using cold storage in Armory: Using Offline Wallets in Armory.
Get an old laptop, and it's 7 steps to get setup. Then 7-8 steps to actually execute a transaction. But of course, this is all with a pleasant graphical user interface with directions shown along the way, so the steps are a lot easier than the alternatives!
Offline wallets/cold storage is exactly what inspired me to make Armory in the first place!
The only potential point of failure is USB viruses. And those viruses would have to be highly-targeted: your private keys never touch any computer that will ever touch the internet. So a USB virus would have to be fully automated and exploit autorun vulnerabilities to even have a chance. In the future, I will support serial cables to close this tiny little gap, for the super-paranoid.
Get an old laptop, and it's 7 steps to get setup. Then 7-8 steps to actually execute a transaction. But of course, this is all with a pleasant graphical user interface with directions shown along the way, so the steps are a lot easier than the alternatives!
Offline wallets/cold storage is exactly what inspired me to make Armory in the first place!
The only potential point of failure is USB viruses. And those viruses would have to be highly-targeted: your private keys never touch any computer that will ever touch the internet. So a USB virus would have to be fully automated and exploit autorun vulnerabilities to even have a chance. In the future, I will support serial cables to close this tiny little gap, for the super-paranoid.
You should try Wuala.com. ( it also accept Bitcoin as payment: http://www.wuala.com/bitcoin )
It has many features like Dropbox, but it also include a local encryption before the upload
I only just discovered about this Wuala thing, but this is pretty awesome!It has many features like Dropbox, but it also include a local encryption before the upload
Looking into Wuala right now, didn't try it yet but so far it seems a big improvement over Dropbox:
- Encrypted locally, which is extremely important for sensitive data (such as your wallet)
- 5GB instead of 2GB in the free plan (well even 2GB is already WAY more than you need to backup your wallet)
- Ability to have multiple sync folders on your computer (as opposed to just one global 'Dropbox folder')
Looks pretty nice so far.
I personally prefer generating a completely random private key / public key pair than using deterministic methods to create / recreate a wallet (or bunch of keys), as there is the risk (no matter how small) of the method to be discovered and the whole wallet compromised.
One could also use a USB stick with hardware write protection, boot a Linux distribution and use a Bitcoin client with deterministic wallets. On each boot, you recreate the wallet from the mnemonic code and nothing is ever written to the USB stick. Nothing to backup, nothing to steal for hackers. As long as the system is not hacked while running the Bitcoin client (you should keep it running just enough to do transactions, then shut down), it should be pretty safe.
For example: BitSafe-Electrum - https://bitcointalksearch.org/topic/bitsafe-fork-with-electrum-included-54376
which is made of BitSafe - https://bitcointalksearch.org/topic/opensource-live-usb-os-bitsafe-a-safety-deposit-box-for-your-bitcoins-46916
and Electrum - https://bitcointalksearch.org/topic/announce-electrum-lightweight-bitcoin-client-50936
For example: BitSafe-Electrum - https://bitcointalksearch.org/topic/bitsafe-fork-with-electrum-included-54376
which is made of BitSafe - https://bitcointalksearch.org/topic/opensource-live-usb-os-bitsafe-a-safety-deposit-box-for-your-bitcoins-46916
and Electrum - https://bitcointalksearch.org/topic/announce-electrum-lightweight-bitcoin-client-50936
Buy a cheap computer and never let it connect to the internet.
Download bitcoin on another computer and put it on a usb stick.
Install it on the new computer.
Create a wallet on it with 1,000,000 addresses (a big file harder to steal).
Encrypt it.
Copy the wallet back to the usb stick with at least one address for the wallet in a text file.
Trash the new computer (hammer nails through the hard drive and bury the hard drive).
Store the wallet in multiple locations.
Send all bitcoins you own to the address you saved.
Never access you savings wallet ever again.
Download bitcoin on another computer and put it on a usb stick.
Install it on the new computer.
Create a wallet on it with 1,000,000 addresses (a big file harder to steal).
Encrypt it.
Copy the wallet back to the usb stick with at least one address for the wallet in a text file.
Trash the new computer (hammer nails through the hard drive and bury the hard drive).
Store the wallet in multiple locations.
Send all bitcoins you own to the address you saved.
Never access you savings wallet ever again.
a better cheaper version of this is to download Ubuntu onto a Live CD. start up your system off the CD and download Bitcoin and create a wallet. note down one address and email it to yourself.
copy the wallet.dat over to a few Ironkeys and spread them around town.
shut down Live CD session and all data is wiped from RAM.
What about putting the wallet on a Truecrypt protected bootable USB stick that only has Bitcoin stuff on it and is only used for Bitcoin. Then there would be no possibility of keyloggers or other background processes spying out your password.
I tried to set up a USB stick like this last year but was unsuccessful, but if somebody who knows what they are doing could do this and upload the image, it would surely make many people feel more secure.
I tried to set up a USB stick like this last year but was unsuccessful, but if somebody who knows what they are doing could do this and upload the image, it would surely make many people feel more secure.
Buy a cheap computer and never let it connect to the internet.
Download bitcoin on another computer and put it on a usb stick.
Install it on the new computer.
Create a wallet on it with 1,000,000 addresses (a big file harder to steal).
Encrypt it.
Copy the wallet back to the usb stick with at least one address for the wallet in a text file.
Trash the new computer (hammer nails through the hard drive and bury the hard drive).
Store the wallet in multiple locations.
Send all bitcoins you own to the address you saved.
Never access you savings wallet ever again.
Download bitcoin on another computer and put it on a usb stick.
Install it on the new computer.
Create a wallet on it with 1,000,000 addresses (a big file harder to steal).
Encrypt it.
Copy the wallet back to the usb stick with at least one address for the wallet in a text file.
Trash the new computer (hammer nails through the hard drive and bury the hard drive).
Store the wallet in multiple locations.
Send all bitcoins you own to the address you saved.
Never access you savings wallet ever again.
Bitcoin isnt worth anything now its been trademarked by a lawyer.
take your sites down before it's too late!! 
the wallet encryption only protects the private keys, so an attacker cannot spend your coins. he can, however, see the balance in your wallet and on each individual address. so if thats an issue for you, you might use truecrypt in addition to the wallet encryption. truecrypt cannot protect a wallet thats in use, so for a regularly running bitcoin client the clients wallet encryption is still the best solution.
I was about to fire up a live Ubuntu USB with Truecrypt as this guide suggest, when I realized that the new client (0.4) that I'm going to run on the USB Live disk, already has the ability to encrypt my wallet.
Is there any reason to encrypt the wallet using Truecrypt when the client itself supports it?
Is there any reason to encrypt the wallet using Truecrypt when the client itself supports it?
I hadn't understood where plausible deniability was important. Then I read:
TrueCrypt User Held in Contempt of Court
http://forums.truecrypt.org/viewtopic.php?t=23969
http://news.ycombinator.com/item?id=2693599
TrueCrypt User Held in Contempt of Court
http://forums.truecrypt.org/viewtopic.php?t=23969
http://news.ycombinator.com/item?id=2693599
This is essentially how I use my normal wallet! With that said, I wonder how many people just getting into Bitcoin would be overwhelmed just by steps 1-4.
Exactly! What does THIS mean?
4 create a truecrypt disk with image stored on this USB drive so that all bitcoin files and datadir and
therefore wallet.dat are on this truecrypt disk and make a .bat or .sh file which starts bitcoin client from this USB drive.
I now see that the wallet is one of the weakest aspects of bitcoin so far. This is going to continue causing misery for so many!
Jump to: