Topic: A secure wallet storage system? (Read 1757 times)

simple & secure method for wallet backup


technically yes (a brute force attack will always work, given enough time), but for the purposes of modern encryption algorithms (AES, Serpent, etc.), "enough time", barring massive undiscovered weaknesses in the algorithm or an incredible leap in computing power, is longer than the expected lifespan of the universe.

Look at the details on how lastpass handles storage of the user's password database.

They are supposedly near a million users, all who trust a browser plugin to encrypt and upload all of their stuff.

I don't think the majority of the current bitcoin users will need (or want) to use a wallet storage option, but the rest of the world would.

-Lance

There's a wallet dumping feature in Gavin's Bitcointools.  You'll need to make a small edit to print the entire private key record in hex.

The private key is 32 bytes at the beginning of the PRIKEY records, after some fixed bytes that are the same for every record.  The public key is an 04 byte followed by a big endian coordinate pair produced by Elliptic Curve Point Multiplication of the private key by G, the generator.  The address is the base58 encode of the checksummed RIPEMD160 SHA256 of the public key with a zero prepended.  Checksums are the first four bytes of a double SHA256 of the record being checksummed.  The public key is also the last 65 bytes of the private key record, which is a nice check you haven't made a mistake.

If I needed to make a new wallet, I'd probably hack something together in Python. 

afaik wallet.dat is in fact a berkeley db file.

Good point.   

noob here - How  do you find your private key and address for each wallet key?  I was looking at the wallet.dat and it is binary?  Also if you had to restore to a new computer from the print out how would you do that? 

almost every encryption is breakable, but if the expected time to break it is 10^6 years who cares

So the encryption you use is 100% unbreakable?  I thought all encryption could be broken, given enough time...

Oh well then, if that's the case, you're probably right - there wouldn't be much market for this!

If the wallet is encrypted, then the security of where it is stored is immaterial.  You don't need to both encrypt it, and then store it in Fort Knox.

I gpg encrypted my wallet with a password, and stuck a copy in the file area of a Yahoo Group I own.

I also printed out the private key and address for each wallet key on a sheet of paper, and hid the paper somewhere in my residence.  Since bitcoin generates 100 keys in advance of use, if push comes to shove, I can get my coins back, even months from now, should some disaster befall my computer hard drive.

Beyond that, I'm not particularly worried about my bitcoins getting blackholed due to some unforseen circumstance.

I doubt there is any market for extreme offsite wallet storage.

I know that many of you wouldn't trust a company to store your wallet information in any shape or form.  But, I would like to ask that those of you who WOULD be interested, tell me what features/requirements you would like to see in such a service.

For example:
- REQUIRE files to be pre-encrypted on the client end by some 4096-bit standard encryption process.  Would need to be easy and accessible to even the most noobish of computer users
- After verification that the wallet file is encrypted, accept it as an upload
- Further encrypt the file on the server end.
- Hash filenames, and insert 50,000+ fake wallets with hashed file names as well. (would this help though?)
- REQUIRE strong passwords to access accounts/wallets
- If requested prior to wallet upload, can add in optional proof of ownership, to where a person would have to talk to the company directly to retrieve their wallet.
- Storage facility with server(s) would be under lock and key at all times.
- Daily physical offsite backup of all data, also under lock and key.
- Complete drive and server redundancies (RAID5 on two separate servers storing the same information)

I wouldn't trust any online host to do this, so I would do it all myself.  That's why I am talking about specifics with hardware setups, etc.

Thoughts?  Bad idea/good idea?  Any security features to add/remove?