Am I Encrypting Right? | Bitcointalksearch.org

unclemantis

member

Activity: 98

Merit: 10

(:firstbits => "1mantis")

Quote from: P_Shep on July 27, 2012, 06:42:35 PM

Quote from: unclemantis on July 27, 2012, 06:12:54 PM

Doesn't 4 words go against the rules of having a dictionary word?

No, as it's 4 of them.

No. words in dictionary * No. words in dictionary * No. words in dictionary * No. words in dictionary = big number

Gotcha.

Well I guess I am reencrypting my wallet tomorrow :-D And then going around and picking up all the backups. Shreeding them and then redistributing the new one LOL

P_Shep

legendary

Activity: 1795

Merit: 1208

This is not OK.

Quote from: unclemantis on July 27, 2012, 06:12:54 PM

Doesn't 4 words go against the rules of having a dictionary word?

No, as it's 4 of them.

No. words in dictionary * No. words in dictionary * No. words in dictionary * No. words in dictionary = big number

unclemantis

member

Activity: 98

Merit: 10

(:firstbits => "1mantis")

Quote from: bluefirecorp on July 27, 2012, 05:36:09 PM

Quote from: Epoch on July 27, 2012, 02:10:10 PM

Quote from: unclemantis on July 27, 2012, 01:55:33 PM

Quote from: DeathAndTaxes on July 26, 2012, 10:46:49 PM

10 characters is generally immune to brute force attempts if the passphrase is not weak (not found in any dictionary, leaked password list, or common password database). 4 sentences is probably overkill although I would prefer a single sentence along with some numbers which have meaning to you so it is unlikely to be part of a precomputation database.

Is there a mask or set of rules that you apply when generating a 10 character passphrase?

First off, here is an informative (old but still mostly relevant) article describing password cracking ('recovery' is the politically-correct term) with GPUs and commercially available cracking software:

http://www.tomshardware.com/reviews/password-recovery-gpu,2945.html

TLDR:

1) At least ten characters in length.
2) Contain at least one upper-case letter
3) Contain at least one lower-case letter
4) Contain at least one special character, such as @ or !
5) Contain at least one number

The idea being to force any brute-force attack to search a large portion of the ASCII space, essentially increasing the 'strength' of each character of your password compared to, say, using lower- and upper- case letters only.

Doesn't 4 words go against the rules of having a dictionary word?

bluefirecorp

legendary

Activity: 882

Merit: 1000

Quote from: Epoch on July 27, 2012, 02:10:10 PM

Quote from: unclemantis on July 27, 2012, 01:55:33 PM

Quote from: DeathAndTaxes on July 26, 2012, 10:46:49 PM

10 characters is generally immune to brute force attempts if the passphrase is not weak (not found in any dictionary, leaked password list, or common password database). 4 sentences is probably overkill although I would prefer a single sentence along with some numbers which have meaning to you so it is unlikely to be part of a precomputation database.

Is there a mask or set of rules that you apply when generating a 10 character passphrase?

First off, here is an informative (old but still mostly relevant) article describing password cracking ('recovery' is the politically-correct term) with GPUs and commercially available cracking software:

http://www.tomshardware.com/reviews/password-recovery-gpu,2945.html

TLDR:

1) At least ten characters in length.
2) Contain at least one upper-case letter
3) Contain at least one lower-case letter
4) Contain at least one special character, such as @ or !
5) Contain at least one number

The idea being to force any brute-force attack to search a large portion of the ASCII space, essentially increasing the 'strength' of each character of your password compared to, say, using lower- and upper- case letters only.

Deafboy

hero member

Activity: 482

Merit: 502

In my .bitcoin directory, there is only link to wallet.dat on USB. So there is no need to delete anything on local HDD after closing bitcon client. I just unplug the USB key.
Also I keep several online and offline backups of wallet in truecrypt containers, and several backups of keepassx password database with password for truecrypt containers and wallet itself.

Epoch

legendary

Activity: 922

Merit: 1003

Quote from: unclemantis on July 27, 2012, 01:55:33 PM

Quote from: DeathAndTaxes on July 26, 2012, 10:46:49 PM

10 characters is generally immune to brute force attempts if the passphrase is not weak (not found in any dictionary, leaked password list, or common password database). 4 sentences is probably overkill although I would prefer a single sentence along with some numbers which have meaning to you so it is unlikely to be part of a precomputation database.

Is there a mask or set of rules that you apply when generating a 10 character passphrase?

First off, here is an informative (old but still mostly relevant) article describing password cracking ('recovery' is the politically-correct term) with GPUs and commercially available cracking software:

http://www.tomshardware.com/reviews/password-recovery-gpu,2945.html

TLDR:

1) At least ten characters in length.
2) Contain at least one upper-case letter
3) Contain at least one lower-case letter
4) Contain at least one special character, such as @ or !
5) Contain at least one number

The idea being to force any brute-force attack to search a large portion of the ASCII space, essentially increasing the 'strength' of each character of your password compared to, say, using lower- and upper- case letters only.

unclemantis

member

Activity: 98

Merit: 10

(:firstbits => "1mantis")

Quote from: DeathAndTaxes on July 26, 2012, 10:46:49 PM

10 characters is generally immune to brute force attempts if the passphrase is not weak (not found in any dictionary, leaked password list, or common password database). 4 sentences is probably overkill although I would prefer a single sentence along with some numbers which have meaning to you so it is unlikely to be part of a precomputation database.

Is there a mask or set of rules that you apply when generating a 10 character passphrase?

grue

legendary

Activity: 2058

Merit: 1431

Quote from: BitCoinBarter on June 27, 2011, 08:47:24 PM

Quote from: Oldminer on June 25, 2011, 07:44:43 AM

Or you could just use www.encryptfiles.net

It gives you the option to delete or shred when you encrypt

I would not use/goto www.encryptfiles.net

It has a bad rep on WOT. See http://www.mywot.com/en/scorecard/www.encryptfiles.net for details.

>encryptfiles.net

seems legit Cool

Quote from: bitfreak! on June 28, 2011, 03:20:40 AM

That's because people seem to think it's a trojan due to warnings by their anti-virus software. I would guess they are simply false-positives due to the nature of the software. I don't think I've used it before though.

there's no possible reason why antivirus software will think encryption software would be a virus. after all, do you see winrar, 7zip, or truecrypt setting off alarms?

DeathAndTaxes

donator

Activity: 1218

Merit: 1079

Gerald Davis

10 characters is generally immune to brute force attempts if the passphrase is not weak (not found in any dictionary, leaked password list, or common password database). 4 sentences is probably overkill although I would prefer a single sentence along with some numbers which have meaning to you so it is unlikely to be part of a precomputation database.

unclemantis

member

Activity: 98

Merit: 10

(:firstbits => "1mantis")

Quote from: XIU on June 28, 2011, 07:29:28 PM

Quote from: BombaUcigasa on June 20, 2011, 10:37:02 AM

Quote from: IlbiStarz on June 19, 2011, 08:49:45 PM

Winrar

Wrong! This is not 1997, it's freaking 2011 you old gizzard!!!

If you have v3 or higher, then it'll use AES 128bit, which given a long and strong password, should provide enough security.

How long is overkill and how short is too short? I am using a paragraph of about 4 rather long sentences out of a book.

XIU

member

Activity: 84

Merit: 10

Quote from: BombaUcigasa on June 20, 2011, 10:37:02 AM

Quote from: IlbiStarz on June 19, 2011, 08:49:45 PM

Winrar

Wrong! This is not 1997, it's freaking 2011 you old gizzard!!!

If you have v3 or higher, then it'll use AES 128bit, which given a long and strong password, should provide enough security.

bitfreak!

legendary

Activity: 1536

Merit: 1000

electronic [r]evolution

Quote from: BitCoinBarter on June 27, 2011, 08:47:24 PM

Quote from: Oldminer on June 25, 2011, 07:44:43 AM

Or you could just use www.encryptfiles.net

It gives you the option to delete or shred when you encrypt

I would not use/goto www.encryptfiles.net

It has a bad rep on WOT. See http://www.mywot.com/en/scorecard/www.encryptfiles.net for details.

That's because people seem to think it's a trojan due to warnings by their anti-virus software. I would guess they are simply false-positives due to the nature of the software. I don't think I've used it before though.

BitCoinBarter

newbie

Activity: 56

Merit: 0

Quote from: Oldminer on June 25, 2011, 07:44:43 AM

Or you could just use www.encryptfiles.net

It gives you the option to delete or shred when you encrypt

I would not use/goto www.encryptfiles.net

It has a bad rep on WOT. See http://www.mywot.com/en/scorecard/www.encryptfiles.net for details.

Oldminer

legendary

Activity: 1022

Merit: 1001

Quote from: jamesb on June 23, 2011, 08:04:20 AM

Wrong too! If you don't erase the old file bytes on the hard drive it will be easily read again. You will have to use a secure random to overwrite the bytes if you want your deleted file to be unreadable forever (like shred on Unix)!

Or you could just use www.encryptfiles.net

It gives you the option to delete or shred when you encrypt

jamesb

newbie

Activity: 30

Merit: 0

Quote from: IlbiStarz on June 19, 2011, 08:49:45 PM

5. Delete the original wallet.dat file. (I won't lose anything right?)

Wrong too! If you don't erase the old file bytes on the hard drive it will be easily read again. You will have to use a secure random to overwrite the bytes if you want your deleted file to be unreadable forever (like shred on Unix)!

joan

jr. member

Activity: 56

Merit: 1

Quote from: IlbiStarz on June 19, 2011, 08:49:45 PM

4. Copy that encrypted file to a safe place.

5. Delete the original wallet.dat file. (I won't lose anything right?)

Try a restore before deleting the original.

MaGNeT

legendary

Activity: 1526

Merit: 1002

Waves | 3PHMaGNeTJfqFfD4xuctgKdoxLX188QM8na

Quote from: IlbiStarz on June 19, 2011, 08:49:45 PM

So...am I doing this right? What I did:

1. Turn off Bitcoin.

2. Copy the wallet.dat file.

3. I used Winrar to make an encryption.

4. Copy that encrypted file to a safe place.

5. Delete the original wallet.dat file. (I won't lose anything right?)

Then when I need to spend, unencrypt the file and put it back into the roaming folder right?

Don't forget to back-up the encrypted file to another location...
If your encrypted file fails, your BTC are gone forever...
If your memory fails to remember the password, your BTC are gone forever...

BombaUcigasa

legendary

Activity: 1442

Merit: 1005

Quote from: IlbiStarz on June 19, 2011, 08:49:45 PM

Winrar

Wrong! This is not 1997, it's freaking 2011 you old gizzard!!!

bitlotto

hero member

Activity: 672

Merit: 500

BitLotto - best odds + best payouts + cheat-proof

Looks right. I don't know if I myself would use winrar though....
I'd recommend either truecrypt or gpg. Truecrypt would probably be the easiest to figure out. You create a "volume" that is pretty much a file. This file is "mounted" and makes it appear like a whole new drive on your computer. Copy the stuff to this new drive. Then "unmount". Copy that file you mounted.

But it's probably ok...

IlbiStarz

full member

Activity: 336

Merit: 100

So...am I doing this right? What I did:

1. Turn off Bitcoin.

2. Copy the wallet.dat file.

3. I used Winrar to make an encryption.

4. Copy that encrypted file to a safe place.

5. Delete the original wallet.dat file. (I won't lose anything right?)

Then when I need to spend, unencrypt the file and put it back into the roaming folder right?

Topic: Am I Encrypting Right? (Read 1898 times)