Author

Topic: Basic Wallet Security (Read 890 times)

newbie
Activity: 35
Merit: 0
August 08, 2011, 10:01:25 AM
#3
Am I missing anything crucial?

Does shredding wipe every byte that the file might have occupied on the drive at any time?

Also, you are assuming your system isn't currently compromised.  When warranted, a backup using an air gap is the safe method:
 - http://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet

Thanks for your reply Stephen. It's good of you to check out the newbie forums. I am not sure about the shredding, I just used the 'shred' command. I know it overwrites the file several times before deleting it.

Thanks for the link, the wallet that is never 'online' sounds about as secure as one can get. I did like seeing my transfers show up in the new wallet though, it was reassuring. I know it's not rocket science to make sure I am using the correct address, but sending my bitcoins out into the abyss is a nightmare scenario..

I am expecting that someone will soon produce a live CD with all the tools necessary to do this quickly and easily. Anyways. Learning a lot! Thanks!
legendary
Activity: 2506
Merit: 1010
August 08, 2011, 04:49:54 AM
#2
Am I missing anything crucial?

Does shredding wipe every byte that the file might have occupied on the drive at any time?

Also, you are assuming your system isn't currently compromised.  When warranted, a backup using an air gap is the safe method:
 - http://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet
newbie
Activity: 35
Merit: 0
August 07, 2011, 03:23:04 PM
#1
Hi All,

I have read a few tutorials on how to make a secure savings wallet, and the measures implements in them seem Draconian and a little beyond my level of understanding. I could follow a 14 step guide cutting and pasting things into my Linux console, but it worries me that I don't fully understand everything I would be doing.

I have ~10BTC right now, but still would  like to get them 'out of' my first wallet and into one that has not been sitting, unencrypted, on my W7 machine for the past three weeks.

I have created a second wallet using the process below, and would appreciate if you could critique it, let me know if I am any safer with my new wallet than my initial one, or if this is a reasonable amount of precaution for a newbie until I wrap my head around the concepts in Bruce W's (and other) wallet encryption tutorials.

  • I installed the Bitcoin client on a Linux VM (backtrack 5 persistent)
  • I created a small true crypt file container on the VM (17 character password, no dictionary words, not written down anywhere, not used for anything else)
  • I copied the wallet.dat file into that mounted TC drive and shredded my /.bitcoin folder
  • Made a few small transfers from my windows wallet to the new one, I see them on the block explorer
  • I emailed the TC file to myself from one imap server to another (these mail servers are on different hosts) - so its now backed up off-site on those servers' inbox and sent folders. I also saved the file locally on a mirrored RAID
  • Remounted the TC container on the VM, copied it into my empty /.bitcoin folder, and watched the deposits show up.
  • Shredded the /.bitcoin folder again

Now, is this a reasonable level of security for someone with a small to moderate amount of bitcoins? I'd like to offload most of my coins into that wallet and then continue to dump them there on a regular basis as I accumulate them. My understanding is that I don't need to regularly launch a client using that wallet - as long as I know I have the .dat file secured and available, I can simply check it's balance in the block explorer.

Is my new wallet significantly more secure then my Windows7 one? Am I missing anything crucial? Is it possible that my new wallet is already compromised simply by my having it open on the backtrack 5 VM for a few hours while I waited to confirm it was accepting my bitcoin transfers?

I was two clicks away from putting my (albeit small) balance of bitcoins into mybitcoin last week until I was more familiar with local encryption methods. There just wasn't enough "About Us" info on the site to make me confident in it. Three days later I was on here reading that it's friggin gone. I expect it will be a long time, if ever, before most of us are more comfortable with eWallets than local ones.

My thanks in advance for your thoughts.
Jump to: