Pages:
Author

Topic: Blockchain Security Questions (Read 2344 times)

hero member
Activity: 770
Merit: 500
🌟 COMSA ICO: 10/02/17 🌟
February 09, 2015, 12:30:48 PM
#24
Okay i took a look at my blockchain phrase just now.  Its not 12 word phrase its 23 word phrase.  Is that correct?
legendary
Activity: 3710
Merit: 1586
February 09, 2015, 11:42:20 AM
#23
Okay im still confused at this.  So the backup file on my electrum is the 12 word phrase... theres nothing else.


But for my blockchain, what is my backup file?  I downloaded it and sent it to my email and its 2kb.  Is it also the 12 word phrase or its something else?  I couldn't open it because it said you need some program to open it.

You need both for blockchain.info. The mnemonic, which is actually a different version of your password, and the wallet file which contains your encrypted private keys. Over time you need to create fresh backups of your wallet file and if you change you password you need to copy over the new mnemonic as well.

In electrum all the private keys are derived from the seed which is represented as a 12 word mnemonic. Those 12 words are all you need to backup. Of course you should still set a password for the wallet file on your computer so that in case somebody or some program gets access to the wallet file they can't spend your bitcoins because the seed is encrypted with a password.

If I were to simplify this:

blockchain.info backups:
- latest wallet file (aes.json) + mnemonic
Or
- latest wallet file (aes.json) + password

Regular backups required


electrum backups:
- seed only
Or
- wallet file + password

One time backup suffices.
hero member
Activity: 770
Merit: 500
🌟 COMSA ICO: 10/02/17 🌟
February 09, 2015, 11:26:14 AM
#22
Okay im still confused at this.  So the backup file on my electrum is the 12 word phrase... theres nothing else.


But for my blockchain, what is my backup file?  I downloaded it and sent it to my email and its 2kb.  Is it also the 12 word phrase or its something else?  I couldn't open it because it said you need some program to open it.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
February 09, 2015, 07:56:17 AM
#21
Blocking TOR IPs is always a good idea however, if you are in a situation which you can only use TOR to access internet, you can't access the wallet as you have blocked the IP. If you whitelist and restrict IP, you would not be able to access your wallet if you go anywhere else and the network don't have the same IP as the whitelisted one. Do not do this if your address is dynamic as the IP will change.


Blocking tor probably doesn't matter much. If someone tries to log in via tor and they can't they'll just find a proxy that they can.
True but tor is more anonymous than open proxies. They are also easier to setup and require 0 trust. It really doesn't matter if 2FA is used as hackers won't probably crack your 2FA and password due to the automatic locks after a few failed attempts.
member
Activity: 60
Merit: 10
February 09, 2015, 07:31:01 AM
#20
Blocking TOR IPs is always a good idea however, if you are in a situation which you can only use TOR to access internet, you can't access the wallet as you have blocked the IP. If you whitelist and restrict IP, you would not be able to access your wallet if you go anywhere else and the network don't have the same IP as the whitelisted one. Do not do this if your address is dynamic as the IP will change.


Blocking tor probably doesn't matter much. If someone tries to log in via tor and they can't they'll just find a proxy that they can.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
February 09, 2015, 07:28:07 AM
#19

5.  Do i block TOR ip addresses?


6.  IP address whitelist... i see my current ip.  Do i just leave this blank?


7.  Should i restrict to whitelisted ip addreses only?  If i do.. then isn't that going to make it really safe?
Blocking TOR IPs is always a good idea however, if you are in a situation which you can only use TOR to access internet, you can't access the wallet as you have blocked the IP. If you whitelist and restrict IP, you would not be able to access your wallet if you go anywhere else and the network don't have the same IP as the whitelisted one. Do not do this if your address is dynamic as the IP will change.
Okay i downloaded the backup blockchain to my computer.  Then i sent it to my email address.  Would that be fine?  I know its bad if your email gets hacked but i put a very strong password for my email.  Thoughts on this?  Also im unsure but this isn't the 12 word phrase as backup right? 
It is better to keep a physical backup, if the email ever goes down or if your account gets suspended, you will be able to get them back.
newbie
Activity: 3
Merit: 0
February 09, 2015, 03:26:24 AM
#18
1.  Do you put anything for second password or password hint?  I make sure i know what my password is so there won't be an issue so i assume just don't even bother leaving a hint then?

Yes, you have to put second password, 2FA & password hint to keep your wallet secure

2.  Do i check always keep browser backup?

No, hacker might stole the backup

3.  Do i put any secret phrase or leave it blank?

Up to you

4.  Do i enable api access?

No, expect you want to use API

5.  Do i block TOR ip addresses?

You MUST block Tor IP addresses, some hackers always stole from this browser

6.  IP address whitelist... i see my current ip.  Do i just leave this blank?

Just leave it blank

7.  Should i restrict to whitelisted ip addreses only?  If i do.. then isn't that going to make it really safe?

Yes, if you always use whitelisted IP addresses to access you wallet
hero member
Activity: 770
Merit: 500
🌟 COMSA ICO: 10/02/17 🌟
February 08, 2015, 09:42:30 PM
#17
How do i make it encrypted file?  Also what is that document?  Is it my 12 word phrase?  Im unsure b/c i couldn't even open it.  Its 2kb or so.
legendary
Activity: 1090
Merit: 1000
February 08, 2015, 09:07:04 PM
#16
Okay i downloaded the backup blockchain to my computer.  Then i sent it to my email address.  Would that be fine?  I know its bad if your email gets hacked but i put a very strong password for my email.  Thoughts on this?  Also im unsure but this isn't the 12 word phrase as backup right? 

You're probably alright if you have 2FA setup for your email. Better yet, place the backup file into a folder and make an encrypted zip file; then upload it. Name the file something like "cindys love letter.feb.8". Hackers are looking for wallet.dat not love letters.
hero member
Activity: 770
Merit: 500
🌟 COMSA ICO: 10/02/17 🌟
February 08, 2015, 08:46:07 PM
#15
Okay i downloaded the backup blockchain to my computer.  Then i sent it to my email address.  Would that be fine?  I know its bad if your email gets hacked but i put a very strong password for my email.  Thoughts on this?  Also im unsure but this isn't the 12 word phrase as backup right? 
hero member
Activity: 770
Merit: 500
🌟 COMSA ICO: 10/02/17 🌟
February 06, 2015, 06:45:40 PM
#14
can someone explain how to backup in blockchain?  Clicking dropbox doesnt do anything and email didnt send any email to me.
hero member
Activity: 770
Merit: 500
🌟 COMSA ICO: 10/02/17 🌟
February 06, 2015, 05:58:58 PM
#13
How do i create backup of blockchain?  I see option for dropbox and email.  But when i click on it, it require me to log in again and password but doesn't do anything.  Basically same thing again over and over...


Backing up your wallet is an important step which is easy to forget. Blockchain.info takes every precaution to keep your wallet safe but it's always better to keep a local copy just in case.


hero member
Activity: 770
Merit: 500
🌟 COMSA ICO: 10/02/17 🌟
February 05, 2015, 11:11:44 PM
#12
thanks for that information.  One other question that im confused.  I see i have an address for coinbase and blockchain.  So if i have a site send me bitcoin to my blockchain address... dont i always give them the same address?  Not sure why ppl say new address or generate new address.  Is that necessary?  Im confused why can't i use same bitcoin address for my blockchain.

Reusing a Bitcoin address works but it isn't the best idea.

If you give everyone the same Bitcoin address, it can be hard to tell who sent you money and who didn't. When you give everyone a unique address, then you know that any payment to that address is from the person you gave it to.

It is also bad for privacy. With the right tools, anyone can figure out who you are transacting with, how much BTC you have etc

It is always a good idea to use a new address whenever you can.

Which one do you use?  Electrum, multibit?

Blockchain.info is a convenient client, but it has some downsides. Recently they had a severe bug that caused people to lose money. The problem is that because it runs in your browser blockchain.info has to be written in Javascript , which is not a good language to write a Bitcoin client in as it is easy to make a mistake with it, and with Bitcoin even a small mistake could cost people a lot of money.

There are other problems too. If one day the blockchain.info website is hacked, the hacker can change the Javascript code and use it to steal your Bitcoins. There are also ways a hacker can intercept the page and change it while in transit (mitm SSL stripping for example), though this is quite difficult (although it is becoming more common).

It is better to use a "real" wallet that runs on your PC.

I would recommend Electrum. Electrum is a very lightweight/quick wallet. Unlike blockchain.info, it is a deterministic wallet, which means you only need to back it up once. It also has a seed that you write down when setting it up, and in the event you forget your password or lose your wallet file you can use this seed to regain access to your Bitcoin. You can also use it to setup "cold storage" if you have a spare PC.

Another good client is of course, Bitcoin Core which is a good client for powerusers. It has lots and lots of features, though it is really resources heavy, it requires nearly 30GB of diskspace and takes a long time to sync. So unless you need lots of features Electrum is probably a better choice.

Multibit is also a pretty good client, though I don't like it as much. I find it is slower than Electrum. It also also not deterministic (IIRC) so you have to back it up regularly. I have also experienced connectivity problems with it a couple of times. It also requires you to install Java runtimes which are pretty bulky, though many people will already have these installed.



Okay if i download electrum and use it, i first have to backup it first?  Do i have to backup it everytime i do a transaction or just when i install it?  How long does it take to backup it?


So where should i save the backup to?  a usb?  Dropbox?


So if i lose my computer or have to format computer, then i use that file i saved?  So if i don't create a backup with electrum and my computer gets lost or its broken, then i lose all my bitcoins?  That was one of the reason i didnt want to use electrum because i heard if computer has problems, u lose all the bitcoin.
hero member
Activity: 882
Merit: 1006
February 05, 2015, 06:22:07 PM
#11
Here's my question: When im using Bitcoin-qt in windows 7, I get all kinds of "blocked ip" messages coming from MBAM (Malwarebytes Anti Malware).

Are these false positives or are they bad ip's and should I block them?

Yes these are false positives. There are some Bitcoin nodes that are running on IP's associated with spamming etc. For the most part, a single Bitcoin node cannot do anything malicious, so it's safe to allow your client to connect to them.
legendary
Activity: 1610
Merit: 1183
February 05, 2015, 06:07:31 PM
#10
Here's my question: When im using Bitcoin-qt in windows 7, I get all kinds of "blocked ip" messages coming from MBAM (Malwarebytes Anti Malware).

Are these false positives or are they bad ip's and should I block them?
legendary
Activity: 3472
Merit: 10611
February 05, 2015, 12:31:20 PM
#9
you forgot about the most important part witch is 2 factor authentication. make sure to enable it.
also for passwords and reminders you can always write it down on a piece of paper and keep it in a safe place
hero member
Activity: 770
Merit: 500
🌟 COMSA ICO: 10/02/17 🌟
February 05, 2015, 11:38:17 AM
#8
Which one do you use?  Electrum, multibit?


legendary
Activity: 1106
Merit: 1000
February 05, 2015, 07:47:16 AM
#7
thanks for that information.  One other question that im confused.  I see i have an address for coinbase and blockchain.  So if i have a site send me bitcoin to my blockchain address... dont i always give them the same address?  Not sure why ppl say new address or generate new address.  Is that necessary?  Im confused why can't i use same bitcoin address for my blockchain.


What about coinbase as well?  I will be mostly using blockchain and only time i would use coinbase is if im buying bitcoin or selling bitcoin from blockchain so i could receive money into my bank of america account.

I am personally store my btc to cold/desktop wallet. And use exchanger for trade btc to fiat. Not store my coins to exchanger wallet.
hero member
Activity: 770
Merit: 500
🌟 COMSA ICO: 10/02/17 🌟
February 05, 2015, 12:25:30 AM
#6
thanks for that information.  One other question that im confused.  I see i have an address for coinbase and blockchain.  So if i have a site send me bitcoin to my blockchain address... dont i always give them the same address?  Not sure why ppl say new address or generate new address.  Is that necessary?  Im confused why can't i use same bitcoin address for my blockchain.


What about coinbase as well?  I will be mostly using blockchain and only time i would use coinbase is if im buying bitcoin or selling bitcoin from blockchain so i could receive money into my bank of america account.
hero member
Activity: 770
Merit: 500
🌟 COMSA ICO: 10/02/17 🌟
February 04, 2015, 11:07:17 PM
#5
Okay.  So im curious what hint do you guys put for your passwords.  Example let say someones password is very simple which is not smart and they put down PASSWORD as the password.  So the hint will have to relate to it somewhat?  I assume the hint has to be related to it somehow right?


Another question i have is what type of password do you put for it?  I use keepass and it generate passwords for me for my email and other sites.  thus i have no clue what my password are for sites b/c its something like afkldsjf923892380e480929iiewi90fasjklfdsanfn0230294-09234i23ifkkafjaksj.fasklfjs as i let keepass generate it for me.  However for blockchain i didnt do this b/c i wanted to make sure it was a password i remember.  I assume no one here does a generated password like the one above through a password generator then for blockchain or coinbase b/c of the risk of forgetting the password?


Has blockchain ever suffered data loss or corruption?  How long does it take to do a backup?  Regular backups?  What does that mean?  You mean you have to back it up once every how long?  And is doing this hard or easy?  Because im not computer savy at all.  Thus last time someone told me about paper wallets and i gaved up even trying to do something like that.
Pages:
Jump to: