Topic: Coming Soon! impossible to steal wallets (Read 6479 times)

It is better to resurrect old topic than create new topics with same question again and again. It will be like TrueCrypt forum when noobs constantly ask about implementing data destruction on wrong password and DRM capabilities in TrueCrypt.

You guys realize you've resurrected a thread that is almost a year old?    I was about to comment on-topic but then decided against it after looking at the date. 

Nothing is impossible. Don't say that too loudly. You'll basically be issuing a challenge to all the hackers out there :O

One thinking people!

It is only matter of tweaking the hacking "payload" software to bypass the "protection". The biggest pain in ass was mobile phone authorization but it was bypassed by "synchronization" and installing malware on phone also. The only real problem now is people losing they own coins because phone or mobile subscription was cancelled or subverted by network operator.

Think again people! All things are simple. Keep Your computers clean and safe. Even 20$ router can do the job!

If someone can spend them, someone else can steal them.

Scam, scam, scam! No "access control" or encryption will really save you if your computer is compromised by remote access trojan. Trust me, I have spent years on malware and hacking scene and I know it. I have stolen about 400 Bitcoins that I own right now. And even this was a free time leisure and for fun.

Tape backup is no more reliable than regular hard drive backups. For my own servers under my control I have slowly abandoned LTO tapes in favor of regular offline HDD backups because they are cheaper and faster than LTO tape. And the backup is only a protection in a case if server is hit by 88mm armor piercing round, it does not protect from hacking or anything else.

So, I'm guessing btc-e, bitcoinica, bitfloor didn't use these type of wallets.

I think it's in the Moon.

  Does that bridge happen to be located in Alaska by chance?

Taking this into trolling territory now, huh? Somehow I like that more -- scamming is a dirty business without exception but trolling can sometimes be beautiful.

I wonder if your buyer is interested in transport infrastructure, I've got a really nice bridge I've been trying to sell for a while.

I'm offering TEN TIMES what he's paying ! I will pledge my whole stash of one billion premined trollars, the alternate currency i'm releasing.
C'mon man, give us a chance to invest in this baby. It's a monster I tell you !

You mean Satoshi, right? 8D Curious, Did you accept fiat or BTC?

created enough interest already, ive sold the software and rights to it for quite a bit. so who ever said "you will not make a dime...".

Yep, that's exactly how I started my process... But I wanted to paperize encrypted private keys, rather than simply store the unencrypted paper QRCodes gererated by bitaddress.

I ended up using a barcode scanner to input the address/keys from the bitaddress sheet into text files, gpg'd those batches and pipe it to a qr encoder, then import the qrcodes to a word doc to print and PDF it for distribution.

I wrote up a noob guide about the simple side of the process here: http://bitcoinintro.com/offline-storage-of-bitcoins/

Proposing a closed source solution like this is equivalent to saying: "give me all your money and I'll make sure nobody else will have access to it".
Not exactly a very appealing offer to somebody who has - for the first time - got the possibility to _not_ have to trust a third party with their money.

Scam detected

I think the operative word here (as with these "impossible to steal wallets") is claimed. Scanning the device would also show any copies that the user had forgotten were there...
That said, just like you implied elsewhere the infrastructures we operate in are so complex today that there are loopholes. Shredding a file without shredding the empty space on the partition does leave a shadow of a doubt: e.g. what if the user (or an application, or a fs defragmentation tool) made a temporary copy earlier and that happened to actually be real bits in another address and not just a COW-copy?

Speaking of shredding... For joeyjoe and anyone who even thinks of putting their money into this "impossible to steal" wallet: This is quite clearly either a scam or wishful thinking. "Impossible to steal" is just as viable as as perpetual motion machine. As someone already said, an invention like this would make that creator fabulously rich and world famous in a very short time. Occam's razor says that joeyjoes "programming professor" friend has not invented that, and as soon as the details of this "invention" are available, the theory will be shred to pieces.


TL;DR: Security can always be improved but it's often not easy.
1. If someone says it is easy to do it, he should be treated with caution.
2. If that person fails to explain how it's done (even though it was supposedly easy), he probably sells snake oil.
3. When the same person advertises backing up your money on their "secured dedicated server", alarm bells should be ringing loud and clear.

Looks like for all intents and purposes you are right and I was wrong.  At least given my white lie about being on a Linux box.

I actually do perform a similar operation not irregularly.  The reason why is that I prefer to have a large number wallet.dat files with a relatively small number of coins (associated with the addresses) in them.  This, in part, as a theft mitigation strategy.

After the above command completes, you should have an impossible to steal wallet*, provided no backups are lying around.

PS: Tieing the wallet to a specific computer is insecure. There is more to wallet security than keeping attackers out. You must also guard against data loss.

*More accurately, you should not have a wallet left to steal.

There was a discussion about this a while ago. I'd suggest wiping all free space after deletion.