Topic: Computers, Phones & Devices CANNOT be used to Keep Wallets - Safety for Dummies - page 2. (Read 5386 times)

Assuming we're talking about savings wallets, or other wallets that won't need to be accessed very much, I'm surprised no one has mentioned CDs.

1) Send the bitcoins to the savings wallet.

2) OPTIONAL: Keep copies of one or more public key(s) from the wallet to add funds later. If you do this, you could create an empty wallet in step #1.

3) Burn the wallet to two or more CDs. Test the CDs, even re-import one of the wallets to ensure all went well.

4) Securely shred the wallet from the computer. Done!

At this point, most folks should be able to handle it. They can simply store the CDs in various places, just like with cash. Note that those with a little technical knowledge who can remember their password for a while can encrypt the wallet first.

Yeah your correct. My imagined scenario is this. If they have access to your private keys they 100.99(Repeating of course) have your public key regardless....

Hmm, I'm not in to math, but can't you connect public and private key to each other, if you know the limited pool of public-keys(the chain)?

About the safety of addres isn't issues...question. If someone has your private keys someone the jig is up if someone takes it and then asks for you address.
Thats what I was intending to mean about safety anyways.

+1 So you have to either take the risk that the other coins with the key will be stolen, or you have to send the change to a new pre-generated keypair.

====

The client support for this would be

One of:
1) a "send from private key(s) not in wallet" option, in which the private key(s) are provided by some external provider (OCR from webcam/scanner/user entered, whatever). The keys will be secure wiped from memory after use. This is not 100% secure of course, as someone could intercept it at multiple stages.

2) or simply import the private keys into the wallet. The problem with this is that it will be part of your wallet forever, so the on-paper key is no longer secure in any way. Then again, if you send the change to a new pre-generated keypair, this is not a problem.

(2) is by far the easiest to implement (it is already in a pull request, just needs UI...) so it has my preference.

and

A pre-programmed and easy sendmany. Import a list of public keys from a file, send each one a configurable amount.

Or even better, import a list of (address,label,amount) tuples from a CSV file or list of URLs. This is even more general. An external program as used for off-line key generation can easily generate these as well.

Yeah yeah please don't spam this thread, we're working hard to save humanity from the (financial) Apocalypse here

Safety of address isn't realy an issues?

Every used key is know anyway... Also, you need private key to make a payment...

Not entirely off-topic, I was trying to give suggestions as what mediums we could safely store addresses(obviously not private keys) but also adding a religious pun to it.

What part of "multiple" did you not understand?

Note for step (3), if you don't use for full amount, remainder must be transfered to new keypair from step (1). Once you have key-pair on device which is connected to net, you can't entirely dismiss possibility of it being compromised.

That would have to be a centralized currency, not a decentralized one, like bitcoin, and it's completely off topic to boot. 

Not trolling but this thread sparked this idea up. Soon people will have there Bitcoin addresses printed on their body as tattos so they can scan their money when they go to the market. This is the part where the Christians say "OMG THE APOCOLYPTIC CURRENCY HAS AWOKEN!!!". But in reality I'm highly religious so not trying to offend anybody here.

Also a good point. So you'd at least want multiple copies.

Indeed. A possible workflow would be:

1) Preferably on a device without network connection you want to run an application that generates a number of keypairs. The private keys are printed to paper (or some other hyper-secure place), the associated public keys (addresses) are written to an USB stick or digital medium.

2) The bitcoin client on an online device is then used to send BTC to the public keys generated in step (1). It sends a configurable number of BTC per address.

3) When you want to spend the BTC, the private keys can be scanned/retrieved as needed, for the amount you want to take out.

So (1) happens outside the bitcoin client, (2) and (3) happen inside it.

(Optionally you could buy the paper/certificates for (1) from some trusted vendor. You really need to trust that guy though to not store your private keys anywhere else)

You could make multiple copies, whatever the media.

Cheap easy media would be useful for that, so you could in effect make yourself a bunch of cards (whether paper or cardboard or plastic or engraved platinum is partly a matter of taste), in various denominations, and duplicate them.

Maybe have an app that asks not only how much you want in your hand but also in what denominations and media and how many copies of each.

So you could click icons or whatever to tell it gimme twenty ones, only one copy of each, twenty twos, two copies of each of those will do, ten fives, just two copies of those is fine too, ten twenties, better gimme three copies of each of those, and twenty hundreds, gimme five copies of each of those, one printed on the secure printer in the secure room in the possibly offsite place...

-MarkM-

Adding an other layer is good, if you are absolutely sure you can remember the key for decoding.

Personaly for extreme security I support multiple keys even for this, best with geographicly separated copies.

If you don't trust your computer abilities enough to make your own securely, get a paper bitcoin wallet from Casascius or someone you do trust to do it right. Encode by hand the private key (see link in my sig) with an unbreakable one-time code. You can then put the encoded private key into emails or whatever. As long as you don't forget your passphrase, you're completely safe.

In five years' time when you want to cash out your now-hopefully-fat wallet, only then does the plaintext private key get near an internet-connected computer.

John Smith,
   What would be the precise method for getting these it to paper in these formats?
(The base58 or QR-codes)   - "Save As"? You need the original program for either one first? Can you explain a little, please.

Create keys offline, print them on paper.

Import one for daily use for phone, keep only the ammount of cash you would normaly keep on person something which loosings isn't a major deal for you, be it equivalent for 50€ or 1000€.

Don't stack all the coins on one address.

One more idea, which need some work. Way to export private-key+bunch of transactions. So you could bring one key active and move BTC from it(burn the key it might be lost at this point), without compromising any part of your entirely off-line wallet. Most secure way would likely be to burn it on CD, and run ones connected to chain on network.

So store on one key, and when you need the BTC move all the BTC from it to other storage and day-to-day use wallet. So, every storage key is used only onces.


Paper or write only media is most secure, USB-sticks can carry infections... Anyway we can't ever get rid off issues on end point devices, but before it can be secured quite fine...

Agreed. You make an excellent point.
Instead of hackers, i'll worry about arsonists. lol

Archaic is an advantage here. It's the only place hackers cannot get to.

People are starting to realize this as hacking is becoming more and more prevalent all over the world.

Too many flashy techie cosy user friendly solutions running away with your money

That's very helpful. I think we need a non-techie section or a "for dummies" section, so some can learn and understand without too much techno jargon. That's really the only way bitcoins will gain mainstream acceptance. Dummies have to be able to figure it all out and use it.