Pages:
Author

Topic: delete - page 2. (Read 2694 times)

legendary
Activity: 1456
Merit: 1000
November 30, 2015, 12:15:53 PM
#28
-snip-
Well if you have alot of money, and armed guards I dont think people will just do an armed robbery against you. Its far more likely that an infiltration can occur, so that is the risk you need to worry about.

My point exactly. The guards are a security risk as well as a feature.

What is "IDS"?

https://en.wikipedia.org/wiki/Intrusion_detection_system

The whole point military quality equipment makes it zero percent chance of losing BTC is just wrong.  As long as there is greed and "bad" people you cant just blindly trust.

Look at this coinbase - http://www.coindesk.com/former-silk-road-dea-agent-pleads-guilty-to-bitcoin-theft/ .  These DEA agents had military quality... they had secret clearances... should be great guys.  But in actual world they got greedy and stole BTC from what should have went into government holdings.

I still think cold wallet is key. I think hardware wallet and paper wallet are strongest ways to store BTC if done right.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
November 30, 2015, 11:39:09 AM
#27
-snip-
Well if you have alot of money, and armed guards I dont think people will just do an armed robbery against you. Its far more likely that an infiltration can occur, so that is the risk you need to worry about.

My point exactly. The guards are a security risk as well as a feature.

What is "IDS"?

https://en.wikipedia.org/wiki/Intrusion_detection_system
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
November 30, 2015, 11:36:36 AM
#26

*rofl* Cheesy Cheesy Cheesy

I hope you tested if this type of storage is really as safe as you believe? Tongue

I think your list will give newbies some hints about the risks. Though i doubt that any normal user will use your 9th solution.

If they are a millionaire they can buy themselves a bunker, and private security to guard it.

And we know there are many bitcoin multi millionaires out there Wink

9) Military-grade offline wallet storage

Description: An offline cold storage wallet, locked inside a electromagnetically shielded underground bunker room with radio signal shielding too that is empty with only: 1 PC, 1 chair, 1 table inside it, the entrance that is guarded by armed men and surveiled with multiple video cameras to prevent unauthorized personnel tampering the PC, and the only point of access off the PC is either reusable CD or a QR code based system to transfer the data from offline PC to online. Nothing can be plugged into that offline PC. And then when moving the data to the online PC only additional precautions are needed if you want your privacy shielded too, otherwise the bunker room is enough.
Pro's: Totally safe.
Con's: At this point the bitcoin can only be stolen by finding exploit in the protocol itself or by using an invisibility ring to get past the detection and steal the bitcoins. It is very expensive and unpractical, but its the only way to ensure that bitcoins are 100% safe.
Risk of bitcoin being stolen:

*rofl* Cheesy Cheesy Cheesy

I hope you tested if this type of storage is really as safe as you believe? Tongue

I think your list will give newbies some hints about the risks. Though i doubt that any normal user will use your 9th solution.

I would say its less secure than 8, because you have to rely on the guards to actually do their job. Its certainly not 100% either you have to get the transactions online somehow. If you use an USB Stick for this with malicous firmware all the gards cant help you. There is no attacker scenario at all.

The OP also misses honey pots, IDS just to name two high level methods.

Wreckless is not a word.

Well if you have alot of money, and armed guards I dont think people will just do an armed robbery against you. Its far more likely that an infiltration can occur, so that is the risk you need to worry about.

What is "IDS"?
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
November 30, 2015, 09:50:29 AM
#25
9) Military-grade offline wallet storage

Description: An offline cold storage wallet, locked inside a electromagnetically shielded underground bunker room with radio signal shielding too that is empty with only: 1 PC, 1 chair, 1 table inside it, the entrance that is guarded by armed men and surveiled with multiple video cameras to prevent unauthorized personnel tampering the PC, and the only point of access off the PC is either reusable CD or a QR code based system to transfer the data from offline PC to online. Nothing can be plugged into that offline PC. And then when moving the data to the online PC only additional precautions are needed if you want your privacy shielded too, otherwise the bunker room is enough.
Pro's: Totally safe.
Con's: At this point the bitcoin can only be stolen by finding exploit in the protocol itself or by using an invisibility ring to get past the detection and steal the bitcoins. It is very expensive and unpractical, but its the only way to ensure that bitcoins are 100% safe.
Risk of bitcoin being stolen:

*rofl* Cheesy Cheesy Cheesy

I hope you tested if this type of storage is really as safe as you believe? Tongue

I think your list will give newbies some hints about the risks. Though i doubt that any normal user will use your 9th solution.

I would say its less secure than 8, because you have to rely on the guards to actually do their job. Its certainly not 100% either you have to get the transactions online somehow. If you use an USB Stick for this with malicous firmware all the gards cant help you. There is no attacker scenario at all.

The OP also misses honey pots, IDS just to name two high level methods.

Wreckless is not a word.
legendary
Activity: 2674
Merit: 1083
Legendary Escrow Service - Tip Jar in Profile
November 29, 2015, 05:03:57 PM
#24
9) Military-grade offline wallet storage

Description: An offline cold storage wallet, locked inside a electromagnetically shielded underground bunker room with radio signal shielding too that is empty with only: 1 PC, 1 chair, 1 table inside it, the entrance that is guarded by armed men and surveiled with multiple video cameras to prevent unauthorized personnel tampering the PC, and the only point of access off the PC is either reusable CD or a QR code based system to transfer the data from offline PC to online. Nothing can be plugged into that offline PC. And then when moving the data to the online PC only additional precautions are needed if you want your privacy shielded too, otherwise the bunker room is enough.
Pro's: Totally safe.
Con's: At this point the bitcoin can only be stolen by finding exploit in the protocol itself or by using an invisibility ring to get past the detection and steal the bitcoins. It is very expensive and unpractical, but its the only way to ensure that bitcoins are 100% safe.
Risk of bitcoin being stolen:

*rofl* Cheesy Cheesy Cheesy

I hope you tested if this type of storage is really as safe as you believe? Tongue

I think your list will give newbies some hints about the risks. Though i doubt that any normal user will use your 9th solution.
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
November 29, 2015, 03:31:51 AM
#23

but usually i only install certified things and i'm not visiting any shady website, there is no need to be very paranoid about virus, it's the user that let them enter no one else

this is true for any virus even those bios virus, the only exception would be that router virus that propagate because there was an hole in the router security or something, i don't remember the name

There arent any sophisticated viruses for bitcoin, yet. Not that I know of. In the sense that AI viruses, that have basic intelligence and can adapt to PC enviroment, like there are for bank account thefts.


Most Bitcoin viruses are either:

  • Corrupted bitcoin of altcoin wallet
  • Basic keylogger that searches for password fields
  • Web keylogger for blockchain.info and similar sites
  • Teamvier based remote acces virus (Yes i saw many altcoiners lost their altcoins by this)
  • Detector virus, that searches for default bitcoin installation and sends the wallet file outside when unencrypted


You can easily protect against these, with no-script browser addon, basic antivirus scan of files and checking signatures/ checksums.

However, in the future, the malware can get a lot more sophisticated, so beware!
legendary
Activity: 3248
Merit: 1070
November 29, 2015, 03:27:01 AM
#22
take your first point, and remove the "Then they start visiting shady websites, clicking on all shady ads, clicking on links from spam e-mail etc..." and you have the safest storage

it was i'm doing since i discovered bitcoin, and not even a satoshi was stolen from my desktop, the first secure option is your brain

Yet. You cannot know what other dangers might lurk in the future.

I dont really recomment what you are doing, it is very risky to store all btc in online pc.

well not all, i still keep them in the cold storage like any other sane person, but i like to have an hot wallet with a certain amount

for faster spending

Oh sure, yes that is ok. We all use that, and its ok, I thought you keep all of them on an online PC which is very wreckless.



but usually i only install certified things and i'm not visiting any shady website, there is no need to be very paranoid about virus, it's the user that let them enter no one else

this is true for any virus even those bios virus, the only exception would be that router virus that propagate because there was an hole in the router security or something, i don't remember the name
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
November 29, 2015, 03:24:45 AM
#21
take your first point, and remove the "Then they start visiting shady websites, clicking on all shady ads, clicking on links from spam e-mail etc..." and you have the safest storage

it was i'm doing since i discovered bitcoin, and not even a satoshi was stolen from my desktop, the first secure option is your brain

Yet. You cannot know what other dangers might lurk in the future.

I dont really recomment what you are doing, it is very risky to store all btc in online pc.

well not all, i still keep them in the cold storage like any other sane person, but i like to have an hot wallet with a certain amount

for faster spending

Oh sure, yes that is ok. We all use that, and its ok, I thought you keep all of them on an online PC which is very wreckless.

legendary
Activity: 3248
Merit: 1070
November 29, 2015, 03:19:24 AM
#20
take your first point, and remove the "Then they start visiting shady websites, clicking on all shady ads, clicking on links from spam e-mail etc..." and you have the safest storage

it was i'm doing since i discovered bitcoin, and not even a satoshi was stolen from my desktop, the first secure option is your brain

Yet. You cannot know what other dangers might lurk in the future.

I dont really recomment what you are doing, it is very risky to store all btc in online pc.

well not all, i still keep them in the cold storage like any other sane person, but i like to have an hot wallet with a certain amount

for faster spending
staff
Activity: 3458
Merit: 6793
Just writing some code
November 29, 2015, 12:15:58 AM
#19
I`m not sure how trezor works, doesnt it only contain 1 bitcoin address or can you hold multiple?
Trezors allow you to have multiple addresses. And they also have multiple accounts per device. It just depends on the password used.

Can the attacker browse through your fake accounts until it finds the real one and demand that from you instead?
No because he cannot know what accounts are on it since the accounts are determined by the password.
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
November 28, 2015, 11:54:14 PM
#18
Nice analysis! Why not just use a Trezor and set up all the bunch of fake accounts on it with a one word passphrase that you just must remember. In this way even the people that would extortion your coins can't do anything!

This would still be my option number 1, everything else is too complicated with too much hassle or not enough safe!

I`m not sure how trezor works, doesnt it only contain 1 bitcoin address or can you hold multiple?

Can the attacker browse through your fake accounts until it finds the real one and demand that from you instead?

hero member
Activity: 798
Merit: 1000
Move On !!!!!!
November 28, 2015, 07:31:03 PM
#17
Nice analysis! Why not just use a Trezor and set up all the bunch of fake accounts on it with a one word passphrase that you just must remember. In this way even the people that would extortion your coins can't do anything!

This would still be my option number 1, everything else is too complicated with too much hassle or not enough safe!
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
November 28, 2015, 01:00:57 PM
#16
take your first point, and remove the "Then they start visiting shady websites, clicking on all shady ads, clicking on links from spam e-mail etc..." and you have the safest storage

it was i'm doing since i discovered bitcoin, and not even a satoshi was stolen from my desktop, the first secure option is your brain

Yet. You cannot know what other dangers might lurk in the future.

I dont really recomment what you are doing, it is very risky to store all btc in online pc.

Why Professional online PC storage is more risky than Responsible online PC storage by your scale? Professional way is worse or it is a typo?

No it's not. The red dot is the risk meter, check again.
staff
Activity: 3458
Merit: 6793
Just writing some code
November 28, 2015, 10:25:10 AM
#15
Instead of plain paper wallet storage in a lockbox in a bank (where millions of things can go wrong), why not use AES encryption that is military standard?

You basically want to give your bitcoins to the bank. Whats the point of bitcoin then. You should just use fiat then.
Paper wallets encrypted with BIP38 do use AES encryption. In fact, if you do make paper wallets for cold storage, you should ALWAYS have it BIP38 encrypted.
legendary
Activity: 1862
Merit: 1004
November 28, 2015, 10:11:31 AM
#14
Why Professional online PC storage is more risky than Responsible online PC storage by your scale? Professional way is worse or it is a typo?
legendary
Activity: 3248
Merit: 1070
November 28, 2015, 09:59:48 AM
#13
take your first point, and remove the "Then they start visiting shady websites, clicking on all shady ads, clicking on links from spam e-mail etc..." and you have the safest storage

it was i'm doing since i discovered bitcoin, and not even a satoshi was stolen from my desktop, the first secure option is your brain
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
November 28, 2015, 04:31:53 AM
#12
According to your list this cannot happen as these DEA agents no doubt were military grade hardware and site.... but it did.  No way of storage has zero risk.
  

What do you mean by this, I dont understand what you are telling me here.

This will be my last post as I don't care to post in this thread and bump it up.  It should be changed from storage methods to Malware Threats as you say that is what your focus is.... but to each his own.

Read the article with it you missed a very important part by not reading. It is DEA agents with military grade equipment, and secret clearances doing bad things.  They took BTC so... the point is as long as the human factor and greed is there there is no 100 percent safe storage.  So you thoery about "Military-grade" being 100 percent safe is flawed.

I suggest changing thread title to Malare Threats, not Storage.  Don't post multiple times in a row in same thread in one day... one might think you are trying to push the thread to top of beginner thread.  So read the article I linked, and also the rules on bumping threads as this is not ok below:

Nov 26 - 2 post's in a row
11/28 - 2 posts in a row, 2 different times


Ok i change the title, if its so confusing.

But your logic isnt consistent too, if the attacker has military capacity to attack, then how else will you defend if you dont use the same quality defenses?

Instead of plain paper wallet storage in a lockbox in a bank (where millions of things can go wrong), why not use AES encryption that is military standard?

You basically want to give your bitcoins to the bank. Whats the point of bitcoin then. You should just use fiat then.
legendary
Activity: 1456
Merit: 1000
November 28, 2015, 04:24:11 AM
#11
According to your list this cannot happen as these DEA agents no doubt were military grade hardware and site.... but it did.  No way of storage has zero risk.
  

What do you mean by this, I dont understand what you are telling me here.

This will be my last post as I don't care to post in this thread and bump it up.  It should be changed from storage methods to Malware Threats as you say that is what your focus is.... but to each his own.

Read the article with it you missed a very important part by not reading. It is DEA agents with military grade equipment, and secret clearances doing bad things.  They took BTC so... the point is as long as the human factor and greed is there there is no 100 percent safe storage.  So you thoery about "Military-grade" being 100 percent safe is flawed.

I suggest changing thread title to Malare Threats, not Storage.  Paper wallets are a valid storage.  Hardware and Paper are great cold storage way's of storage but it all depends on the person and how they are using the BTC with what is best.

Don't post multiple times in a row in same thread in one day... one might think you are trying to push the thread to top of beginner thread.  So read the article I linked, and also the rules on bumping threads as this is not ok below:

Nov 26 - 2 post's in a row
11/28 - 2 posts in a row, 2 different times
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
November 28, 2015, 04:12:51 AM
#10
According to your list this cannot happen as these DEA agents no doubt were military grade hardware and site.... but it did.  No way of storage has zero risk.
 

What do you mean by this, I dont understand what you are telling me here.
hero member
Activity: 854
Merit: 1009
JAYCE DESIGNS - http://bit.ly/1tmgIwK
November 28, 2015, 04:07:13 AM
#9

I think leaving a big some on a PC is a bad idea for the most part.  And even military grade can have someone take BTC there is a level of trust at this level that a "bad  guy" can take advantage of just look at silk road where agents took BTC - http://www.coindesk.com/former-silk-road-dea-agent-pleads-guilty-to-bitcoin-theft/   So even military computers are not perfect as long as a human is part of equation.


Dude , I`m talking about PC malware stealing bitcoin. Do you not understand that you will have to import that private key eventually into a PC if you want to spend it.

That is the point I`m trying to make. So a paper wallet is irrelevant in this discussion, because eventually you will have to import that key into a PC to be able to use those bitcoins.

So, a paper wallet is not a point of access to bitcoins. Just as your credit card is not a point of access to your money: the ATM is.


The whole point of a paper wallet is that it keeps your private key (and BTC address) offline.  So it is stored on a piece of paper.   Your thread is about storage... not transmission.

No my thread is about safety & risks of different bitcoin storage methods that have point of access: keeping bitcoin safe against malware.

Quote from: ME

This is only an analysis of the security, from point of view of physical risk of theft or from malware
Pages:
Jump to: