But, but, I has firewall on, an router... I are safe, and I got stolen coins!
Obviously you didn't encrypt your wallet... Obviously a firewall is about as much protection as a sticky-note on your screen... Obviously you are using your normal computer for things it should not be doing... (Hope you don't bank with that same computer, or buy things with your credit-cards!)
Nothing is safe, unless YOU MAKE IT SAFE... what did YOU DO to MAKE IT SAFE? Nothing, you just expected it to be safe, and expected your firewall and router to make it safe. That is NOT the purpose of a WALLET program, or a FIREWALL or a ROUTER.
Besides, firewalls have not worked since they were created. They only STOP legitimate programs from doing legitimate things, not illegitimate programs from doing illegitimate things. They don't talk to firewalls, they go around them, through holes you ALLOW. Your router has nothing to do with security, it simply stops others from joining your internet if they are not allowed... you protected the internet from strangers using your wifi, and that protection was defeated years ago.
Don't tell me... you also have a virus scanner! That won't find crap that is just made, only crap that is old, and possibly a generic virus... but not a real, new virus/trojan/web-page-key-logger/html-5-virus or any other real serious threat... like downloading a non-virus program that just takes things off your computer or activates remote snapshots of your screen, or uses any other common low-tech method to take your crap. Like reading your COPY-PASTE clipboard... many people copy long passwords from a file, and paste them into the password field... but NEVER remove it from the clipboard once pasted. The next site can READ that from your computer, without being a virus.
Stop using your computer for cheap entertainment, and stop browsing all over to strange sites, that are obviously infecting your computer. (Like sites related to bitcoins.)
Topic: Hacked and stolen (Read 3987 times)
Quote
Come again? I am not sure how you think there is no added security in how I keep my wallets... of course the blockchain wallet is base level no added security... that's why it is my outbound wallet and is always empty when I am finished using it.
The second wallet does have an added step to security... in order for someone to use it they would have to sign into my VPS account and boot the instance, or have my private key. Not saying it can't happen, but it is an added step between them and my coins.
How the third wallet is just as hot as the blockchain wallet idk... you can't even search for the wallet, and if you found it, you couldn't move it anywhere useful unless you have my admin password... access denied to anyone other than the local domain admin account. Folder security is not hard so... yeah...
I understand these are all measures OUTSIDE the actual BTC client, but that is exactly where people are getting themselves stolen from... an unsecured platform.
As far as the Cold Storage... I never implied a vanity addresses difficulty increases security... I know it doesn't, never said it did... just detailing how I got the address. The object is not to use this wallet EVER until the day I clean it out... so no, the privkey has never touched the network, and I can send all the coin I want to it without having to sign a single raw transaction... you lost me there... don't know where you were headed with that... since you don't need a privkey to see an addresses balance.
Now, for the "and poster: please get informed before giving security advice with respect to bitcoin" comment... you should really elaborate more when you try to pick apart someones posts... other than recommending a 3rd party service... not once did you provide any type of useful feedback on how I am doing things incorrectly or how to correct them. You basically flamed me, made two statements with no suggestions on why I am wrong nor how to remedy those supposed errors, incorrectly assumed I meant a 45 billion difficulty vanity address was more secure than any other and then advertised a website... not very helpful.
Thank you for exemplifying my signature quote.
The second wallet does have an added step to security... in order for someone to use it they would have to sign into my VPS account and boot the instance, or have my private key. Not saying it can't happen, but it is an added step between them and my coins.
How the third wallet is just as hot as the blockchain wallet idk... you can't even search for the wallet, and if you found it, you couldn't move it anywhere useful unless you have my admin password... access denied to anyone other than the local domain admin account. Folder security is not hard so... yeah...
I understand these are all measures OUTSIDE the actual BTC client, but that is exactly where people are getting themselves stolen from... an unsecured platform.
As far as the Cold Storage... I never implied a vanity addresses difficulty increases security... I know it doesn't, never said it did... just detailing how I got the address. The object is not to use this wallet EVER until the day I clean it out... so no, the privkey has never touched the network, and I can send all the coin I want to it without having to sign a single raw transaction... you lost me there... don't know where you were headed with that... since you don't need a privkey to see an addresses balance.
Now, for the "and poster: please get informed before giving security advice with respect to bitcoin" comment... you should really elaborate more when you try to pick apart someones posts... other than recommending a 3rd party service... not once did you provide any type of useful feedback on how I am doing things incorrectly or how to correct them. You basically flamed me, made two statements with no suggestions on why I am wrong nor how to remedy those supposed errors, incorrectly assumed I meant a 45 billion difficulty vanity address was more secure than any other and then advertised a website... not very helpful.
Thank you for exemplifying my signature quote.
daemonfox I think you have missed vhaasteren's point a little bit here:
He is trying to say that your hot, luke warm and simmer down wallets, all exist as wallet files on a networked PC, therefore offering no increased protection for one another if your passwords/computers are compromised, obviously the ways of finding the wallet.dat files etc may differ...
He then mentions your cold storage system. Basically, he is saying that as you must import your private key to a networked computer to spend the funds (current arrangement) that this is only as safe as aforementioned three wallets when you come to spend the funds, although, these should be secure from theft before that happens. He was trying to imply, that in order to spend any funds from this wallet, without importing the priv key to a (potentially compromised) client/computer, you could spend funds by generating raw transactions (req. know-how and is still hard).
I must agree with him, that armoury on a second, 100% offline (never before networked) pc/netbook really looks to be the way forward, until secure bitcoin hardware wallets are sucessfully implemented.
I personally bought the cheapest Asus netbook new off amazon, disabled all network devices in BIOS, formatted to ubuntu 10.04 and loaded armoury onto it. Cost ~£150. Price worth paying for securing my coins? Absolutely.
Hope this helps.
Exactly.
Daemonfox, I did not mean to flame or offend you, but we are talking about advice on how to keep money safe. Unless you are one of the top minds in the scene, you do not want to invent measures yourself. The only ones that would take note of your descriptions would be newbies, and they are exactly the ones that should not follow your advice. They need an easy way of doing the right thing, with only a small possibility of human error.
If I did not explain well enough what was wrong with your methods I apologise. However, these matters are subtle, so I wanted to avoid a discussion about details. If you produce your own private key management system as you are doing, you can easily create a situation where your private key touches a computer that has been compromised, even only momentarily, thereby destroying the 'air gap' that guarantees 100% security. Armory does exactly that, with minimal effort, and you can even still spend your funds.
I myself have actually installed Armory on a Raspberry Pi (cost about $50 including all accessories), but a usb stick as Rampion suggested is cheaper.
I hope this was useful
And if you do not even want to bother to buy a new computer just for offline armory, you may well be install Ubuntu 10.04 with home folder encryption on a USB, disable or connectivity on the Ubuntu USB install, install offline armory, and then you could boot your regular computer (or any computer) from it.
Quote
Come again? I am not sure how you think there is no added security in how I keep my wallets... of course the blockchain wallet is base level no added security... that's why it is my outbound wallet and is always empty when I am finished using it.
The second wallet does have an added step to security... in order for someone to use it they would have to sign into my VPS account and boot the instance, or have my private key. Not saying it can't happen, but it is an added step between them and my coins.
How the third wallet is just as hot as the blockchain wallet idk... you can't even search for the wallet, and if you found it, you couldn't move it anywhere useful unless you have my admin password... access denied to anyone other than the local domain admin account. Folder security is not hard so... yeah...
I understand these are all measures OUTSIDE the actual BTC client, but that is exactly where people are getting themselves stolen from... an unsecured platform.
As far as the Cold Storage... I never implied a vanity addresses difficulty increases security... I know it doesn't, never said it did... just detailing how I got the address. The object is not to use this wallet EVER until the day I clean it out... so no, the privkey has never touched the network, and I can send all the coin I want to it without having to sign a single raw transaction... you lost me there... don't know where you were headed with that... since you don't need a privkey to see an addresses balance.
Now, for the "and poster: please get informed before giving security advice with respect to bitcoin" comment... you should really elaborate more when you try to pick apart someones posts... other than recommending a 3rd party service... not once did you provide any type of useful feedback on how I am doing things incorrectly or how to correct them. You basically flamed me, made two statements with no suggestions on why I am wrong nor how to remedy those supposed errors, incorrectly assumed I meant a 45 billion difficulty vanity address was more secure than any other and then advertised a website... not very helpful.
Thank you for exemplifying my signature quote.
The second wallet does have an added step to security... in order for someone to use it they would have to sign into my VPS account and boot the instance, or have my private key. Not saying it can't happen, but it is an added step between them and my coins.
How the third wallet is just as hot as the blockchain wallet idk... you can't even search for the wallet, and if you found it, you couldn't move it anywhere useful unless you have my admin password... access denied to anyone other than the local domain admin account. Folder security is not hard so... yeah...
I understand these are all measures OUTSIDE the actual BTC client, but that is exactly where people are getting themselves stolen from... an unsecured platform.
As far as the Cold Storage... I never implied a vanity addresses difficulty increases security... I know it doesn't, never said it did... just detailing how I got the address. The object is not to use this wallet EVER until the day I clean it out... so no, the privkey has never touched the network, and I can send all the coin I want to it without having to sign a single raw transaction... you lost me there... don't know where you were headed with that... since you don't need a privkey to see an addresses balance.
Now, for the "and poster: please get informed before giving security advice with respect to bitcoin" comment... you should really elaborate more when you try to pick apart someones posts... other than recommending a 3rd party service... not once did you provide any type of useful feedback on how I am doing things incorrectly or how to correct them. You basically flamed me, made two statements with no suggestions on why I am wrong nor how to remedy those supposed errors, incorrectly assumed I meant a 45 billion difficulty vanity address was more secure than any other and then advertised a website... not very helpful.
Thank you for exemplifying my signature quote.
daemonfox I think you have missed vhaasteren's point a little bit here:
He is trying to say that your hot, luke warm and simmer down wallets, all exist as wallet files on a networked PC, therefore offering no increased protection for one another if your passwords/computers are compromised, obviously the ways of finding the wallet.dat files etc may differ...
He then mentions your cold storage system. Basically, he is saying that as you must import your private key to a networked computer to spend the funds (current arrangement) that this is only as safe as aforementioned three wallets when you come to spend the funds, although, these should be secure from theft before that happens. He was trying to imply, that in order to spend any funds from this wallet, without importing the priv key to a (potentially compromised) client/computer, you could spend funds by generating raw transactions (req. know-how and is still hard).
I must agree with him, that armoury on a second, 100% offline (never before networked) pc/netbook really looks to be the way forward, until secure bitcoin hardware wallets are sucessfully implemented.
I personally bought the cheapest Asus netbook new off amazon, disabled all network devices in BIOS, formatted to ubuntu 10.04 and loaded armoury onto it. Cost ~£150. Price worth paying for securing my coins? Absolutely.
Hope this helps.
I am not a regular poster, hence my post count, but I could not let this go by unnoticed in a thread about theft. There are a couple of misconceptions in this post that reveal that you have invented these security measures yourself. Please, do not take these practices as advice, and poster: please get informed before giving security advice with respect to bitcoin.
Clarification: your HOT, SIMMER DOWN, LUKEWARM wallets do not offer any different security. They are hot wallets. With respect to your 'cold' wallet: the difficulty in vanitygen is in no way related to the security of your private key. Only how difficult it is to get the first few characters equal to what you gave it. The security of a private key is the same. Also, you cannot really use this cold wallet offline, unless you know how to sign raw transactions. The idea of cold storage is that the private key never touches the internet. Not even temporarily touches a computer that is occasionally connected to the internet. But you still want to use it, right?
I recommend that you have a look into the bitcoin client Armory (https://bitcoinarmory.com/). It can give you easy to use cold storage that is truly safe, and you can make paper backups of your wallets to put in your safety deposit box.
Clarification: your HOT, SIMMER DOWN, LUKEWARM wallets do not offer any different security. They are hot wallets. With respect to your 'cold' wallet: the difficulty in vanitygen is in no way related to the security of your private key. Only how difficult it is to get the first few characters equal to what you gave it. The security of a private key is the same. Also, you cannot really use this cold wallet offline, unless you know how to sign raw transactions. The idea of cold storage is that the private key never touches the internet. Not even temporarily touches a computer that is occasionally connected to the internet. But you still want to use it, right?
I recommend that you have a look into the bitcoin client Armory (https://bitcoinarmory.com/). It can give you easy to use cold storage that is truly safe, and you can make paper backups of your wallets to put in your safety deposit box.
Come again? I am not sure how you think there is no added security in how I keep my wallets... of course the blockchain wallet is base level no added security... that's why it is my outbound wallet and is always empty when I am finished using it.
The second wallet does have an added step to security... in order for someone to use it they would have to sign into my VPS account and boot the instance, or have my private key. Not saying it can't happen, but it is an added step between them and my coins.
How the third wallet is just as hot as the blockchain wallet idk... you can't even search for the wallet, and if you found it, you couldn't move it anywhere useful unless you have my admin password... access denied to anyone other than the local domain admin account. Folder security is not hard so... yeah...
I understand these are all measures OUTSIDE the actual BTC client, but that is exactly where people are getting themselves stolen from... an unsecured platform.
As far as the Cold Storage... I never implied a vanity addresses difficulty increases security... I know it doesn't, never said it did... just detailing how I got the address. The object is not to use this wallet EVER until the day I clean it out... so no, the privkey has never touched the network, and I can send all the coin I want to it without having to sign a single raw transaction... you lost me there... don't know where you were headed with that... since you don't need a privkey to see an addresses balance.
Now, for the "and poster: please get informed before giving security advice with respect to bitcoin" comment... you should really elaborate more when you try to pick apart someones posts... other than recommending a 3rd party service... not once did you provide any type of useful feedback on how I am doing things incorrectly or how to correct them. You basically flamed me, made two statements with no suggestions on why I am wrong nor how to remedy those supposed errors, incorrectly assumed I meant a 45 billion difficulty vanity address was more secure than any other and then advertised a website... not very helpful.
Thank you for exemplifying my signature quote.
Wow... and what "good firewall" might you be using? Also, just having a router does not make you any safer... it just adds a couple steps to making a connection to networked equipment.
If you are really looking for security, you need to read more and listen to the people here who aren't flaming you, they are giving you good advice.
For starters, I do the following for my BTC use:
HOT WALLET: I have an active wallet on Blockchain.info that is solely used to payout directly to people I exchange with outside of BTC-e or VirCurEx... this is merely a personal choice as it makes it so I can send BTC from anywhere I have internet and everything has an email alert.
SIMMER DOWN WALLET: I have an encrypted wallet that I use to receive coins from others in exchange for services or donations etc. This wallet is located on a VPS that is ALWAYS OFF until I log in to boot it and unlock the wallet... it takes a while to get the blockchain but I only access it about once a month and track it using the blockchain.info to see if there is anything there before i even bother. This is not that secure by itself but keeping my VPS account secure and the VPS offline unless I am using it addes to it... and it is never much BTC anyways.
LUKE WARM WALLET: There is an encrypted wallet on one my HDDs in my file server at home, but it is not in any typical directory, does not have any other files in the same directory, is hidden, and can only be accessed by my administrator login, of which uses a hashed key as a password which is stored on a USB drive on my keyring. This is used as an intermediary before I send BTC to cold storage. I use this wallet to withdraw from exchanges and as my mining wallet. I try to empty it daily. Also, this server DOES NOT actually host the client I use to unlock and transfer BTC... I have to map to it from my laptop with the Administrator hash key and then I can drop a copy into the client directory, restart it, do my business, encrypt it again then overwrite it back to the server before disconnecting the mapped drive.
COLD STORAGE WALLET: I have a wallet address and privkey pair that I generated with vanitygen... at 45 BILLION difficulty... and I have NEVER used it for anything but receiving BTC. I tested another address and privkey pair by importing it into Blockchain.info and once I confirmed it worked, the harder address and privkey were generated (got mad lucky said it would take 2.5 yrs in oclvanitygen but it popped up on day 4) and tested sending it some BTC... walla Blockchain shows it has value but there is no way to get to it until the day I import it somewhere. I pay myself 30% of my mining intake and transfer that here plus any substantial payment/donations.
LONG TERM INVESTMENT WALLET: I also have a wallet I put my first 5+ BTC in... it is encrypted and exists in a handful of formats... keys printed and mailed to my mother who put it in our family safe deposit box, a copy of the encrypted wallet.dat on a USB that is also encrypted and sits in my safe deposit box at the bank, another USB that is encrypted and sits in my son's dresser with his other personal items he keeps, the encryption password for both USBs was printed (again a hash key), sealed in an envelope and given to my mother in law to put in her safe deposit box, and lastly the UNencrypted wallet.dat was burned to 2 DVDs that are locked away somewhere with my grandmother... i have no clue where as she agreed they would be sent to her personal estate storage and could not be retrieved until her estate is passed to me upon her death (dad was furious rofl that's what you get for alienating yourself from the family DAD... GG).
Anybody got any other methods that you use to keep safe? I know it sounds like a lot of work for some BTC... but I know I won't be posting here with a sob story and 100s if not 1,000s of BTC stolen.
I am not a regular poster, hence my post count, but I could not let this go by unnoticed in a thread about theft. There are a couple of misconceptions in this post that reveal that you have invented these security measures yourself. Please, do not take these practices as advice, and poster: please get informed before giving security advice with respect to bitcoin.
Clarification: your HOT, SIMMER DOWN, LUKEWARM wallets do not offer any different security. They are hot wallets. With respect to your 'cold' wallet: the difficulty in vanitygen is in no way related to the security of your private key. Only how difficult it is to get the first few characters equal to what you gave it. The security of a private key is the same. Also, you cannot really use this cold wallet offline, unless you know how to sign raw transactions. The idea of cold storage is that the private key never touches the internet. Not even temporarily touches a computer that is occasionally connected to the internet. But you still want to use it, right?
I recommend that you have a look into the bitcoin client Armory (https://bitcoinarmory.com/). It can give you easy to use cold storage that is truly safe, and you can make paper backups of your wallets to put in your safety deposit box.
A wise person taught me something a long time ago... and it stuck.
Locks only keep HONEST PEOPLE HONEST.
A thief will break any lock they know how to... even if there is not anything to take sometimes... just for the lulz.
As for the encryption by default argument, I suspect we would have 100X the "I can't get into my wallet anymore I lost my password" threads than we do now. The bank REQUIRES a PIN or passcode because THEY ARE THE INTERMEDIARY WHO STORES YOUR FUNDS... in Bitcoin there is no intermediary... YOU ARE THE BANK THEREFORE IT IS YOUR RESPONSIBILITY TO USE THE TOOLS YOU HAVE BEEN PROVIDED... i.e. use encryption, follow the tutorial for offline wallets and for god sake join the 201X's and L2 keep your PC safe... not a hard concept... just requires a little reading and effort.
If my 55 yr old mother can pick up a computer for the first time 5 yrs ago and teach her self how you use the internet, webmail, antivirus and antimalware programs, social media and online banking... the rest of us under 30 have no excuse.
Locks only keep HONEST PEOPLE HONEST.
A thief will break any lock they know how to... even if there is not anything to take sometimes... just for the lulz.
As for the encryption by default argument, I suspect we would have 100X the "I can't get into my wallet anymore I lost my password" threads than we do now. The bank REQUIRES a PIN or passcode because THEY ARE THE INTERMEDIARY WHO STORES YOUR FUNDS... in Bitcoin there is no intermediary... YOU ARE THE BANK THEREFORE IT IS YOUR RESPONSIBILITY TO USE THE TOOLS YOU HAVE BEEN PROVIDED... i.e. use encryption, follow the tutorial for offline wallets and for god sake join the 201X's and L2 keep your PC safe... not a hard concept... just requires a little reading and effort.
If my 55 yr old mother can pick up a computer for the first time 5 yrs ago and teach her self how you use the internet, webmail, antivirus and antimalware programs, social media and online banking... the rest of us under 30 have no excuse.
In some Arabic countries where Sharia law is present they will chop off body parts of thieves, so gold store owners can leave the store open while they attend their daily prayers without being afraid.
my 2 cents
I am glad to hear another person got a lesson on computer security for only the price of bitcoins.
"I can't get into my wallet anymore I lost my password" implies your fault only.
"All my bitcoins are stolen" implies either your fault or that bitcoins payment infrastructure is not secure (as the whole, I'm not talking about blockchain or cryptography).
Guess what is worse for bitcoin adoption?
"All my bitcoins are stolen" implies either your fault or that bitcoins payment infrastructure is not secure (as the whole, I'm not talking about blockchain or cryptography).
Guess what is worse for bitcoin adoption?
You are not 100% on that second part... the Bitcoin payment system IS SECURE... it is the PLATFORM users choose to deploy and use it on that is getting them in trouble.
If the bank can't keep its servers secure... what good is a PIN and passcode? Especially in this age of compute power... brute force is more realistic today than ever before... hence why a database breach requires you change your password, even if the data lifted was encrypted.
Just owning a PC that is online should require the same amount of security whether you use it for Bitcoin or just everyday web surfing. Securing one AT AN APPROPRIATE LEVEL is the same as doing so for the other... you dont want you online account passwords hacked or captured right... even if it is just for youtube logins and webmail? Same thing if you add Bitcoin into the mix... safety is safety and there should be no gray area... either you care and you do it right... or you fuck off and get fucked... excuse my language but it hits the point home.
A wise person taught me something a long time ago... and it stuck.
Locks only keep HONEST PEOPLE HONEST.
A thief will break any lock they know how to... even if there is not anything to take sometimes... just for the lulz.
As for the encryption by default argument, I suspect we would have 100X the "I can't get into my wallet anymore I lost my password" threads than we do now. The bank REQUIRES a PIN or passcode because THEY ARE THE INTERMEDIARY WHO STORES YOUR FUNDS... in Bitcoin there is no intermediary... YOU ARE THE BANK THEREFORE IT IS YOUR RESPONSIBILITY TO USE THE TOOLS YOU HAVE BEEN PROVIDED... i.e. use encryption, follow the tutorial for offline wallets and for god sake join the 201X's and L2 keep your PC safe... not a hard concept... just requires a little reading and effort.
If my 55 yr old mother can pick up a computer for the first time 5 yrs ago and teach her self how you use the internet, webmail, antivirus and antimalware programs, social media and online banking... the rest of us under 30 have no excuse.
Locks only keep HONEST PEOPLE HONEST.
A thief will break any lock they know how to... even if there is not anything to take sometimes... just for the lulz.
As for the encryption by default argument, I suspect we would have 100X the "I can't get into my wallet anymore I lost my password" threads than we do now. The bank REQUIRES a PIN or passcode because THEY ARE THE INTERMEDIARY WHO STORES YOUR FUNDS... in Bitcoin there is no intermediary... YOU ARE THE BANK THEREFORE IT IS YOUR RESPONSIBILITY TO USE THE TOOLS YOU HAVE BEEN PROVIDED... i.e. use encryption, follow the tutorial for offline wallets and for god sake join the 201X's and L2 keep your PC safe... not a hard concept... just requires a little reading and effort.
If my 55 yr old mother can pick up a computer for the first time 5 yrs ago and teach her self how you use the internet, webmail, antivirus and antimalware programs, social media and online banking... the rest of us under 30 have no excuse.
"I can't get into my wallet anymore I lost my password" implies your fault only.
"All my bitcoins are stolen" implies either your fault or that bitcoins payment infrastructure is not secure (as the whole, I'm not talking about blockchain or cryptography).
Guess what is worse for bitcoin adoption?
no, I'm pretty sure using an offline computer is not the same as digging yourself deep underground.
using an offline computer buried deep underground, or burying a vault of cash deep underground, THAT would be the same level of security as digging yourself deep underground.
using an offline computer buried deep underground, or burying a vault of cash deep underground, THAT would be the same level of security as digging yourself deep underground.
The difference is that you are treating bitcoin as gold 2.0. I'm treating it as a mean of payment. In this case it is exactly the same as digging yourself deep underground.
Not really, it's very simple to use your bitcoins for payment even from an offline computer. It's just a matter of sending the transaction from the offline client to an online client. Still MUCH easier than moving gold around.
A wise person taught me something a long time ago... and it stuck.
Locks only keep HONEST PEOPLE HONEST.
A thief will break any lock they know how to... even if there is not anything to take sometimes... just for the lulz.
As for the encryption by default argument, I suspect we would have 100X the "I can't get into my wallet anymore I lost my password" threads than we do now. The bank REQUIRES a PIN or passcode because THEY ARE THE INTERMEDIARY WHO STORES YOUR FUNDS... in Bitcoin there is no intermediary... YOU ARE THE BANK THEREFORE IT IS YOUR RESPONSIBILITY TO USE THE TOOLS YOU HAVE BEEN PROVIDED... i.e. use encryption, follow the tutorial for offline wallets and for god sake join the 201X's and L2 keep your PC safe... not a hard concept... just requires a little reading and effort.
If my 55 yr old mother can pick up a computer for the first time 5 yrs ago and teach her self how you use the internet, webmail, antivirus and antimalware programs, social media and online banking... the rest of us under 30 have no excuse.
Locks only keep HONEST PEOPLE HONEST.
A thief will break any lock they know how to... even if there is not anything to take sometimes... just for the lulz.
As for the encryption by default argument, I suspect we would have 100X the "I can't get into my wallet anymore I lost my password" threads than we do now. The bank REQUIRES a PIN or passcode because THEY ARE THE INTERMEDIARY WHO STORES YOUR FUNDS... in Bitcoin there is no intermediary... YOU ARE THE BANK THEREFORE IT IS YOUR RESPONSIBILITY TO USE THE TOOLS YOU HAVE BEEN PROVIDED... i.e. use encryption, follow the tutorial for offline wallets and for god sake join the 201X's and L2 keep your PC safe... not a hard concept... just requires a little reading and effort.
If my 55 yr old mother can pick up a computer for the first time 5 yrs ago and teach her self how you use the internet, webmail, antivirus and antimalware programs, social media and online banking... the rest of us under 30 have no excuse.
This is a very old debate. Use the search. We all know that Bitcoin is not noob friendly. Your grandma won't even be able to understand it. But, it's still improving with time, step by step.
And yes, devs know this and they are trying to find the best ways to improve both user-friendliness and Bitcoin-QT built in security.
And yes, devs know this and they are trying to find the best ways to improve both user-friendliness and Bitcoin-QT built in security.
Yes, I know. I just wanted to stress it once again as I believe it's important.
True, this is why most of the people do not have A LOT of money in one drawer in their houses unless they have some REAL security. Most of the people have 95% of their money in banks, security boxes, etc.
True, but the problem is that nothing in Bitcoin clients facilitates this.
Just a rough example: there can be a popup window saying "You are storing 1000 BTC on unencrypted wallet. Do you want to transfer them to a paper wallet and print 10 copies of it?" with buttons, "Yes", "No", "Remind me later". And yet again: this is for regular users. Advanced users always can turn it off.
This is a very old debate. Use the search. We all know that Bitcoin is not noob friendly. Your grandma won't even be able to understand it. But, it's still improving with time, step by step.
And yes, devs know this and they are trying to find the best ways to improve both user-friendliness and Bitcoin-QT built in security.
no, I'm pretty sure using an offline computer is not the same as digging yourself deep underground.
using an offline computer buried deep underground, or burying a vault of cash deep underground, THAT would be the same level of security as digging yourself deep underground.
using an offline computer buried deep underground, or burying a vault of cash deep underground, THAT would be the same level of security as digging yourself deep underground.
The difference is that you are treating bitcoin as gold 2.0. I'm treating it as a mean of payment. In this case it is exactly the same as digging yourself deep underground.
True, this is why most of the people do not have A LOT of money in one drawer in their houses unless they have some REAL security. Most of the people have 95% of their money in banks, security boxes, etc.
True, but the problem is that nothing in Bitcoin clients facilitates this.
Just a rough example: there can be a popup window saying "You are storing 1000 BTC on unencrypted wallet. It's not secure. Do you want to transfer them to a paper wallet and print 10 copies of it?" with buttons, "Yes", "No", "Remind me later". And yet again: this is for regular users. Advanced users always can turn it off.
This whole debate is stupid, you shouldn't rely on the bitcoin client's encryption anyway. It could have bugs or backdoors or who knows what. The only way to truly be safe is to generate your transactions offline.
I don't want to be sarcastic but this is the same as:
This whole debate is stupid, you shouldn't rely on the doors in your home anyway. It could be lockpiced or just broken or who knows what. The only way to truly be safe is to dig yourself underground as deep as possible.
no, I'm pretty sure using an offline computer is not the same as digging yourself deep underground.
using an offline computer buried deep underground, or burying a vault of cash deep underground, THAT would be the same level of security as digging yourself deep underground.
This whole debate is stupid, you shouldn't rely on the bitcoin client's encryption anyway. It could have bugs or backdoors or who knows what. The only way to truly be safe is to generate your transactions offline.
I don't want to be sarcastic but this is the same is:
This whole debate is stupid, you shouldn't rely on the doors in your home anyway. It could be lockpiced or just broken or who knows what.
True, this is why most of the people do not have A LOT of money in one drawer in their houses unless they have some REAL security. Most of the people have 95% of their money in banks, security boxes, etc.
This whole debate is stupid, you shouldn't rely on the bitcoin client's encryption anyway. It could have bugs or backdoors or who knows what. The only way to truly be safe is to generate your transactions offline.
I don't want to be sarcastic but this is the same as:
This whole debate is stupid, you shouldn't rely on the doors in your home anyway. It could be lockpiced or just broken or who knows what. The only way to truly be safe is to dig yourself underground as deep as possible.
Storing private keys on a computer that is connected to the Internet is suitable only for a trivial amount of funds.
Everything else should be stored offline.
Everything else should be stored offline.
Jump to: