Pages:
Author

Topic: HOW are bitcoins stored? (Read 5762 times)

hero member
Activity: 658
Merit: 500
December 22, 2014, 11:26:51 PM
#67
Right now your safest bet is to use the hardware wallet Trezor.
But for that normal people need to invest money, and the average person is not going to spend 100$ just to have bitcoins.

That´s right. Is there a no-cost way to generate and use my private keys, without ANY chance of they being stolen?
There is always going to be a chance that your money is going to be stolen. This is true regardless of if you are using bitcoin, fiat or physical assets (like gold for example). You really just need to be able to manage your risk so that there is a very low chance that your money will get stolen.

For the very new user (who is using small amounts of money), you should use a service like coinbase and enable 2fa which should keep your money sufficiently safe.

For larger amounts and once you have a better understanding of how bitcoin works, you will need to use a computer that has never touched the internet to create a private key (and to have the computer never subsequently touch the internet)
hero member
Activity: 560
Merit: 500
★777Coin.com★ Fun BTC Casino!
December 22, 2014, 05:42:38 PM
#66
stored in online wallets like Xapo, BlockChain, BitArmored, etc.

OR in offline wallets like Electrum, Multibit, etc.

Pluses and minuses to both .. equal chance you will lose your bitcoins no matter which method you choose, in my opinion
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
December 22, 2014, 12:14:57 PM
#65
1. If an offline HD is 95% as secure as an offline computer, what are the 5% of insecurity?

Easily less than 5%; probably less than 1%.  I'm just leaving a tiny window for malicious firmware, BIOS viruses, and so forth.  This is basically irrelevant.  Bear in mind that even the ideal offline computer setup entails some risk.  Can you trust Bitcoin Core?  Can you trust Armory?  Can you trust my advice?

There's risk in everything.


How do you know one drive doesn't catch malware that maps a network drive and
connects to the other one... (or you forget and do it yourself somehow)
that's the 1-5% or whatever risk.

But yeah, risk can be mitigated, never eliminated.
Can't live your life hiding under the bed.  Cheesy
legendary
Activity: 2156
Merit: 1393
You lead and I'll watch you walk away.
December 22, 2014, 10:07:16 AM
#64
I'm impressed OP, you have come a long way toward understanding Bitcoin. If I had to spend this much time learning about the ACH/EFT system to use Debit Cards I would have given up on them. The good news is, there are easier and safer methods for using Bitcoin being created every day. Someday people will use the blockchain to send money through some business and probably not even know it. You're obviously bright enough and motivated enough to use it now. If you keep reading and start using it you shouldn't have a problem.
legendary
Activity: 1246
Merit: 1011
December 22, 2014, 09:31:48 AM
#63
1. If an offline HD is 95% as secure as an offline computer, what are the 5% of insecurity?

Easily less than 5%; probably less than 1%.  I'm just leaving a tiny window for malicious firmware, BIOS viruses, and so forth.  This is basically irrelevant.  Bear in mind that even the ideal offline computer setup entails some risk.  Can you trust Bitcoin Core?  Can you trust Armory?  Can you trust my advice?

There's risk in everything.

2. I didn´t know I could use a usb as main HD with OS. How to do that?

That's going to depend on your OS of choice.  You may also want to look up "LiveCD"s, especially in conjunction with Bitcoin, to see if others have already done the hard work (of course, avoid dodgy-looking reputationless setups).

3. Supposing I already have 2 HDs working fine, how to transfer files from one to another without the risk of transfering malware to the offline HD in the process?

Only copy across using the offline system.  You should not execute anything on your first drive while your offline system is running, but a good OS will be able to ensure that while allowing you write access to the first drive.
full member
Activity: 131
Merit: 100
December 22, 2014, 08:32:58 AM
#62
What if I buy a new HD and use it just for bitcoins, without my original HD, and then I turn off computer, unplug HD, plug the other one, so on so forth? Will that prevent trojans or can they be in other devices than HD, e.g. boards, cards, etc?

In other words, instead of an offline "whole computer", is it enough to have just an offline HD, or is there some weakness to using 2 HDs with one computer? And by 2 HDs I mean they are connected just one at a time, never together, each one has its own OS, etc. Just the same Mobo and cards.

This strategy will provide a lot of extra security in my opinion (95%+ of the way to dedicated offline computer).  The second drive with its own operating system could reasonably well be trusted to hold your private keys provided this system never sees the internet.  Disconnecting and reconnecting the first drive sounds like overkill (the OS should be configured to just ignore it) but disconnecting and reconnecting the second drive (which will likely contain sensitive information) is a small gain.

With this setup you'd probably want to install Bitcoin Core + Armory on the main machine and Armory on the second.  You can then use Armory on the second to create private keys and sign transactions.  You'll almost certainly want to create a second "hot" wallet on your main system.

Depending on your motherboard and preferred OS, you may find a USB drive to be a cheaper and more convenient home for your second OS than an HDD or SSD.  In either case, you should treat this second drive as you would a paper wallet (unless you encrypt the drive or wallet with a passphrase with significant entropy).

1. If an offline HD is 95% as secure as an offline computer, what are the 5% of insecurity?

2. I didn´t know I could use a usb as main HD with OS. How to do that?

3. Supposing I already have 2 HDs working fine, how to transfer files from one to another without the risk of transfering malware to the offline HD in the process?
legendary
Activity: 1246
Merit: 1011
December 21, 2014, 08:41:30 PM
#61
What if I buy a new HD and use it just for bitcoins, without my original HD, and then I turn off computer, unplug HD, plug the other one, so on so forth? Will that prevent trojans or can they be in other devices than HD, e.g. boards, cards, etc?

In other words, instead of an offline "whole computer", is it enough to have just an offline HD, or is there some weakness to using 2 HDs with one computer? And by 2 HDs I mean they are connected just one at a time, never together, each one has its own OS, etc. Just the same Mobo and cards.

This strategy will provide a lot of extra security in my opinion (95%+ of the way to dedicated offline computer).  The second drive with its own operating system could reasonably well be trusted to hold your private keys provided this system never sees the internet.  Disconnecting and reconnecting the first drive sounds like overkill (the OS should be configured to just ignore it) but disconnecting and reconnecting the second drive (which will likely contain sensitive information) is a small gain.

With this setup you'd probably want to install Bitcoin Core + Armory on the main machine and Armory on the second.  You can then use Armory on the second to create private keys and sign transactions.  You'll almost certainly want to create a second "hot" wallet on your main system.

Depending on your motherboard and preferred OS, you may find a USB drive to be a cheaper and more convenient home for your second OS than an HDD or SSD.  In either case, you should treat this second drive as you would a paper wallet (unless you encrypt the drive or wallet with a passphrase with significant entropy).
full member
Activity: 131
Merit: 100
December 21, 2014, 08:09:25 PM
#60
2. Which means each address can be accessed by 2^94 private keys?

We hope that this is at least approximately true.

But that doesn´t matter because the chance to find an address with money is still like finding an atom in a galaxy?

Perhaps more like finding a particular atom in the ocean.

3. - I think this might help, offline address allows you to create a key while offline. https://www.offlineaddress.com/

3. Ok, I went to this site, you have to be offline and then it will give you a private key, I note it down on paper and that´s it? No one will ever be able to figure it out, except from reading my physical note on paper?

Hopefully.

Just being offline doesn't guarantee that the algorithm used by that site isn't designed to select a small subset of private keys which the site creators know.  Using well-established code written by reputable people will help here; I personally can't vouch for this site.

If after writing down the private key you ever reconnect to the internet you're leaving a window for a trojan of some kind to note down the private key and upload it once you reconnect.  This can be mitigated a bit by power-cycling before reconnecting, or mitigated a huge amount by formatting all drives and reinstalling the OS before reconnecting.  You can also gain some small advantage in this area by creating a separate user just for handling Bitcoin.

If you print it you have another device to worry about.  You gain a little something by writing the private key down by hand.

None of these attack vectors is especially likely here so you should be fine to try it out with small amounts.

But, when I want to send money from my address to another one, I will have to write my private key on computer, at those few seconds, when I do that, how can I be sure a malware will not save it and then send to hacker? And having an offline computer is not an option for me.

If you have no offline computer (and are incapable of performing all of Bitcoin's various cryptographic functions manually on paper) then you'll have to settle for "almost sure".  This then becomes a question of how secure your computer is.

What if I buy a new HD and use it just for bitcoins, without my original HD, and then I turn off computer, unplug HD, plug the other one, so on so forth? Will that prevent trojans or can they be in other devices than HD, e.g. boards, cards, etc?

In other words, instead of an offline "whole computer", is it enough to have just an offline HD, or is there some weakness to using 2 HDs with one computer? And by 2 HDs I mean they are connected just one at a time, never together, each one has its own OS, etc. Just the same Mobo and cards.
legendary
Activity: 1246
Merit: 1011
December 21, 2014, 07:56:30 PM
#59
2. Which means each address can be accessed by 2^94 private keys?

We hope that this is at least approximately true.

But that doesn´t matter because the chance to find an address with money is still like finding an atom in a galaxy?

Perhaps more like finding a particular atom in the ocean.

3. - I think this might help, offline address allows you to create a key while offline. https://www.offlineaddress.com/

3. Ok, I went to this site, you have to be offline and then it will give you a private key, I note it down on paper and that´s it? No one will ever be able to figure it out, except from reading my physical note on paper?

Hopefully.

Just being offline doesn't guarantee that the algorithm used by that site isn't designed to select a small subset of private keys which the site creators know.  Using well-established code written by reputable people will help here; I personally can't vouch for this site.

If after writing down the private key you ever reconnect to the internet you're leaving a window for a trojan of some kind to note down the private key and upload it once you reconnect.  This can be mitigated a bit by power-cycling before reconnecting, or mitigated a huge amount by formatting all drives and reinstalling the OS before reconnecting.  You can also gain some small advantage in this area by creating a separate user just for handling Bitcoin.

If you print it you have another device to worry about.  You gain a little something by writing the private key down by hand.

None of these attack vectors is especially likely here so you should be fine to try it out with small amounts.

But, when I want to send money from my address to another one, I will have to write my private key on computer, at those few seconds, when I do that, how can I be sure a malware will not save it and then send to hacker? And having an offline computer is not an option for me.

If you have no offline computer (and are incapable of performing all of Bitcoin's various cryptographic functions manually on paper) then you'll have to settle for "almost sure".  This then becomes a question of how secure your computer is.
full member
Activity: 131
Merit: 100
December 21, 2014, 07:12:23 PM
#58
Right now your safest bet is to use the hardware wallet Trezor.
But for that normal people need to invest money, and the average person is not going to spend 100$ just to have bitcoins.

That´s right. Is there a no-cost way to generate and use my private keys, without ANY chance of they being stolen?
legendary
Activity: 1330
Merit: 1001
December 21, 2014, 07:09:27 PM
#57
Right now your safest bet is to use the hardware wallet Trezor.
But for that normal people need to invest money, and the average person is not going to spend 100$ just to have bitcoins.
full member
Activity: 131
Merit: 100
December 21, 2014, 07:04:59 PM
#56
Right now your safest bet is to use the hardware wallet Trezor.

1. By which means does one know it´s the safest?

2. Is there any case of bitcoins being stolen from it?

3. Are there known bad hardware wallets, from which BTC has been stolen? (so that I remember never to buy them)

4. What if some day, some company makes a hardware wallet that secretly sends all keys to a guy and one day when this guy has enough keys he decides to transfer all the BTC to himself?
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
December 21, 2014, 06:56:27 PM
#55
Right now your safest bet is to use the hardware wallet Trezor.
full member
Activity: 131
Merit: 100
December 21, 2014, 06:44:23 PM
#54
Thanks everyone for the answers, they were really hepful. I am actually curious to know even more details about bitcoin, but right now my priority is how can I buy bitcoin without chance of being robbed. Someone mentioned having an offline computer, but the problem with that is that I have only one computer right now, I can´t have an offline one. So what´s the safest way to buy bitcoin with what I have? Would it be paper wallet or what?

Here's some physical wallet options - http://yocrypto.ca/listing-category/physical-wallets/

I personally use circle to purchase, and send to my woodwallet right away.

There is a whole bunch of free options for paper wallets.  Exchanges thrid party purchasing services, all might be a risk, but also quite important to the ecosystem and funtionality of Bitcoin.  Personally i wouldn't say stay clear 100%, but if you are going to use ANY service that puts a third party in charge of your fund, do your research. If you have to use it, 'get your coins, and withdraw into your paper wallet or w.e fast. If you're trading, make your trades and withdraw before bed. Just keep them close.  2FA wherever possible and just be aware of what is happening with the busines you are trusting your money with...

Can I ask you some questions?

1- What is a woodwallet?

2- How can I be sure my physical wallet won´t be hacked?

3- How to make a paper wallet with absolutely no chance of a hacker figuring out my key?

4- Supposing I already made my paper wallet, do I just buy bitcoins with its "external address"?

5- Shouldn´t I be worried about having a physical wallet, in the sense that if it breaks or is lost, my BTC is lost forever?


1. Wood wallet is one of many physical alternatives. Basically, physical wallets provide offline storage, or remove network connections and back doors.  You can use your physical wallet as a key to access savings, which cannot be taken out unless you scan the physical wallet. Wood wallet is a woodvariety thats roughly ~30 bucks, i chose it because it was cool looking, but there is many free alternatives, metal wallets, or others with screens and such.  Take a browse, some really cool technology coming out right now..


2. Physical wallet puts the security in your hands. As for hacking of them and tracking of them, I am not 100% on all my tech knowledge I would reccomend speaking with someone who's been around for a while and completely understands all the back end happening.

3. - I think this might help, offline address allows you to create a key while offline. https://www.offlineaddress.com/

4. - Purchase coins with w.e service or thorugh a miner, then send to the public or receive address in your physical wallet. NEVER NEVER NEVER NEVER share your private key.

5. - well, yes and no, keep it safe.  IT's physical, more like cash. If you leave it out and someone takes it your frigged, likewise, if your house is set on fire and you have a wood wallet, not looking good, although I know you can make backups, this si something a tech body could help you out with a bit more.  PAper wallet will never break, but it could get exposed to elements and yes, trouble...


I hope someone else reading this can touch base a little deeper with the tech side of things. Anyhow, if you have more Q's send a mesage I can help to extent of my knowledge.  I must say though, you are doing the right thing by coming in here and asking about it before willingly giing money to something that is unknown. Well done, and have a great time with bitcoin, this is a really cool place. Lots to be aware of, but i really enjoy Bitcoin and the community that supports its technology.


3. Ok, I went to this site, you have to be offline and then it will give you a private key, I note it down on paper and that´s it? No one will ever be able to figure it out, except from reading my physical note on paper? But, when I want to send money from my address to another one, I will have to write my private key on computer, at those few seconds, when I do that, how can I be sure a malware will not save it and then send to hacker? And having an offline computer is not an option for me.

Also, even being offline, the code will have to appear on the screen before I note it down. Is it possible that a malware will save it offline and later send to hacker? If yes, it means I feel there is no secure way for me to generate a private key. Sad
full member
Activity: 131
Merit: 100
December 21, 2014, 06:26:15 PM
#53
1- How can I be sure I will never "f*ck up my R values"?

2- So, there are exactly 2^256 private keys total?

3- And from what you said, I suppose it´s not profitable to get your computers to check one by one for balance, because there are so many and they will probably never find one that has already been used?

4- How many digits has the number 2^256?

1. You can't. It all depends on the programmer.

2. No, slightly less than that. Moreso, because of a different part of the address generation algorithm, there are actually 2^160(still a very large number) possible addresses from the ~2^256 private keys.

3. Nope.

4. 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936

5. Don't be confused about the small appearance of this number. I assure you, it's incomprehensibly huge. Most people know how to "count" only to the bolded part.

A quantum computer built using quantum entanglement(one has not been built that uses this only one with quantum annealing which is not the same) can pose a threat to all crypto. But orders of magnitudes more qubits than the D-Wave one.
The other method is to build the best possible computer, quantum or not with 100% efficiency, use a dyson sphere to trap a young star and travel through a wormhole that connects billions of years in the future to obtain the results.

2. Which means each address can be accessed by 2^94 private keys? But that doesn´t matter because the chance to find an address with money is still like finding an atom in a galaxy?
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
December 21, 2014, 06:25:46 PM
#52
Lets summarize or TLDR;

  • Bitcoins don't actually exist.
  • Wallets store one or more private keys.
  • A private key is a very large integer(number). Link to infograph https://i.imgur.com/IL6PV5E.jpg
  • Any type of bitcoin malware that has access to a machine where an unencrypted wallet resides CAN steal the bitcoins.

Your description is correct and helpful but your first point "Bitcoins don't actually exist" in wrong.  Of course you can discuss the ontology of what it means to exist but in the common meaning of the term bitcoins do exist.  Bitcoins are possession of the private keys which are necessary to move bitcoin outputs in the bitcoin network.  You + the private key + the bitcoin network are the bitcoin.  All three exist.

It is in the network that they exist.  By participating in the network you are accepting the promise that the bitcoins are recorded there.  It is in the private key that they exist because that is needed to move them in the network.  But the ultimate place they exist is in you, in your acceptance that the network will allow you to transfer them to another address and that such transfer can be exchanged for goods or services.

In this sense they exist just like dollars exist.  You need the network (The United States), the right to transfer (bank account, cash, your signature, other recognized means of ownership) and the expectation of value (you expect that dollars can be exchanged for goods and services.)


My TLDR was a summary of what was discussed here. First post https://bitcointalksearch.org/topic/m.9832308

However even the Core developers have stated that same thing.
sr. member
Activity: 451
Merit: 250
December 21, 2014, 06:06:40 PM
#51
Lets summarize or TLDR;

  • Bitcoins don't actually exist.
  • Wallets store one or more private keys.
  • A private key is a very large integer(number). Link to infograph https://i.imgur.com/IL6PV5E.jpg
  • Any type of bitcoin malware that has access to a machine where an unencrypted wallet resides CAN steal the bitcoins.

Your description is correct and helpful but your first point "Bitcoins don't actually exist" in wrong.  Of course you can discuss the ontology of what it means to exist but in the common meaning of the term bitcoins do exist.  Bitcoins are possession of the private keys which are necessary to move bitcoin outputs in the bitcoin network.  You + the private key + the bitcoin network are the bitcoin.  All three exist.

It is in the network that they exist.  By participating in the network you are accepting the promise that the bitcoins are recorded there.  It is in the private key that they exist because that is needed to move them in the network.  But the ultimate place they exist is in you, in your acceptance that the network will allow you to transfer them to another address and that such transfer can be exchanged for goods or services.

In this sense they exist just like dollars exist.  You need the network (The United States), the right to transfer (bank account, cash, your signature, other recognized means of ownership) and the expectation of value (you expect that dollars can be exchanged for goods and services.)

legendary
Activity: 1246
Merit: 1011
December 21, 2014, 05:41:48 PM
#50
4- How many digits has the number 2^256?

4. 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936

Just to clarify:
2^256 = 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936.
This is a 78-digit number.
full member
Activity: 168
Merit: 100
www.secondstrade.com - 190% return Binary option
December 21, 2014, 05:36:30 PM
#49
I have been using the physical hardware wallet trezor for a while now,
and feel it is the best wallet to buy to secure your funds.
legendary
Activity: 1862
Merit: 1011
Reverse engineer from time to time
December 21, 2014, 05:12:21 PM
#48
Lets summarize or TLDR;

  • Bitcoins don't actually exist.
  • Wallets store one or more private keys.
  • A private key is a very large integer(number). Link to infograph https://i.imgur.com/IL6PV5E.jpg
  • Any type of bitcoin malware that has access to a machine where an unencrypted wallet resides CAN steal the bitcoins.

The link is very interesting, can I ask a few questions?

1- What does it mean to "f*ck up with the R values"?

2- Why does the impossibility of a computer counting to 2^256 prevent it from attacking bitcoin?

3- And why doesn´t that prevent the computer from generating private keys and making transactions?

4- Which makes me wonder, if private keys are generated randomly, then is there a chance of the same private key being generated twice?

1. R value is part of the algorithm by which a transaction is signed. If the same value is re-used twice, recovery of the private key is trivial. This only happens with badly written code/programmer errors.

2. Since a computer cannot count to 256 in a timely manner(billions of years even if a super computer was used), it cannot check EVERY private key for a balance.

3. Because there are so many. There are as many private keys as there are atoms in the UNIVERSE(well, slightly less than that in cosmic terms).

4. Nothing prevents it, but so long as entropy is sufficient(these are random bytes generated by your hardware) this is extremely unlikely. Or as somebody said, it's infinitely more likely to get hit by lightning 7 times in a row while winning the lottery 7 times in a row.

1- How can I be sure I will never "f*ck up my R values"?

2- So, there are exactly 2^256 private keys total?

3- And from what you said, I suppose it´s not profitable to get your computers to check one by one for balance, because there are so many and they will probably never find one that has already been used?

4- How many digits has the number 2^256?

1. You can't. It all depends on the programmer.

2. No, slightly less than that. Moreso, because of a different part of the address generation algorithm, there are actually 2^160(still a very large number) possible addresses from the ~2^256 private keys.

3. Nope.

4. 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936

5. Don't be confused about the small appearance of this number. I assure you, it's incomprehensibly huge. Most people know how to "count" only to the bolded part.

A quantum computer built using quantum entanglement(one has not been built that uses this only one with quantum annealing which is not the same) can pose a threat to all crypto. But orders of magnitudes more qubits than the D-Wave one.
The other method is to build the best possible computer, quantum or not with 100% efficiency, use a dyson sphere to trap a young star and travel through a wormhole that connects billions of years in the future to obtain the results.
Pages:
Jump to: