How do you encrypt/backup your wallet

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: Light on January 09, 2014, 06:05:39 AM

Quote from: Abdussamad on January 09, 2014, 03:50:02 AM

Let's see to crack the wallet you need a copy of the encrypted wallet + the password

1. Offline backups mean to get the copy of the encrypted wallet you need to physically visit his residence/office and grab the backup disks.

2. Online backups mean you need to access his cloud account. You can take your sweet time doing this remotely. Phishing attacks would work in this scenario.

So IMO 1. is much better.

edit: To secure your wallet in your online storage you have to keep a strong password for you wallet file, your storage account *and* your email account because otherwise a thief could use the forgotten password link to get access to your storage account. To secure your offline backup you only need the password for your wallet file and the key to your safe deposit box/storage box whatever where you are keeping your backup media.

The problem with 1. is that if you don't store you physical USB (or w/e storage device) somewhere other than your home, if you home burns down or if you lose the backup then your kind of screwed if you do need to rely on your backup. With 2. the only way you actually lose your wallet is if you give out your password (provided it's a proper secure password - not something stupid like 1234) in which case if your dumb enough to give people your password then you deserve to lose your money. It's like if your dumb enough to give people all your bank details don't be surprised if people just empty out your account.

1. Create a super-strong encryption password, stick it in bank or with lawyer.
2. Back-up your wallet online, and tell your loved ones (a) how to access it, and (b) who has the password

No scheme is perfect, but that's reasonable.

Light

hero member

Activity: 742

Merit: 502

Circa 2010

Quote from: Abdussamad on January 09, 2014, 03:50:02 AM

Let's see to crack the wallet you need a copy of the encrypted wallet + the password

1. Offline backups mean to get the copy of the encrypted wallet you need to physically visit his residence/office and grab the backup disks.

2. Online backups mean you need to access his cloud account. You can take your sweet time doing this remotely. Phishing attacks would work in this scenario.

So IMO 1. is much better.

edit: To secure your wallet in your online storage you have to keep a strong password for you wallet file, your storage account *and* your email account because otherwise a thief could use the forgotten password link to get access to your storage account. To secure your offline backup you only need the password for your wallet file and the key to your safe deposit box/storage box whatever where you are keeping your backup media.

The problem with 1. is that if you don't store you physical USB (or w/e storage device) somewhere other than your home, if you home burns down or if you lose the backup then your kind of screwed if you do need to rely on your backup. With 2. the only way you actually lose your wallet is if you give out your password (provided it's a proper secure password - not something stupid like 1234) in which case if your dumb enough to give people your password then you deserve to lose your money. It's like if your dumb enough to give people all your bank details don't be surprised if people just empty out your account.

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: BTCisthefuture on January 09, 2014, 12:13:39 AM

Quote from: empoweoqwj on January 08, 2014, 09:47:45 PM

Quote from: Peter882 on January 08, 2014, 11:45:42 AM

Quote from: Morbo on January 08, 2014, 10:13:04 AM

Quote from: bitpop on January 08, 2014, 02:06:56 AM

Quote from: GodHatesFigs on January 06, 2014, 03:45:56 PM

Could someone clarify this for me: I've encrypted my wallet using BitcoinQT's built in feature. The password has ~150bits of entropy - can I safely store my encrypted wallet.dat in the cloud?

I would add a simple zip encryption too and call it pictures.

Archive encryptions used to be exceptionally weak and vulnerable in the past and zip encryption was particularly weak IIRC. Did anything change in that regard?

I personally use 7zip, which employs AES-256 encryption.
It should be strong enough when the password is long, right?

Not sure about other archive software though.

Yep, good as extra precaution. Just as long as you remember your password

Maybe it's overkill and just creates an unneeded extra step on my part but I'm going to make an archive with 7zip and then use boxcyptor on top that. Also it's stored on my google drive which requires 2 factor authentication through my phone on top of that password. Also the file name is changed to something that won't stand out so even if someone did get access to all the different passwords and my phone they still might have a hard time ever knowing to grab that file.

The tricky part is not inventing an amazingly layered protection scheme .... the tricky part is passing the wealth onto your loved ones should the worse come to the worse. We all need to think about that aspect as well. None of us is going to be here for ever unfortunately.

Abdussamad

legendary

Activity: 3696

Merit: 1584

Quote from: Light on January 09, 2014, 03:39:36 AM

Quote from: Abdussamad on January 09, 2014, 03:20:16 AM

All of this crap will only make it harder to a) make backups and b) restore from backups and c) recover backups should you ever forget your passwords. In the end you'll be dissuaded from making regular backups and you'll loose coins, so keep it simple. Use the built in encryption in bitcoin-qt and store your backups offline on removable media like USB drives. Sticking it online is asking for trouble.

Also remember to make new backups once every 100 transactions or you'll loose coins. Alternatively you could switch to electrum and only need to make one backup at the start.

Provided he uses a long password (20+) with numbers, different cases and symbols he should be fine with uploading it, as unless his pass is guessed or hit by a dictionary attack he should be fine with uploading it to an online storage site. Plus it means that if he has a fire or somehow loses all his USBs he can always download a copy of his wallet.

Let's see to crack the wallet you need a copy of the encrypted wallet + the password

1. Offline backups mean to get the copy of the encrypted wallet you need to physically visit his residence/office and grab the backup disks.

2. Online backups mean you need to access his cloud account. You can take your sweet time doing this remotely. Phishing attacks would work in this scenario.

So IMO 1. is much better.

edit: To secure your wallet in your online storage you have to keep a strong password for you wallet file, your storage account *and* your email account because otherwise a thief could use the forgotten password link to get access to your storage account. To secure your offline backup you only need the password for your wallet file and the key to your safe deposit box/storage box whatever where you are keeping your backup media.

Light

hero member

Activity: 742

Merit: 502

Circa 2010

Quote from: Abdussamad on January 09, 2014, 03:20:16 AM

All of this crap will only make it harder to a) make backups and b) restore from backups and c) recover backups should you ever forget your passwords. In the end you'll be dissuaded from making regular backups and you'll loose coins, so keep it simple. Use the built in encryption in bitcoin-qt and store your backups offline on removable media like USB drives. Sticking it online is asking for trouble.

Also remember to make new backups once every 100 transactions or you'll loose coins. Alternatively you could switch to electrum and only need to make one backup at the start.

Provided he uses a long password (20+) with numbers, different cases and symbols he should be fine with uploading it, as unless his pass is guessed or hit by a dictionary attack he should be fine with uploading it to an online storage site. Plus it means that if he has a fire or somehow loses all his USBs he can always download a copy of his wallet.

Abdussamad

legendary

Activity: 3696

Merit: 1584

Quote from: BTCisthefuture on January 09, 2014, 12:13:39 AM

Quote from: empoweoqwj on January 08, 2014, 09:47:45 PM

Quote from: Peter882 on January 08, 2014, 11:45:42 AM

Quote from: Morbo on January 08, 2014, 10:13:04 AM

Quote from: bitpop on January 08, 2014, 02:06:56 AM

Quote from: GodHatesFigs on January 06, 2014, 03:45:56 PM

Could someone clarify this for me: I've encrypted my wallet using BitcoinQT's built in feature. The password has ~150bits of entropy - can I safely store my encrypted wallet.dat in the cloud?

I would add a simple zip encryption too and call it pictures.

Archive encryptions used to be exceptionally weak and vulnerable in the past and zip encryption was particularly weak IIRC. Did anything change in that regard?

I personally use 7zip, which employs AES-256 encryption.
It should be strong enough when the password is long, right?

Not sure about other archive software though.

Yep, good as extra precaution. Just as long as you remember your password

Maybe it's overkill and just creates an unneeded extra step on my part but I'm going to make an archive with 7zip and then use boxcyptor on top that. Also it's stored on my google drive which requires 2 factor authentication through my phone on top of that password. Also the file name is changed to something that won't stand out so even if someone did get access to all the different passwords and my phone they still might have a hard time ever knowing to grab that file.

All of this crap will only make it harder to a) make backups and b) restore from backups and c) recover backups should you ever forget your passwords. In the end you'll be dissuaded from making regular backups and you'll loose coins, so keep it simple. Use the built in encryption in bitcoin-qt and store your backups offline on removable media like USB drives. Sticking it online is asking for trouble.

Also remember to make new backups once every 100 transactions or you'll loose coins. Alternatively you could switch to electrum and only need to make one backup at the start.

BTCisthefuture

sr. member

Activity: 364

Merit: 250

Quote from: empoweoqwj on January 08, 2014, 09:47:45 PM

Quote from: Peter882 on January 08, 2014, 11:45:42 AM

Quote from: Morbo on January 08, 2014, 10:13:04 AM

Quote from: bitpop on January 08, 2014, 02:06:56 AM

Quote from: GodHatesFigs on January 06, 2014, 03:45:56 PM

Could someone clarify this for me: I've encrypted my wallet using BitcoinQT's built in feature. The password has ~150bits of entropy - can I safely store my encrypted wallet.dat in the cloud?

I would add a simple zip encryption too and call it pictures.

Archive encryptions used to be exceptionally weak and vulnerable in the past and zip encryption was particularly weak IIRC. Did anything change in that regard?

I personally use 7zip, which employs AES-256 encryption.
It should be strong enough when the password is long, right?

Not sure about other archive software though.

Yep, good as extra precaution. Just as long as you remember your password

Maybe it's overkill and just creates an unneeded extra step on my part but I'm going to make an archive with 7zip and then use boxcyptor on top that. Also it's stored on my google drive which requires 2 factor authentication through my phone on top of that password. Also the file name is changed to something that won't stand out so even if someone did get access to all the different passwords and my phone they still might have a hard time ever knowing to grab that file.

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: Peter882 on January 08, 2014, 11:45:42 AM

Quote from: Morbo on January 08, 2014, 10:13:04 AM

Quote from: bitpop on January 08, 2014, 02:06:56 AM

Quote from: GodHatesFigs on January 06, 2014, 03:45:56 PM

Could someone clarify this for me: I've encrypted my wallet using BitcoinQT's built in feature. The password has ~150bits of entropy - can I safely store my encrypted wallet.dat in the cloud?

I would add a simple zip encryption too and call it pictures.

Archive encryptions used to be exceptionally weak and vulnerable in the past and zip encryption was particularly weak IIRC. Did anything change in that regard?

I personally use 7zip, which employs AES-256 encryption.
It should be strong enough when the password is long, right?

Not sure about other archive software though.

Yep, good as extra precaution. Just as long as you remember your password

bitpop

legendary

Activity: 2912

Merit: 1060

Winrar

BookLover

hero member

Activity: 533

Merit: 500

^Bitcoin Library of Congress.

+1 for 7zip

bitpop

legendary

Activity: 2912

Merit: 1060

Yes aes zips are great. Plus it's just extra.

Peter882

hero member

Activity: 543

Merit: 500

Quote from: Morbo on January 08, 2014, 10:13:04 AM

Quote from: bitpop on January 08, 2014, 02:06:56 AM

Quote from: GodHatesFigs on January 06, 2014, 03:45:56 PM

Could someone clarify this for me: I've encrypted my wallet using BitcoinQT's built in feature. The password has ~150bits of entropy - can I safely store my encrypted wallet.dat in the cloud?

I would add a simple zip encryption too and call it pictures.

Archive encryptions used to be exceptionally weak and vulnerable in the past and zip encryption was particularly weak IIRC. Did anything change in that regard?

I personally use 7zip, which employs AES-256 encryption.
It should be strong enough when the password is long, right?

Not sure about other archive software though.

Morbo

member

Activity: 115

Merit: 11

Quote from: bitpop on January 08, 2014, 02:06:56 AM

Quote from: GodHatesFigs on January 06, 2014, 03:45:56 PM

Could someone clarify this for me: I've encrypted my wallet using BitcoinQT's built in feature. The password has ~150bits of entropy - can I safely store my encrypted wallet.dat in the cloud?

I would add a simple zip encryption too and call it pictures.

Archive encryptions used to be exceptionally weak and vulnerable in the past and zip encryption was particularly weak IIRC. Did anything change in that regard?

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: bitpop on January 08, 2014, 02:06:56 AM

Quote from: GodHatesFigs on January 06, 2014, 03:45:56 PM

Could someone clarify this for me: I've encrypted my wallet using BitcoinQT's built in feature. The password has ~150bits of entropy - can I safely store my encrypted wallet.dat in the cloud?

I would add a simple zip encryption too and call it pictures.

Renaming the file from wallet.dat for bitcoin-qt users is certainly a good idea. The wallet file has a different name with electrum anyway

bitpop

legendary

Activity: 2912

Merit: 1060

Quote from: GodHatesFigs on January 06, 2014, 03:45:56 PM

Could someone clarify this for me: I've encrypted my wallet using BitcoinQT's built in feature. The password has ~150bits of entropy - can I safely store my encrypted wallet.dat in the cloud?

I would add a simple zip encryption too and call it pictures.

empoweoqwj

hero member

Activity: 518

Merit: 500

Quote from: BTCisthefuture on January 06, 2014, 08:12:49 AM

Quote from: empoweoqwj on January 06, 2014, 07:58:27 AM

Quote from: BTCisthefuture on January 06, 2014, 07:13:35 AM

What options do you use to backup your wallet data and encrypt it.

I was looking into using trucrypt to encrypt the file and then store it in the could but would like to hear about other methods, options as well.

Backup and encryption are really different topics.

ok let me clarify. I have a copy of my wallet data file , I'd like to encrypt though so if anyone ever found it wouldn't be of use for them. So basically, what apps/services do you guys use to encrypt files. Or are there any cloud storage services that do encrption when you upload a file.

I use electrum. encryption is built-in. You don't need anything external, just have to remember your passcode

GodHatesFigs

full member

Activity: 557

Merit: 101

Could someone clarify this for me: I've encrypted my wallet using BitcoinQT's built in feature. The password has ~150bits of entropy - can I safely store my encrypted wallet.dat in the cloud?

BTCisthefuture

sr. member

Activity: 364

Merit: 250

Quote from: cdog on January 06, 2014, 09:20:37 AM

Bitcoin-qt has encryption built in. Just goto "Settings" and make sure you use at least 15 characters (numbers and symbols help strength a lot).

Make sure you use a phrase you wont ever, EVER forget.

Once the wallet is encrypted, your coins are completely safe. Even if someone gets their hands on it, its useless to them.

Make sure you back it up, copies on flash drives stored in physically distinct locations are best, but if its encrypted very well, you could put it in an email or cloud storage, so it cant ever be lost.

Correct me if I'm wrong, but that only means you have a password to use it. If someone obtains that key through malware or other means then it's no longer safe. Am I missing something ?

cdog

hero member

Activity: 1036

Merit: 500

Bitcoin-qt has encryption built in. Just goto "Settings" and make sure you use at least 15 characters (numbers and symbols help strength a lot).

Make sure you use a phrase you wont ever, EVER forget.

Once the wallet is encrypted, your coins are completely safe. Even if someone gets their hands on it, its useless to them.

Make sure you back it up, copies on flash drives stored in physically distinct locations are best, but if its encrypted very well, you could put it in an email or cloud storage, so it cant ever be lost.

Morbo

member

Activity: 115

Merit: 11

Truecrypt is for encrypting whole filesystems I think.

For encrypting single files, I am using gpg.

Topic: How do you encrypt/backup your wallet (Read 3264 times)