Pages:
Author

Topic: How do YOU know a wallet is safe to use? (Read 1322 times)

legendary
Activity: 3472
Merit: 4801
May 14, 2014, 02:08:39 AM
#27
There seems to be agreement that a paper wallet is safe, but how long term?

Impossible to know.  It would be best to keep yourself aware of any major new developments in Bitcoin if you are holding any bitcoin.  In general, a paper wallet (if created in a safe manner) should be safe until mathematicians manage to completely break all three of ECDSA, SHA-256, and RIPEMD-160.  I'll be surprised if all three of those are completely broken to the point of being reversible in less than a decade.

Do wallet updates effect the paper wallet?

While not impossible, what would be more likely than that is for the current cryptography to become weakened with new mathematical developments.  The bitcoin protocol would be updated with new cryptography, and your old paper wallet (while still supported by the new protocol) would become vulnerable to theft.

Should I keep a redundant set of usb's with the program that created the paper with the paper (in case the software goes through some form of evolution)?

That wouldn't hurt, but it isn't likely to help.  If the protocol changes in a way that makes it impossible to spend your bitcoins (extremely unlikely), then your old program won't be recognized as valid by the rest of the network.

Does the paper wallet keep track of all of the different receive addresses?

Not usually.  Usually, a paper wallet only has a single receiving address.

It just seems odd to me that a single QR code is going to be able to hold enough information to recreate my wallet.

The single QR-Code will most likely hold enough information to recreate a single receiving address.  If you want multiple receiving addresses, then each one will have it's own pair of QR-Codes.

And of that, once you create the paper wallet, I assume that you destroy the digital one.  If it is still around and falls into the wrong hands, the paper wallet would quickly become useless.

The paper wallet is generally created separate from the digital one.  It has its own address that doesn't eve exist in the digital wallet.  You send the bitcoins from your digital wallet to the paper wallet.  Therefore, there aren't any bitcoins in the digital wallet for anyone to steal.  As such, there is no need to destroy the digital wallet.  If it falls into the wrong hands it is useless (since it doesn't contain any of the bitcoins.

Wow.  Hitting the delete key on that file is gotta be hard to do.

Deleting an empty wallet isn't a very difficult thing to do.  Trusting that the paper wallet receiving address matches the paper wallet private key, and sending the bitcoins to the paper wallet receiving address can take some faith though.
newbie
Activity: 98
Merit: 0
How can you know  your USD is safe?
 Nobody can be completely sure of it
newbie
Activity: 42
Merit: 0
I guess u should actually look at the website, bitcoin.org before making any decision. They provide the official wallet sources. Try to download a wallet client that is opensourced so that you could review the sourcecode first. Do not download from any other sources other than the official one.
newbie
Activity: 11
Merit: 0
There seems to be agreement that a paper wallet is safe, but how long term?  Do wallet updates effect the paper wallet?  Should I keep a redundant set of usb's with the program that created the paper with the paper (in case the software goes through some form of evolution)?  Does the paper wallet keep track of all of the different receive addresses?  It just seems odd to me that a single QR code is going to be able to hold enough information to recreate my wallet.

And of that, once you create the paper wallet, I assume that you destroy the digital one.  If it is still around and falls into the wrong hands, the paper wallet would quickly become useless.  Wow.  Hitting the delete key on that file is gotta be hard to do.
hero member
Activity: 882
Merit: 1000
Exhausted
Can I diversify the risk of hacker attack if I'll use different wallets? How wallet's security is depend on me?

It helps if the problem is in one particular wallet client.
If you have malware in your computer, or your computer has been hacked, your bitcoin will be stolen even if you used 5 different wallets.

The best way to secure your bitcoin would be to use an offline wallet or a paper wallet IMO.
newbie
Activity: 56
Merit: 0
Can I diversify the risk of hacker attack if I'll use different wallets? How wallet's security is depend on me?
hero member
Activity: 742
Merit: 502
Circa 2010
The only way you'd know is to look at the open source code and check each line for yourself so that you know the function of every single line and that none of it is suspicious. However, in reality few people have that expertise and the number of manhours needed would be huge. Nonetheless, an open source client is always best - Qt is good if you have time to download the blockchain, or I would advise Multibit/Electrum. Both have a large enough userbase to ensure that nothing untoward has been added to the code as of yet.
newbie
Activity: 52
Merit: 0

It depends on how important the bitcoin is to you.  If you can't afford to lose it, then perhaps stick with the slow but must trusted bitcoin-qt.  If it is a small amount that won't impact your life much, then you might try one of the alternatives that will be more responsive and less resource intensive.  I don't know enough to give any specific suggestions.
hero member
Activity: 653
Merit: 500
I always tell people to use only bitcoin-qt. Its the safest wallet out there. I know its going to be 100Gig soon but safety first...

It is only just 19 GB now. I am sure my HDD will die first, before the blockchain reaches 100 GB Smiley
sr. member
Activity: 392
Merit: 250
I always tell people to use only bitcoin-qt. Its the safest wallet out there. I know its going to be 100Gig soon but safety first...
hero member
Activity: 625
Merit: 500
So I see disagreement about open source wallets and beta wallets - so let me ask you guys:  

(1) What exactly IS the official site?  Bitcoin.org, Bitcoin.com?
(2) The wallet I downloaded and have been using is Bitcoin-Qt version v0.8.6-beta and the new one says it is 0.9 - and I thought I downloaded it from the "official " site.  Have I already screwed up?

The official site for Bitcoin Core (previously called Bitcoin-qt) is bitcoin.org, and the latest version should 0.9.1.
Each wallet has its own official site (eg. https://electrum.org/ for Electrum)
I personally think the only wallets you should use are like these: real wallets where you actually own your Bitcoins.
Using online wallets is the worst decision you can make.

I agree with that. Why go ahead and throw the control over your money that bitcoin gives you overboard again right away even before really getting started by trusting a third party with holding it for you?
That's not saying online wallet provider's are not to be trusted, it's more like: they are not necessarily safer from hacks than your local machine and they definetly are a much more attractive and bigger target.

Doesn't have to be bitcoin-core (formerly bitcoin-qt) if you don't want to lift the heavy weight of the full blockchain, but using a local wallet preferably on an offline machine, that goes online only spradically for synching/transfers alongside a safely created paperwallet to store BTC longterm on should be the way to go.

Exactly. A simple way to say that is: You don't have your bitcoin, if you don't control the privkey.
hero member
Activity: 798
Merit: 500
Time is on our side, yes it is!
Good question, I for one didn't know all this important info was out there on the subject.  Gonna have to do reading on this for future reference.
full member
Activity: 224
Merit: 100
So I see disagreement about open source wallets and beta wallets - so let me ask you guys:  

(1) What exactly IS the official site?  Bitcoin.org, Bitcoin.com?
(2) The wallet I downloaded and have been using is Bitcoin-Qt version v0.8.6-beta and the new one says it is 0.9 - and I thought I downloaded it from the "official " site.  Have I already screwed up?

The official site for Bitcoin Core (previously called Bitcoin-qt) is bitcoin.org, and the latest version should 0.9.1.
Each wallet has its own official site (eg. https://electrum.org/ for Electrum)
I personally think the only wallets you should use are like these: real wallets where you actually own your Bitcoins.
Using online wallets is the worst decision you can make.

I agree with that. Why go ahead and throw the control over your money that bitcoin gives you overboard again right away even before really getting started by trusting a third party with holding it for you?
That's not saying online wallet provider's are not to be trusted, it's more like: they are not necessarily safer from hacks than your local machine and they definetly are a much more attractive and bigger target.

Doesn't have to be bitcoin-core (formerly bitcoin-qt) if you don't want to lift the heavy weight of the full blockchain, but using a local wallet preferably on an offline machine, that goes online only spradically for synching/transfers alongside a safely created paperwallet to store BTC longterm on should be the way to go.
sr. member
Activity: 252
Merit: 250
If there are updates ESP when a forum actually announces it as well.

Which is still up there on top of this forum news: Open SSL heartbleed bug, it shows they are on top of security.

Keep in mind, bitcoin qt wallet is part of the original block foundation before any of the mobile and web wallets were around.
hero member
Activity: 896
Merit: 527
₿₿₿₿₿₿₿
So I see disagreement about open source wallets and beta wallets - so let me ask you guys: 

(1) What exactly IS the official site?  Bitcoin.org, Bitcoin.com?
(2) The wallet I downloaded and have been using is Bitcoin-Qt version v0.8.6-beta and the new one says it is 0.9 - and I thought I downloaded it from the "official " site.  Have I already screwed up?

The official site for Bitcoin Core (previously called Bitcoin-qt) is bitcoin.org, and the latest version should 0.9.1.
Each wallet has its own official site (eg. https://electrum.org/ for Electrum)
I personally think the only wallets you should use are like these: real wallets where you actually own your Bitcoins.
Using online wallets is the worst decision you can make.
hero member
Activity: 543
Merit: 500
This is the official wallet on the official site and this is the most mature coin we have - but this is still tagged as beta software and the version starts with a zero - it seems counterintuitive that this coin (above all others) would not have at least one release that is not marked beta.  I think that is the bottom line of my original fear and why I had the original question.

Yes, it is still beta as we are in 0.9.1, but it should be not anymore for the next major release 1.0.0  Smiley
hero member
Activity: 602
Merit: 500
I only use those what is posted in the bitcoin official site. Also check for reviews on the forum.
hero member
Activity: 518
Merit: 500
All my wallets are generated offline. All except my hot wallets on blockchain.info
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
April 29, 2014, 01:31:08 PM
#9
-snip-
is there a reasonable fear that a new release will no longer support a wallet from a previous release?

No, noone would be able to update without sending the coins. There might be a cenario in the future that recuires to throw downwards compability overboard. Anyway, as long as you backup your wallet.dat to somewhere safe on a regular basis you are fine. Even with a newer version you could just reinstall the old version and use that.
newbie
Activity: 11
Merit: 0
April 29, 2014, 01:16:20 PM
#8
Alright I went there and loaded the 9.1.0 version and after it finished "verifying blocks" it came up and it looked like it lost my send and receive addresses.  I found them eventually but the interface has changed somewhat.  Thank you for the head's up for the new version.

This is the official wallet on the official site and this is the most mature coin we have - but this is still tagged as beta software and the version starts with a zero - it seems counterintuitive that this coin (above all others) would not have at least one release that is not marked beta.  I think that is the bottom line of my original fear and why I had the original question.

Let me ask you this:  Does it make sense to keep separate folders with both the software for a wallet and the wallet data together so that when the wallets go from release to release I maintain a 1:1 correspondence between the wallet data and the software that created it?  Asked another way, is there a reasonable fear that a new release will no longer support a wallet from a previous release?
Pages:
Jump to: