Topic: How do you protect your wallet and backup file? (Read 3585 times)

No, its not actually needed to look into multisig for personal use IMHO.



Sure

I see that it's mostly used by 3rd party services right? Like it's not really necessary for me to touch the multisig thing? It seems like bitcoin is simple, but yet it's a bit more complex than what it kinda looks like because it's not just buy and spend/save. It's alot about security.

Seems like I got all my questions answered, it took a bit more than a month. Thank you for taking time answering and explaining all this!

Its possible to modify a live system before you burn it to a DVD, but its probably considered advanced.


Multi-sig as in multiple signatures. Usually there is a single private key that signs a transaction. This signature makes it valid and allows you to spend the funds. This is basically what happens every time you spend bitcoin. You unlock your private key, use it to sign a transaction and broadcast said transaction.
The idea with multi-sig is that you need more than one private key to make a valid transaction. E.g. for escrow services a multi-sig system can be created where the seller (S) has a private key, the buyer (B) has a private key and the person doing the escrow (E) has a private key.
The typical design would be that they all create a single address and every two of them can spend the funds "2 of 3 multi-sig". These addresses would start with 3 instead of 1 like this[2]. The 3 has nothing to do with the amount of keys used. The 3 indicates that its a pay to script address [3] instead of a "normal" pay to pubkey hash address.

On the protocol level bitcoin is "just" signatures, scripts and transactions thus its possible to create an address which funds can be spend if the transaction spending them is signed by 2 of the 3 possible private keys. So in our escrow case, B sends the funds to the address, S sends the goods. If everything is how B expencted it to be B can sign a transaction and pass it to S to sign it as well and the coins are spend (usually to S).
If something goes wrong B and/or S can contact E to decide where the funds should go. Neither B nor S can spend the funds alone, thus E can listen to all arguments and finally make a decision where the funds should be send to by signing the correcsponding transaction.
E.g. OpenBazaar [1] will use this (mostly automated) as part of a mechanism to resolve dispute between B and S.

[1] https://gist.github.com/drwasho/405d51bd1b1a32e38145
[2] donation address for the darkwallet project: https://www.blocktrail.com/BTC/address/31oSGBBNrpCiENH3XMZpiP6GTC4tad4bMy
[3] https://en.bitcoin.it/wiki/Pay_to_script_hash

Can't I just install electrum on tails, and save it? So I don't have to get it everytime? I am not sure if I understood your last sentence.

You also talked about multisig, I don't understand what it is. Could you explain it briefly?

Well, technically a Trezor could be infected like any other computer, it has a CPU [1] so it can be programmed to do different things. BUT(!) its way easier to find a loophole in a complex machine than it is in a slim machine. Its easier to make a mistakes if you write several million lines of code (modern OS) than it is if you write a few tousand lines of code. I am not sure how many lines of code Trezor actually needs to work, but its a different dimension than an operationsystem. The other things is that its more likely for someone to write malware for a broadly used OS than it is for special purpose hardware. If you have to infect a few million machines to find a single trezor, dont bother, see what the few million machines have to offer. Thats why there are so many viruses for Windows and so little for the other systems.
So as everything technical its not 100% safe, but better than the HD. The harddrive can be read as soon as the system its plugged into is under control. Trazor has to be broken seperately. Like a safe behind a metal door vs. a desk behind a metal door (HDD).


Yep, just keep it in the default setting and you are fine.


Thats why I like Electrum so much. Armory would require constant new backups. I recently installed mSIGNA its slim but needs a local (or remote) bitcoin core to work with, supports multi sig and all the nice stuff. The userinterface is a bit complex though. *sigh* by the time I found my perfect wallet there will be 10 more to test.


Yes, its usually on a DVD (safer because it cant be modified) or USB (more convienient as it allows to store extra data) and is booted into your memory. Thus it does not access your HD because its not actually installed. As long as you trust the hardware you could use it on any machine, even an infected one. The only problem I currently see is that you have to get electrum once you booted tails, but that might change with the next version [2] of tails.


[1] http://doc.satoshilabs.com/trezor-faq/overview.html
[2] https://labs.riseup.net/code/issues/6739

Thanks for your info!

So Tails is a OS. And anything done on Tails, are not stored on my computer. But on Tails, I should only install the electrum wallet, and nothing else, right?

A trezor can not be infected with virus right? If my personal everyday computer have virus, and I plug in the Trezor, it doesn't infect the Trezor right? But with a external harddrive, it could?


I think I asked earlier in the thread about if electrum creates new addresses, because I didn't keep track of all of them. But it looks like it does.

I read through the link you attached, but didn't understand the most of the Seeds and Change Addresses part. However, I think I shouldn't even bother to mess with that one, then hopefully, all my coins are safe.

And yeah, don't bother with private keys either, if you use a wallet like electrum with a seed. Just keep a copy or two of the seed, and it should be good!

If you don't want to use a paper wallet (and I can't see why you wouldn't) and have a significant amount of BTC in your Electrum wallet you could always use Tails.

Download the latest .iso and create a Tails live USB stick. Then boot into Tails, connect your internet, go to the Electrum page in Tails' web browser. Download and run Electrum and restore your wallet from your 12 word seed (written on a piece of paper, or however you like to store it).

When you're done using Electrum, close down Tails and it wipes everything it has done. It doesn't touch your hard disk and even performs a memory wipe. There is no trace of what you have done in Tails anywhere on your computer.

When you reboot back into your usual OS there is no trace of anything you've done in Tails.

I would use this method if you have a large amount of BTC in a Electrum wallet that you only use once every couple of days/weeks.

You can have a permanent Electrum wallet (with a different seed to your big one, containing a smaller amount of BTC on your regular OS for shopping etc.

I never got that far in actually using it, but thats how I understood it yes.


Thats just someting I do on this forum. I sell my signature (below my posts) to advertisers. It has nothing to do with bitcoin per se. Sorry if this is a source for continued confusion. It was ment as an example of income.


I never had a Trezor to test this, but my understand is pretty much what you describe. As long as the host is not infected durring the creation of a transaction you are golden. You keep the Trezor around and only need to plug it in to send bitcoin.


Usually the address is also printed on the paper, but yes it makes sense to keep the address in multiple places.


Electrum handles change as a good wallet should, by default. As in: it creates a new address for every time a change transaction occurs. Here [1] is a very good explanation (IMHO) with pictures.



Currently I use bitcoin core for most things bitcoin, but I plan to change that. I am not entirely sure if I want to use armory hot/cold or electrum hot/cold in the future. I have an old laptop around to experiment with and by its age and performance I will probably end up using electrum. On the other hand I really like the multisig features of armory and the performance should be no issue for cold storrage. There is also this even older netbook that I might use. So I could use both armory and electrum for a while and decide later. Decisions, decisions and little time to actually set thigns in motion. The easiest and fastes setup is Electrum, no questions asked.


Nice summary, just some nitpicking. AFAIK this attack also requires the master public key, which is usually easier to get though. The point "do not mess around with private keys" still stands ofc.


[1] search for "Seeds and Change Addresses" http://bitzuma.com/posts/a-beginners-guide-to-the-electrum-bitcoin-wallet/

The public key is a subset of the private key.
The bitcoin address is the hash of of the public key.

This means that your public key and bitcoin address can be derived from the private key.

The electrum seed generates a series of private keys.
This means all the private keys of a wallet can be generated from 1 seed.

The electrum master public key is derived from the seed.
All the public keys can be derived from it, and in turn, all your bitcoin addresses.

Conclusion:
- Just backup your 12 word seed. (13 words for electrum 2.0 HD wallets).
- Do not export private keys of an electrum wallet unless you really know what you are doing. There are tools that derive all your other private keys based on a single electrum private key.
- Use a watch-only wallet based on the master public key for wallets on PCs you use a lot.

It's all good! I haven't been active here myself because I feel that I am getting a bit tired of just reading threads and watching the btc charts.


So with armory, you can set up a address that require you to type multiply passwords before you want to spend the funds? Extra security right?

I will try to check it out and see if it will suite me.


Yeah, it's a bit more privacy than having all your coins transfered to one address. Maybe it will blend in with everyone elses transactions but I still prefer a bit more security. But I don't understand the signature thing.


So instead of all the hassle with offline transactions etc, it's better to have a Trezor, for example. Or just plug the external hardware into a hot machine and be sure that the machine don't have any malwares or viruses. Because even I don't understand this so much even though you explained it well. So how could average joe understand this lol.


So a paper wallet don't have an actual wallet. It's just the private keys, taken apart and put on a printed paper. And when I want to use it, I also need to remember the wallet address if I need to send coins to my paper wallet, but the private keys aren't needed.

Electrum wallet handles it the way it should, right? Because that change think, does it only go for paperwallets?

BTW, you mentioned bitcore and armory, do you use them instead of electrum, or are they just alternatives to electrum?

First, sorry for the late answer, didnt have the time for a length reply earlier. I see you got the partial quotes now


Yes, I used a different machine for that because I wanted to test how it would perform on old mobile hardware. Not as cold storrage but as a form of semi cold storrage but with a dedicated machine. I still think its as secure as it gets on a daily use computer, but as daily use computers go there is a higher risk for infections. That might not even be my fault. My main machine is also used by guests or family members, it takes USB devices from different people and not all of them know what they are doing when it comes to virusprotection. It is something I want to prepare for, but since I dont have that much to worry about cold storrage yet, I though about a dedicated machine. Another reason for testing armory was that it allows multisig and AFAIK its the only wallet thats currently supporting this. Would be nice to set up an address for the family that would require multiple passwords/keys to spend the funds.


Well the more addresses the more painfull it is to check the pages manually. I wrote a little Javaprogramm [1] a while back that is looking up a list of addresses via the blockchain.info API. Its basically just checking the site for you for each of the addresses and creates a file where it lists all balances
per address. Not sure if this is usefull for you, but it should be still downloadable via mega and the source is included.


I use a new address for every source of bitcoin. E.g. each signature campaign that paid me got its own address, the address in my profile changes from time to time. That way I know where the coins came from when I check in bitcoin core. IIRC electrum has something like this as well. Its just a little label because I wouldnt be able to remember the address string either. This also helps a bit with privacy, because if I gave everyone the same address theyd know how much I received and spend etc.


Yes, trezor would do this for you. The idea of hot and cold wallet is that you have two machines. One called cold because it is offline, where you have the private keys and one call hot because it is online, but it only knows the addresses not the private keys. Thus you have one wallet - the hot one - that knows how much bitcoin you can spend and one wallet that is actually able to confirm the spending of the coins. The way bitcoin works is that if you want to spend bitcoin you need to sign the transaction with your private key in order to make it legit. Otherwise anyone could spend your coins. Now in order to spend both machines have to work together. The cold wallet can not just create a transaction because it does not know how much bitcoin you have etc.; the hot wallet can create a transaction, but cant sign it because it has no access to the private keys. So in order to actually spend coins you have to create a new transaction with the hot wallet, transfer that unsigned transaction to the cold wallet, get it signed and transfer it back to let the network know about it. Trezor would be the cold wallet in this case, connected via USB to the hot wallet. The private keys never leave the device, it gets an unsigned transaction from the computer, signs and returns it. A virus would have to infect the Trezor in order to access your private keys and be able to spend your coins.



I had several they are all empty now, but I might create more once my coin arrives.


No they dont expire. Sorry for the confusion. I rented my signature for 60 days to silverwallets.com . My reward is that I got one for their coins that can hold a paperwallet behind a sticker. A paperwallet is just a private key printed on paper, yes.


There is no actual wallet, as in software. Most - if not all - wallets can however import the private key that is on paper. Its similar to the cold wallet idea. You have a private key on paper, so its offline and can not be attacked by a virus. You could lose it, it could burn in a fire, etc. Its not 100% either but it protects against all digital attacks. You can use the address to send coins there as much as you want without the need for the private key, only when you want to spend the coin you will type the private key into a secure and clean machine and create a transaction. It is very important that this transaction has to spend all the coins on the paperwallet, because the way bitcoin works there is something called change and not all wallets handle it the same, which could result in a loss. Let me try to explain change with an analogy. Bitcoin you receive is like a lump of gold. This lump can only be used entirely, if its worth 1 BTC and you want to spend 0.5 you need to melt it down and create two entirely new lumps of gold. One for the person you want to pay and one for you. Now some wallets just return your lump to the address it "came" from. The problem with this is that bitcoin does not use addresses on a protocoll level, its just an abstraction to help us humans understand what is happening. So back to the paperwallet. You have 1 BTC on it, want to spend 0.5 and the change either goes "back" or to a new address depending on the wallet software you use to do this. In any case your paperwallet should not be used again, but its better to create a new one and send the change there.



[1] https://bitcointalksearch.org/topic/m.8355029

i have a fairly strong password for the electrum and also i wrote down my seed on a piece of paper for the future uses.

lots of options.  I use a fairly simple cold storage/brain wallet
method in the following manner: 

I used a cold computer to install electrum,
sent my coins there, memorized my seed,
and deleted electrum entirely.

I keep an encrypted back up of the seed
in case I ever have a memory lapse.

Did you install armory on a second computer? Whats the difference between this and having it on your daily use computer if the security is so good?


In my electrum wallet, I am using a few different addresses, so if I am going to check that my coins are in my wallet and not wanting to plug in my external hardware to my computer, I would need to check upon a few different addresses. Is there any good and simple way to do this on with a when having a few addresses? Also, do you recomend to use one address only once? And does electrum generate new addresses or how does it work? I can't notice that one my self because I don't really keep a track of the address strings.


I do understand the first few lines but when it comes to the part where you mention When you want to spend coins you create.. can you please explain this a bit more? And the trezor wallet, it does all this work right?

Do you have paperwallets? It seems like a bit of more work, but do they expire? Because I don't understand what you meant by that 60 day thing. Are the private keys just on a paper? But what is the actual wallet, because the coins must be on a wallet, but without the private keys, right? And when you want to use the wallet, you need to type in the private keys you have on your printed paper right? I think I am wrong on this one, not sure.

I just like to play around with plenty wallets. I like Electrum as well as Armory and I had no problems with Armory itself. The machine I used for testing was just very slow (single core 1Ghz/1GB ram) so it took a few days to sync and a few days to build the database.


Sure. Thats what I like about Electrum the most: a single backup, but other wallets start the implement "HD" as well, so this is no longer Electrum exclusiv.


It will not get any data when you are offline, but in order to check your balance you dont even need your wallet file. Just write (or copy paste) your bitcoin address and create a link for a blockchain explorer. E.g.:

https://www.blocktrail.com/BTC/address/18WgDVuiGY4A4mB8YEmVggEfSmFUUKxDcJ

there are plenty explorers like this and since the blockchain is publicly available you can check your balance at any time from any machine as long as you know the address. Make a bookmark, memorize it if you want.
You only need your wallet file with the private keys, protected by your password when you want to spend bitcoin.


Not necessary the way you described it would be semi-cold. You have a wallet that has the private keys and when you want to spend bitcoin it is online (hot), but most of the time you keep your wallet offline (cold) and check in from time to time, but you do so without using your wallet. Its not proper cold storrage as that usually implys that the machine storring your private keys is never online. It could be a old machine sitting in a corner, turned off. When you want to spend coins you create a transaction with your regular wallet (hot) on your main machine thats online and daily used. This machine however can only create an unsigned transaction as it has no access to the private keys. It only knows which addresses you have private keys for somewhere else and monitors them for you. You would then copy that unsigned transaction to the offline machine, get it signed and copy it back to the online machine to broadcast it to the network.
Your semi cold version offers a little less security, but you also only need a single machine, with an external storrage for the wallet file. The external storrage could e.g. be an USB stick that you use for your wallet file only and keep it in a safe place.



Similar to the old machine above a hardware wallet like trezor can do the same job, but its not a fully fledged computer. Its just a little devices build for the specific purpose. It makes the whole "create unsigned tx, copy it, get it signed, copy it back"-process very easy.


Its not actually that complicated. There are plenty of resources where you can make one online. My problem usually is that I have a hard time trusting the homepage and thats where the complicated part starts. Download the source, verifiy the source, generate the keys (best offline with an OS thats also verified and on a DVD/CD), print it and make sure the printer does not safe a copy, etc. I like BIP38 though as it protects the paper wallet with a password, so even if the printer keeps a copy it can not be used.

Since my 60 days for silverwallet are now over I soon expect my coin to arrive in the next weeks and Ill have to think about paperwallets again. I am not entirely sure If I want to use it as wallet or just keep it as a shiny token to play around with.


I know. I just copy the frist line, e.g.:
remove the parts I think are no longer needed and fill in the "end of quote" marks by hand.

Alright, so it seems like I understand what I need to understand about electrum. Now when you mention armory I am thinking, here we go again lol.

I've heard about armory but when I looked into the armory sectioni here I see a lot of threads about armory not working etc, so it makes me think now that electrum is the way to go.

Can I use electrum for long term if I save the seed and keep my password safe, and having my wallet on an external harddrive? I don't even plan to use my bitcoins to buy anything yet, just to make sure they are there, from time to time. And could I shut of internet when I do this, just for extra security, or will it not work when internet is not on? I assume I then would need to do "offline transactions" but I would just want to see if my coins are there or not.

A trezor would be nice but they cost a bit and if electrum can do the job as good as trazor, then there is not a big difference. But thats what u meant with hardware wallets, right?

And for paper wallets, I kind of like the idea but I think it's hard to make them, not sure why but it seems complicated.

And yeah as u notice, I think it's a bit annoying to use the quote function here lol.

Correct. E.g. I do regular backups of my bitcoin core wallet.dat even though it has 100 pregenerated addresses. Even if one of the backups fail, I still have at least one more that is still recent.


Id recommend not to download random stuff that might contain a virus, but thats easier said than done. You can encrypt the file, but if your system is infected with a virus it is not safe to operate the wallet regardless of the additional encryption. If the virus is not looking for bitcoin related information, but only for e.g. CC information you might be fine anyway.

What the additional encryption of the folder or file would help with is the following scenario:

You did not use your wallet durring the current session your machine is running, install some sort of malware or get infected by it that somehow tricks you into entering your password, but since it cant find the wallet file it is unable to do anything with it and you have a chance to safe your bitcoin on a different machine.
In a way you allready have a very similar protection machanism with your external disk. As long as its not connected to your machine, a virus is unable to find the files needed and even if you entered the password you could still safe your coins.


What I meant was: if you use your wallet while infected you have to
#1 connect the external drive
#2 decrypt the folder
#3 enter the password
if the virus is sneaky enough so you do not notice it while using your wallet you gain no advantage by adding an extra layer of encryption to your folder/wallet file.



My point exactly.


It can yes. Recent revelations show that intelligent agencies are able to infect certain USB devices on a hardware level. Spreading via external devices is an old technique. Before the internet it was the only way for a virus to spread, from floppy to floppy one machine at a time. This behaviour might return to reach offline wallets.


It depends on the amount of bitcoins and how much that is to you. With a small amount of BTC Id be fine with a single wallet. With more than a months salary a cold wallet would be in order. Not necessary two versions of electrum but e.g. armoy cold and hot and an electrum wallet for smaller amounts that are used more often. Since armory is pretty heavy - needs fully synced bitcoin core as well as a database of its own thats eating even more space - you might consider paper or hardware wallets for long term storrage. I also played around with old phones for a while as cold storrage, but I allways had this nagging feeling that they might "call home".

Yeah, creating a new wallet and transfer the coins to that one would be good if the wallet file gets in someone elses hand that shouldn't have it. Although as you say, they can't do much without the password or the seed.

So with electrum we don't need to back up the file as long as we have the seed because we can re-create the wallet by typing in the seed. But for other wallets, back up of the wallet file is necessary.

But would you recomend to put a locker on the whole file? Just in case. Because sometimes even when downloading something, you are not 100% sure if it contains virus or malware or not, even though you can read the comments for the file etc. But I assume a random virus that's not coded to log or steal bitcoins, wouldn't do any harm to a wallet, so ideally it could be safe to operate the wallet while having a virus, am I right?

What do you mean about that the next virus could attack my electrum wallet when I am decrypting my folder, if I am using an external harddrive? Because if I do use an external harddrive, I would probably make sure that my coins are safe on another computer, and hopefully that one won't have virus or malware or trojan or anything like that.

But if I am connecting my external harddrive to my own computer while it's infected, and I try to decrypt the folder, its no point in having a decryption then because with or without decryption, they will see my password once I type it in.

Can a virus or trojan infect an external harddrive when you connect it to a computer thats infected? It sound like it should, so I am not even sure why I am asking tho.

And another question, would you rather have two electrum wallets with your bitcoins or just one? It would be smarter to have two wallets, but a bit more jobs with saving the seed, even though it's not that hard.

Kinda. The wallet files are rarely compatible, but if someone has your file they can figure out which software its for, open it and not (!) spend your coins. It would act the same as your copy and upon spending ask for the password.




Correct. Just because I am a bit paranoid Id still create a new wallet and make a final TX moving all the coins from the old wallet to the new one. As long as your password is strong enough this is not needed though.


Because files get corrupted sometimes if you only have one file there is a single point of failure. I read about a father that lost plenty coins from a mobile wallet because the kids needed space for their games and hit the "delete appdata"-button for dads wallet. So the backups are to protect against other things that can go wrong besides beeing attacked. The great thing about Electrum is that it only ever needs the seed.


I cant deny that it would increase security.


Usually there are some file that indicate which wallet you arw using even though the data is storred externally.


You dodged a bullet there.


With your password the virus could either send the coins directly with your copy of electrum or send the file with the password to someone else to do this manually. Depends how "well" the virus is written.


Yes. I have to admit I never thought about it like this. I think you learned the "dont download random stuff" lesson. Yet the next virus might be attacking when you have your folder decrypted. This is where I think the idea might lead to a false sense of security.