Topic: How is DPR securing his wallets from the Feds? - page 2. (Read 5848 times)

Wallet.dat encryption is for protection of wallet private keys in case the wallet.dat is stolen by hacking or copying the wallet file. It only protects the coins from being spent and only if the wallet password is not captured using keylogger. Almost every trojan horse have keylogger. All other sensitive info like balance and transaction history are still unencrypted in the wallet.

TrueCrypt protects whole computer from being tampered when it is offline. It protects everything and properly encrypted computer is useless paperweight for forensic examinators.

Brain wallets are good for specific situations like taking your coins with you when escaping Best Korea or secretly taking the coins to gang member in prison. For cold storage it is not so good. The passphrase could be guessed by someone else if it contains dictionary words, it can be forgotten by passage of time or damage to brainwallet storage container.

I use DiskCryptor (TrueCrypt replacement) with 25+ character random password to protect my computer from tampering and forensic examination. If I was at risk of being hacked then I will apply password to wallet.dat in Bitcoin-Qt.

From what I read is that DPR did not use full disc encryption or kept wallet.dat backups on unencrypted devices. FBI did get a wallet.dat that is encrypted with password. This is how they know he have 80+M $$$ in BTC but they are unable to transfer the coins somewhere else.

You don't need to use any tools like Truecrypt.

Well the feds did seize 144,000 bitcoins, so he didn't do a great job.  There's rumored to be another address with 100,000 btc.

Normal bitcoin-qt:  A key is randomly generated.  The passphrase symmetrically encrypts it.  Lose wallet, passphrase is worthless.

Brainwallet: Your passphrase is used to deterministically generate a private key.  For example taking an SHA512 hash of the passphrase.  This is then loaded as a private key.  Lose your wallet, you can rebuild the private key through the same process given the same inputs.

Note that if you load that brainwallet key into bitcoin-qt, and that's not encrypted, then the key in your wallet *won't* be encrypted.

Let's explain this. If you encrypt the wallet using bitcoin-qt, then the public keys are left not encrypted

If you encrypt it by using another tool like Truecrypt, then everything is encrypted.

I should think that he is smart enough to have a "plausible deniability" strategy....he gave them a huge number of bitcoins and then cry foul that they got everything....meanwhile still having 50 or 100 other wallets scattered across the blockchain with many more coins in total. If he was smart those coins never went through a device he owned or an IP address he could be traced to...accessed only once to be transferred form the mixer to the addresses.

Those coins are protected through obscurity...with passwords created from something he can remember or locate easily that would persist through time regardless of how long he may be in jail. The #X word on every #Y page of a certain book/song/poem or something like that. You could complicate it further mathematically or geometrically....lot's of ideas can be derived.

Then he only has to remember one small thing and when he gets out he has access to all his wallets.

Make a .zip file and encrypt that.
porn-keep-out.zip  

Encrypt the wallet and then encrypt the wallet.dat file itself. Double win.

Depends on whether you value your money or your life.

What changes the whole thing is if they point a gun to someone else's head (like your spouse, girlfriend / boyfriend, kids, someone you know) and demand for your passphrase.

Well can't they put a gun to your head and ask for the brain wallet key too?

If I only memorized half the passphrase required, and the other half got destroyed, they can point a gun to my head, and I still can't tell them the other half. I'll probably die for nothing. So, I'm going to grab the gun and point it back at them and pull. (or I'll try.)

They can point a gun to your head and ask for the passphrase.

The advantage is you don't need any copy at all of a private key, and therefore, you can't lose it other than by forgetting the passphrase, because you can use the passphrase to re-generate the private key.

The disadvantages can be pretty huge, though, because the passphrase is the ONLY thing protecting the wallet.  Anyone who comes up with the same passphrase can spend everything in the wallet.

But if your key is on your hard drive and it's encrypted they can't get it unless they have your passphrase right?

you have your key in your brain and not on your computer or something similar ... if you lost your brain you lost your key^^
IF the feds want to seize your BTC they don't find key on your computer ... they must go into your head ... to get your passphrase ...

What is the advantage of that over just a strong passphrase?    What is the difference?  I'm having trouble picturing it.

It's a wallet where the password that hashes to a private key(s) is only in your brain, or you memorized the private key.

The passphrase to a bitcoin-qt encrypted wallet does not count as a brain wallet, although it might look like the same thing.

What's a "brain wallet"?

It's something I can do again, but I've since shortened my passwords. Still longer than most minimum recommended lengths I see on the interwebz, but shorter than 32... For about the past 2 years, I've been thinking about getting a yubikey too, so I could memorize 32 characters, and the yubikey can spit out another 32 characters for a 64 character total.

And if push comes to shove, I just destroy the yubikey (because it will always be on my person) and then no one can get access to whatever it was protecting. Or ... well, so many variables to consider, but that's a few ideas for you guys to think about.

Maybe he's got some more wallets out of anyone's knowledge. And also he might invested on some shares to some cooperatives and also some gambling operators?

Maybe he's cool. We don't exactly know both sides of the coin.