Pages:
Author

Topic: how secure is double encryption of blockchain? (Read 1993 times)

sr. member
Activity: 448
Merit: 250
It's Money 2.0| It’s gold for nerds | It's Bitcoin
I'll hold it for 30 days free.  After that other arrangements can be made to help you secure them.  A moving target is hard to hit.

I am not sure if you are serious or not but this would be extremely risky for the OP.
hero member
Activity: 854
Merit: 500
Nope..
I'll hold it for 30 days free.  After that other arrangements can be made to help you secure them.  A moving target is hard to hit.
legendary
Activity: 2114
Merit: 1040
A Great Time to Start Something!
Threads like this should be stickied, so more people learn about security..
Someday I will need the info in this thread. The best thing about not having many BTC is not having to be excessively concerned with triple layers of security.
full member
Activity: 154
Merit: 100
nothing is 100% safe, weakest point is often human
so its not more safe than any other webservice
member
Activity: 104
Merit: 10
You have two possible vulnerabilities:

1) your wallet is set to backup to a dropbox/email that can be hacked and your wallet is backed up prior to setting your very long password. You should note that your email account can potentially have it's password reset with "security/secret" questions that the answers to are possibly public.

This attack would happen as follows:
a) you create a wallet with a weak password (password = pw123 - can crack instantly)
b) you set your wallet to backup to a dropbox that can easily be hacked
c) you create a BTC address (BTC-1)
d) the private key to BTC address (BTC-1) is backed up to the above dropbox account
e) you change your wallet password to a 30 character password (password = pw30chr - cant crack)
f) you change your wallet sending password to a 40 character password (password = pw40chr - can't crack)
g) you create a 2nd BTC address (BTC-2)
h) the private key to BTC addresses (BTC-1) and (BTC-2) are backed up to a dropbox that can easily be hacked (your wallet password and sending password are still in tact).
i) you send 50% BTC to (BTC-1) and 50% of your BTC to (BTC-2)
j) attacker hacks your dropbox account and downloads both wallet backups
k) attacker easily cracks the password from backup from step "d"
l) attacker steals BTC from address (BTC-1)

This attack can be prevented by archiving and then deleting any addresses that are associated with a wallet prior to setting strong passwords, resulting in any backups of your wallet only containing addresses with strong passwords that cannot be cracked and any backups that have passwords that can be cracked only have addresses with no unspent BTc

2) the 2nd attack would simply be for an attacked to install a keylogger to your computer and simply wait for you to log into your wallet and send a small amount of BTC. Attacker now how both your primary password and sending password.

cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
Just use offline storage / signing.
sr. member
Activity: 299
Merit: 253
the blockchain .json backup is not 2FA protected, only by the main password

not sure about the second password for sending
full member
Activity: 167
Merit: 100
i dont know about linux really i'm not that good at computer.

The easy way is to buy a laptop only for bitcoin, which is boring. Bitcoin on the cloud are sexy, but yeah is not so secure

You dont have to be good with it. It's probably easier to instal than windows and you dont even need to instal it. You can run it from a cd or usb.
M++
sr. member
Activity: 342
Merit: 250
i dont know about linux really i'm not that good at computer.

The easy way is to buy a laptop only for bitcoin, which is boring. Bitcoin on the cloud are sexy, but yeah is not so secure
legendary
Activity: 4424
Merit: 4794
You dont even need to buy a new laptop.Why dont you try booting from linux to deal with your coins?

and make sure the linux files were NOT!!! from guys that say they have precompiled linux for bitcoins.

never download precompiled stuff that other bitcoiners have played with. even trustworthy guys that at one point had 800,000 coins for about 4 years, ended up scamming.

same goes for blockchain.info. with all the security you can think of to stop third parties from stealing coins. the more important third party to be cautious of is the one already holding coins in their public keys. all they have to do is cry "we been hacked" from their beach facing hotel rooms
sr. member
Activity: 324
Merit: 250
You dont even need to buy a new laptop.Why dont you try booting from linux to deal with your coins?
M++
sr. member
Activity: 342
Merit: 250
same here Smiley

If double encryption is an issue for backup yes i will need to switch to something more secure. I will buy a 2nd hand cheap laptop.

If import a backup wallet double encryption is not an issu at all so i will stay like this a little longer.
full member
Activity: 167
Merit: 100
I was wondering how the double encryption would work on wallet backups.Hope someone can clarify.
hero member
Activity: 742
Merit: 502
Circa 2010
I create 2 blockchain.info wallets with different passwords and different email address.
one to hold most of my bitcoins (which I call "Bank"), and the other one for frequent access (which I call "Stash")
I would only access "Bank" with an old laptop that I don't use for anything else.

(I am looking into Electrum client for a more secure alternative to my "Bank" wallet)

Please tell me that you have a back up of that wallet somewhere else as well just in case the Blockchain service goes down? And you've tested it to make sure that you can decrypt the wallet as per stated on the site into a usable format? I would highly recommend you do both, I personally downloaded my wallet and had one of my private keys different in my wallet compared to the online site and to this day I'm still not sure why that's the case.

Either way, I switched over to Electrum and could not be happier, far more secure and you can actually run a proper cold storage setup.
M++
sr. member
Activity: 342
Merit: 250
i just don't know i'm asking because i'm lazy to test it i think people have a right answer to this.

I don't know how the double encryption of Blockchain.info affect the backup, i believe Multibits do not support double encryption ?
legendary
Activity: 1456
Merit: 1001
This is the land of wolves now & you're not a wolf
If someone gets ahold of your Blockchain backup, then they can access your coins with just the initial password right? It would bypass the second password wouldn't it?
M++
sr. member
Activity: 342
Merit: 250
Dont want to open a new topic.

I start to worry about blockchain, so i made some backup finally lol. I just want to know if its easy to import the wallet file in multibit when double encryption is enabled ? I read somewhere a bit ago this can be an issue.

Can someone update me about this ? I dont want to be in trouble when shit will happens. If my backup are useless i need to know it Smiley

Pro tips about security : Always use screenkeyboards for some character of the password for the first password, and always use screenkeyboard for the 2nd. Can avoid Keylogger.

And overall i not recommande a double 30 charactere password, because you will need to write it down to not forget it, which is not secure, i did it in the past and i was high sometime i was stressed about forget my password. When you type in 30charactere  with special caracter you will make mistake at least 2 times and your hearth will stop beating 1second after each "password error" haha, horrible feeling.


double 15-20 character with upper and lowcase + special is already a VERY strong one if it's made correctly. A password like :

"!2prKdu(*?12DhbxnDoMdL34!"3`^" 29character which is impossible to remember ... Its kind of a generic password


Online Attack Scenario:
(Assuming one thousand guesses per second)   7.64 million trillion trillion trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)   76.43 billion trillion trillion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)   76.43 million trillion trillion centuries

Ok you are safe, but you can do way more simple :


"TTM,ath,S00n! @BtC" (to the moon, all time high, soon @ btc easy to remember no?)

Online Attack Scenario:
(Assuming one thousand guesses per second)   1.28 hundred billion trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)   1.28 thousand trillion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)   1.28 trillion centuries


Dont forget space can be used as a special caracter, and its a very strong special.

If you have two like this, it's better to the guy try to bruteforce ur password to mine dogecoin xD

We should not need to be so paranoid about bruteforce, it's more about malware, keylogger and stuff like this.
sr. member
Activity: 433
Merit: 250
im going offline armory storage

only my hot stash will be the 2fa 30+char password blockchain for quick purchases and what not. the rest will be on an offline disconnected computer fresh install with nothing on it.
legendary
Activity: 952
Merit: 1005
--Signature Designs-- http://bit.ly/1Pjbx77
I create 2 blockchain.info wallets with different passwords and different email address.
one to hold most of my bitcoins (which I call "Bank"), and the other one for frequent access (which I call "Stash")
I would only access "Bank" with an old laptop that I don't use for anything else.

I would add the public address of "Bank" (not the private keys) into "Stash" wallet, so I can see my total balance
but hopefully will not loose all my coins if my "Stash" account got compromised.

(I am looking into Electrum client for a more secure alternative to my "Bank" wallet)


global moderator
Activity: 4018
Merit: 2728
Join the world-leading crypto sportsbook NOW!
Can cold wallets ever be 100% safe?
Yep. A decent cold storage wallet is as safe as it gets.

Quote
They can still be stolen
Encryption.

Quote
or damaged.
Backups.

What if they all get stolen and damaged?  Cheesy
Pages:
Jump to: