Topic: How to protect your wallet (Read 8371 times)

But then you need to do so for all your addresses, and these get added on every transaction outbound... back to backing up wallet.dat, I guess, and that is exactly what the average user (heck, even the more technically inclined) will fail to do. I see the solution I proposed (or anything else, it's just an example) as something that could be done so it's a backup once and forget about it, although obviously for a limited time span, but this could be then supported in an automated way by a backup provider for a nominal fee, which I'd be glad to pay so I keep my bitcoins safe *and* still control the client, so I'm sure it's not all in some other server like mybitcoin. An alternative would be for mybitcoin to provide the private keys to the wallet so I could import them on my local client, basically using a single mybitcoin address as the 'savings account' and if in the future their server goes down in a big ball of fire I still have access to my bitcoins.
Backing up would thus be transfering coins to that account. Granted, not backing up, but keeping bitcoins safe, with minimal user knowledge needed for the process.

The only thing you really need to back up and keep secret are the private keys which are one roughly 78 digit decimal numbers or 64 digit hexadecimal number for all your bitcoin addresses. Everything else is recoverable.

ByteCoin

I know that when I transfer out, I generate 3 transactions, one for all in adress, one for new personal address with change and one to outgoing address with transfer amount.

Now, if I generate one single address (or a batch of them) on a wallet, and encrypt and store that wallet somewhere/everywhere I can, will I be able to use it as the "savings account" by transfering to that adress(es) without ever needing to run a client with that wallet?

With that and a 'backup' script that simply transfers all of my wallet except for some 'pocket money' to a fixed address, I can produce a safe backup of my bitcoins. This only gets somewhat more complicated when trying to take money out, but if we could have a way to import a keyset to the 'pocket money' client, we can then in theory be in possession of the whole balance for a specific address in the savings account, transfer what we want to keep there to the next address in the batch and the pocket money client would keep the change...

Should be pretty simple to implement in a way even noobs can use safely (maybe even provide an encrypted wallet.dat safekeeping service?) if only we could do:
- generate a batch of addresses
- encrypt and store the wallet holding these addresses
- keep these addresses in a format we can later import individually into the everyday bitcoin client
- allow for listing these addresses from the bitcoin client (so users can just say bitcoind transfertosavings XXX)

I think all of this is pretty simple to implement, although I haven't looked into the code yet. Sorry if I got a bit off-topic, I just realized that

A much easier solution would be to have the client keep the wallet.dat file encrypted on your hard drive and only decrypt it in protected memory with a password supplied by the user on app startup.

Once you have enough to be concerned about you can make a 'savings account' and send it away and encrypt it. This is very easy to do with two machines, but certainly possible with one. Keep small every day money in the insecure wallet and larger savings in the encrypted one. You can decrypt, transfer, backup again, and re-encrypt to take money out of savings.

I think making this easy and automated is on some todo list somewhere.

I'm concerned by the fact that, whenever I want to run bitcoin, my wallet.dat file stays unprotected. What is the point of storing an encrypted backup of my wallet when it remains unencrypted during runtime? Does anyone have any suggestions for how to avoid exposing my wallet in order to run bitcoin?

Thanks,
Carl