Topic: HOWTO: create a 100% secure wallet - page 114. (Read 276221 times)

I was wondering the same thing.  I managed to get this work by following this short guide, http://radu.cotescu.com/ubuntu-usb-stick/.  Ubuntu is on partition 2, storage is on partition 1.

At this very moment I am working in Firefox in Ubuntu on my partition 2 of my USB drive.  I have Bitcoin client and Truecrypt in storage (partition 1).  Hope you're able to get it to work.

EDIT:  For some reason, I am unable to open a tar.gz file or run an exe file on my Ubuntu install. So, while I have BTC and TC on the storage partition, I cannot run them.  Even when I downloaded them again in Ubuntu, instead of using the ones in storage, it would not let me open them. Now I need to figure out why. 

funny read and some pretty nifty ideas in there - thanks!

Heh, the lulz boat has been fun to watch, and I totally agree.  I have a feeling that most people don't see it as a mostly positive force though. 

And to clarify, instead of "99% secure" what I should have said was "good enough" security.  For example, when you punch in your ATM pin, you do it in a public place.  Does some unseen spy have a camera focused on the keypad?  Do you know that nobody tampered with he machine before you got there?  We could all come up with many more (absolutely legitimate) potential security holes.  Still, most people use ATMs and consider them mostly safe.  So what is mostly safe for us?

I found this other thread on the forums that I think satisfies my needs. "How to set up a secure bitcoin savings account"

But seriously, what is your opinion on "good enough" security? (open question to everyone in the thread)

Making a backup of the block chain data is pointless except perhaps to save time later (as then it won't need to be downloaded again). Encrypting and backing up the wallet.dat file is essential and it's not too big. The plan is that future versions of the client will not need to have the full block chain on hand so by the time that data gets painfully huge we should have a solution that does not require downloading the whole chain.

wow, I probably laughed more than I learned. (I did learn a lot though. thanks a ton!)

Very informative post!  Thanks for sharing!!   

Agreed. This all needs to be easier/simpler before my Mom will come near it.


What does 99% secure mean? Is that like a water damn or parachute with a 1% hole in it? Or a computer with only one port out of a hundred compromised? Or one malicious out of hundred users? 99% secure is 100% insecure.

Most computers are not secure. This does not mean that their users will die or loose their all of their data, but it means that they are not the only ones in control of their hardware. When there are bitcoins on the machine, that is more of a concern than if the most private things you have a family photos and a tax return.

You have to think of this like a biological virus. A successful virus 'wants' to survive not kill or rather if a virus kills its host it will reduce its chance of replication. A successful virus 'wants' to infect in such a way that the host will continue unaware of infection unless (such as ebola) the host acts in a ways that it increases dissemination (like wandering into markets or going to the hospital and exploding blood upon a large number of vulnerable patients in close proximity).

An attacker does not want its host to know it has been compromised. It does not want to produce concern. It wants to act with surgical precision and maximal effect. We should thank Lulz and other joy riding young crackers for making us aware of our vulnerabilities, for making us conscious and secure.

Will definitely have to play around with this.

Thanks for putting the time into sharing the info.

Admittedly I read through the guide and the first page of comments, then skipped the rest.  Here are my thoughts...

As someone who works in IT, I think that for most users this process is pretty complicated, but more importantly way too tedious for simply transferring funds.  With my current bank, it's easier for me to transfer funds from my checking account to savings, even though those funds aren't physically in my possession.

Now granted, this is pretty simple for a system that is practically 100% secure.  Still, I think most people need a system that is perhaps 99% secure, but much simpler and faster. 

Sorry I have not gone thru all 14 pages, plan to do so. I did run a search on this and did not find an answer.

I asked the same question here: https://forum.bitcoin.org/index.php?topic=20298.msg311431#msg311431

I am in the process of installing bitcoin client on one of my miners for testing purposes.  It has been 3 hours and it still hasn't downloaded all of the blocks yet.  I fear every day puts minutes onto this time.  Which means that by this time next year, it will take a day or more to have a fully up-to-date client.

I wonder if there is a way to copy the database?

thanks for the info! very useful

great post, thanks!

In my opinion, the first adage to obey is, Dont put all your eggs in one basket, before considering anything else about security... I dont think anyone should have too much money in any one wallet at a time...

I know it's coming, but I still can't fathom why the client didn't include the option early on of encrypting the private keys in use in your wallet.  Seems like an obvious requirement for such a currency as this.

I am.  I tried out with small amounts first, and making sure my boot-from-ubuntu-usbkey worked multiple times before sending my "savings" to it.

Informational and funny to read 

Forgive my ignorance, but couldn't you just get the vmware player (free), make your own vmx to install ubuntu, install bitcoin and truecrypt, download all the blocks, snapshot, mount and import your wallet.dat from truecrypt volume on USB, send BTC, shutdown and delete snapshot?  There isn't really even a need to make a change in your truecrypt volume.

I realize that you could possibly do forensics on the drive and recover that deleted snapshot but that requires physical access to the drive.

And AFAIK Ubuntu is pretty safe as it doesn't listen for any incoming connections.

So if it was a dedicated single use just for BTC transactions (no browsing, etc.) would it be fine for non-paranoid people?

I am afraid you will all loose your keys after hardware failure rather than a malicious attack. I symetrically encrypt multiple wallets offline, then commit the encrypted wallets to distributed version control, and replicate the repositories on multiple devices.

I only decrypt one wallet at a time for spending, thus exposing only a subset of bitcoins to the network. I can check my total balances in the block chain. I am protected from both malicious attack and hardware failure. And it's MUCH easier than LiveCD's with encrypted shares that may Ooops! get lost.

There seem to be two schools of thought regarding the Linux vs. Windows security issue. (1) is that Linux is inherently more secure by design vs. (2) Windows has bigger market share and perhaps fewer technical users and is thus an easier, more lucrative target.

I subscribe to both schools, but I think bitcoins presents an interesting test case of these theories. We are a community made of a disproportionately high number of Linux users. Compromising our systems provides a nearly untraceable and immediate benefit to an attacker (namely copying and spending the wallet.dat file).

While it can probably still be said that the Linux users represent a higher technical level, it seems they might represent a bigger market share (do we have statistics on this?). So we may soon have more insight into assertion (1).

I run Linux, but I must admit, I am very concerned. The bitcoin client must implement encryption (unlocking on send only) and offline transaction files. I would not be surprised if we see a successful Linux trojan before Christmas which could do much damage to the general confidence in bitcoin security.