Topic: HOWTO: create a 100% secure wallet - page 118. (Read 276225 times)

Due to hdd led activity when using Ubuntu LiveCD, I simply pulled the hard drive out of my laptop and then booted to successfully manage my bitcoin business.

Installation of bitcoin, p7zip and apg password generation software went smoothly, although Ubuntu started to complain about memory (4Gb) running out as the block sequence database was filled, although everything worked in the end .

In my case, p7zip (available from Ubuntu software center) is used for making a password protected .7z-archive, e.g. 7z a -p archivename.7z wallet.dat to add the wallet to a password protected archive. This archive, and password, is now duplicated, fireproofed and stored separately close by and far away.

As for password generation, apg () is being used to generate a sufficiently random password of chosen length. Here I am using something like , where -s lets me randomly type on the keyboard before generating password, -a 1 means I want a non-pronounceable password and where -m 14 means I need a password containing 14 characters.

Donations encourage higher quality information: 171UsWba72m5PdpT3D7jZjNX9PuzeFcMwc

done!

I made a guide for this that also includes screenshots and detailed instructions on running Ubuntu from a thumb drive including how to set up the thumb drive, showing hidden files and securing your wallet.dat! http://startbitcoin.com/how-to-create-a-secure-bitcoin-wallet/

Hope you enjoy it and if you do please donate - 1HbdRpinMDQ2cgUWsKiMPDN2icC8rNpS1i

Christ, read the discussion, this already came up like a hundred times.

This is gold, very nice info...going to bookmark it

Thank you again.

omg.. the client should automatically encrypt your wallet for you and make your life as easy as possible..

+1 for the OP and TrueCrypt is good sauce.

This is a really useful guide, thanks!
Anyone know if MyBitCoin is secure enough?

Thanks for posting this info.  I'm not up on the latest security and want to make sure my meager BCs are safe.

Here's what I did to secure my wallets:

1. Installed Dropbox on home/work computers.
2. Installed Truecrypt on my home/work computers.
3. Created two different Truecrypt containers, each one only 2 megs in size.
4. Placed the encrypted container files inside of Dropbox.
5. Mounted the first container on drive Z: and moved my wallet.dat from my work computer into it (after turning off the bitcoin client, of course).
6. Dropped to a command line and used the "mklink" command to create a symbolic link between the wallet.dat file inside the Truecrypt container and the wallet.dat pointer in my bitcoin user data folder. Note: If you want to store *everything* in your encrypted container, and not just the wallet, you can alternately just run "C:\Program Files\Bitcoin\bitcoin.exe -datadir=Z:\" when launching the Bitcoin client, but I like to just symlink the wallet file so the encrypted container can remain small and lightweight inside of Dropbox.

Now, whenever I want to open one of my wallets, I just mount it's corresponding container using Truecrypt and launch Bitcoin. Using this method, I can very easily and securely switch between multiple wallets from multiple computers. I can mount my work computer's wallet using my home computer and vice versa. As soon as I'm done with whatever transactions I need to do, I turn off the Bitcoin client and un-mount the wallet container.

If you want to keep the Bitcoin client open and running (so that it is always up-to-date with the block chain), just create a new, blank dummy wallet and corresponding container and mount that. Just make sure that you don't ever store any BTC in it or actually use it for anything, since it will be mounted at all times and if your machine was compromised someone could easily send out any money stored in it.

Truecrypt does work like charm...

Truecrypt is just awesome for this sort of thing.  I have 3 tc files on 3 different removable media.  The wallet.dat doesn't exist anywhere else.  Why 3 different copies?  Fear of one of them going bad, getting smashed/wet, etc.

this is exactly what i needed. thanks!

I've better: LiveCD system accessing physically encrypted volume (external hard drive with fingerprint recognition ?), inside of which there is some trap files plus a TrueCrypt volume named "Pr0n.zip" containing a BtrFS filesystem, inside of which there is a volume with some random porn pics in it "to make sure the kids/woman don't find out" plus a hidden volume with a read-only wallet.dat which name has been changed to Thumbs.db.

Best just to but it on a hidden encrypted volume inside a hidden virtual machine that has encrypted archive file that doesn't seem like a archive file

For GNU/Linux and Windows: TrueCrypt.
You can mix keyfiles and password, against keyloggers. But don't forget to dismount all volumes after use

some recomendation for encrypticng program in linux? im not linux user. but i know how install and run ubuntu at least. sadly i dont know how install packaged directly only using synaptic.

Thank you for the very practical solution! Just one minor clarification for those who need anonimity:

Don't send those bitcoin addresses to yourself by e-mail because you may be traced that way
Just copy and paste them onto SD card

Also try to remember the first 6 characters of an address, it enables you to search for it in blockexplorer.com and see the received bitcoins for that particular address. Knowing those 6 characters is useful because that way you can use any mobile phone with web browser to see your received bitcoins

P.S. If blockexplorer.com displays more than one address starting with the same 6 characters (never happened to me yet) you should stil be able to identify yours by "first seen" and/or by some known transactions 

thank you very much for the information, i was looking for this!

i have a question:

when in Ubuntu live cd after having opened up bitcoin client and clicked in a few new addresses; why not download entire block chain and send coins to one of those addresses and wait for confirmation to verify that everything is working with the new wallet before saving the wallet.dat file to the usb stick?

i worry about a bunch of unclaimed coins sitting on the block chain which i might not claim for 10 yrs or so.