Topic: HOWTO: create a 100% secure wallet - page 122. (Read 276225 times)

this has been my procedure from the start but this thread brings up 2 questions:
1.  are you worried about having left wallet "fingerprints" on your pc that could be reconstructed and stolen?
2.  have u tried to store the entire data directory on the usb stick thus allowing u to not move the wallet to your pc?  i have recently tried this and encountered 2 problems
    a.  its enormously slow to download the block chain and it appears u can't just drag a full block chain from one folder to another to avoid the ful download.
    b.  sometimes it works and sometimes it doesn't in terms of the client being able to detect this usb data folder.

One more thing I would like to mention on this.  It's pretty common sense, but make sure you allow the client to download the full block chain with an empty wallet before you move your wallet.dat onto your pc.  Less time its on a networked computer the better!

Yes thanks. Buying some USB drives today.

Thanks for the excellent write up! If I had any coin I would send some your way.

Following this advice...

 How do I install truecrypt and bitcoin on Ubuntu Linux? I just downloaded the programs, they are both .tar.gz files..

thanks for this post, it's helped a lot. I'd hate to buy into bitcoins and have all of it get stolen or lost.

I'm still working on mine. I'm still a little new.

Hi guys! For the newbies out there that may not fully understand encrypting or all the complicated steps you guys have laid out here I have a very simple solution for 100% security.  DO NOT STORE YOUR WALLET ON ANY COMPUTER EVER!  Use a removable media to store your wallet.dat and keep it in a safe place.  At the moment I keep my wallet on two flash drives, flash drives are very convenient but are known to fail.  This is why I have two.  Whenever I need to make a transaction I plug in my flash drive and put my wallet on my pc, once I finish sending or receiving coins I move it back to the flash drive.  Hopefully soon the bitcoin client itself will have more built in security, but for the time being this is the most convenient method I can think of.  As an added bonus to this method, you can carry your wallet with you anywhere which could come in handy if you need to spend some coin on the fly!

The part that you are missing is that a backup is only good for a certain number of transactions.

The wallet contains a pre-generated number of addresses. When you copy,or back-up, your wallet those addresses go with it.

Once the number of transactions goes beyond that prefixed number then the old backup is worthless. because the key that goes along with it is now out of date.

-Jason

Thanks for a Great Post, it does appear that the 'wallet' and it's security is not straightforward as it might at first appear, it would be wise to assume that anyone who has installed Bitcoin to a PC could theoretically be compromised already, and it seems that if someone took a copy of your unprotected wallet.dat file three weeks ago, they could wait 1yr or two yrs and assume that Bitcoins will be worth more then start using those wallets.
So here is a worse case scenario, that EVERYONE who installed Bitcoin, in an unprotected fashion, which would probably be most people. may have had their wallet 'peeked', you might not have cared then, you might not care now because you only have a few Bitcoins, but theoretically, hackers could have been scouring the net, looking for unprotected wallets and taken copies.
In 5 yrs time, many of these wallets may no longer exist, but a few at least may well have significant amounts of Bitcoins in them, which they wil be able to use because they have your wallet, which is more accurately likened to a Key.
That means anyone who has left themselves vulnerable at sometime in the past, even if they didn't have any Bitcoins, is now at risk because those Old snapshots, taken of your empty wallets can be used to run transactions at sometime in the future, when your Wallet may contain significantly more BTC's.
Does that mean also that anyone mining using the CPU or GPU is inadvertently sending out a signal saying their wallet is 'open', an invitation for hackers to come in and take a copy of your 'wallet' for use at a later date.

Anyone with significant no of BTC's who has ever left their PC in an unprotected mode is right now at risk that someone has taken a copy that
they may well be able to use at some later date.
So the real procedure we need is not how to create a backup wallet but how to get those bitcoins out of that wallet, destroy the client we have downloaded, shred, defrag, wipe the disc and start again with a new download.
My guess is we are all potentially compromised, and if you intend having any significant BTC's in that wallet, you / we should think about
starting again, I mean surely all the bad guys have to do is release a virus that infects harddrives and sits there looking for wallet.dat, sending a copy to BadGuy Central, it could even be of a fresh install, it will not matter if its a copy of a freshly created wallet because at sometime in the future there will be coins in it, which preseumably they can check with Block explorer, aren't we all screwed ?

Yes, the virtual filesystem is temporary, so if you are using a Live CD and you create a wallet on it, and transfer money into your wallet. You have the option of saving it (where it ends up on your hard drive) or it disappears when you eject the CD and you lose the money.


That's correct

what do u mean by "store"?  by being in a virtual state isn't the virtual file system just temporary until u logoff live cd unless u decide to save the wallet?


which then means it can be stolen despite not being logged on with live cd?

Good posting, a couple of points.

1. Live CDs. Your able to store things on Live CDs because they create a virtual file system file on the local drive. and merge that local file system with the filesystem that's on the CD. If you install your wallet on the Live CD. You are actually putting in on the hard drive of your computer. ( see http://en.wikipedia.org/wiki/Live_CD#Technique)

2. I object to the usage of "100%" secure. There's no such thing The closest you can come is to make it portable at which point you're vulnerable to physical theft and loss.

-Jason

That's right, 80% of all issues will sitting before the machine   

Using truecrypt with symlink one mac osx here..

Hello I need a couple things cleared up for me, first off After I install Ubuntu and the bitcoin program and generate the 10 addresses why am I saving all the addresses and not just one? Will I be fine leaving a copy of the wallet on the usb drive that has Ubuntu on it or would that be a bad idea? And now that I will have 10 new addresses I can send my current btc to any one of those and then delete the wallet that is on my HD or do I need to leave that so I can send future btc from my HD to my new addresses? Also I don't need to mine with Ubuntu it is just a medium for safe transactions of my btc correct?

Human factor and buggy software explains 99% of all issues...

Sure, if you're not overly worried about getting them stolen.

This is all very complicated,

i have a few btc, not overly worried about getting them stolen
i was hoping there would be a very simple way to "put my wallet on a usb"

can't i simply cut and past wallet.dat on a usb key?

Here's the take-away:
1. ONLY store your wallet.dat on an encrypted partition.
by extension:
1a. DON'T BACKUP YOUR WALLET TO AN UNENCRYPTED PARTITION!
1b. Don't use Dropbox to backup your wallet!
1c. DON'T USE DROPBOX TO BACKUP YOUR WALLET! Yes, it's handy, yes, it's automatically backed up, and yes it's encrypted. But none of that matters. Although Dropbox does encrypt your data, the way the Dropbox system works makes it a relatively insecure place for storing your wallet - once you connect to Dropbox on a PC, rather than keeping your password, the program keeps a token. Anyone with that token has access to your Dropbox (and your wallet). It doesn't matter that the data is encrypted because Dropbox does the decryption on their end (not good - companies should learn, this is the same thing Gawker did wrong, and is one of the many things Sony did wrong, and it's one of the easiest problems to avoid).
1d. If you want to use a cloud-based back-up solution, MAKE SURE that it encrypts *LITERALLY *ALL* of your data before it is "sent to the cloud." Also, MAKE SURE THAT ONLY YOU HAVE THE ENCRYPTION KEY. (Or trusted loved ones. But you know what I mean - make sure the service doesn't keep a copy of your key - otherwise you can get totally screwed even if you personally do everything right.) Yes, this means that if you ever lose that password you lose all that data - but that's why we have password "hints" and why we have password autofillers. Wuala does encrypt your data beforehand and does not store a copy of the key (and incidentally, accepts Bitcoin if you want to use their paid services) and there are services such as Carbonite which can supposedly do the same (although I can't personally vouch for any of these).

2. The key to keeping a system secure (aside from just disconnecting it from the Internet) is to BE AWARE. Pay attention to what is installed on your system, and why, and how often you use it. If you aren't using it, get rid of it as it's nothing more than a potential attack vector.
2a. PAY ATTENTION to what's on your computer!
2b. PAY ATTENTION to what's on your computer! Assuming this guy is telling the truth, this is where he really fucked up. He was running this on his main home PC, which he also used for work and stock trading. I'd assume he also used the same computer for general Web browsing, file sharing, gaming, chatting, and everything else. We all do it, and it puts us at risk. It's not that it isn't/can't be OK - it can - but he did it without thinking about the fact that every program is a potential attack vector. It would've been OK if he'd kept his wallet on a physically disconnected volume, but he didn't.'t.

3. Keep the PC which holds your main wallet up-to-date and keep it secure, and/or keep your wallet off your PC until you want to use it.
3a. If you can, keep your wallet on another computer (IE, not your main PC) that pretty much isn't used for anything but Bitcoin, and LOCK IT DOWN TIGHT. The more programs you have on the PC, the more vectors of attack an attacker has.
3b. For most of us, it's not feasible to have a separate PC just for Bitcoin. This can be OK. If you have a lot of Bitcoin, keep your main wallet on a Flash drive or something similar that is only physically connected to your system when you want to run Bitcoin. (Make sure you understand - I am NOT talking about making a copy of your wallet, I am talking about actually moving the file to a separate drive where it is normally inaccessible to the Bitcoin software except when you deliberately plug it in.)

4. Be smart and realize you are human. Leaving your wallet in plain sight in a locked car isn't "keeping it safe" and it seems like it's pretty obvious that doing it puts you at risk, but accidents happen sometimes - which is why we tend to keep our money either with a bank or somewhere safe at home. If you have enough Bitcoin, keep two wallets - one with the majority of your Bitcoin, and one with your spending money - and make sure the "main" wallet is kept ultra-secure. Treat your BTC wallet like a real wallet - don't keep large amounts on you because if you get robbed and you're carrying $100 or even $1000 you're set back but not enough that you won't recover, but if you're carrying $500,000 and you get robbed (or lose your wallet) you're pretty well fucked.