Author

Topic: HOWTO: create a 100% secure wallet - page 123. (Read 276225 times)

newbie
Activity: 6
Merit: 0
June 16, 2011, 09:39:57 PM
#82
thanks for the great info!
newbie
Activity: 23
Merit: 0
June 16, 2011, 09:19:19 PM
#81
Good read, noobs like me need stuff like this, thanks!

newbie
Activity: 42
Merit: 0
June 16, 2011, 07:41:47 PM
#80
Will definitely follow this, I will need this in the future hopefully... Setting up a huge rig  Grin
newbie
Activity: 28
Merit: 0
June 16, 2011, 06:45:12 PM
#79
They definitely need to work on wallet security.

Agree, especially with the influx of new users. There is so much to read on Bitcoin when you first start out, security should be highest on the list but getting to know how it works already takes a lot of time.
newbie
Activity: 54
Merit: 0
June 16, 2011, 05:12:07 PM
#78
They definitely need to work on wallet security.
newbie
Activity: 7
Merit: 0
June 16, 2011, 04:05:55 PM
#77
how about simply printing out the .dat file and storing it in a fireproof safe. at least then its long term safe storage of your wallet.
3. Tell this to a noobie and he will end up with a sheet of paper with the word "wallet.dat" printed on it. And he will then complain loudly to you if it doesn't allow him to access his bitcoins Smiley

LOL! good point..

sr. member
Activity: 255
Merit: 250
June 16, 2011, 03:29:20 PM
#76
Thanks for the guide. The security implications around Bitcoin balances seem to be the biggest risk in the system. There certainly are people out there trying to take advantage of all the sudden publicity, as well as the early adopters with large balances. Only a few hours after I started mining/ signed up for dwolla / mtgox etc someone tried to reset the passwords on both my email, facebook and WOW accounts... unsuccessfully of course since i use strong and different passwords, among other security steps.
member
Activity: 70
Merit: 10
June 16, 2011, 03:27:46 PM
#75
how about simply printing out the .dat file and storing it in a fireproof safe. at least then its long term safe storage of your wallet.

Sure, the idea already came up somewhere. But two things:
1. It would have to be shortened considerably, which is possible I think. Right now it would give you a few hundred pages.
2. Have fun typing it in when you want to use your coins. (So a few sheets of 2D barcodes might make more sense)

3. Tell this to a noobie and he will end up with a sheet of paper with the word "wallet.dat" printed on it. And he will then complain loudly to you if it doesn't allow him to access his bitcoins Smiley

The only important information is the public/private key pair for each address - one of which is your public receiving address and the other a completely different alphanumeric string of the same length.  The latter is presumably accessable with tools, but I haven't seen any way that the "original" BitCoin client offers access to it.  If you can extract these key pairs from your wallet.dat (and insert them back in), then you're gold for having a one page sheet with several lines of characters.
jr. member
Activity: 134
Merit: 1
June 16, 2011, 03:18:39 PM
#74
how about simply printing out the .dat file and storing it in a fireproof safe. at least then its long term safe storage of your wallet.

Sure, the idea already came up somewhere. But two things:
1. It would have to be shortened considerably, which is possible I think. Right now it would give you a few hundred pages.
2. Have fun typing it in when you want to use your coins. (So a few sheets of 2D barcodes might make more sense)

3. Tell this to a noobie and he will end up with a sheet of paper with the word "wallet.dat" printed on it. And he will then complain loudly to you if it doesn't allow him to access his bitcoins Smiley
newbie
Activity: 7
Merit: 0
June 16, 2011, 02:51:13 PM
#73
how about simply printing out the .dat file and storing it in a fireproof safe. at least then its long term safe storage of your wallet.

legendary
Activity: 1764
Merit: 1002
June 16, 2011, 02:41:18 PM
#72
I read the wiki page https://en.bitcoin.it/wiki/Transactions but it's still not quite clear to me on why there's a change address or value.

Quoting the wiki: "If the input is worth 50 BTC but you only want to send 25 BTC, Bitcoin will create two outputs worth 25 BTC: one to the destination, and one back to you (known as "change", though you send it to yourself). Any input bitcoins not redeemed in an output is considered a transaction fee; whoever generates the block will get it."

0) Why does that happen (the change itself) if I'm sending the exact amount I want to send?
1) As I understand, the change address is created and saved in the wallet.dat file but doesn't show up in the User Interface (UI). So how do I claim my money?

0) because even if you want to send exactly 20 btc, your wallet may contain addresses which have the following balances:

10 btc
15 btc
19 btc
25 btc

So what does it choose? It might choose something like the 10 and the 15, combine them together to send 25, sending 20 to your destination, and 5 back to a change address.

Then you'd have the following in your wallet:

19 btc
25 btc
5 btc (residing in the new 'change' address)

1) it's automatically claimed and will show up in your balance.

you're on the right track Alex, but the client will search for larger amt addresses than the tx itself, ie, it won't combine 2 addresses of lesser amts.

Ah okay, so from my example, let's just say they didn't have a 25 btc address in their wallet, then it would have to combine two smaller ones.


Alex, i must apologize.  i spoke with Theymos about this issue and heres his response:

"It might choose a combination of smaller amounts. It doesn't always choose a larger amount.
Usually it will choose the closest match. The coin selection algorithm tries to reduce the amount of change, though the algorithm isn't perfect."

my bad...
member
Activity: 224
Merit: 10
June 16, 2011, 02:20:48 PM
#71
HOWTO TEST IT without going online: after bitcoin has download ALL the blocks on your main work computer, copy the whole bitcoin directory data onto a usb stick. Boot into the live CD again. Copy files and put into ".bitcoin" folder. Copy backed up wallet there too. Unplug internet and run bitcoin. All transactions should show up. Some computers may not have enough ram but you could run bitcoin with -datadir being the usb location.
member
Activity: 79
Merit: 10
Everyone Is A Bank
June 16, 2011, 01:47:04 PM
#70
Thanks for the information. This seems like a much easier process than another post that I read about using encryption software and moving the .dat files back and forth between separate drives.
member
Activity: 70
Merit: 10
June 16, 2011, 12:19:31 PM
#69
you're on the right track Alex, but the client will search for larger amt addresses than the tx itself, ie, it won't combine 2 addresses of lesser amts.

So if Alex's example were instead:

10 BTC
15 BTC
19 BTC
25,000 BTC

The client would then use the 25,000 BTC for a 20 BTC send transaction?  Or is there a tad more to the selection algorithm than simply "use smallest account that's bigger first, then aggregate smaller if none bigger"?  I don't especially like the idea of the 25k being forked by default for every send over 19 BTC in the above example.  That would (presumably) require traversing many different transactions on the block explorer to figure out the current address owning the remaining bulk of the 25k. Although I guess there are plenty of ways around that - e.g. keeping another moderately-sized account, or keeping the 25k in a separate wallet.  And perhaps it's moot, if one does not care about micro-managing or tracking exactly which address owns what amount.
jr. member
Activity: 134
Merit: 1
June 16, 2011, 09:26:26 AM
#68
when u boot from a live cd, how is it that you can install a copy of Bitcoin with a new wallet that doesn't touch RAM?  if it does, isn't that an opportunity for a trojan to detect your wallet?

Well of course it touches RAM, but the point is, that your liveCD is clean like a virgin, so there shouldn't be any chance for a trojan to interfere with your system.


Really? One needs to download and install a separate OS to have a safe wallet?
That is going to turn those people down who don't know about computers
I would have thought that the bitcoin community had come up with an easier alternative,
let alone making it safe to use bitcoins by default.
Well, I guess I just have to download Ubuntu, I hope thought that there will be more simple alternatives in the future.

Sure, there are simpler alternatives. See the wiki (link in the article) for another secure setup. My aim was to obtain 100% security, which is in no way necessary for everybody.

And yes, if you're using Windows for serious business, you really shouldn't. But that holds true in general. Oh and, I didn't say "install", just boot a liveCD from an USB-stick, its quite fast.
newbie
Activity: 10
Merit: 0
June 16, 2011, 08:21:05 AM
#67
Really? One needs to download and install a separate OS to have a safe wallet?
That is going to turn those people down who don't know about computers
I would have thought that the bitcoin community had come up with an easier alternative,
let alone making it safe to use bitcoins by default.
Well, I guess I just have to download Ubuntu, I hope thought that there will be more simple alternatives in the future.

E: And thanks for writing the guide
legendary
Activity: 1764
Merit: 1002
June 16, 2011, 06:22:40 AM
#66
Can't the wallet.dat be encrypted already? (password when starting the bitcoin client...)

As has been said elsewhere, this wouldn't work, since the client has to somehow decrypt the file in order to use it. Decryption => a decrypted copy is stored in RAM => a clever program can find and copy it.

So this would be rather dangerous, since it would give users a false sense of security, prompting them to be even more careless. I know lots of users are whining right now and blaming the devs for not including encryption, but this is simply the truth of the matter.

when u boot from a live cd, how is it that you can install a copy of Bitcoin with a new wallet that doesn't touch RAM?  if it does, isn't that an opportunity for a trojan to detect your wallet?
legendary
Activity: 1764
Merit: 1002
June 16, 2011, 06:17:55 AM
#65
I read the wiki page https://en.bitcoin.it/wiki/Transactions but it's still not quite clear to me on why there's a change address or value.

Quoting the wiki: "If the input is worth 50 BTC but you only want to send 25 BTC, Bitcoin will create two outputs worth 25 BTC: one to the destination, and one back to you (known as "change", though you send it to yourself). Any input bitcoins not redeemed in an output is considered a transaction fee; whoever generates the block will get it."

0) Why does that happen (the change itself) if I'm sending the exact amount I want to send?
1) As I understand, the change address is created and saved in the wallet.dat file but doesn't show up in the User Interface (UI). So how do I claim my money?

0) because even if you want to send exactly 20 btc, your wallet may contain addresses which have the following balances:

10 btc
15 btc
19 btc
25 btc

So what does it choose? It might choose something like the 10 and the 15, combine them together to send 25, sending 20 to your destination, and 5 back to a change address.

Then you'd have the following in your wallet:

19 btc
25 btc
5 btc (residing in the new 'change' address)

1) it's automatically claimed and will show up in your balance.

you're on the right track Alex, but the client will search for larger amt addresses than the tx itself, ie, it won't combine 2 addresses of lesser amts.

Ah okay, so from my example, let's just say they didn't have a 25 btc address in their wallet, then it would have to combine two smaller ones.


yes, thats correct, it would have to.
full member
Activity: 154
Merit: 100
June 16, 2011, 06:13:43 AM
#64
I read the wiki page https://en.bitcoin.it/wiki/Transactions but it's still not quite clear to me on why there's a change address or value.

Quoting the wiki: "If the input is worth 50 BTC but you only want to send 25 BTC, Bitcoin will create two outputs worth 25 BTC: one to the destination, and one back to you (known as "change", though you send it to yourself). Any input bitcoins not redeemed in an output is considered a transaction fee; whoever generates the block will get it."

0) Why does that happen (the change itself) if I'm sending the exact amount I want to send?
1) As I understand, the change address is created and saved in the wallet.dat file but doesn't show up in the User Interface (UI). So how do I claim my money?

0) because even if you want to send exactly 20 btc, your wallet may contain addresses which have the following balances:

10 btc
15 btc
19 btc
25 btc

So what does it choose? It might choose something like the 10 and the 15, combine them together to send 25, sending 20 to your destination, and 5 back to a change address.

Then you'd have the following in your wallet:

19 btc
25 btc
5 btc (residing in the new 'change' address)

1) it's automatically claimed and will show up in your balance.

you're on the right track Alex, but the client will search for larger amt addresses than the tx itself, ie, it won't combine 2 addresses of lesser amts.

Ah okay, so from my example, let's just say they didn't have a 25 btc address in their wallet, then it would have to combine two smaller ones.
legendary
Activity: 1764
Merit: 1002
June 16, 2011, 06:09:45 AM
#63
I read the wiki page https://en.bitcoin.it/wiki/Transactions but it's still not quite clear to me on why there's a change address or value.

Quoting the wiki: "If the input is worth 50 BTC but you only want to send 25 BTC, Bitcoin will create two outputs worth 25 BTC: one to the destination, and one back to you (known as "change", though you send it to yourself). Any input bitcoins not redeemed in an output is considered a transaction fee; whoever generates the block will get it."

0) Why does that happen (the change itself) if I'm sending the exact amount I want to send?
1) As I understand, the change address is created and saved in the wallet.dat file but doesn't show up in the User Interface (UI). So how do I claim my money?

0) because even if you want to send exactly 20 btc, your wallet may contain addresses which have the following balances:

10 btc
15 btc
19 btc
25 btc

So what does it choose? It might choose something like the 10 and the 15, combine them together to send 25, sending 20 to your destination, and 5 back to a change address.

Then you'd have the following in your wallet:

19 btc
25 btc
5 btc (residing in the new 'change' address)

1) it's automatically claimed and will show up in your balance.

you're on the right track Alex, but the client will search for larger amt addresses than the tx itself, ie, it won't combine 2 addresses of lesser amts.
Jump to: