HOWTO: create a 100% secure wallet - page 126.

aiwk171

jr. member

Activity: 134

Merit: 1

Quote from: bitlotto on June 15, 2011, 08:25:28 AM

Careful what version of Bitcoin you use! Some versions will display multiple addresses but the private keys won't be made till you do a transaction and have it open for a while!!! Someone did something similar, where they sent some to the first address as a test then saw it worked then send the rest to the second address. Deleted everything only to go back and see that he lost his BTC!!

I did not know that. Are you sure, it's not just one of the occasions where --rescan would have done the trick? What version was it?

Quote from: Alex Beckenham on June 15, 2011, 08:39:27 AM

I've put this article up (with your donation address intact) at http://bitcoinsecurity.com.

Wow. My sincere thanks. I'll PM you in case I make any relevant additions to the text. Glad that you took out the emoticions, they look dumb in plain text

Also, feel free to delete the address mentioned at the bottom, that way it won't come across quite as desperately

And you may want to delete the mention about "comments"

Alex Beckenham

full member

Activity: 154

Merit: 100

I've put this article up (with your donation address intact) at http://bitcoinsecurity.com.

Let me know if there are any issues with it.

Also, I've sent 0.20 to your donation address.

bitlotto

hero member

Activity: 672

Merit: 500

BitLotto - best odds + best payouts + cheat-proof

Careful what version of Bitcoin you use! Some versions will display multiple addresses but the private keys won't be made till you do a transaction and have it open for a while!!! Someone did something similar, where they sent some to the first address as a test then saw it worked then send the rest to the second address. Deleted everything only to go back and see that he lost his BTC!!

edit: Ignore. Apparently the user only had one address showing. Backed it up. Then created the newer addresses assuming it would use some of the 100 pre generated addresses. There was an older copy that would not create those 100 addresses however. Sorry for the confusion.

aiwk171

jr. member

Activity: 134

Merit: 1

Quote from: MBH on June 15, 2011, 08:15:19 AM

If you prefer to not encrypt the files to avoid remembering passwords, you won't be secure, unless you make a physical backup of the media holding your money and then put that backup in a vault (at your house or in a bank).

Actually, you could do a weekly trip to the bank and put your wallet.dat on a memory stick in a safety box. Assuming that you have that many BTCs to protect.

NO!! Encryption is not some magic thingamajawb that protects you from all evil.

Let me clarify: A _backup_ is of absolutely NO USE. So your weekly trip doesn't accomplish anything if the very same file has been on your main operating system. This is a dangerous fallacy, hence my analogy with "keys" instead of "wallets".

Again: that would be like making a copy of your safe-key every week and putting that in the vault.

It has to be a new, untainted address, in conjunction with the wallet.dat that you deposit. Actually, this is way more convenient, since you don't have to access your bank vault at all. You just deposit/sent the coins into the right addresses.

aiwk171

jr. member

Activity: 134

Merit: 1

Quote from: vegard on June 15, 2011, 08:05:16 AM

For the same reasons that you made this post, I just created a small program that generates bitcoin addresses and saves the keypair as an encrypted wallet file. It's basically a tool for the overly paranoid, since it doesn't create any unencrypted intermediate files and doesn't require the full bitcoin client just to generate an address. It also generates just 1 address, so it's impossible for somebody to steal your keys from an "old backup".

https://github.com/vegard/mkbtcaddr

Great, you rock. Nice to see some progress by the community. If encryption is what you prefer, these kind of tools are perfect. Want to bundle it into a liveCD? In my experience, it's quite trivial to do.

Quote from: ?? on ??

encryption is good but i thin k you have to increase all of them

Wat

MBH

newbie

Activity: 51

Merit: 0

If you prefer to not encrypt the files to avoid remembering passwords, you won't be secure, unless you make a physical backup of the media holding your money and then put that backup in a vault (at your house or in a bank).

Actually, you could do a weekly trip to the bank and put your wallet.dat on a memory stick in a safety box. Assuming that you have that many BTCs to protect.

vegard

newbie

Activity: 2

Merit: 0

Hi,

For the same reasons that you made this post, I just created a small program that generates bitcoin addresses and saves the keypair as an encrypted wallet file. It's basically a tool for the overly paranoid, since it doesn't create any unencrypted intermediate files and doesn't require the full bitcoin client just to generate an address. It also generates just 1 address, so it's impossible for somebody to steal your keys from an "old backup".

https://github.com/vegard/mkbtcaddr

Disclaimer: There is no warranty, etc., and I am not responsible if something goes wrong, etc.

I've tested it myself and it worked for me, but please scrutinise the source code before using it.

Vegard

aiwk171

jr. member

Activity: 134

Merit: 1

+1, I got it now. AES is actually secure enough, that it'll be safe forever provided mathematics don't completely vanish and the laws of physics still apply (and your key-length is sufficient).

Still, I prefer not to encrypt the file, since the passphrases either have to be written down or remembered, both of which aren't exactly ideal (Think brain hemorrhage, which I definitely plan to get one of these days).

Also, newbs can barely handle Ubuntu.

MBH

newbie

Activity: 51

Merit: 0

Put DSL on a USB drive to boot it. Make a partition on it (or a file) and encrypt it, then place your dat file there.

If you went with an encrypted file as a partition (mounted as a loop device), then you can back it up to JungleDisk.com, which also uses encryption (AES).

So, your dat file is encrypted and is backed up and encrypted on their servers as well.

If DSL isn't maintained? Use another light weight distro. Your file can be moved wherever you want.

TimoWillemsen

newbie

Activity: 15

Merit: 0

Quote from: aiwk171 on June 15, 2011, 07:45:35 AM

Quote from: TimoWillemsen on June 15, 2011, 07:41:59 AM

Allright. Well if you don't trust the client from bitcoin.org or the ubuntu live CD, they are both open source, so you are able to compile it yourself.

Yes, and I also suggest, you read through the whole source-code that constitutes the entire Ubuntu distribution, just to make extra-sure

Well that's not really true obviously. But it is possible to see changes in the sourcecode.

aiwk171

jr. member

Activity: 134

Merit: 1

Quote from: TimoWillemsen on June 15, 2011, 07:41:59 AM

Allright. Well if you don't trust the client from bitcoin.org or the ubuntu live CD, they are both open source, so you are able to compile it yourself.

Yes, and I also suggest, you read through the whole source-code that constitutes the entire Ubuntu distribution, just to make extra-sure

MBH: The whole point is to backup the entire disk, no? In that case, you still have to move your wallet.dat between the old CD and the new one. Besides, who guarantees that DSL will still be maintained a few years from now.

But if the encryption part was just meant for your wallet.dat, then yes, that's what I suggested. Just make sure, you use an encryption that will still be secure in a few years, otherwise, I'll steal it now (from your lame-ass cloud provider in case you use dropbox), keep it and decrypt it in 2018 with my quadruple ATI-over9000. Just a possible scenario. I prefer the more minimalistic physical security.

MBH

newbie

Activity: 51

Merit: 0

DSL boots into a GUI. I don't see where the problem is for newbies.

As for the future, DSL maintains the latest kernel so new hardware would work.

aiwk171

jr. member

Activity: 134

Merit: 1

Quote from: MBH on June 15, 2011, 07:39:01 AM

0) Damn Small Linux is 50MB in size, install it somewhere and install bitcoin on it.
1) Encrypt the disk/file.
2) Use a Cloud-based service like JungleDisk.com to backup your wallet/distro. It costs $5/month & the first 5GB is free.

Good idea, although DSLinux can be tedious for beginners. But I like the elegance of your solution.

One potential problem: If we think long-term, DSLinux-version.today might not necessarily be able to boot on modern hardware in a few years.

TimoWillemsen

newbie

Activity: 15

Merit: 0

Allright. Well if you don't trust the client from bitcoin.org or the ubuntu live CD, they are both open source, so you are able to compile it yourself.

It's a shame the bitcoin.org client download link doesn't have a checksum...

aiwk171

jr. member

Activity: 134

Merit: 1

Quote from: TimoWillemsen on June 15, 2011, 07:36:36 AM

Thanks for this. It seems like a good idea. I'm wondering something though. Currently I just have my wallet on my computer. Lets say someone has access to my computer, can they just copy it to an USB stick, and open it at home to do transactions with it?

Obamaface: yes, they can

MBH

newbie

Activity: 51

Merit: 0

0) Damn Small Linux is 50MB in size, install it somewhere and install bitcoin on it.
1) Encrypt the disk/file.
2) Use a Cloud-based service like JungleDisk.com to backup your wallet/distro. It costs $5/month & the first 5GB is free.

aiwk171

jr. member

Activity: 134

Merit: 1

Yes, both of you have a point I thought about as well: You still have to use the bitcoin client downloaded from the official site, sou you have to trust that thing unconditionally. And yes, you have to trust the liveCD

Of course, someone could trick you into downloading the wrong software (DNS redirect?). But there's a point where a certain level of paranoia is kind of exaggerated. You could of course always write your own client

I think it makes sense to trust both the Ubuntu LiveCD as well as the client from bitcoin.org for now.

TimoWillemsen

newbie

Activity: 15

Merit: 0

Thanks for this. It seems like a good idea. I'm wondering something though. Currently I just have my wallet on my computer. Lets say someone has access to my computer, can they just copy it to an USB stick, and open it at home to do transactions with it?

I'm still trying to figure out how it works, and I haven't done any transactions yet.

_ikke_

newbie

Activity: 2

Merit: 0

You would have to really trust the bitcoin specific live cd's because they could be comprimised already.

myrm

newbie

Activity: 9

Merit: 0

A linux distro that has everything you need probably can't come quick enough. It would be nice if it were tiny and was basically a wizard that walked users through all the steps required to secure their wallets. If I had the time I'd get right on it.

Would it still be 100% secure? What's the current state of malware residing in places like the BIOS? I know it was what all the cool kids did once upon a time. I think the fact that machines started booting OSs that had security as an afterthought running persistently from the same media killed some of it off. If BC take off in a big way would we see a return to those days?

Topic: HOWTO: create a 100% secure wallet - page 126. (Read 276225 times)