Topic: HOWTO: create a 100% secure wallet - page 87. (Read 276221 times)
good how-to and discussion, thanks.
i didn't bother to read EVERY thread on here, but a thing to beware of with linux USB / live CDs: if your encryption requires high-quality random numbers, you might not want to generate random keys after booting from a USB boot / live CD; apparently that's not a good choice because the environment is more predictable. Anyone out there ever even take advantage of this flaw? I sure haven't; I've only had wikipedia entertain me with these thoughts 
Honestly, it surely doesn't matter, but for those that love being paranoid: beware of generating keys after freshly booting from a live CD / USB.
As for creating a "100% secure wallet", I don't think it's possible to quantify or measure the % of security that a wallet is under. Keep in mind that your wallet isn't exactly secure if even YOU lose access to it! (It's no longer secure--it is useless!)
Honestly, it surely doesn't matter, but for those that love being paranoid: beware of generating keys after freshly booting from a live CD / USB.
As for creating a "100% secure wallet", I don't think it's possible to quantify or measure the % of security that a wallet is under. Keep in mind that your wallet isn't exactly secure if even YOU lose access to it! (It's no longer secure--it is useless!)
http://en.wikipedia.org/wiki/RdRand
it's in my new cpu on the laptop but I don't know if it needs a kernel driver or not. Maybe anything using aes-ni can use it as an entropy source no kernel support needed.
i didn't bother to read EVERY thread on here, but a thing to beware of with linux USB / live CDs: if your encryption requires high-quality random numbers, you might not want to generate random keys after booting from a USB boot / live CD; apparently that's not a good choice because the environment is more predictable. Anyone out there ever even take advantage of this flaw? I sure haven't; I've only had wikipedia entertain me with these thoughts
Honestly, it surely doesn't matter, but for those that love being paranoid: beware of generating keys after freshly booting from a live CD / USB.
As for creating a "100% secure wallet", I don't think it's possible to quantify or measure the % of security that a wallet is under. Keep in mind that your wallet isn't exactly secure if even YOU lose access to it! (It's no longer secure--it is useless!)
Honestly, it surely doesn't matter, but for those that love being paranoid: beware of generating keys after freshly booting from a live CD / USB.
As for creating a "100% secure wallet", I don't think it's possible to quantify or measure the % of security that a wallet is under. Keep in mind that your wallet isn't exactly secure if even YOU lose access to it! (It's no longer secure--it is useless!)
A linux distro that has everything you need probably can't come quick enough.
The distributor of that distro needs to enjoy enormous trust.
I trust a vanilla ubuntu live cd a ton lot more to contain no wallet stealer than a special "for your secure bitcoin savings" distro.
I am quite fond of TAILS but of course a Live CD can't store data like your wallet and private GPG key - it is possible though to use the built in disk utility to encrypt a USB stick which can contain such information.
V.
I'd like to second the use of tails as a live cd. It's backed by debian's massive repository if you absolutely need some program while setting up your secure wallet.
really a great tutorial, thanks mate.
Thanks for this tut, I'm sure you've helped a countless number of people with it!
ARMORY looks like a good choice of software for secure wallet
Thanks, tried it out and it worked
Thanks for the great guide.
...
2. Wallets stolen from RAM:
You CAN'T do this even if the computer is running nothing BUT bitcoin and malware:
Every program has a ram space, other programs can't touch it.
This means that even assuming data stayed alive in RAM a while (I never heard of such):
The virus would need to allocate almost ALL the computers RAM to itself in order to even get access the residue after the bitcoin client closed THEN it would have to search it.
This would slow the PC to a crawl and be VERY obvious.
...
2. Wallets stolen from RAM:
You CAN'T do this even if the computer is running nothing BUT bitcoin and malware:
Every program has a ram space, other programs can't touch it.
This means that even assuming data stayed alive in RAM a while (I never heard of such):
The virus would need to allocate almost ALL the computers RAM to itself in order to even get access the residue after the bitcoin client closed THEN it would have to search it.
This would slow the PC to a crawl and be VERY obvious.
...
This is NOT true. Programs can read and write to RAM not owned by them. Nice programs don't do it, but programs can do this. You need to know something about the data you are looking for, it won't be nicely labeled 'secret_key:', but it is not impossible to find and extract. I have done this (with other programs, not bitcoin) on both windows xp and 7.
that was very helpfull thank yo u
I got a 2gb micro sd card salvaged from my old smart phone. I knew it was going to come in handy!
just don't make it the only place to put your encrypted wallet.dat
i think just keeping Anti-Virus up to date, will save my bitcoins from 12 years old lame hackers. There is no need to be paranoid about wallet, if here isn't really BIG amount of BTC
good read. Thanks for the sticky
Secured my wallet, thanks.
Already did that to secure my whopping 11BTC
Really great tutorial, by the way!
Really great tutorial, by the way!
I got a 2gb micro sd card salvaged from my old smart phone. I knew it was going to come in handy!
Sound advice, im going to work on this myself
What it sounds like is can make this wallet file; save it on an SD card. Lock it up in my closet. Then deposit coins to the address associated with the wallet.dat file with out having to take it out of its 'spot' UNLESS i want to pull coins out of my savings? If so this is awesome! I'm looking forward to setting this up. Thanks for the post!
Correct. Although keep in mind what I wrote above about encrypting the wallet file (even if it's stored on a USB drive or SD card) and remote backups.
Thanks for this, very informative
Jump to: