Topic: HOWTO: create a 100% secure wallet - page 96. (Read 276221 times)

wow, haha his choice of words... and understanding.. I like how he Rolls!!

question though, could a Virtual machine work just as well? and basically Totally lock down that virtual machine so nothing and Nothing can access that information unless you boot it up?
i feel like this would be possible too, yes a usb idea is much greater but if you just move the Virtual machine over to a flash drive Disconnect from the internet or something on a different computer and access it that way? i could be just making up some dumb crap but hell, might as well put some effort into getting out of the newbiee SECTION..

This is incorrect.  There are plenty of tools available for editing another programs RAM.  This is how many of the public video game hacks work.

Please people stop thanking the author and please stick to the discussion topic! The guide is really good, but a year old already and you make this thread crazy long because of all the thanks bumping But back to what I want to say:
Am I the only one who thinks the official bitcoin wiki is not very easy to understand? It is unfortunatelly just for technical savvy people. For example https://en.bitcoin.it/wiki/Securing_your_wallet#Making_a_new_wallet does not say a word about how to do it thus people need to repeatedly ask for it here
After reading about 15 pages of this thread I admit I have just a vague idea about what the wallet.dat actually is and what it contains. If you would like to find out, you don't even find this in the FAQ directory. You have to search for it. But I found it, so now I have some idea finally and I hope some people will find this usefull too
https://en.bitcoin.it/wiki/Wallet

It really sucks that there is this much involvement with security for wallet.dat.  I was naive enough at one point in thinking I was safe because I was using a mac. 

Thanks, that helped!

Thanks a lot for these instructions!

WOW this helped allot. I was jsut saving my wallet to two different places for security.

As someone who read Tanenbaum (the bible on operating systems) in university I will divulge some knowledge (correct or not) to the satisfaction of my own ego and maybe your paranoia:

1. "Windows is unsafe":
Yes, but there are very real limits to what viruses can do hardcoded into every OS.

Without this they would instantly crash from (even friendly) programs interfering with each other.

2. Wallets stolen from RAM:
You CAN'T do this even if the computer is running nothing BUT bitcoin and malware:

Every program has a ram space, other programs can't touch it.

This means that even assuming data stayed alive in RAM a while (I never heard of such):

The virus would need to allocate almost ALL the computers RAM to itself in order to even get access the residue after the bitcoin client closed THEN it would have to search it.

This would slow the PC to a crawl and be VERY obvious.

3. Secure Wallet creation:
An unlocked wallet with all its default keys could very conceivably be stolen at anytime or at least as soon as the BTC client marked the file "not-in-use".

However if you lock your wallet, restart the BTC client and THEN create the secure keys you want, it should be safe even with malware around.

I mean scan your computer and such, but you should be safe unless the BTC client is VERY badly programmed.

No live usb/cd really needed.

4. The hacker:
Hackers are humans, not gods AND they need to eat at some point.

They have no reason to write code infiltrating the OS drivers themselves, live cds or debugging RAM residue, even if possible, if even 0.1% of people leave their wallet unlocked and easy to steal.

Or when they can hack Mt. Gox, others or set up a scam BTC site.

If they are advanced they may steal encrypted wallets too and bruteforce passwords up to some low strength IF the file is encrypted in a way their automated decrypter script expects - IE standard wallet encryption MAYBE zip/rar.



If you encrypt your wallet with its non-default keys, with good passes and then also put that in an encrypted archive (zip/rar/other), which you store everywhere while writing down the two passes, you have little to fear.

If you like to install toolbars and video players from random porn- and media-sites do not attempt to use BTC at all please - live cd or no.

I believe that there is a linux distro called Linuxcoin. Also, would puppy os work instead of Ubuntu?

i use encryption on my wallet and back up to dropbox. just paranoia really, there's so little in there at any one time that i shouldn't worry! 

i think the risks of the diying the USB stick or cd become scratched are the same is became hacked... As for me I have 4 faulty USB sticks last year. I think that's not good enough for the wallet purposes. As for me I keep my wallet unsecured onto the secured with SHA256 drive. This virtual drive is presented as a file on the physical disk. Most drive crypting software could do that, for example BestCrypt could, so I use it for years before, it bugless. Next you must do some regular backup procedures or upload crypted virtual drive container onto your google account - that's all. So you dont need to reebot, you dont need another PC... and so on. Meybe that's better heh?

Thanks for the guide. I now have a nice secure wallet.

passphrase has been used

Cool, thanks for the tut, I've been using the encrypt wallet function in the BitCoin client, i'll try this too more security the better..

Thanks for information.  Insightful.

nice guide. Bitcoins have all kinds of safe properties, but us puny humans are still the weakest link it seems.

I downloaded the bitcoin software to an old computer that I don't have anymore...does that mean those bitcoins are gone?

Very nice, aiwk171.

Does anyone have any thoughts on saving the wallet.dat (and some instructions) to the bootable Ubuntu flash drive...wouldn't that make it easier if you die (or otherwise had to suddenly rely on someone else)?

It also strikes me as cleaner that way.

Just wanted to say "Thank you" for taking the time to make this.
As you've pointed out, it's no means 100% but every bit helps.

I'm going to implement this type of system.

Yeah...

https://tails.boum.org/

Other features of TAILS include wiping RAM on exit to ensure nothing survives.
TAILS funnels all traffic through TOR, while a standard install of TOR only funnels a couple of ports (80 for one).

Another strong option for a secure OS is Fortress linux.

http://www.fortresslinux.org/

Runs Openbox Desktop Manager, for safe surfing they have an in house designed web browser. There is a free version but all features listed are available to customers who purchase a packaged supported version. The free version has some of the features listed.