Author

Topic: Is my qt wallet .dat file secure? (Read 1526 times)

newbie
Activity: 13
Merit: 0
November 23, 2013, 05:20:44 AM
#17
This sounds like a very secure way of storing your .dat file. If you're even more cautious I'd keep the .dat file on a usb and everytime you go to access the wallet plug in the usb.
sr. member
Activity: 252
Merit: 250
November 23, 2013, 05:03:51 AM
#16
Guys, stop thinking of how to secure your wallet.. the most important part is remembering where  your wallet is few years later...

Unfortunately we are not in 2008. I don't think someone thats on bitcoin right now will forget his wallet.
Nonetheless there are some kinda paranoid advices like the 200 characters long password  Grin
sr. member
Activity: 294
Merit: 250
November 23, 2013, 04:55:55 AM
#15
Guys, stop thinking of how to secure your wallet.. the most important part is remembering where  your wallet is few years later...
full member
Activity: 182
Merit: 100
November 22, 2013, 06:33:37 PM
#14
I don't really see any reason to compress the file, I would just encrypt it with a very strong password.
full member
Activity: 186
Merit: 100
November 21, 2013, 06:43:34 PM
#13
To me its not about not getting access to the file.
I just wanna do every thing I can to make the file only usable for me.
sr. member
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
November 21, 2013, 02:43:14 PM
#12
why dropbox ? why not USB and CDs? if you are paranoid, you should stay away from dropbox.
It's probably better to have the backup copied over several location, including CDs, USB sticks, etc.
But having it on dropbox or any other cloud offer isn't a problem, as long as it's encrypted.

If your house burns, you'll be happy to have other backups.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
November 21, 2013, 02:37:47 PM
#11
why dropbox ? why not USB and CDs? if you are paranoid, you should stay away from dropbox.
full member
Activity: 186
Merit: 100
November 20, 2013, 03:14:01 PM
#10
but: all your layers of encryption are AES and AES is broken.
there is no practiacal attac but still, if beeing paranoid than do it right:
My way would be to use the built in encryption, and than encrypt it with true crypt using a cascade of all supportet algorithms. (after checking the whole code for backdoors...)

If you wanna go to that level of paranoia, I suggest that you wrap your wallet encrypted data within a bigger file, containing:
a header
a random number of random bytes
the encrypted wallet data
a random number of random bytes
a footer

In the header, you can put, for example, the offset to find the wallet data first byte.
And in the footer, for example, the wallet data size.

Of course, you can be even more imaginative...
Embed your encrypted data in a .wav file, using http://naudio.codeplex.com/ (open source) lib, for example, and rename the final file produced "white_noise.wav".  Grin



Nahh, that's just too much for me.
sr. member
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
November 20, 2013, 01:39:32 PM
#9
but: all your layers of encryption are AES and AES is broken.
there is no practiacal attac but still, if beeing paranoid than do it right:
My way would be to use the built in encryption, and than encrypt it with true crypt using a cascade of all supportet algorithms. (after checking the whole code for backdoors...)

If you wanna go to that level of paranoia, I suggest that you wrap your wallet encrypted data within a bigger file, containing:
a header
a random number of random bytes
the encrypted wallet data
a random number of random bytes
a footer

In the header, you can put, for example, the offset to find the wallet data first byte.
And in the footer, for example, the wallet data size.

Of course, you can be even more imaginative...
Embed your encrypted data in a .wav file, using http://naudio.codeplex.com/ (open source) lib, for example, and rename the final file produced "white_noise.wav".  Grin

member
Activity: 88
Merit: 10
November 20, 2013, 01:21:02 PM
#8
but: all your layers of encryption are AES and AES is broken.
there is no practiacal attac but still, if beeing paranoid than do it right:
My way would be to use the built in encryption, and than encrypt it with true crypt using a cascade of all supportet algorithms. (after checking the whole code for backdoors...)
full member
Activity: 186
Merit: 100
November 19, 2013, 05:03:43 PM
#7
or you can, you know... use the built in wallet encryption

I was actually doing this so the steps described above would be over the encrypted wallet backup file.
So there are 3 levels of encryption here. I guess I can call this safe enough.
full member
Activity: 186
Merit: 100
November 19, 2013, 04:54:29 PM
#6
or you can, you know... use the built in wallet encryption

I will research into this. Thanks a lot
legendary
Activity: 924
Merit: 1132
November 19, 2013, 04:43:36 PM
#5
Use the built in wallet encryption. 

When it prompts you for a password, type something more than 200 characters long which nobody else will *EVER* guess.  No quotes!  Use interesting and memorable juxtapositions that make no sense whatsoever.  Make up something fictitious and describe it verbosely in terms of three or four other fictitious things. 

DO NOT: use a password less than 60 characters long that you can remember.  If you can remember it, a cracker can hack it.

If your password is secure, you don't have to worry about storing that file anywhere, whether you change its name or not.
legendary
Activity: 2058
Merit: 1452
November 19, 2013, 04:33:06 PM
#4
or you can, you know... use the built in wallet encryption
full member
Activity: 186
Merit: 100
November 19, 2013, 03:50:48 PM
#3
Just rename the file not to hint about it being a BTC wallet (I know it's a dumb advice, but sometimes you just forget little details... Cheesy), and you're more than fine, in my opinion.
Double-check you can reverse the encryption process before uploading, too, just in case you mistyped anything...

You are right, that would be step 1. Will do
sr. member
Activity: 336
Merit: 250
Cuddling, censored, unicorn-shaped troll.
November 19, 2013, 03:46:32 PM
#2
Just rename the file not to hint about it being a BTC wallet (I know it's a dumb advice, but sometimes you just forget little details... Cheesy), and you're more than fine, in my opinion.
Double-check you can reverse the encryption process before uploading, too, just in case you mistyped anything...
full member
Activity: 186
Merit: 100
November 19, 2013, 03:35:56 PM
#1
I need some opinions on this.
The thing is that I wanna be able to store my .dat file in places like dropbox because I wanna a local hardware massive failure recovery plan.
This is what I am doing right now with my backup file (I am using Debian)

1) Get the file
2) Zip the file with password (zip --password MYSTRONGPASSWORD bck.zip bck.dat)
3) Take the zipped file and encrypt it with Openssl enc (openssl enc -in bck.zip -aes-256-cbc -e > bck.zip.enc)

I am using two different strong passwords in steps 2 and 3.

So, would you call this safe so as to upload it to a place that might be compromised?

Thanks in advance!
Jump to: