Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Author

Topic: Is this a safe practice? (Read 590 times)

pooya87
legendary
Activity: 3472
Merit: 10611
Is this a safe practice?
October 21, 2017, 11:56:32 PM
#9
Quote from: cellard on October 21, 2017, 09:23:02 AM
~
Would you still consider Trezor safe after this?

by "anything" i meant anything sensitive like your private keys. @ranochigo gave a good answer about this.

and if you want my opinion i personally prefer something that i can see/understand myself. open source code which i use to create my own setup. it is harder but i am a DIY guy.
heck my preferred method of generating a new private key is using a dice, physically rolling it on the floor, no computers involved Wink
ranochigo
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Re: Is this a safe practice?
October 21, 2017, 09:31:01 AM
#8
Quote from: cellard on October 21, 2017, 09:23:02 AM
Would you still consider Trezor safe after this?

https://www.reddit.com/r/Bitcoin/comments/6zgocf/psa_trezor_privacy_leak_trezor_windows_driver/

Looks like you would need to boot Trezor with Tails to avoid that.
Why not? The problem described in the link is at best, a privacy risk and nothing more. It does not allow a third party to touch your Bitcoins at all, I don't see a problem with the security.

Trezor or most hardware wallets were not designed for privacy. You need to run Tails or at least connect it through Tor or other proxies.
Quote from: cellard on October 21, 2017, 09:23:02 AM
Not to mention the fact that Trezor is a very recognizable device that doesn't allow for plausible deniability.
If you have a Trezor, it automatically means you have BTC. If you have an USB, there could be anything inside.

Also it's a single point of failure. You would need several Trezors.
I mean, it doesn't compromise security, does it? The only way for it to be stolen is to have physical access to it. Even then, there should be a way to secure it with a passphrase.
cellard
legendary
Activity: 1372
Merit: 1252
Re: Is this a safe practice?
October 21, 2017, 09:23:02 AM
#7
Quote from: pooya87 on October 19, 2017, 11:10:30 PM
Quote from: cellard on October 19, 2017, 11:01:38 AM
~ we admit that every computer that's connected to the internet is compromised,~
~ add the wallet.dat file when I need to transact. ~

i think you answered your own question here.
if we assume your computer is already compromised that means as soon as you "add" the wallet.dat file it will be stolen. you are just taking additional unnecessary steps!

things like hardware wallet (Trezor for instance) don't let anything leak to the outside world. they just sign your transactions for you.

if you are ok with taking additional tiring steps then do this:
- use your online full node to make an unsigned raw transaction
- disconnect internet and boot into a live linux from a DVD
- run your wallet client
- sign that transaction of step 1 with your private keys.
- shut down
- back to online OS, broadcast the now signed transaction.

some helps:
http://people.xiph.org/~greg/signdemo.txt
https://bitcoin.org/en/developer-examples#offline-signing

Would you still consider Trezor safe after this?

https://www.reddit.com/r/Bitcoin/comments/6zgocf/psa_trezor_privacy_leak_trezor_windows_driver/

Looks like you would need to boot Trezor with Tails to avoid that.

Not to mention the fact that Trezor is a very recognizable device that doesn't allow for plausible deniability.
If you have a Trezor, it automatically means you have BTC. If you have an USB, there could be anything inside.

Also it's a single point of failure. You would need several Trezors.
pooya87
legendary
Activity: 3472
Merit: 10611
Re: Is this a safe practice?
October 19, 2017, 11:10:30 PM
#6
Quote from: cellard on October 19, 2017, 11:01:38 AM
~ we admit that every computer that's connected to the internet is compromised,~
~ add the wallet.dat file when I need to transact. ~

i think you answered your own question here.
if we assume your computer is already compromised that means as soon as you "add" the wallet.dat file it will be stolen. you are just taking additional unnecessary steps!

things like hardware wallet (Trezor for instance) don't let anything leak to the outside world. they just sign your transactions for you.

if you are ok with taking additional tiring steps then do this:
- use your online full node to make an unsigned raw transaction
- disconnect internet and boot into a live linux from a DVD
- run your wallet client
- sign that transaction of step 1 with your private keys.
- shut down
- back to online OS, broadcast the now signed transaction.

some helps:
http://people.xiph.org/~greg/signdemo.txt
https://bitcoin.org/en/developer-examples#offline-signing
BattleZeo
member
Activity: 350
Merit: 10
Global loyalty & rewards
Re: Is this a safe practice?
October 19, 2017, 07:17:17 PM
#5
Quote from: HeRetiK on October 19, 2017, 12:20:22 PM
Leaving your wallet.dat even for just for a short time on an online machine could potentially expose it to malware, so you unfortunately gain very little additional security with this method. In reality you just expose yourself to the risk of accidentally deleting your wallet.dat indefinitely, assuming you don't have any additional backups around -- which you also should have, btw.

Depending on how many BTC you own you're better off looking into cold storage options such as paper wallets, Armory or a hardware wallet -- at least for your main stash, assuming you need a small amount of BTC for day-to-day transactions.
And tell me please, if I have had a purse with bitcoins for a long time, but I lost the password from it, is it possible to restore it somehow?
HeRetiK
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
Re: Is this a safe practice?
October 19, 2017, 12:20:22 PM
#4
Leaving your wallet.dat even for just for a short time on an online machine could potentially expose it to malware, so you unfortunately gain very little additional security with this method. In reality you just expose yourself to the risk of accidentally deleting your wallet.dat indefinitely, assuming you don't have any additional backups around -- which you also should have, btw.

Depending on how many BTC you own you're better off looking into cold storage options such as paper wallets, Armory or a hardware wallet -- at least for your main stash, assuming you need a small amount of BTC for day-to-day transactions.
truthstalker
full member
Activity: 136
Merit: 100
Re: Is this a safe practice?
October 19, 2017, 12:01:32 PM
#3
Always recommended when you are running a node is to keep your wallet separate to the node. You could either use a different wallet but the best solution would be to have a dedicated server to run a full node.
jackg
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
Re: Is this a safe practice?
October 19, 2017, 11:28:47 AM
#2
Quote from: cellard on October 19, 2017, 11:01:38 AM
Since I like running my own full node to transact, I need to keep my wallet.dat safe. The dilemma is, how can transacting within a full node be ever secure? If we admit that every computer that's connected to the internet is compromised, it is a hard task to keep it safe.

My idea is to keep my Bitcoin Core full node client synced, but only add the wallet.dat file when I need to transact. Once im done transacting, I would close Bitcoin Core, copy my wallet.dat into my USB, and then proceed to delete wallet.dat with a software such as Eraser (https://eraser.heidi.ie/)

This way there wouldn't be nothing to steal anymore, and the only moment you are exposed is during the transaction.

I was wondering if there is a device that would allow you to safely use your wallet.dat within your full node in an isolated way? Never used a Trezor but that's not what it does I think.

You could always use another piece of software for your wallet such as electrum.

I think your idea mat work but the point where your USB fails or you delete the file without checking it's copied first (like if you're in a rush) is where the problem would arise. If you want to use bitcoin core, then you could consider dual booting or using another computer and store the pruned version of your blockchain on there (which'll take up about ,10GB more but will offer you a much more secure system). Don't prune the blockchain from your full node though.
cellard
legendary
Activity: 1372
Merit: 1252
Re: Is this a safe practice?
October 19, 2017, 11:01:38 AM
#1
Since I like running my own full node to transact, I need to keep my wallet.dat safe. The dilemma is, how can transacting within a full node be ever secure? If we admit that every computer that's connected to the internet is compromised, it is a hard task to keep it safe.

My idea is to keep my Bitcoin Core full node client synced, but only add the wallet.dat file when I need to transact. Once im done transacting, I would close Bitcoin Core, copy my wallet.dat into my USB, and then proceed to delete wallet.dat with a software such as Eraser (https://eraser.heidi.ie/)

This way there wouldn't be nothing to steal anymore, and the only moment you are exposed is during the transaction.

I was wondering if there is a device that would allow you to safely use your wallet.dat within your full node in an isolated way? Never used a Trezor but that's not what it does I think.
Bitcoin Forum>Bitcoin>Bitcoin Technical Support
Jump to: