Offline electrum install with a watch-wallet on your online machine. Full access to your financial info while at the same time keeping them physically secure.
As for online wallets, I don't use them, but I will eventually have funds on Kraken when the price starts going up. They allow the use of Yubikey (physical token required to log in), so are likely more secure than my hot multibit wallet.
Topic: massive cold storage of bitcoins? - page 2. (Read 3310 times)
Wow!
All those coins were returned to the rightful owner:
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/cihxnwj
But that was a great lesson
Edit: It's absolutely required to use external entropy to generate truly random data, like bitaddress and other do.
All those coins were returned to the rightful owner:
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/cihxnwj
But that was a great lesson
Edit: It's absolutely required to use external entropy to generate truly random data, like bitaddress and other do.
WOW! Top man!
Wow!
All those coins were returned to the rightful owner:
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/cihxnwj
But that was a great lesson
Edit: It's absolutely required to use external entropy to generate truly random data, like bitaddress and other do.
All those coins were returned to the rightful owner:
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/cihxnwj
But that was a great lesson
Edit: It's absolutely required to use external entropy to generate truly random data, like bitaddress and other do.
tl;dr -> Dont fucking use brainwallet.org.
Furthermore, BobAlison nailed the reasoning.
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/cihsovm
Furthermore, BobAlison nailed the reasoning.
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/cihsovm
Quote
It looks like brainwallet.org still uses JavaScript's Math.random, which is known to be cryptographically insecure:
http://stackoverflow.com/questions/5651789/is-math-random-cryptographically-secure[1]
See the randomBytes function in http://brainwallet.org/js/bitcoinjs-min.js[2] - reformatting a little:
randomBytes: function (e) {
for (var t=[]; e>0; e--) {
t.push(Math.floor(Math.random() * 256));
return t;
}
}
It's up to the browser to decide how to implement Math.random. So it could be helpful to know the browser you used should someone want to follow up forensically.
This should be a wakeup call to anyone who relies on private keys generated though brainwallet.org or an insecure random number generator.
That said, how did you store your private keys? There are many ways they can fall into the wrong hands, both electronically and physically. Also, it's possible to leak information when spending. Did you by any chance spend from one or more wallets made the same way?
http://stackoverflow.com/questions/5651789/is-math-random-cryptographically-secure[1]
See the randomBytes function in http://brainwallet.org/js/bitcoinjs-min.js[2] - reformatting a little:
randomBytes: function (e) {
for (var t=[]; e>0; e--) {
t.push(Math.floor(Math.random() * 256));
return t;
}
}
It's up to the browser to decide how to implement Math.random. So it could be helpful to know the browser you used should someone want to follow up forensically.
This should be a wakeup call to anyone who relies on private keys generated though brainwallet.org or an insecure random number generator.
That said, how did you store your private keys? There are many ways they can fall into the wrong hands, both electronically and physically. Also, it's possible to leak information when spending. Did you by any chance spend from one or more wallets made the same way?
Sorry for off topic, but is there a definitive cold storage tutorial somewhere?
https://www.youtube.com/watch?v=I1uefzJJ6nM
he uses bitaddress.org (not sure if you are willing to take the risk)
or do what uhoh and cubic earth said above (offline storage)
https://www.youtube.com/watch?v=K0cGvUFBNEQ
this guy is very good, watch the entire video, he does ubuntu etc (takes more time, but is much more secure)
When I attempted my first cold storage I was not aware that all the balance on the address must be spent even if the slightest amount from that address is transferred to some other address. This nearly costed me all my bitcoins because I was about to delete the wallet immediately after testing if the cold storage address really works (by sending 0.0001). You can definitely shoot yourself in the leg when messing around with cold storages.
Sorry for off topic, but is there a definitive cold storage tutorial somewhere?
This one is quite good for armory if you have a dedicated offline machine.
http://www.youtube.com/watch?v=PGvrai3JxxI
Sorry for off topic, but is there a definitive cold storage tutorial somewhere?
Is bitaddress.org safe though??
Personally, I don't consider any mainstream computer-implemented random number generators to be secure. That includes bitaddress.org's built in entropy source. My solution is to mix in my own entropy, at about 10% - 15%. What does that look like in practice? I accept the private keys that are supposedly randomly generated, make a few of my own 'random' modifications, swapping out 5 - 10 characters, and then turn that new private key into an address.
And, it can help to double or triple check the address derivation was carried out correctly. Feel free to import your custom private key into different pieces of software and make sure they all give the same result.
There's another post on reddit today of someone who had 35 BTC stolen from "secure" wallets.
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/
Certainly it seems like this guy knew what he was doing, but still somehow managed to get his BTC stolen....
I myself have taken all my bitcoins off of coinbase except for small amount. Except for a few donations, I haven't spent any this year.
I'm wondering, if investors put most of their bitcoins in cold storage (and subsequently, not use them for currency), what will be the result?
On one hand, they become more rare and they are held more tightly, which would seem to make them more valuable. On the other hand, they won't be used very much, which might mean they don't have as much value.
I'm not sure what to conclude. There are a lot of very smart people here and I'd love to hear your thoughts on this.
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/
Certainly it seems like this guy knew what he was doing, but still somehow managed to get his BTC stolen....
I myself have taken all my bitcoins off of coinbase except for small amount. Except for a few donations, I haven't spent any this year.
I'm wondering, if investors put most of their bitcoins in cold storage (and subsequently, not use them for currency), what will be the result?
On one hand, they become more rare and they are held more tightly, which would seem to make them more valuable. On the other hand, they won't be used very much, which might mean they don't have as much value.
I'm not sure what to conclude. There are a lot of very smart people here and I'd love to hear your thoughts on this.
Definitely wasn't secure, just another good reminder not to use untrusted sites with rubbish entropy to generate wallets. Sad though, I feel for the guy. Armory Armory Armory...
Is bitaddress.org safe though??
bitaddress.org is properly implemented. Still wouldn't personally trust 35BTC to it though unless it was generated offline.
There's another post on reddit today of someone who had 35 BTC stolen from "secure" wallets.
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/
Certainly it seems like this guy knew what he was doing, but still somehow managed to get his BTC stolen....
I myself have taken all my bitcoins off of coinbase except for small amount. Except for a few donations, I haven't spent any this year.
I'm wondering, if investors put most of their bitcoins in cold storage (and subsequently, not use them for currency), what will be the result?
On one hand, they become more rare and they are held more tightly, which would seem to make them more valuable. On the other hand, they won't be used very much, which might mean they don't have as much value.
I'm not sure what to conclude. There are a lot of very smart people here and I'd love to hear your thoughts on this.
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/
Certainly it seems like this guy knew what he was doing, but still somehow managed to get his BTC stolen....
I myself have taken all my bitcoins off of coinbase except for small amount. Except for a few donations, I haven't spent any this year.
I'm wondering, if investors put most of their bitcoins in cold storage (and subsequently, not use them for currency), what will be the result?
On one hand, they become more rare and they are held more tightly, which would seem to make them more valuable. On the other hand, they won't be used very much, which might mean they don't have as much value.
I'm not sure what to conclude. There are a lot of very smart people here and I'd love to hear your thoughts on this.
Definitely wasn't secure, just another good reminder not to use untrusted sites with rubbish entropy to generate wallets. Sad though, I feel for the guy. Armory Armory Armory...
That is biggest problem of BitCoin, people don't look at it as a money to use it, but as a treasury to keep for rainy days.
Money do work as a store of value. Fiat doesn't.
That is biggest problem of BitCoin, people don't look at it as a money to use it, but as a treasury to keep for rainy days.
Not all do, but many indeed. You know why? Because the price is still this speculative and the Bitcoin has a great potential: I think most of the users at these forums keep some of their BTC for the future, "just in case" it becomes worth much more. And they're right.
I also use it the same way. I've got a part of my BTC at cold wallets, which I keep for the future. I've got another part to trade a bit with, for example to trade with altcoins and hope for some profit by doing that (not really successfull the lasts weeks, but I really was earlier) and i've got a small part which I USE. With this part I buy things. I buy things from webshops which allow you to pay with Bitcoin, and I buy stuff on this forum. For example Steam codes, that works really well and fast
. 
That is biggest problem of BitCoin, people don't look at it as a money to use it, but as a treasury to keep for rainy days.
There's another post on reddit today of someone who had 35 BTC stolen from "secure" wallets.
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/
Certainly it seems like this guy knew what he was doing, but still somehow managed to get his BTC stolen....
I myself have taken all my bitcoins off of coinbase except for small amount. Except for a few donations, I haven't spent any this year.
I'm wondering, if investors put most of their bitcoins in cold storage (and subsequently, not use them for currency), what will be the result?
On one hand, they become more rare and they are held more tightly, which would seem to make them more valuable. On the other hand, they won't be used very much, which might mean they don't have as much value.
I'm not sure what to conclude. There are a lot of very smart people here and I'd love to hear your thoughts on this.
http://www.reddit.com/r/Bitcoin/comments/295las/35_of_my_btc_gone_pc_not_compromised/
Certainly it seems like this guy knew what he was doing, but still somehow managed to get his BTC stolen....
I myself have taken all my bitcoins off of coinbase except for small amount. Except for a few donations, I haven't spent any this year.
I'm wondering, if investors put most of their bitcoins in cold storage (and subsequently, not use them for currency), what will be the result?
On one hand, they become more rare and they are held more tightly, which would seem to make them more valuable. On the other hand, they won't be used very much, which might mean they don't have as much value.
I'm not sure what to conclude. There are a lot of very smart people here and I'd love to hear your thoughts on this.
Jump to: