Author

Topic: Noob question about e-wallet security (Read 1282 times)

vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
July 14, 2012, 08:22:41 PM
#16
Quote
#4 should be qualified to point out that if someone gets a copy of the private keys on the paper wallet, they can steal the coins.

Because the address can be derived via the private key as demo'd on the bitaddress.org website?



Because using the private key, that's how you spend the funds... (and yes, the address can be derived from the private key)
newbie
Activity: 19
Merit: 0
July 14, 2012, 06:43:11 PM
#15
Quote
#4 should be qualified to point out that if someone gets a copy of the private keys on the paper wallet, they can steal the coins.

Because the address can be derived via the private key as demo'd on the bitaddress.org website?

vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
July 14, 2012, 06:32:27 PM
#14
Ok, this has created more questions:
1) Bitcoins exist in reference to a specific address?
2) Wallets are merely a collection of address(es)?
3) A page of addresses printed from bitaddress.org is a paper version of a wallet?
4) This paper wallet exists independently of any other wallet and is hack/theft proof, unless someone steals the paper?
5) Is a casascius coin essentially a physical wallet?

All statements are true.  #4 should be qualified to point out that if someone gets a copy of the private keys on the paper wallet, they can steal the coins.  Potential vectors for theft include malware on the computer used to print them.  There is no malware risk on Casascius Coins as I used a freshly formatted computer to produce all of the keys, and then repeatedly overwrote all sectors on the hard drive, and that computer had no network access at any step of the way.
newbie
Activity: 19
Merit: 0
July 14, 2012, 06:09:15 PM
#13
Casascius,
So, you create a new paper wallet every time following a transaction? I've got to read up on this idea.

P.s. your physical Bitcoins are fantastic, I love the idea!

I just print off a ton of them in advance so I don't have to create a new one.  For example, I can print 7 unique addresses to a page at Bitaddress.org, and I can just as easily print a dozen pages that'll last me a while.

I simply send bitcoins to the first address and write how many BTC it contains.  When I need to spend them, I import them, send off the coins, and make sure the change goes to the next address on the list.  I write the new amount in spot 2, and cross out the first one.  After all 7 spots are used, throw it away and use a new page.

Result: minimum exposure of online bitcoins.

Ok, this has created more questions:
1) Bitcoins exist in reference to a specific address?
2) Wallets are merely a collection of address(es)?
3) A page of addresses printed from bitaddress.org is a paper version of a wallet?
4) This paper wallet exists independently of any other wallet and is hack/theft proof, unless someone steals the paper?
5) Is a casascius coin essentially a physical wallet?
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
July 14, 2012, 05:24:36 PM
#12
Casascius,
So, you create a new paper wallet every time following a transaction? I've got to read up on this idea.

P.s. your physical Bitcoins are fantastic, I love the idea!

I just print off a ton of them in advance so I don't have to create a new one.  For example, I can print 7 unique addresses to a page at Bitaddress.org, and I can just as easily print a dozen pages that'll last me a while.

I simply send bitcoins to the first address and write how many BTC it contains.  When I need to spend them, I import them, send off the coins, and make sure the change goes to the next address on the list.  I write the new amount in spot 2, and cross out the first one.  After all 7 spots are used, throw it away and use a new page.

Result: minimum exposure of online bitcoins.
newbie
Activity: 19
Merit: 0
July 14, 2012, 05:16:19 PM
#11
Casascius,
So, you create a new paper wallet every time following a transaction? I've got to read up on this idea.

P.s. your physical Bitcoins are fantastic, I love the idea!
vip
Activity: 1386
Merit: 1140
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
July 14, 2012, 05:12:02 PM
#10
Just as an alternate take - I principally use paper wallets to manage bitcoin.  I bought a USB QR code scanner that imitates a keyboard, so for me, moving bitcoins from and to paper wallets is trivial.

Even though it's not what I use for funding Casascius Coins, Blockchain.info is more than satisfactory as a way to move bitcoins to and from paper wallets.  When you import a paper wallet, the bitcoins are available for spending instantly, and you can spend some and then move them right back off to a brand new paper wallet.  So for Blockchain.info to burn you, they'd have to burn you exactly during the 1 to 5 minutes your coins are on their servers... assuming they are lying about your coins being only in javascript in your browser in the first place.
newbie
Activity: 19
Merit: 0
July 14, 2012, 04:38:59 PM
#9
Curious, how large are the wallet files when backing them up?
full member
Activity: 168
Merit: 100
Movin' on up.
July 14, 2012, 07:16:37 AM
#8
Again, that's why you should always back up your wallet.  I copied mine about seven times across different trusted mediums.
newbie
Activity: 19
Merit: 0
July 14, 2012, 04:24:59 AM
#7
Well, it's a balance between convenience and trust, as in I don't trust myself to get the whole wallet-security procedure done correctly every time. I'm more afraid I will somehow screw up my own wallet than I am an e-wallet company screwing up my e-wallet.
legendary
Activity: 1246
Merit: 1016
Strength in numbers
July 14, 2012, 03:40:28 AM
#6
If you want to save an amount that is meaningful to you learn how to safely handle your own wallet. If you convenience for a small amount use an e-wallet. You might want both.
newbie
Activity: 19
Merit: 0
July 13, 2012, 06:13:17 PM
#5
Excellent. Thanks for the quick replies; this really cleared things up for me.
legendary
Activity: 1708
Merit: 1010
July 13, 2012, 06:11:03 PM
#4
So, essentially, backing-up my wallet only protects me from my own mistakes. It serves no protection for me against the mistakes of the e-wallet service?

correct
newbie
Activity: 19
Merit: 0
July 13, 2012, 06:08:09 PM
#3
So, essentially, backing-up my wallet only protects me from my own mistakes. It serves no protection for me against the mistakes of the e-wallet service?
full member
Activity: 168
Merit: 100
Movin' on up.
July 13, 2012, 05:49:19 PM
#2
Any website, anywhere in the world has to worry about security issues with their servers.  It was likely targeted due to the fact that whomever hacked it could get something of monetary value from doing so - but it doesn't mean it happens regularly, or that using e-wallets are insecure.

Whether it was on the internet and stored by someone else or on your own computer it's still something you'd need to worry about.  Unfortunately, the internet is not a safe of friendly place.

Backing up your wallet just makes sure you don't lose your wallet.  If you lose it, you lose everything that was in it.  You should definitely make a backup.  If you want to make it more secure, encrypt it.
newbie
Activity: 19
Merit: 0
July 13, 2012, 05:42:53 PM
#1
Hi,
I've been reading the forum posts about the issues with Bitcoinica today and it is raising some questions for me:

1) I currently do not have any BTC, but I am planning to purchase some and I am interested in keeping it in an e-wallet. Are all e-wallets susceptible to the same problem that Bitcoinica faced today?

2) The e-wallet service I use allows me to back-up my wallet to dropbox or google drive; would doing so save me from an event like Bitcoinica experienced today?

I'm still learning to understand this stuff and I am interested in detailed explanations if anyone is willing to take the time to explain it as it relates to the current Bitcoinica problems.

Thanks,
Jugg
Jump to: