Author

Topic: online wallet security question (Read 1129 times)

newbie
Activity: 42
Merit: 0
March 25, 2015, 05:17:51 PM
#12
How to keep safe for Bitcoin wallet? I really afraid of losing it. I am very poor. I have working hard for 1 year to have it .

Sincere thanks !
legendary
Activity: 1022
Merit: 1003
𝓗𝓞𝓓𝓛
March 25, 2015, 08:17:39 AM
#11
So the passphrase of the wallet is on your brain? [So, it's secure]
But the wallet.data, although someone don't know the pass they cann damage it [So, it's not secure enough]
hero member
Activity: 671
Merit: 501
Blockchain and stuff
March 24, 2015, 08:19:13 PM
#10
Like the others have said, using a 100% hot wallet is a bad idea. Even if your wallet.dat is encrypted, you will need to store the password somewhere in your application for it to work. All an attacker would need to do, is gain access to the source files of your application, and then they could find your password.

You should also consider that an attacker can cause alot of damage, even if they do not take your bitcoin. If an attacker can access your wallet.dat, they can also delete it, and crash your system for a period of time.

On my systems I have both hot and cold wallets, and the hot wallets never have enough funds in them to make it worth a hackers time. I would suggest storing your wallet on an independent server somewhere, other than the server than runs your application. That gives you more security and more control.

JJ
newbie
Activity: 28
Merit: 0
March 24, 2015, 07:38:55 PM
#9

if you mean the private key then yes, he just need to import it to his wallet.dat to spend all the btc related to it

why doon't you just run the hot wallet on a separate machine, with isolated network? and another want to manage the trasaction if you need to surf the internet

Thank you. I understand now.
The answer is I can use one hot wallet. Because I will encrypt the wallet, no one knows the private key.

Yes, I need Internet. I am lazy to use the cold wallet. I think the best design for bitcoin trading platform that is use the hot wallet, and, only use hot wallet can do all things automatically.
legendary
Activity: 3248
Merit: 1070
March 24, 2015, 11:51:50 AM
#8
Thanks a lot.

I knew the hot wallet is very risky, but I like hot wallet :-)

I think the cold wallet is difficult to operate, and the cold wallet will prevent some user to get they bitcoins if they want to withdraw cash , so I don't like cold wallet.

I use LFS to create a very security trading platform, so I don't worry about system security. Because I already change almost all the Linux kernel syscall, make the root user will not get the bitcoin. In addition, I rewrite the bitcoin RPC, and more.

So I only have one question:
If someone know many many bitcoin address of my wallet, and can get the file "wallet.dat", but not know the wallet passphrase. Does he or she can spend all the bitcoin in some days?

If the answer is yes. Maybe I will use two hot wallet.

I will release my platform in next month, and all users can get the root privileges. But, I believe the root user can't get any bitcoin.

Thanks again.

if you mean the private key then yes, he just need to import it to his wallet.dat to spend all the btc related to it

why doon't you just run the hot wallet on a separate machine, with isolated network? and another want to manage the trasaction if you need to surf the internet
newbie
Activity: 28
Merit: 0
March 24, 2015, 04:11:03 AM
#7
Thanks a lot.

I knew the hot wallet is very risky, but I like hot wallet :-)

I think the cold wallet is difficult to operate, and the cold wallet will prevent some user to get they bitcoins if they want to withdraw cash , so I don't like cold wallet.

I use LFS to create a very security trading platform, so I don't worry about system security. Because I already change almost all the Linux kernel syscall, make the root user will not get the bitcoin. In addition, I rewrite the bitcoin RPC, and more.

So I only have one question:
If someone know many many bitcoin address of my wallet, and can get the file "wallet.dat", but not know the wallet passphrase. Does he or she can spend all the bitcoin in some days?

If the answer is yes. Maybe I will use two hot wallet.

I will release my platform in next month, and all users can get the root privileges. But, I believe the root user can't get any bitcoin.

Thanks again.
legendary
Activity: 1456
Merit: 1000
March 24, 2015, 01:19:33 AM
#6
%100 hot wallet is a bad idea - it's not just about wallet's passphrase. if your server compromised, your connection to daemon can be compromised too. so, hackers/crackers can use the bitcoin daemon to move the funds.

I think there are a lot of companies for security on this field. I suggest you to use them to audit your systems.

The hard part if even if you higher great security companies it can possibly not detect it all.  Or a exploit comes out months that works on part of the website. 

If you brag about 100 percent hot wallet you will be putting up a target for "bad guys".
sr. member
Activity: 476
Merit: 250
March 24, 2015, 01:15:42 AM
#5
%100 hot wallet is a bad idea - it's not just about wallet's passphrase. if your server compromised, your connection to daemon can be compromised too. so, hackers/crackers can use the bitcoin daemon to move the funds.

I think there are a lot of companies for security on this field. I suggest you to use them to audit your systems.
legendary
Activity: 1456
Merit: 1000
March 23, 2015, 11:26:29 PM
#4
.....

I think that all users be able to withdraw cash in any time, so I don't use
any offline wallet. I call my online wallet is "pure hot wallet" :-)
....
I have two question now:
1. If nobody can get file "wallet.dat", does my wallet is security?
2. If somebody can get the file wallet.dat, does he or she can get all the bitcoin?

Just using a "hot" wallet is VERY risky.  Look at other exchanges and a few have lost it all for doing this.  Unless you just have a insane amount to spend to test it's security I would move majority into a cold wallet.

With a massive amount of BTC you sadly will attract a good amount of "bad guys".  As far as how they do it... we cannot really say.  If they find a exploit it could be part of lots of things you use on your website.
newbie
Activity: 28
Merit: 0
March 23, 2015, 10:39:25 PM
#3
1. It's secure.

2. No.

In order to spend the balance in that wallet it is necessary the wallet.dat and the wallet's passphrase, only with these two the bitcoins in that wallet can be spent.

Thanks. Maybe I am not say clear.
I means my wallet had encrypt, and only I know the wallet's passphrase.

If somebody know a lot of bitcoin address of my wallet, and also can get the
file 'wallet.dat', does he or she can get all the bitcoin?

Thank very much.
legendary
Activity: 2786
Merit: 1031
March 23, 2015, 09:47:58 PM
#2
1. It's secure.

2. No.

In order to spend the balance in that wallet it is necessary the wallet.dat and the wallet's passphrase, only with these two the bitcoins in that wallet can be spent.
newbie
Activity: 28
Merit: 0
March 23, 2015, 08:05:10 PM
#1
Hi, all:

I develop a bitcoin trading platform, that include one online wallet.

I think that all users be able to withdraw cash in any time, so I don't use
any offline wallet. I call my online wallet is "pure hot wallet" :-)

I will set password in online wallet, only I know the password, and will
create 100000+ users, every user will have at least one transaction of
recharge bitcoin and withdraw cash.

I have two question now:
1. If nobody can get file "wallet.dat", does my wallet is security?
2. If somebody can get the file wallet.dat, does he or she can get all the bitcoin?

Thank you.
Jump to: