Pages:
Author

Topic: Options for Securing your Bitcoin wallet - page 4. (Read 13563 times)

hero member
Activity: 658
Merit: 501
https://www.youtube.com/watch?v=NKqHXoYZvMg

How to Store and Use Bitcoins
hero member
Activity: 714
Merit: 500
Well I use paper wallet but nowadays I develop that sense of insecurity of having the paper getting stolen and the private key revealed. And also since it is just a paper, there's a chance for the ink to fade off someday. Been looking into hardware wallet so more or less I have narrowed down to few options such as trezor or btchip.

Combining physical security and digital security is good option. Use acid free or Archival paper that is laminated with multisig. One concern is that with hardware wallets you ultimately still have to back it up and typically with 12 word mnemonic from a HD wallet which essentially makes it only as secure as a non-multisig paper wallet. You can split the words up between multiple locations but than if one of the shards of your 12 word mnemonic gets lost or stolen than you lose the ability to recover your wallet unlike with a m of n multisig which allows you to lose some of the keys.

I personally like multisig wallets where 1 key is encrypted in a password manager, one key is laminated in a safe, and one key is in a off site time capsule. This ensures that I am both protected from viruses and trojans, thieves breaking into my house, accidents or forgetfulness, and still can move the funds fairly quickly to my cell phone if I am in a hurry. For this reason it may also be wise to split your savings between multiple paper wallets so you don't have to restore all of your savings from a paper wallet either and a smaller portion if you need some quick cash.

 
Are there any better ways of generating paperwallets? (ideally not too complicated)

Kind of assumed that offline bitaddress was very secure.

Currently, the best way to generate secure paperwallets is to perform a fresh install of a linux distro combined with armory on a spare computer.

The easiest and most secure way to generate multisig paperwallets will be the Mycelium Entropy once it is released. When I get mine I will audit and review it for everyone.
Could you review the bitadress.org-code? I think, that is what most people use, nowadays.
legendary
Activity: 1708
Merit: 1036
i have backups stored on several drives and also made paper wallets.
i think my security is decent enough.

Redundancy != security.

A paper wallet is no more secure than the safe you put it in.
Storing your wallets on several drives just makes your wallets less secure.

It's the problem of Risk of Loss versus Risk of Theft that I raised in my Security Paradox thread (https://bitcointalksearch.org/topic/a-bitcoin-security-paradox-962306). If you don't make multiple copies you stand a very high chance over time of losing your only copy. I think the M of N solution raised on that thread is the ideal compromise. (Similar to multisig, it requires you have M of N keys/passwords to access your funds, where M is a number larger than 1 but several steps lower than N so you can tolerate losing access to several passwords/keys.)
legendary
Activity: 1022
Merit: 1007
Sooner or later, a man who wears two faces forgets
February 28, 2015, 10:29:38 PM
#53
Seeing how long everyone have wrote here , i would just say what i prefer
Offline wallet and Brain wallets
Easy and safe

Be careful with brain wallets as creating enough entropy without using common phrases found in literature and lyrics can be difficult to accomplish and than you need to have sufficient memory to remember the phrase. Additionally, with no physical security you could be tortured (water boarded) to provide the evidence, there is no way to tell that some of the keys have been compromised until it is too late, or you just forget the key overtime. Brain wallets have their purpose and usefulness but definitely not something I would recommend for most. The fact that you rarely use the brainwallet pass phrase and it needs a lot of entropy makes even individuals with good memories likely to forget them.
 

If you can connect the words it is quite easy, though it's upto you , but am good with memory but still to make it easy i made it into a rhyme and then another rhyme which reminds me of it and i coded it upon that and i sing that to my daughter every weekend night , thus wont forget it Smiley
Thanks for the heads up though
~appreciated Smiley
sr. member
Activity: 392
Merit: 250
February 28, 2015, 09:39:11 PM
#52
i have backups stored on several drives and also made paper wallets.
i think my security is decent enough.

Redundancy != security.

A paper wallet is no more secure than the safe you put it in.
Storing your wallets on several drives just makes your wallets less secure.
legendary
Activity: 896
Merit: 1000
February 28, 2015, 09:29:47 PM
#51
i have backups stored on several drives and also made paper wallets.
i think my security is decent enough.
sr. member
Activity: 392
Merit: 250
February 28, 2015, 09:25:12 PM
#50
Again I point to my old thread.
Encrypted paper wallets, step by step.

I've put the steps to securing your private key in an accessible and portable format.
This whole discussion has gone on too long.
Hardware wallets can be good, they also may have security holes that may never get fixed.
Multisig paper wallet is more secure than a regular paper wallet, it is not necessarily a more secure method than a single encrypted paper wallet, and seems not accessible or portable enough for many end users.
Encrypted paper wallets are the most secure option. They are as secure as the method you use to encrypt your private key, and you can get batshit crazy and encrypt it with many super complex well proven encryption methods.
Humans are the weakest link on the strongest methods of storing BTC.
legendary
Activity: 1708
Merit: 1036
February 27, 2015, 04:40:26 PM
#49
Thanks; if anyone has a non-video guide, though, I'd appreciate it, especially as it relates to bitaddress.org-generated keys. My corporate firewall blocks youtube and home internet is limited to 4 GB/month so I can't spare the bandwidth.

https://www.reddit.com/r/Bitcoin/comments/2t5yzb/stepbystep_guide_store_your_bitcoins_in_a/
https://www.armoryguide.com



OK, that Reddit guide was exactly what I needed. Or just a slight bit more explanation on the Split Address tab of the bitaddress.org page would have been sufficient too. Thanks!!!  I'll be able to proceed with my testing now.
hero member
Activity: 658
Merit: 501
February 27, 2015, 04:14:24 PM
#48
Thanks; if anyone has a non-video guide, though, I'd appreciate it, especially as it relates to bitaddress.org-generated keys. My corporate firewall blocks youtube and home internet is limited to 4 GB/month so I can't spare the bandwidth.

https://www.reddit.com/r/Bitcoin/comments/2t5yzb/stepbystep_guide_store_your_bitcoins_in_a/
https://www.armoryguide.com

legendary
Activity: 1708
Merit: 1036
February 27, 2015, 03:47:41 PM
#47
BUT, nowhere have I been able to find an explanation of how to actually spend funds sent to a multi-sig public key.

This depends upon the method you have used to create the multisig.

For armory it is called "fragmented backups"

https://bitcoinarmory.com/tutorials/armory-advanced-features/fragmented-backups/

For Mycelium entropy you scan the required keys in-
https://www.youtube.com/watch?v=2NxrHSKOBjI

More detailed explanation of how to spend multisig with a more manual process using python -
https://www.youtube.com/watch?v=OSA1pwlaypc&index=13

Essentially, it works like restoring a HD backup for most devices but you import multiple keys. This is why I recommended that you have multiple multisig backup wallets as you may only need to take a small portion of your savings in cold storage out and import them to a hot wallet to spend. You could label the paper wallets to tell them apart but most will also reflect the public key along with the private so you don't mix them up.

Thanks; if anyone has a non-video guide, though, I'd appreciate it, especially as it relates to bitaddress.org-generated keys. My corporate firewall blocks youtube and home internet is limited to 4 GB/month so I can't spare the bandwidth.
legendary
Activity: 3542
Merit: 1352
Cashback 15%
February 27, 2015, 03:27:45 PM
#46
In any case, I would really prefer a paper wallet laminated and kept in a safe place. No hassles at all, and when the time comes that I need to get the balance in there, I would just sweep it out and tada!
hero member
Activity: 658
Merit: 501
February 27, 2015, 02:09:34 PM
#45
BUT, nowhere have I been able to find an explanation of how to actually spend funds sent to a multi-sig public key.

This depends upon the method you have used to create the multisig.

For armory it is called "fragmented backups"

https://bitcoinarmory.com/tutorials/armory-advanced-features/fragmented-backups/

For Mycelium entropy you scan the required keys in-
https://www.youtube.com/watch?v=2NxrHSKOBjI

More detailed explanation of how to spend multisig with a more manual process using python -
https://www.youtube.com/watch?v=OSA1pwlaypc&index=13


Essentially, it works like restoring a HD backup for most devices but you import multiple keys. This is why I recommended that you have multiple multisig backup wallets as you may only need to take a small portion of your savings in cold storage out and import them to a hot wallet to spend. You could label the paper wallets to tell them apart but most will also reflect the public key along with the private so you don't mix them up.

Seeing how long everyone have wrote here , i would just say what i prefer
Offline wallet and Brain wallets
Easy and safe

Be careful with brain wallets as creating enough entropy without using common phrases found in literature and lyrics can be difficult to accomplish and than you need to have sufficient memory to remember the phrase. Additionally, with no physical security you could be tortured (water boarded) to provide the evidence, there is no way to tell that some of the keys have been compromised until it is too late, or you just forget the key overtime. Brain wallets have their purpose and usefulness but definitely not something I would recommend for most. The fact that you rarely use the brainwallet pass phrase and it needs a lot of entropy makes even individuals with good memories likely to forget them.
 
legendary
Activity: 1022
Merit: 1007
Sooner or later, a man who wears two faces forgets
February 27, 2015, 02:00:45 PM
#44
Seeing how long everyone have wrote here , i would just say what i prefer
Offline wallet and Brain wallets
Easy and safe
legendary
Activity: 1708
Merit: 1036
February 27, 2015, 01:45:39 PM
#43
I've been studying Multi-sig as a means of securing the bulk of my BTC, but I have a question about it. I've seen several guides on setting up multi-sig, such as using the tool at bitaddress.org which provides a public key and multiple shared keys, which I presume are the private keys needed to access the funds.

BUT, nowhere have I been able to find an explanation of how to actually spend funds sent to a multi-sig public key. Do I import the keys into a wallet like Electrum and then generate Spends of identical amounts using each private key and to the same recipient address? Seems simple enough (if that's accurate) but this detail keeps getting skipped in the setup guides. What if the recipient address is the same but the amounts are different, etc?

My thought right now is that I'd like to use Electrum (etc.) with a bitaddress.org-generated multi-sig set of keys, then distribute the keys onto multiple computers that I have, so that a hacker would need to somehow gain control of a couple at one time, which is vanishingly unlikely. But before I send any BTC in, I want to be certain I know how to get the funds _out_.
hero member
Activity: 658
Merit: 501
February 27, 2015, 11:46:38 AM
#42
Good thread. You say "Insecure against physical theft" for the paper wallet, but you can secure it pretty well against physical threat if you encrypt it and store it safely in a bank safe or two on a form that resists to moisture or heat.

Read the - "Muti-sig Paper/electronic wallets" section and the other posts in this thread.

I consider brainwallets to be one of the easiest and safest option - except you store it as a paper wallet, not actually remembering it by head.

This would be secure as a paper wallet but if done manually would remove the risk of an unaudited paper wallet generator being compromised. The entropy device has open source code that once completed will be audited and allows you to enter in your own seed - https://github.com/mycelium-com/entropy

In a couple weeks when these start to ship many people will start testing and auditing the code. After enough scrutiny you should be very comfortable using this device.

Does anyone have a database of how many security researchers have audited other hardware wallets and devices?
hero member
Activity: 1022
Merit: 500
February 27, 2015, 10:58:19 AM
#41
legendary
Activity: 1176
Merit: 1011
February 27, 2015, 10:32:25 AM
#40
I consider brainwallets to be one of the easiest and safest option - except you store it as a paper wallet, not actually remembering it by head.

A random mnemonic word list as brain wallet input, e.g. private key = SHA256("fiction bronze tent grant stock sister across hotel document mad afford faith assume dust") which you can simply write down on a piece of paper is very safe, imho.

Of course, granted you're entering these words (and generating the SHA256 hash, and base58-encoding it to a Bitcoin private key, and extracting the corresponding address) on an offline computer. A local copy of bitaddress.org would suffice.
hero member
Activity: 798
Merit: 1000
LIR Dev. www.letitride.io
February 27, 2015, 09:54:51 AM
#39
ok thanks for the info, think I'll try out Armory on Linux and see how I get on.
hero member
Activity: 658
Merit: 501
February 27, 2015, 09:36:28 AM
#38
Well I use paper wallet but nowadays I develop that sense of insecurity of having the paper getting stolen and the private key revealed. And also since it is just a paper, there's a chance for the ink to fade off someday. Been looking into hardware wallet so more or less I have narrowed down to few options such as trezor or btchip.

Combining physical security and digital security is good option. Use acid free or Archival paper that is laminated with multisig. One concern is that with hardware wallets you ultimately still have to back it up and typically with 12 word mnemonic from a HD wallet which essentially makes it only as secure as a non-multisig paper wallet. You can split the words up between multiple locations but than if one of the shards of your 12 word mnemonic gets lost or stolen than you lose the ability to recover your wallet unlike with a m of n multisig which allows you to lose some of the keys.

I personally like multisig wallets where 1 key is encrypted in a password manager, one key is laminated in a safe, and one key is in a off site time capsule. This ensures that I am both protected from viruses and trojans, thieves breaking into my house, accidents or forgetfulness, and still can move the funds fairly quickly to my cell phone if I am in a hurry. For this reason it may also be wise to split your savings between multiple paper wallets so you don't have to restore all of your savings from a paper wallet either and a smaller portion if you need some quick cash.

 
Are there any better ways of generating paperwallets? (ideally not too complicated)

Kind of assumed that offline bitaddress was very secure.

Currently, the best way to generate secure paperwallets is to perform a fresh install of a linux distro combined with armory on a spare computer.

The easiest and most secure way to generate multisig paperwallets will be the Mycelium Entropy once it is released. When I get mine I will audit and review it for everyone.
hero member
Activity: 714
Merit: 500
February 27, 2015, 08:17:07 AM
#37
Well I use paper wallet but nowadays I develop that sense of insecurity of having the paper getting stolen and the private key revealed. And also since it is just a paper, there's a chance for the ink to fade off someday. Been looking into hardware wallet so more or less I have narrowed down to few options such as trezor or btchip.
I recently bought a laminator for that purpose. Haven't used it, yet ^^
Pages:
Jump to: