Pages:
Author

Topic: Protecting my offline wallets from physical theft (Read 2246 times)

full member
Activity: 206
Merit: 100
You should also save a paper backup, unencrypted, with information explaining what it is, in a safe deposit box so that your heirs can have your bitcoin when you die.
sr. member
Activity: 434
Merit: 250
I encrypted mine with the client, then encrypted the wallet.dat and emailed it to myself.
legendary
Activity: 1372
Merit: 1000
Quote
If you ever restore the wallet to spend BTC, make sure to update all the cold backups so that you capture all the change addresses.

Quote
This worries me.  So if I back up my private key and continue to use my wallet, the backed-up private key does not back up my entire balance at some point?

Quote
Depends on your client. If you re using electrum or armory, you re ok.

To confirm, I'm not OK if I'm using multibit?  That's enough to get me to switch away from multibit.

What about the QT clients for the altcoins?  Do they have this deficiency?
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
What is true:

1. Hard drives fail.
2. USB flash memory fail.
3. Anything physical gets stolen.
4. Anything physical decays, rots, or deteriorates.
5. Human error (yourself, or others) can destroy your media.

Eventually.

Backup backup backup. Different media. Different locations.

Encrypt so no one else can read it.

Backup so you can find it in case you lose the first one.
legendary
Activity: 2912
Merit: 1060
Use a Millenium DVD
full member
Activity: 140
Merit: 100
I'd recommend encrypted DVD

Do you mean encrypting the dvd completely or a simple openssl aes file encription would be ok?
sr. member
Activity: 392
Merit: 250
Harddrive faillure odds are bigger than theft. So backup your wallet on 2 USB sticks to be sure.
Just plain untrue, if we look at burglaries for 2011.
http://www.bjs.gov/content/pub/pdf/hb9411.pdf
If we look purely at portable electronics stolen that year 978,700.
There is about 2 personal electronics stolen each minute(This is in the U.S. only).

Even if we sampled every person with a post 2000 hdd (including all countries).
We would get nowhere near 2 hdd crashes per minute.


Backing up on USB Sticks is still wise.
Backing up in general is wise.
If you are incredibly sure of your encryption you could do a usenet backup.
member
Activity: 98
Merit: 10
Harddrive faillure odds are bigger than theft. So backup your wallet on 2 USB sticks to be sure.
full member
Activity: 209
Merit: 148
Quote
If you ever restore the wallet to spend BTC, make sure to update all the cold backups so that you capture all the change addresses.

This worries me.  So if I back up my private key and continue to use my wallet, the backed-up private key does not back up my entire balance at some point?

Depends on your client. If you re using electrum or armory, you re ok.
newbie
Activity: 31
Merit: 0
I have my pc setup with 2x hard drives in a raid mirror , if one drive fails(and hard drives all fail at some point) I put another in and it rebuilds the image. I also backup my wallet .dat files to a USB stick and hide in case pc is stolen
legendary
Activity: 1372
Merit: 1000
Quote
If you ever restore the wallet to spend BTC, make sure to update all the cold backups so that you capture all the change addresses.

This worries me.  So if I back up my private key and continue to use my wallet, the backed-up private key does not back up my entire balance at some point?
donator
Activity: 1617
Merit: 1012
Here is a simple solution that I use:

Place the encrypted wallet into an encrypted RAR/ZIP file protected by a strong passphrase. Put one copy of the file in a safe deposit box (USB drive) and the another copy on some online cloud storage or webmail account. Use a non-obvious name for the file.

Delete all other copies of the wallet. You can optionally do a DoD 3 wipe of the disk that held the wallet.

If it is a savings wallet, you can continue send BTC to the receiving address(es) in the wallet and check the balance on Blockchain.info.

If you ever restore the wallet to spend BTC, make sure to update all the cold backups so that you capture all the change addresses.
legendary
Activity: 3080
Merit: 1688
lose: unfind ... loose: untight
Modern hard drives are not realistically susceptible to a full fledged crash.

I would argue strenuously against this assertion. If employed indefinitely, every HDD will fail. Every. Damn. One.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Quote
I would suggest hdd encryption on the system you are using for offline storage. That will protect the bitcoins/wallets.

Why encrypt the hard drive to protect the wallet when only the wallet itself needs to be encrypted which is done via the client?

Encrypted wallets (by the client) do not protect privacy. They only protect the private keys. The bitcoin addresses are still in the open.

If you encrypt your hard drive, no one sees anything.
legendary
Activity: 1372
Merit: 1000
Quote
I would suggest hdd encryption on the system you are using for offline storage. That will protect the bitcoins/wallets.

Why encrypt the hard drive to protect the wallet when only the wallet itself needs to be encrypted which is done via the client?
sr. member
Activity: 392
Merit: 250
Hard drive failure is the biggest threat. I'd recommend encrypted DVD, and flash disks in several locations, as well as at least one paperwallet hidden somewhere

Modern hard drives are not realistically susceptible to a full fledged crash.
At a software/os level hdd issues can occur, usually due to improper shutdowns.

First of all, I would suggest hdd encryption on the system you are using for offline storage.
That will protect the bitcoins/wallets.

Having a hidden/possibly encrypted private key in paper form would be wise.
You can store a private key with some extra encryption.
Do not disclose how the printed key is encrypted and run it through various algorithms.
Only you would you would how-to decrypt the paper copy and to a observer of the paper it would like nonsense.
It should be pretty darn safe.
You would be able to decrypt and transfer LONG before a thief could.
legendary
Activity: 2912
Merit: 1060
Multibit might be an issue. Qt and armory are seeded
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
Hard drive failure is the biggest threat. I'd recommend encrypted DVD, and flash disks in several locations, as well as at least one paperwallet hidden somewhere

yes, please dont store all coins on that pc  Undecided !
legendary
Activity: 1372
Merit: 1000
Can anyone confirm the above two things for me?

I also noticed the following:

http://bitcoin.org/en/secure-your-wallet

Quote
Backup your entire wallet

Some wallets use many hidden private keys internally. If you only have a backup of the private keys for your visible Bitcoin addresses, you might not be able to recover a great part of your funds with your backup.

Quote
Make regular backups

You need to backup your wallet on a regular basis to make sure that all recent Bitcoin change addresses and all new Bitcoin addresses you created are included in your backup. However, all applications will be soon using wallets that only need to be backed up once.

Are these both non-issues with Multibit and the *-qt wallets?
legendary
Activity: 1372
Merit: 1000
If the password is deemed non-secure, and the wallet (private key) that is protected by that password could be available to leaks, then your only choice is to transfer all the BTC from that compromised address to a new, secure one.

If you know the wallet that is protected by that password is still secure on your machine, then you only need to change to a more secure password.

What if you back up your private keys along with the rest of your system backups which are then versioned via rdiff-backup?  I would think you'd have to delete all remnants of your private keys from your versioned backups in case they are compromised in the future and used with your non-secure password?  I'm not sure if rdiff-backup will do that but hopefully.


Quote
No. If the private key is exported without a password, then you'll have the encrypted copy in the wallet, and an unencrypted copy in the multibit.key file.

But on *-qt clients, if the wallet is encrypted with a password then the exported wallet will also be encrypted?
Pages:
Jump to: