Question about wallet.dat and dropbox

majika

jr. member

Activity: 64

Merit: 5

Quote from: bcearl on June 12, 2011, 08:26:11 AM

That's the most stupid thing you could do.

1. The wallet is sacred. Everybody, who has access to the wallet, can spend your coins. The wallet is the only thing you have to keep private, and you failed ...

2. Dropbox is evil.

3. Dropbox is known to be insecure.

I couldn't agree more..

Best bet is to do as others have said..
1) Rename your wallet.dat > "drivers.dat" (or to any other none obviously named file). maybe even change to file extension from *.dat" to "*.wav" and change it back when you need to make backup
2) Package this file up into a protected archive file (Password protected) (WinRAR, etc)
3) Save it to an encrypted partition on your HDD (Tools like TrueCrypt will do this for you)
4) Save it to several different "Physical" locations i.e Not on a cloud based server. Stick it on a thumb-drive Packaged, Pass-protected and encrypted
5) next create a second wallet to use as your "pocket money" wallet, then transfer a couple of coins into this wallet. Now with your other "Main" wallet this can act like your main bank account which holds the majority of your coins. and keep this secure & offline.
6) create some IDS rules on your Security product to "Disallow" access to remote machines for the given file name in step 2 (above) block certain fie-types (although with this IDS based method issues may arise when it comes to syncing your wallet(s)) - just an idea for added security.

nathan_kia

newbie

Activity: 30

Merit: 0

I am storing my wallet.dat file in wuala.com and on a encrypted USB flash which is being kept in somewhere safe. ( burried in the garden) Wink

Wuala.com security seems better to me. Employees cannot access the files. Encrypt it and upload it in wuala. I also have two types of encryption., one is a key file and other one is a password. The key file is a totally random file which is saved somewhere on my hard disk. It can be any kind of file .avi .mp3 .Jpg .

cheeseburger123

newbie

Activity: 42

Merit: 0

why no transfer between two mobilephone.

124C41

sr. member

Activity: 308

Merit: 250

EVERYTHING YOU CAN IMAGINE IS REAL

Quote from: tictok on June 12, 2011, 08:55:03 AM

Thanks guys...

Okay, so point taken.. will put the wallet in an encrypted volume (probably in an encytped DMG as I'm on a mac). Might use GPG, I used to use PGP, GPG, years ago, but its been a while and I got out of the habbit.

Is dropbox really that insecure though? Is it *really* "the most stupid thing you could do" as bcearl says? (believe me I can think of a few more stupid things than that!)
It's not like I'm putting the file in a public or shared folder? I have to be logged into my account to access it.
I use dropbox for a few work related things - bcearl, can you expand upon why its so evil and what the know insecurities are?
Going by your post it appears I should drop all dropbox usage immediately.

I also figure that if they close my account the files will still be in the dropbox folder on my main desktop mac.

And back to my original question. What would happen if I accidentally accessed the wallet from different bitcoin client applications on different computers?? That's my main concern at the moment...

Oh, I wish I had anywhere near 5000BTC!!!! try removing a few (all) of the zeros form that Wink

Just google 'dropbox outage' and check out the news from this past weekend.

Some headlines:
"Dropbox Takes Blame For Cloud Outage"
"Dropbox problems linger after Friday outage"
"Dropbox explains outage, denies breach"
"Dropbox Outage Still Continues for Some"

Imagine yourself trying to sync your wallet or make a transfer while this is going on.

You do not want to take that risk with your hard earned coin.

Ruxum

newbie

Activity: 39

Merit: 0

Quote from: RodeoX on June 12, 2011, 08:48:34 AM

I think your idea is awesome. But as mentioned not secure enough. In addition to encryption you may want to rename the file that is plausibly encrypted. Maybe bankloan or divorce. Then dont tell what service you are storing this file on. Just say a remote/cloud service. Lastly, copy to flashdrive and store a copy somewhere other than in your home.
Now your 5000 BTC are *safe.

And don't forget to NOT FORGET the encryption password!!

bcearl

full member

Activity: 168

Merit: 103

Quote from: tictok on June 12, 2011, 08:55:03 AM

It's not like I'm putting the file in a public or shared folder?

Actually, Dropbox had bugs that actually made it one. You could access files of other Dropbox users by just knowing the hash.

tictok

newbie

Activity: 20

Merit: 0

Thanks guys...

Okay, so point taken.. will put the wallet in an encrypted volume (probably in an encytped DMG as I'm on a mac). Might use GPG, I used to use PGP, GPG, years ago, but its been a while and I got out of the habbit.

Is dropbox really that insecure though? Is it *really* "the most stupid thing you could do" as bcearl says? (believe me I can think of a few more stupid things than that!)
It's not like I'm putting the file in a public or shared folder? I have to be logged into my account to access it.
I use dropbox for a few work related things - bcearl, can you expand upon why its so evil and what the know insecurities are?
Going by your post it appears I should drop all dropbox usage immediately.

I also figure that if they close my account the files will still be in the dropbox folder on my main desktop mac.

And back to my original question. What would happen if I accidentally accessed the wallet from different bitcoin client applications on different computers?? That's my main concern at the moment...

Oh, I wish I had anywhere near 5000BTC!!!! try removing a few (all) of the zeros form that Wink

bcearl

full member

Activity: 168

Merit: 103

Quote from: RodeoX on June 12, 2011, 08:48:34 AM

I think your idea is awesome. But as mentioned not secure enough. In addition to encryption you may want to rename the file that is plausibly encrypted. Maybe bankloan or divorce. Then dont tell what service you are storing this file on. Just say a remote/cloud service. Lastly, copy to flashdrive and store a copy somewhere other than in your home.
Now your 5000 BTC are *safe.

I do it very similarly. On Linux I type:

Code:

tar -c .bitcoin/wallet.dat | gpg -c > $FILENAME

- The tar command makes an archive (which keeps the name and path of the file that is backed up).
- The gpg command encrypts with an symmetric algorithm, asking for a password (in case of wallet files I enter a pretty strong password).
- The filename can be anything.

Then I store the encrypted backup at places with high reliability, e.g. university computers I have access to. You can store it anywhere, it's only a few kilobytes.

RodeoX

legendary

Activity: 3066

Merit: 1147

The revolution will be monetized!

I think your idea is awesome. But as mentioned not secure enough. In addition to encryption you may want to rename the file that is plausibly encrypted. Maybe bankloan or divorce. Then dont tell what service you are storing this file on. Just say a remote/cloud service. Lastly, copy to flashdrive and store a copy somewhere other than in your home.
Now your 5000 BTC are *safe.

bcearl

full member

Activity: 168

Merit: 103

Quote from: Hawkix on June 12, 2011, 08:27:50 AM

Use Truecrypt and create a small (1MB?) encrypted (with good password) volume file. Then, move wallet.dat into it. Keep this volume container file (e.g. wallet.tc) on Dropbox or Sugarsync or everwhere.

If you just want to encrypt some files for backup, why not use GPG? TrueCrypt looks bloated for that purpose.

Hawkix

hero member

Activity: 531

Merit: 505

Use Truecrypt and create a small (1MB?) encrypted (with good password) volume file. Then, move wallet.dat into it. Keep this volume container file (e.g. wallet.tc) on Dropbox or Sugarsync or everwhere.

bcearl

full member

Activity: 168

Merit: 103

That's the most stupid thing you could do.

1. The wallet is sacred. Everybody, who has access to the wallet, can spend your coins. The wallet is the only thing you have to keep private, and you failed ...

2. Dropbox is evil.

3. Dropbox is known to be insecure.

Ruxum

newbie

Activity: 39

Merit: 0

dropbox sync in itself is not a valid safety precaution.

- what if they close your account?
- or if someone hacks your account
- what if the file gets deleted / corrupted. and then syncs everywhere.

You still need proper backups.

tictok

newbie

Activity: 20

Merit: 0

Hi hope you can help

For added security (i.e to stop me loosing it) I've moved my bitcoin wallet to my dropbox (as dropbox keeps backups) and symlinked to it so the bitcoin app can still see it.

Now, does this mean I can now use my wallet from any machine as long as the bitcoin client looks in the right place (via symlink) for my wallet?

What would happen if I forgot to close the bitcoin client app on one machine and ended up with it running in multiple locations? Would that screw up my wallet.dat file?

Thanks

Topic: Question about wallet.dat and dropbox (Read 4771 times)