Topic: Safe to give wallet backup to a friend? (Read 2100 times)

there are many creative ways to hide your seed/backup that do not involve a friend, or a friend knowing about it. you just have to be creative.

your friend may be trustable, but what if he runs into some hard times? what then?

The more I think about this, I actually wouldn't start with a friend. I would start with physical locations under my control, and immediate family.

You would want to do typical best practices for off-site back ups just like any other backup you make. That means 1 or 2 or more locations distant from each other. Like one copy with your parents in the safe or vault, one copy at your office, one copy at home.

http://dpbestflow.org/backup/backup-overview
http://www.hanselman.com/blog/TheComputerBackupRuleOfThree.aspx

Those two webpages I just listed suggest that you make several copies. At least one of those copies is off-site, meaning, another physical location.

In the case of bitcoins and wallets, it is very easy and cheap to do the following:
1. Many backups on many media, including SD cards and CD/DVD and PAPER.
2. More than one location: home, office, family, even friends (but like I said, they go last.)
3. You can even have backups on your person, such as in your physical wallet or on a necklace, bracelet, or ring.
4. Some suggest a bank vault or safe. Those are not available in my area, and the ones that still have them are not accepting new clients.

Also remember, that digital media often fails. USB Flash Drives, SD Cards, and Hard Drives. However, they're not expensive to make, so make them anyway, in addition to your Paper backup.

So it's not the seed PLUS the passcode but just the SEED that's needed to recreate? 

As long as you trust them.

No matter the encryption, you don't want them getting ideas.

if you have encrypted it, then i think it's safe.

to be double safe, you can even encrypt the .dat file itself...

Give your friend a wallet backup without telling him what it is. Just stuff it together with a bunch of pictures.

Never. unless they are very trustworthy!

So I assume that you are giving this backup to your friend for safekeeping, but you don't quite trust said friend to not attempt to crack your wallet.dat file.  Why on Earth would you give this friend your wallet.dat, encrypted or not?  I'd think that the only reason to give a copy of your wallet.dat file to anyone is to a trusted person, so that they could open it upon your death, you could even put the passphrase into your will so that it could be opened by your executor.  But otherwise, just put a copy on an older USB drive, rent a locker at a bowling alley, and put the USB drive and other things into the locker.  Cheaper than a safety deposit box, and also not registered with any government entity.

zip and rar encryption can be broken.

Use true crypt to create a large file like 4 Gig, store that on a thumb drive.  The drive can then be encrypted so that only the NSA can get at it.

That is a good point I believe the default is AES.  I guess it all depends on how paranoid you are.

Correct just like you can right now.  Start up your client.  You can see your balances, addresses, and tx history.  You only need to decrypt to send funds.


The QT client doesn't use a seed.  All the keys are randomly created so your wallet is a bucket of keys.  You need the wallet file plus passcode to recover funds.   Deterministic wallets like armory use a seed and all keys are computed from the seed.  With the seed you can recreate the whole wallet.    Yes if you are wondering, the QT wallet likely should use deterministic seeds but it just hasn't been done.


You could transfer the balance from your current wallet to that wallet, make a then a backup of your wallet seed is all that is needed to reconstruct your wallet.  You can even print this out and recreate the wallet without any wallet "file" by using the seed.  If you wanted to you could encrypt the seed and give copies to a friend(s) the encrypted seed could simply be a piece of paper as there is no longer a need to backup the actual wallet file.


Then you should be fine.  Against long passphrases (15+ charecters) the only real threat is a dictionary attack. If your passphrase is known (for example a common phrase from a book) then it may be weaker than you think.  Otherwise long passphrases simply can't be brute forced.  The QT wallet makes it harder for attackers in that the passphrase is hashed tens of thousands of times to produce the encryption key.   This means the number of passphrases an attacker can try per second is significantly reduced.  Simple version if your passphrase is long (15+ char) it is beyond pure brute force attacks so the largest risk factor is picking a weak passphrase (like a phrase from a movie, book, or song).


You can change the passphrase in the client. 
The backups will still be encrypted with the old passphrase.

So new passphrase unlocks the updated wallet.dat
Old passphrase unlocks the backup wallet.dat.

You could give your friends new backups but you can never be sure they didn't make a secret copy.   If you are really concerned you could make a brand new wallet, encrypt it with a new passphrase, send all your funds to that wallet, and give your friend(s) the new backup.  The old backup no longer has any value.

It's safe as long as password is strong, bitcoins quantity is low and your friend is "Trusted".

Otherwise Money can change people. If someone knows he can get a big amount easily and just a password is stopping him to get money, He can drug you,blackmail you etc. to get password.

Truecrypt can use AES, Serpent and/or Twofish. You can use them all together. As for hash algorithm you can choose between RIPEMD-160, SHA-512 and Whirpool

Truecrypt, winzip (newever versions but use open source 7zip instead) and the wallet itself all use AES.  If AES is broken triple security isn't going to help.  Remember the extra wrapper really isn't making it more secure it is about protecting privacy.

If you don't care about privacy a single encryption is fine.  If you want to protect privacy I would use the same passphrase for the wrapper to avoid losing funds by forgetting one of the two passphrases.  Essentially you are gaining privacy not security.

I wish the client had an option to encrypt private keys only (Security) or encrypt entire wallet (security + privacy).

So he can see the balances and the transactions without decrypting it?


I thought I cannot just recreate my wallet with the seed with the standard client?   So the seed plus the passcode allows it to be recreated is that it?   With all the transactions and everything?

Let's say I got armory and made a new wallet... then what?


Hmmm... OK didn't know this.  I am not worried about the FBI, lol.  I am worried about my own dumbass losing my backups and/or my own PGP keys.

I don't think anybody can brute force my password anyway.


Another question here... once I've encrypted my wallet once - can I change the passphrase?  if so what does that mean for the backup copies that had the old passphrase?

Thanks.

or that.

or put the zip file into a truecrypt container!

triple protection.

Maybe you should use Truecrypt instead of zip/rar

It should be safe.  Strong password (even one that was only 20 char would be fine) is secure from brute force.  As long as you moderately trust the friend you will be ok.  A lot depends on what you do, how much and what type of "heat" might be coming your way.  If you think a FBI strike team is going to go after your friend for the wallet well maybe that is expecting too much from your friend.

As noted in the post above an encrypted wallet only encrypts the private keys.  The transaction history, the addresses, and thus the total balance are also visible even with wallet encrypted.  If you want privacy as well as security you should encrypt the wallet using pgp or some other option.  Winzip with same password as the wallet is likely fine if you are worried about losing PGP key as the goal of the encryption wrapped is just to prevent "read access".

Another option is to use a system like Shamir's shared secret.  You can encrypt the file in such a way that is produces multiple outputs and needs some or all of them to reconstruct the original.  For example you could break the wallet into 3 pieces and give them to 3 friends where 2 of the 3 pieces are needed to reconstruct the wallet.  No single friend could conspire against you and even if one of the three friends loses their copy you secret is still safe.

zip/rar the encrypted wallet file with a password

so 1) encrypted wallet file 2) encrypted zip file/rar file holding the wallet file

this will prevent your friend from being able to see your balances and transactions. unless you don't care + extra secuirty

sounds fairly safe, but i rather not rely on someone else to hold onto my assets. you could just memorize 6 characters of your 12 character seed, and then possibly give him the 6 that you don't remember... that or keep it yourself.

i think it's better to just use electrum, multibit, or armory.