Pages:
Author

Topic: Safest Wallet - page 2. (Read 7665 times)

hero member
Activity: 492
Merit: 500
November 08, 2013, 11:01:50 AM
#60

But why would you put yourself to that risk when you can use something like Diceware? Humans suck at choosing passwords!

http://world.std.com/~reinhold/diceware.html

theres no safest wallet if its online , save it in paper or your computer !

Diceware is not online nor offline wallet and has nothing to do with bitcoin itself. Diceware is not even online password generator (although there are some).

Diceware is a method to pick a strong pass phrase completely offline and completely random!

Using ordinary dice, pen and paper.
legendary
Activity: 1120
Merit: 1001
November 08, 2013, 10:45:36 AM
#59
Ah to buy an extra computer, which is never connected to the internet. Very user friendly? What's wrong with a brain wallet? I generated with a safe password a bitcoin address and store that address with private key in an text file in an truecrypt container on an USB (on 2 USBs) - with the downloaded bitaddress.org.html.

What I did:
- downloaded bitaddress.org.html
- shut down internet connection
- think about a good, strong password, which is easy to remember (first letters of your all time favarite song)
...

Please. This is extremely insecure. Attackers are using huge databases including any song titles, initials, lyrics, or exotic poems that you might think of.  If you really want to go with a "brainwallet" make sure to generate one with provably sufficient entropy. How do you do that?

Use NoBrainr, for instance: only 30 lines of code so very easy to review, very robust, and runs 100% locally.

Main thread is at https://bitcointalksearch.org/topic/nobrainr-a-secure-and-transparent-cold-address-generator-in-1024-bytes-308972

Hm sorry, I have no idea about the use of your tool. What will I do with this pass phrase? How will I get the private key from this? Would u reommend such a tool to a non programmer?


I aware that attackers could use big databases with lyrics and that stuff. But if I use the first letters of my favorite song:
- how many words do I use? Ok, between 10 and 20 seems reasonable. factor 10
- where do I start? It depends, how "intelligent" this database is. Can it say, where the chorus begins? Or verses? Factor 5. (some songs have no Chorus)
- at least 2 numbers + another sign (example: first number -> number of members of the band, second: year of appearance backwards, separated by two pipes ): factor 1000

Just to be more safe: use the letters backwards, or add to every letter one in the alphabet.

-> this is a more than secure password. But feel free to use your favorite scene in a movie to do this Wink


But why would you put yourself to that risk when you can use something like Diceware? Humans suck at choosing passwords!

http://world.std.com/~reinhold/diceware.html



theres no safest wallet if its online , save it in paper or your computer !
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
November 08, 2013, 08:28:10 AM
#58
That's very weird. Or maybe it's funny.

"If something doesn't work, it is not our fault. If it does, it is"
hero member
Activity: 492
Merit: 500
November 08, 2013, 08:22:36 AM
#57
Well this is interesting:

This paper wallet contains 0.1125 BTC and is BIP 0038 password-protected by only 3 characters. Good luck!
http://www.reddit.com/r/Bitcoin/comments/1q5wu7/this_paper_wallet_contains_01125_btc_and_is_bip



Submitted 6 hours ago. Coins are still there.
full member
Activity: 168
Merit: 100
November 08, 2013, 05:55:24 AM
#56
Right, because there is a wallet out there that guarantees lost coins due to software failure.
legendary
Activity: 861
Merit: 1010
November 08, 2013, 05:33:50 AM
#55
Once installed the Armory warns users it is a Beta version and will not guarantee lost coins due to software failure.

And that is the reason why i don't want to use it, while my hands are itching though.
So they insist a ton about how secure they are but once their sofware is installed they basically said "There may be some problems, not our business, good luck LOL"?

That's very weird. Or maybe it's funny.
hero member
Activity: 492
Merit: 500
November 08, 2013, 05:31:28 AM
#54
 

@bizz

Quote
But why would you put yourself to that risk when you can use something like Diceware? Humans suck at choosing passwords!
http://world.std.com/~reinhold/diceware.html
Quote
Here again. I never heard of this piece of software. How could I know this is no fishing site?

Like I said: The most I am worried about is losing or forgetting the private key. What worth has the best password in the world if you lose or forget it? Even paper wallets can be lost...




Grin Did you even click the link? Diceware is no software. It's just a list of words and you use simple dice (yes offline dice lol) to pick random words. You don't even have to use that word list. Nothing is safer for picking pass-phrases. Not any kind of computer or software.

Edit: If worried about forgetting it, you can write it down (in stone/metal maybe?) & split pass-phrase into 3 pieces and bury it in different locations. Not only it's cool (hidden treasure) it's also healthy as probably you'll spend weeks digging trying to find all the pieces.  Grin
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
November 08, 2013, 05:19:07 AM
#53
The code is open source in the page and is tested by many people. There is absolutely no security problem. Especially this site is well known. All this other software option I never heard of.

Look here http://en.wikipedia.org/wiki/Phishing#Website_forgery
I'm not even saying that the site itself (however legit) can be hacked (sooner or later it will happen)
hero member
Activity: 546
Merit: 500
hm
November 08, 2013, 05:14:12 AM
#52
Not insecure, I missed a critical step here, generate private key yourself using any combinations of sha256, and use bitaddress.org just to get address and key in proper format, I don't think how can a fishing site not connected to internet can screw at that stage.

Piece o'cake! It would save the keys in cookies and after you plug your connection in again... Don't trust no sites whether connected or not!!!

The code is open source in the page and is tested by many people. There is absolutely no security problem. Especially this site is well known. All this other software option I never heard of.
https://bitcointalksearch.org/topic/ann-bitaddressorg-safe-javascript-bitcoin-addressprivate-key-43496


@bizz

Quote
But why would you put yourself to that risk when you can use something like Diceware? Humans suck at choosing passwords!
http://world.std.com/~reinhold/diceware.html
Quote
Here again. I never heard of this piece of software. How could I know this is no fishing site?

Like I said: The most I am worried about is losing or forgetting the private key. What worth has the best password in the world if you lose or forget it? Even paper wallets can be lost...
hero member
Activity: 492
Merit: 500
November 08, 2013, 04:11:55 AM
#51
Here are the steps for the safest wallet in the world Smiley

Address creation:
1. Go to www.bitaddress.org using firefox, make browser offline or unplug the cord/stop the wifi, generate a bitcoin address/private key

Very insecure (stopped reading further, lol). It may very well be a fishing site. Much more secure to compile vanitygen from source (at first auditing the code, of course) and use it for generating (taking all other ordinary measures of securing your pc like plugging off, etc)
Not insecure, I missed a critical step here, generate private key yourself using any combinations of sha256, and use bitaddress.org just to get address and key in proper format, I don't think how can a fishing site not connected to internet can screw at that stage.

Newbie is brain dead at this point. Cheesy

Back to my my original advice. It's clickety click click: http://electrum.org/tutorials.html#offline-mpk
legendary
Activity: 1526
Merit: 1002
Bulletproof VPS/VPN/Email @ BadAss.Sx
November 08, 2013, 03:47:05 AM
#50
Once installed the Armory warns users it is a Beta version and will not guarantee lost coins due to software failure.

And that is the reason why i don't want to use it, while my hands are itching though.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
November 08, 2013, 03:46:58 AM
#49
Not insecure, I missed a critical step here, generate private key yourself using any combinations of sha256, and use bitaddress.org just to get address and key in proper format, I don't think how can a fishing site not connected to internet can screw at that stage.

Piece o'cake! It would save the keys in cookies and after you plug your connection in again... Don't trust no sites whether connected or not!!!
full member
Activity: 151
Merit: 100
November 08, 2013, 03:30:50 AM
#48
Here are the steps for the safest wallet in the world Smiley

Address creation:
1. Go to www.bitaddress.org using firefox, make browser offline or unplug the cord/stop the wifi, generate a bitcoin address/private key

Very insecure (stopped reading further, lol). It may very well be a fishing site. Much more secure to compile vanitygen from source (at first auditing the code, of course) and use it for generating (taking all other ordinary measures of securing your pc like plugging off, etc)
Not insecure, I missed a critical step here, generate private key yourself using any combinations of sha256, and use bitaddress.org just to get address and key in proper format, I don't think how can a fishing site not connected to internet can screw at that stage.
legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
November 08, 2013, 03:22:23 AM
#47
Here are the steps for the safest wallet in the world Smiley

Address creation:
1. Go to www.bitaddress.org using firefox, make browser offline or unplug the cord/stop the wifi, generate a bitcoin address/private key

Very insecure (stopped reading further, lol). It may very well be a fishing site. Much more secure to compile vanitygen from source (at first auditing the code, of course) and use it for generating (taking all other ordinary measures of securing your pc like plugging off, etc)
hero member
Activity: 492
Merit: 500
November 08, 2013, 03:20:10 AM
#46
Here are the steps for the safest wallet in the world Smiley

Address creation:
1. Go to www.bitaddress.org using firefox, make browser offline or unplug the cord/stop the wifi, generate a bitcoin address/private key
2. Encrypt private key using AES and a long phrase which you should memorize, store encrypted data somewhere safe, google docs with 2-factor is safe enough.
3. Create a wallet on blockchain.info, import bitcoin address into blockchain.info but don't import private key

Transactions:
1. Whenever you need to transfer fund go to command line and decrypt aes encrypted key using openssl or go to http://www.everpassword.com/aes-encryptor and decrypt in offline mode.
2. go to blockchain.info, go offline, click send money when asked for private key enter it, create raw transaction, copy it and paste it to https://blockchain.info/pushtx

You can use it from anywhere if you think there are no keyloggers else to be safer use a linux machine(vm) and don't install anything on it except firefox.

Comments are welcome if anybody disagrees?

Feel free to donate some btc to me using this method.


 I would do every step on Ubuntu 12.04 LTS Live CD.
newbie
Activity: 26
Merit: 0
November 08, 2013, 03:16:45 AM
#45

Does Armory sit on top of Bitcoind (ie RPC), or does Armory include a re-write of the Bitcoin crypto fundamentals?

Are there any concerns with Armory primarily being developed by a single person?

bump.

Multiple devs work on Bitcoin-QT. Is Armory a re-write? Is there any concern with Armory?

Can Armory off-line mode be used with media other than USB flash drives? Using a new USB flash drive for each tx could get costly as I would only consider their use in one direction.

Can Bitcoin-QT somehow spend inputs without the full blockchain? I would like to use Bitcoin-QT in off-line mode to generate an address. I would then move some coins to this address. At a later date, is there a way to get the transactions into this off-line PC (ie via CD) and have Bitcoin-QT generate a tx? I could then burn the tx to a CD for broadcast.

legendary
Activity: 3514
Merit: 1280
English ⬄ Russian Translation Services
November 08, 2013, 03:16:00 AM
#44
What if you die?

I will just retrieve my coins while in Heaven. I see no problem there.

Why are so sure? I mean about Heaven, lol...
full member
Activity: 151
Merit: 100
November 08, 2013, 02:47:23 AM
#43
Here are the steps for the safest wallet in the world Smiley

Address creation:
1. Go to www.bitaddress.org using firefox, make browser offline or unplug the cord/stop the wifi, generate a bitcoin address/private key
2. Encrypt private key using AES and a long phrase which you should memorize, store encrypted data somewhere safe, google docs with 2-factor is safe enough.
3. Create a wallet on blockchain.info, import bitcoin address into blockchain.info but don't import private key

Transactions:
1. Whenever you need to transfer fund go to command line and decrypt aes encrypted key using openssl or go to http://www.everpassword.com/aes-encryptor and decrypt in offline mode.
2. go to blockchain.info, go offline, click send money when asked for private key enter it, create raw transaction, copy it and paste it to https://blockchain.info/pushtx

You can use it from anywhere if you think there are no keyloggers else to be safer use a linux machine(vm) and don't install anything on it except firefox.

Comments are welcome if anybody disagrees?

Feel free to donate some btc to me using this method.
member
Activity: 98
Merit: 10
nearly dead
November 07, 2013, 09:01:26 PM
#42

Oh but that uses raw transactions, people around here have claimed that users can't ever use that and I'm an idiot for suggesting it.

People are ignorant. And then newbie goes and sends 30 BTCs to Inputs.io. True for small amounts/daily use blockchain.info wallet with 2FA is just fine. But  risking over 30 BTC online (inputsio WTF  ). Or on a probably infected PC Huh

Raw tx? What's so hard about saving file  to USB > go to/reboot to offline Ubuntu > open file > click > save > go back to online PC > click. Done.

Putting in computer is equally unsave if one is not good with computer.... inputs.io have lots of reputation Smiley

Not sure if that was a joke or not, you might want to look up what's going with that scamice (scam + service, nice eh?) you mention.
hero member
Activity: 526
Merit: 500
November 07, 2013, 08:50:37 PM
#41

Oh but that uses raw transactions, people around here have claimed that users can't ever use that and I'm an idiot for suggesting it.

People are ignorant. And then newbie goes and sends 30 BTCs to Inputs.io. True for small amounts/daily use blockchain.info wallet with 2FA is just fine. But  risking over 30 BTC online (inputsio WTF  ). Or on a probably infected PC Huh

Raw tx? What's so hard about saving file  to USB > go to/reboot to offline Ubuntu > open file > click > save > go back to online PC > click. Done.

Putting in computer is equally unsave if one is not good with computer.... inputs.io have lots of reputation Smiley
Pages:
Jump to: