Topic: Safety revision after the Hacks going around these days - page 2. (Read 1751 times)

This except with a tablet/net book that could be kept in a bank vault or home safe.

into the malware infected computer and the attacker steals them the second the system becomes aware of the private key.

It might be overkill for a couple bitcoins but if you are talking hundreds or thousands it is well worth the money to have an secure dedicated laptop to perform offline signing.  The private keys never touch a computer connected to the internet .... ever.  Not just in storage but also in use.

This doesn't mean you can't also have paper backup as a backup to the offline signing device.


The keys NEVER leave cold storage.  The only thing copied to the hot wallet is the complete digitally signed transaction.  The hot wallet could be a cesspool of infection and the attacker would get nothing that isn't already public information anyways.

This is good.  For #3, I'd revise it include don't leave funds on a pool _or_ an exchange.

M

Why would a laptop be desired over using paper wallets for cold storage?   A hard drive/flash memory can fail, and a laptop makes a tempting target in a burglary.  Unless you keep it physically secure from other people when not under your supervision, you can't really be confident that the private keys will never been copied/compromised. 

I'm using paper wallets generated on an offline computer with clean install.  I'm 99.9999% sure that those private keys don't exist on any machine on this planet.   When I need to transact btc, for just receiving, I get a fresh paper wallet from the safe, and send it to that address.   To send BTC, I use the loaded paper wallets that I need to cover the transaction, scan in the private keys, do my business, and put the remainder on fresh paper wallets.  All the old paper wallets, once their private keys have been disclosed to the online computer and have been verified to contain no value, get destroyed to preserve anonymity and protect against reuse.  In practice, I keep several paper wallets with 1 BTC on each, with one holding a remainder of less than 1 BTC.   I keep both the loaded and unloaded wallets in sealed envelopes when they are in the safe.  The loaded wallets are treated like paper currency and are stored as such.

Scanning in QR codes from paper wallets is a relatively simple process, no more a burden than copying keys from a cold storage laptop to a hot wallet on an online computer via a usb drive -- and keep in mind that you would only copy the keys you would need, otherwise, you would be exposing your "cold storage" private keys to be possibly read by malicious software.  Encrypting these won't help if the online computer has been compromised by a keystroke logger.

Also, paper wallets are much, much cheaper than buying a single-purpose computer.

Or buy a laptop exclusively for cold storage only.

Beware of browser extensions, especially bitcoin related ones.  
Don't run java/flash, if necessary use somthing like noscript (browser extension ).


Good post, it's definitely a good time for everyone to audit their own security.

It's not paranoia if they really are out to get you!

If you have a lot of funds, just buy a laptop for trading only. Put a ton of security software, enable or possible security features on everything and you're good to go.

to people who think that they do take security seriously, please it is time to do some revision, I am reading around and I see a shocking amount of hacks and fraud going on for the last couple of days.

so you may consider:

1- check if you have all security features that your exchange offers already activated.
2- make sure that you use one of the best antivirus programs on the computer you use to browse around and make sure it is up to date.
3- don't leave funds on exchanges, if you daily trade and you have leave any funds there, then make sure to use e-mail confirmations and that your e-mail also has 2FA.
4- make sure that you use only one phone/device which is not rooted, and do not install garbage bitcoin apps or any other app games/garbage.
5- use paper wallets for your long term investment and save them in a safe place.
6- keep the for-daily use coins on an offline computer, use Armory, sign offline transaction and broadcast them on an online pc.
7- use different passwords on all sites, make them complicated and long (capital letters small letters, numbers and special characters)
8- don't keep any track of your passwords, keys or anything else on your computer, do it the old fashion way, write on a paper and save it somewhere safe.
9- encrypt about anything, I would recommend you to encrypt your entire dist as well, if you use linux this option is offered when installing the system, if you use windows then try PGP whole disk encryption, I use it and I recommend it.
10- use avg anti virus on your phone/device, activate the relocation option, there is also an option to wipe-out the device by sending a SMS to your phone if lost or stolen.
11- never trust anyone with your BTC, if you cant control the address then you don't own the BTC, any non reputable, non regulated online service can go offline, and you will lose all your funds (the new term is Goxed)
12- dont click on links without being sure where they direct, you can simply put the mouse cursor on it without clicking and check the address bar if it is a legit link, deactivate automatic redirection in your browser so you cant be tricked.
13- don't open e-mails from unknown sources, especially don't open spam e-mail, if you have to do so, then make sure to not open any executable attachment or any .pif extension, judge any site asking you to install "java plugin" or a "flash player" if YouTube works for you than you don't need any flash player or additional extensions, you are being a victim of a phishing attempt.
14- don't install any opensource software if you don't know what the code does, if can review the code your self then don't install without verifying the signature, especially don't install wallets of the daily created scam coins, some might be created just to steal your coins.


these are just some of the safety practices I can think about now, any user is welcome to add anything I might have forgotten to this list.