Author

Topic: Secruity and OS (Read 1014 times)

legendary
Activity: 1722
Merit: 1000
August 19, 2014, 09:52:12 AM
#17
Dumb question...

Do I buy a USB key from them?  I was under the impression USB's are not good due to the firmware hack?
legendary
Activity: 1722
Merit: 1000
August 19, 2014, 09:50:49 AM
#16
So they are safe until my first spend?  How could a keylogger be installed on a comp that has only had CD's touch it?

I veiw it as, as soon as it touches the web it's been violated, so if I spend it must be a complete spend.
How is this,  new hard drive, install windows, install QT, dumppriv key, print it out, wipe out/burn hard drive, not once connected to web.

Should I encrypt it, connect to web and let it sync, then burn it with out ever typing in the passphrase again?  If I never connect it to the web and do what I said how would my public/private address be valid?

Look. If you want to be 99.99% safe, then you must do this.

1. Buy computer parts. (DO NOT BUY A WIFI/LAN CARD. DO NOT BUY SPEAKERS OR MICROPHONES)
2. Assemble the computer.
3. [Offline PC] Install Electrum via a USB-Key.
4. [Offline PC] Create a new wallet. Write down the seed and memorize it, after which you should probably destroy the seed or keep it safe in a lockbox.
5.[Offline PC] Go to Settings -> Import/Export and copy your "Master Public Key" and put it in a text file on your USB-Key.
6.[Online PC] Install Electrum and select "Create a watching-only version of existing wallet", you will then be prompted to enter your "Master Public Key".

To make a transaction:
1. [Online PC] Go to the send tab and make a transaction. Instead of sending it, Electrum will detect a seedless wallet and query for a location to save the transaction. Select your USB-Key.
2. [Offline PC] Go to Settings -> Import/Export -> "Load raw transaction". Select your transaction from the USB-Key. It will detect it's not signed and will prompt you to do so now. Fill in your password and sign the transaction. Save the new, signed, transaction to your USB-Key.
3. [Online PC] Go to Settings -> Import/Export -> "Load raw transaction". Select the signed transaction and it will ask you if you want to broadcast it.

That is the safest method. Nothing is as safe as this.


Sweet!, thanks!
hero member
Activity: 798
Merit: 1000
August 19, 2014, 09:49:16 AM
#15
So they are safe until my first spend?  How could a keylogger be installed on a comp that has only had CD's touch it?

I veiw it as, as soon as it touches the web it's been violated, so if I spend it must be a complete spend.
How is this,  new hard drive, install windows, install QT, dumppriv key, print it out, wipe out/burn hard drive, not once connected to web.

Should I encrypt it, connect to web and let it sync, then burn it with out ever typing in the passphrase again?  If I never connect it to the web and do what I said how would my public/private address be valid?

Look. If you want to be 99.99% safe, then you must do this.

1. Buy computer parts. (DO NOT BUY A WIFI/LAN CARD. DO NOT BUY SPEAKERS OR MICROPHONES)
2. Assemble the computer.
3. [Offline PC] Install Electrum via a USB-Key.
4. [Offline PC] Create a new wallet. Write down the seed and memorize it, after which you should probably destroy the seed or keep it safe in a lockbox.
5.[Offline PC] Go to Settings -> Import/Export and copy your "Master Public Key" and put it in a text file on your USB-Key.
6.[Online PC] Install Electrum and select "Create a watching-only version of existing wallet", you will then be prompted to enter your "Master Public Key".

To make a transaction:
1. [Online PC] Go to the send tab and make a transaction. Instead of sending it, Electrum will detect a seedless wallet and query for a location to save the transaction. Select your USB-Key.
2. [Offline PC] Go to Settings -> Import/Export -> "Load raw transaction". Select your transaction from the USB-Key. It will detect it's not signed and will prompt you to do so now. Fill in your password and sign the transaction. Save the new, signed, transaction to your USB-Key.
3. [Online PC] Go to Settings -> Import/Export -> "Load raw transaction". Select the signed transaction and it will ask you if you want to broadcast it.

That is the safest method. Nothing is as safe as this.
legendary
Activity: 1722
Merit: 1000
August 19, 2014, 09:42:26 AM
#14
So they are safe until my first spend?  How could a keylogger be installed on a comp that has only had CD's touch it?

I veiw it as, as soon as it touches the web it's been violated, so if I spend it must be a complete spend.





How is this,  new hard drive, install windows, install QT, dumppriv key, print it out, wipe out/burn hard drive, not once connected to web.

Should I encrypt it, connect to web and let it sync, then burn it with out ever typing in the passphrase again?  If I never connect it to the web and do what I said how would my public/private address be valid?
hero member
Activity: 798
Merit: 1000
August 19, 2014, 09:35:16 AM
#13

Keylogger or Man-in-the-middle attack can get any password but it imply being connected.


Disconnecting and then connecting again is the same.

..If I were to ever spend that BTC I would empty the entire wallet.

While not connected to web on new harddrive...  Put cd on computer.. install QT client, go to encrypt wallet, type in passphrase.  

Why would I tell you my ciphers.. When I eventually am less lazy I will put a public address and an encrypted private address on here with 100 milibtc you can go to town on attempting to get it.

The vigenere cipher has only been broken if it's encrypting a language as there are common letters, letter pairings etc that makes it possible...  

As I suspected.

type in passphrase.

You typed it in. A keylogger can record them. Once you reconnect to the internet, they are then uploaded to the hacker. If the virus/trojan is directed at Bitcoin users, it will also make copies of all files named wallet.dat, and then it will upload them to the attacker.
legendary
Activity: 1722
Merit: 1000
August 19, 2014, 09:33:07 AM
#12

Keylogger or Man-in-the-middle attack can get any password but it imply being connected.


Once I type it in to spend it thought right...?  If I do my initial steps than anytime I spend it, completely empty it would it not be protected until I spend?
legendary
Activity: 2156
Merit: 1131
August 19, 2014, 09:30:51 AM
#11

Keylogger or Man-in-the-middle attack can get any password but it imply being connected.
legendary
Activity: 1722
Merit: 1000
August 19, 2014, 09:26:30 AM
#10
..If I were to ever spend that BTC I would empty the entire wallet.

While not connected to web on new harddrive...  Put cd on computer.. install QT client, go to encrypt wallet, type in passphrase.  

Why would I tell you my ciphers.. When I eventually am less lazy I will put a public address and an encrypted private address on here with 100 milibtc you can go to town on attempting to get it.

The vigenere cipher has only been broken if it's encrypting a language as there are common letters, letter pairings etc that makes it possible...  
hero member
Activity: 798
Merit: 1000
August 19, 2014, 09:25:08 AM
#9
You should be safe with your method, but as always linux is recommended.

No he's not safe at all. Stop misleading people into oblivion.

If you get my encrypted wallet with 25+ chars how will it get decrypted?

When BTC passes a certian price I will have a paper wallet.

Uhh... Because you type it in? I can just grab the wallet.dat and then decrypt it with the password you entered. No paper wallet is 100% secure unless it is encrypted with a strong BIP38 passphrase and created under 100% offline conditions.

How do you plan to get that password......  Where is that text stored..?  (I am quite curious as nothing would ever be safe if passwords are this easy to get)

I'd uses a symbol and modified viegrene cipher.

Haha, this is funny. Can you list the steps you take to enter your password for your wallet?
legendary
Activity: 1722
Merit: 1000
August 19, 2014, 09:22:44 AM
#8
You should be safe with your method, but as always linux is recommended.

No he's not safe at all. Stop misleading people into oblivion.

If you get my encrypted wallet with 25+ chars how will it get decrypted?

When BTC passes a certian price I will have a paper wallet.

Uhh... Because you type it in? I can just grab the wallet.dat and then decrypt it with the password you entered. No paper wallet is 100% secure unless it is encrypted with a strong BIP38 passphrase and created under 100% offline conditions.

How do you plan to get that password......  Where is that text stored..?  (I am quite curious as nothing would ever be safe if passwords are this easy to get)

I'd uses a symbol and modified viegrene cipher.
hero member
Activity: 798
Merit: 1000
August 19, 2014, 09:20:50 AM
#7
You should be safe with your method, but as always linux is recommended.

No he's not safe at all. Stop misleading people into oblivion.

If you get my encrypted wallet with 25+ chars how will it get decrypted?

When BTC passes a certian price I will have a paper wallet.

Uhh... Because you type it in? I can just grab the wallet.dat and then decrypt it with the password you entered. No paper wallet is 100% secure unless it is encrypted with a strong BIP38 passphrase and created under 100% offline conditions.
legendary
Activity: 1722
Merit: 1000
August 19, 2014, 09:17:24 AM
#6
A simple hacker can get all of your information. Stopping your computer from connecting to the internet and then allowing it to do so again is meaningless, the information can still be collected and then uploaded whenever there's internet available. Also, Windows 8 is full of NSA backdoors.
You need to build a cheap pc that has never been online and never will. Use Electrum to sign transactions, then broadcast it on an internet connected device.

How would they get my info, my wallet.dat I can understand but how could they get the passphrase?
legendary
Activity: 1722
Merit: 1000
August 19, 2014, 09:16:05 AM
#5
You should be safe with your method, but as always linux is recommended.

No he's not safe at all. Stop misleading people into oblivion.

If you get my encrypted wallet with 25+ chars how will it get decrypted?

When BTC passes a certian price I will have a paper wallet.
hero member
Activity: 798
Merit: 1000
August 19, 2014, 08:56:31 AM
#4
You should be safe with your method, but as always linux is recommended.

No he's not safe at all. Stop misleading people into oblivion.
newbie
Activity: 42
Merit: 0
August 19, 2014, 08:53:58 AM
#3
You should be safe with your method, but as always linux is recommended.
hero member
Activity: 798
Merit: 1000
August 19, 2014, 08:52:35 AM
#2
A simple hacker can get all of your information. Stopping your computer from connecting to the internet and then allowing it to do so again is meaningless, the information can still be collected and then uploaded whenever there's internet available. Also, Windows 8 is full of NSA backdoors.
You need to build a cheap pc that has never been online and never will. Use Electrum to sign transactions, then broadcast it on an internet connected device.
legendary
Activity: 1722
Merit: 1000
August 19, 2014, 08:25:43 AM
#1
I am currently using windows... 

My backup key plan is pretty much, new hard drive, computer disconnected from web, install windows 8 ( :S ), put on Bitcoin QT (with CD.. no USB's), encrypt wallet, connect to web, download block chain, send BTC to wallet, remove harddrive from computer.

Do you guys thing the NSA, Microsoft, etc can still get my paraphrase this way?
Jump to: