Topic: Simpler Security Plan (Read 949 times)
You should not trust secure delete for the same reason you should not trust GNU shred: Modern file systems don't write data in place.
Excellent point, this approach is really only effective for a long-term holder. It doesn't have to be a hoarder though - as long as your spending rate is less than your mining/purchasing rate, you can use this approach.
Sounds like a good approach for a hoarder, but what about someone who frequently needs to spend BTC?
For those looking for a relatively easy method of securing your long-term bitcoin savings, without requiring a non-Windows install, here's what I do. Feel free to pick it apart.
One-time steps:
-----------------
- On a clean PC, install the bitcoin client and create one or more addresses via the "New..." button. Email these addresses to yourself via GMail or similar.
- Close Bitcoin and encrypt the Wallet.dat file (for instance with 7-zip, entering a strong password)
- Make copies of this file (burn to CD, email to yourself via GMail or other online email, etc.)
- Destroy the wallet.dat file via secure erase (SDelete works well, http://technet.microsoft.com/en-us/sysinternals/bb897443)
Ongoing steps:
-----------------
- When your main bitcoin balance gets larger than you like, send the extra to one of the addresses you emailed to yourself.
Some notes:
-----------------
- What is a clean PC? Well ideally it's a fresh install of Windows 7 SP1, restarted in Safe Mode with Networking.
- There's no need to access the encrypted wallet file unless you either want to spend from it, or desire additional addresses.
- You really only need one address from the encrypted wallet of course, but I like to keep each payment separate for my own accounting.
- Be careful when you select your password! It should be strong (http://www.microsoft.com/security/online-privacy/passwords-create.aspx), memorable, and NEVER REUSED ELSEWHERE! Recent database hacking successes should teach us all that reusing passwords is a Bad Idea.
One-time steps:
-----------------
- On a clean PC, install the bitcoin client and create one or more addresses via the "New..." button. Email these addresses to yourself via GMail or similar.
- Close Bitcoin and encrypt the Wallet.dat file (for instance with 7-zip, entering a strong password)
- Make copies of this file (burn to CD, email to yourself via GMail or other online email, etc.)
- Destroy the wallet.dat file via secure erase (SDelete works well, http://technet.microsoft.com/en-us/sysinternals/bb897443)
Ongoing steps:
-----------------
- When your main bitcoin balance gets larger than you like, send the extra to one of the addresses you emailed to yourself.
Some notes:
-----------------
- What is a clean PC? Well ideally it's a fresh install of Windows 7 SP1, restarted in Safe Mode with Networking.
- There's no need to access the encrypted wallet file unless you either want to spend from it, or desire additional addresses.
- You really only need one address from the encrypted wallet of course, but I like to keep each payment separate for my own accounting.
- Be careful when you select your password! It should be strong (http://www.microsoft.com/security/online-privacy/passwords-create.aspx), memorable, and NEVER REUSED ELSEWHERE! Recent database hacking successes should teach us all that reusing passwords is a Bad Idea.
Jump to: