Author

Topic: storing wallet backup in the cloud? (Read 6844 times)

legendary
Activity: 2786
Merit: 1031
April 01, 2015, 09:35:17 AM
#44
Dropbox is safe for storage ? if i use it what i need to do for highest security? Thanks a lot !

You should use SpiderOak, it has a 'zero knowledge' privacy system, read more at: https://spideroak.com/zero-knowledge/

I can send you a referral link, you'll get an extra GB for free.

Don't use Dropbox, well, at least don't use it for nothing important, it's good for storing music or stuff like that...
hero member
Activity: 910
Merit: 1000
April 01, 2015, 07:53:22 AM
#43
As for cloud hosting providers everybody is providing that now. While it still involves a third-party (and I wouldn't use it as a unique point of failure) I would recommend MEGA above many of the others. They provide a decent amount of free storage and files are encrypted.
newbie
Activity: 28
Merit: 0
April 01, 2015, 04:40:11 AM
#42
Dropbox is safe for storage ? if i use it what i need to do for highest security? Thanks a lot !
legendary
Activity: 1456
Merit: 1000
March 31, 2015, 11:50:38 PM
#41
Yes, that's good but just remember that : Nothing is absolutely safe.

You can do that. but just remember: Nothing is safe absolutely.

Interesting to lower levels with almost exact same thing said.  I agree with both just find it wierd how close they are on message.
newbie
Activity: 14
Merit: 0
March 31, 2015, 11:18:39 PM
#40
You can do that. but just remember: Nothing is safe absolutely.
newbie
Activity: 51
Merit: 0
March 31, 2015, 09:57:00 PM
#39
Yes, that's good but just remember that : Nothing is absolutely safe.
legendary
Activity: 1456
Merit: 1000
March 31, 2015, 10:36:03 AM
#38
what do you think of storing your wallet backup in the cloud? like a storage service. like google drive / drop box / iCloud drive / etc...?

of course there is the USB stick and paper option too...

also how do you load a backup into bitcoin-qt?
definitely :  NO.
 dont trust any cloud service to store sensitives datas.  Wink
As long as you encrypt it before uploading, it doesn't matter. You could even backup the data by publicly posting it on facebook and twitter for all you care. Encrypted means nobody can read it, no matter how or where you store it.

I think the problem is someone getting lazy and uploading a wallet that is not encrypted.  With all the "bad people" in the world I just don't trust cloud storage for important items.
legendary
Activity: 3248
Merit: 1070
March 31, 2015, 10:13:40 AM
#37
better not, i find more secure my smartphone with windows installed than a cloud service

best solution is to keep a small amount on your desktop(this will tell you if your machine is safe, better than any antivirus) and store the rest on a classic usb/paper/general cold storage
newbie
Activity: 51
Merit: 0
March 31, 2015, 08:44:02 AM
#36
Store in cloud storage service is great but just remember that nothing is absolutely safe
legendary
Activity: 1176
Merit: 1011
March 31, 2015, 03:21:54 AM
#35
what do you think of storing your wallet backup in the cloud? like a storage service. like google drive / drop box / iCloud drive / etc...?

of course there is the USB stick and paper option too...

also how do you load a backup into bitcoin-qt?
definitely :  NO.
 dont trust any cloud service to store sensitives datas.  Wink
As long as you encrypt it before uploading, it doesn't matter. You could even backup the data by publicly posting it on facebook and twitter for all you care. Encrypted means nobody can read it, no matter how or where you store it.
legendary
Activity: 1120
Merit: 1002
March 31, 2015, 02:29:31 AM
#34
what do you think of storing your wallet backup in the cloud? like a storage service. like google drive / drop box / iCloud drive / etc...?

of course there is the USB stick and paper option too...

also how do you load a backup into bitcoin-qt?
definitely :  NO.
 dont trust any cloud service to store sensitives datas.  Wink
legendary
Activity: 1456
Merit: 1000
March 31, 2015, 01:36:30 AM
#33
I personally would not store it on the cloud.  I am a usb guy myself.

If you do upload it make sure it's encrypted.
legendary
Activity: 2786
Merit: 1031
March 30, 2015, 09:03:25 PM
#32
You should use SpiderOak, it has a 'zero knowledge' privacy system, read more at: https://spideroak.com/zero-knowledge/

I can send you a referral link, you'll get an extra GB for free.
full member
Activity: 137
Merit: 100
March 30, 2015, 07:34:09 PM
#31
Yeah, I use this method. I first PGP encrypt the wallet backup, then zip it, and finally attach it to a message on Gmail or some other mail service. Pretty convenient.

Compress it first, the ciphertext PGP/GPG produces will resemble a stream of random bytes and won't compress much (if at all). PGP/GPG also internally does some compression (using zlib, I believe, so basically zip or gzip compression) but you might be able to compress it further by using 7zip and encrypting the resulting .7z file.

This way your wallet is compressed as small as possible and you have up to three layers of protection (wallet passphrase, 7zip passphrase and PGP key/passphrase) along with an optional PGP signature so you can prove the file wasn't tampered with.

Of course this is all overkill assuming you have a strong passphrase on your wallet.dat, but it's nice to know that if someone hacked your dropbox or gmail account it might take them a few billion years to get through the multiple layers of encryption and access your wallet.
newbie
Activity: 42
Merit: 0
March 30, 2015, 10:57:31 AM
#30
what do you think of storing your wallet backup in the cloud? like a storage service. like google drive / drop box / iCloud drive / etc...?

of course there is the USB stick and paper option too...

also how do you load a backup into bitcoin-qt?

I think that nothing is absolutely safe, but if you dont know wherever to store it . That's one of your best choice
legendary
Activity: 1176
Merit: 1011
March 30, 2015, 10:33:22 AM
#29
Rule of thumb: never use anything with a single point of failure.

For example, storing your wallet online, either in a cloud service or web wallet or FTP server or whatever: service may go down, they may accidentally wipe your data, they may get hacked, government may confiscate their servers, etc.

Storing it on your PC or USB: it may crash, get stolen, get destroyed if your house burns down, dog may eat it, etc.

Personally, I have stored the majority of my bitcoins (well, the seed of my HD wallet actually) in encrypted form on several places: on paper, on USB stick, and online (on my webserver, and I emailed it to myself). The encryption password is something that I can surely remember, but that nobody will ever be able to guess or brute force.

In case I die prematurely, I also wrote down part of the password somewhere between my physical belongings, so that if I happen to die, my family will find it (but a burglar that takes it couldn't do anything useful with it, even if he knew what is was). The rest of the password will be emailed automatically to them.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
March 30, 2015, 10:13:54 AM
#28
dont use this method for your life savings dude  Roll Eyes
legendary
Activity: 3696
Merit: 1584
March 30, 2015, 10:10:36 AM
#27
What do you mean you need to make frequent backups of your wallet.dat? Wont one suffice?

Well, using the standard client, when you make a new receiving address or when the wallet makes a new automatic change address you'd want to save that. I think the standard wallet keeps a pool of 100 reserve addresses by default (https://en.bitcoin.it/wiki/Key_pool) that gets saved as part of the backup, so you only need to do backups when you are about to use up the pool. In the past, many people lost BTC when they restored a wallet from an old backup that did not contain  newer receiving addresses that were created after the backup was made.

Of course if you don't use your wallet or your only use is for coins to keep coming in to the same address(es) then you don't need to keep making backups.


Good info.

Also I have a laptop and desktop. Is it possible to have Bitcoin-qt synced between the two machines so I can send and receive BTC from both machines using the same wallet and BTC funds? Does this question make sense?

bitcoin-qt generates random keys so your two wallet copies will diverge at some point. You should use a deterministic wallet like electrum if you want a wallet that remains consistent on multiple devices.

Encrypting a wallet with gpg does have advantages because an attacker would need the gpg private key to decrypt it. As long as you don't make the mistake of also uploading the gpg private key to your cloud backups you benefit from an additional layer of security.
legendary
Activity: 1204
Merit: 1001
March 30, 2015, 07:52:06 AM
#26
What do you mean you need to make frequent backups of your wallet.dat? Wont one suffice?

Well, using the standard client, when you make a new receiving address or when the wallet makes a new automatic change address you'd want to save that. I think the standard wallet keeps a pool of 100 reserve addresses by default (https://en.bitcoin.it/wiki/Key_pool) that gets saved as part of the backup, so you only need to do backups when you are about to use up the pool. In the past, many people lost BTC when they restored a wallet from an old backup that did not contain  newer receiving addresses that were created after the backup was made.

Of course if you don't use your wallet or your only use is for coins to keep coming in to the same address(es) then you don't need to keep making backups.


Good info.

Also I have a laptop and desktop. Is it possible to have Bitcoin-qt synced between the two machines so I can send and receive BTC from both machines using the same wallet and BTC funds? Does this question make sense?
donator
Activity: 1617
Merit: 1012
March 30, 2015, 06:30:38 AM
#25
What do you mean you need to make frequent backups of your wallet.dat? Wont one suffice?

Well, using the standard client, when you make a new receiving address or when the wallet makes a new automatic change address you'd want to save that. I think the standard wallet keeps a pool of 100 reserve addresses by default (https://en.bitcoin.it/wiki/Key_pool) that gets saved as part of the backup, so you only need to do backups when you are about to use up the pool. In the past, many people lost BTC when they restored a wallet from an old backup that did not contain  newer receiving addresses that were created after the backup was made.

Of course if you don't use your wallet or your only use is for coins to keep coming in to the same address(es) then you don't need to keep making backups.
legendary
Activity: 896
Merit: 1000
March 30, 2015, 04:49:06 AM
#24
As long as the PGP private key is kept in a safe place storing your private keys in the cloud (while PGP encrypted)  should be safe. Although if you are going to be securing something with your PGP key then you might as well backup your private keys in the same place that you keep your PGP key (ideally on an offline computer). If you are going to need a backup of your private keys, then you would probably need a backup of your PGP key as well so securing it this way is somewhat of a catch 22 - although you could encrypt it with a passphraise, although this is less secure

In practice it makes a difference where you might store your PGP key vs. your wallet.dat because the PGP key is static but the wallet.dat keeps changing and backups need to be made periodically. For example, you can store a cold (unencrypted) copy of your PGP key in a safety deposit box and use a very strong passphrase to encrypt the active copy without having to worry too much about forgetting the passphrase because you could always run to the bank in the event that you do forget. However, it probably is not convenient to run to your safety deposit box every night with your updated wallet.dat each time your private keys change.

can you explain how a wallet.dat gets outdated? isn't it automatically checking the blockchain to display your final balance?
legendary
Activity: 2044
Merit: 1055
March 30, 2015, 04:34:56 AM
#23
The wallet.dat of bitcoin core is already encrypted with a strong algorithm.
If you use a decent password you are safe to put your wallet.dat on a cloud service like dropbox.
A decent password should be 15 characters or longer, containing uppercase, lowercase, digits and special characters. Don't use anything written in a book or which can be found in an internet resource. Even if you change a few characters in such phrase, it will not be safe enough.


So you are saying if I encrypt my wallet from Bitcoin Core I do not need to PGP encrypt the backup file? That makes it convenient because I did indeed encrypt my bitcoin wallet from bitcoin core.

Exactly. For your interest: http://bitcoin.stackexchange.com/questions/19975/how-secure-is-an-encrypted-wallet

Please consider that you are vulnerable from the moment you connect your PC to the internet. If you trust the bitcoin-qt encryption, it doesn't matter where your wallet.dat file resides. Your PC can be hacked as easily as your cloud space provider.

For optimum security you should consider offline solutions like paper wallets or offline signing like trezor (or other hardware wallets).
hero member
Activity: 910
Merit: 1000
March 30, 2015, 02:39:54 AM
#22
If would be safe it is encrypted first. With strong encryption it doesn't matter so much as long as the private keys aren't compromised.
newbie
Activity: 57
Merit: 0
March 30, 2015, 02:31:03 AM
#21
The wallet.dat of bitcoin core is already encrypted with a strong algorithm.
If you use a decent password you are safe to put your wallet.dat on a cloud service like dropbox.
A decent password should be 15 characters or longer, containing uppercase, lowercase, digits and special characters. Don't use anything written in a book or which can be found in an internet resource. Even if you change a few characters in such phrase, it will not be safe enough.

Please help me for answering this question !

What is the difference from "encrypted wallet.dat" and "encrypted wallet-qt clients"

Sincere thanks !
legendary
Activity: 1204
Merit: 1001
March 30, 2015, 12:25:26 AM
#20
As long as the PGP private key is kept in a safe place storing your private keys in the cloud (while PGP encrypted)  should be safe. Although if you are going to be securing something with your PGP key then you might as well backup your private keys in the same place that you keep your PGP key (ideally on an offline computer). If you are going to need a backup of your private keys, then you would probably need a backup of your PGP key as well so securing it this way is somewhat of a catch 22 - although you could encrypt it with a passphraise, although this is less secure

In practice it makes a difference where you might store your PGP key vs. your wallet.dat because the PGP key is static but the wallet.dat keeps changing and backups need to be made periodically. For example, you can store a cold (unencrypted) copy of your PGP key in a safety deposit box and use a very strong passphrase to encrypt the active copy without having to worry too much about forgetting the passphrase because you could always run to the bank in the event that you do forget. However, it probably is not convenient to run to your safety deposit box every night with your updated wallet.dat each time your private keys change.

What do you mean you need to make frequent backups of your wallet.dat? Wont one suffice?
donator
Activity: 1617
Merit: 1012
March 29, 2015, 09:51:22 PM
#19
As long as the PGP private key is kept in a safe place storing your private keys in the cloud (while PGP encrypted)  should be safe. Although if you are going to be securing something with your PGP key then you might as well backup your private keys in the same place that you keep your PGP key (ideally on an offline computer). If you are going to need a backup of your private keys, then you would probably need a backup of your PGP key as well so securing it this way is somewhat of a catch 22 - although you could encrypt it with a passphraise, although this is less secure

In practice it makes a difference where you might store your PGP key vs. your wallet.dat because the PGP key is static but the wallet.dat keeps changing and backups need to be made periodically. For example, you can store a cold (unencrypted) copy of your PGP key in a safety deposit box and use a very strong passphrase to encrypt the active copy without having to worry too much about forgetting the passphrase because you could always run to the bank in the event that you do forget. However, it probably is not convenient to run to your safety deposit box every night with your updated wallet.dat each time your private keys change.
Q7
sr. member
Activity: 448
Merit: 250
March 29, 2015, 09:45:47 PM
#18
Generally I try to avoid that even though you can encrypt it with a strong password before storing it in cloud services. It will become a problem if you accidentally lose the password so it becomes another problem instead.
legendary
Activity: 994
Merit: 1000
March 29, 2015, 08:50:34 PM
#17
Your private key is just a number.  Don't get confused by all of the technicalities, all you need to do is hide a number and there are an infinite number of ways to do that.

edit... Apparently this was my 'leet' post (see my post count).  Now I can't post anymore or I'll no longer be leet.
full member
Activity: 411
Merit: 100
March 29, 2015, 07:24:21 PM
#16
what do you think of storing your wallet backup in the cloud? like a storage service. like google drive / drop box / iCloud drive / etc...?

of course there is the USB stick and paper option too...

also how do you load a backup into bitcoin-qt?

Yeah, I use this method. I first PGP encrypt the wallet backup, then zip it, and finally attach it to a message on Gmail or some other mail service. Pretty convenient.

Even with a password protected wallet I would never leave it on the cloud without secondary encryption because someone could still see your transactions and addresses.

To restore the backup for bitcoin core, shut down the client and replace the current wallet.dat with your backup copy. Then restart the client.

even when it is pgp encrypted, you should never leave a wallet with potentially thousands dollars worth of coins in it in your mail or cloud. i know pgp encryption is very strong, but still it's not 100% safe.
As long as the PGP private key is kept in a safe place storing your private keys in the cloud (while PGP encrypted)  should be safe. Although if you are going to be securing something with your PGP key then you might as well backup your private keys in the same place that you keep your PGP key (ideally on an offline computer). If you are going to need a backup of your private keys, then you would probably need a backup of your PGP key as well so securing it this way is somewhat of a catch 22 - although you could encrypt it with a passphraise, although this is less secure
hero member
Activity: 672
Merit: 500
March 29, 2015, 05:52:36 PM
#15
I think encrypting the wallet with a strong password and then 7zip it again with another strong password is secure enough to save on the cloud. Don't leave the filename as wallet.7z, rename it to something inconspicuous like recipe.7z or 2015.7z
legendary
Activity: 1204
Merit: 1001
March 29, 2015, 05:37:26 PM
#14
The wallet.dat of bitcoin core is already encrypted with a strong algorithm.
If you use a decent password you are safe to put your wallet.dat on a cloud service like dropbox.
A decent password should be 15 characters or longer, containing uppercase, lowercase, digits and special characters. Don't use anything written in a book or which can be found in an internet resource. Even if you change a few characters in such phrase, it will not be safe enough.


So you are saying if I encrypt my wallet from Bitcoin Core I do not need to PGP encrypt the backup file? That makes it convenient because I did indeed encrypt my bitcoin wallet from bitcoin core.
legendary
Activity: 1204
Merit: 1001
March 29, 2015, 05:35:26 PM
#13
what do you think of storing your wallet backup in the cloud? like a storage service. like google drive / drop box / iCloud drive / etc...?

of course there is the USB stick and paper option too...

also how do you load a backup into bitcoin-qt?

Yeah, I use this method. I first PGP encrypt the wallet backup, then zip it, and finally attach it to a message on Gmail or some other mail service. Pretty convenient.

Even with a password protected wallet I would never leave it on the cloud without secondary encryption because someone could still see your transactions and addresses.

To restore the backup for bitcoin core, shut down the client and replace the current wallet.dat with your backup copy. Then restart the client.

Thanks for the info. This is exactly what I do but I never encrypted my wallet file. I will defiantly do that now. Would you mind explaing to me how to PGP encrypt it?
hero member
Activity: 770
Merit: 509
March 29, 2015, 09:40:20 AM
#13
what do you think of storing your wallet backup in the cloud? like a storage service. like google drive / drop box / iCloud drive / etc...?

of course there is the USB stick and paper option too...

also how do you load a backup into bitcoin-qt?
It's generally not a good idea to store wallets on the cloud.. you never know. Even tho using 7z and encrypting the file and the content would be enough tho.
hero member
Activity: 926
Merit: 1001
weaving spiders come not here
March 29, 2015, 07:17:10 AM
#12
Encrypted in the Bitcoin client and encrypted in an encrypted archive/volume both with strong-but-different passphrases containing uppercase letters, lowercase letters, numbers, punctuation and special characters, I believe it's a good idea to upload it everywhere possible. Free email services, file uploads, cloud services, websites, etc.

Example of a strong passphrase: "My Son was born on January 21, 2001 @ 10:57 am in Hampshire Hospital, Room 317."

Also, rename the file to something inconspicuous, like 'kids.mpg', 'recipies.doc', 'doggies.gif', 'vacation.mov', 'game_roms.zip', etc. Then if they try to open it and it does not work, they will simply believe it is a corrupted file.

Hiding it in plain sight, but obfuscated and encrypted twice, means this will always be available, at any time and anywhere in the world there is an internet connection... and secure. If a breakthrough in computing comes to pass, simply create new wallet and encrypted archive/volume with stronger encryption and transfer the coins, making the old wallets useless.

You can also periodically create a new wallet encrypted in the Bitcoin client, in a new encrypted archive/volume with a new file name and passphrase, then transfer your coins to the new one, making all the old one useless.
legendary
Activity: 1512
Merit: 1012
March 29, 2015, 07:12:34 AM
#11
Quote
what do you think of storing your wallet backup in the cloud?

And you ask why bitcoins are stollen with no explanations ?  Roll Eyes


think !
sr. member
Activity: 406
Merit: 250
March 29, 2015, 06:55:48 AM
#10
Why would u do that? Copy it on four seprate USB drives, open safe in the bank and put it here.

All this under condition you have something to put in that safe. If we are talking about 3 BTC, dont even bother.
newbie
Activity: 41
Merit: 0
March 29, 2015, 05:44:58 AM
#9
I think that anyone shouldn't put a private key in the cloud. I think that the best way for backup a wallet is to write down the private key into a piece of paper, and then put it into a secure place at your home. That's it. (Sorry if this is proposrd here in other thread)
legendary
Activity: 896
Merit: 1000
March 29, 2015, 05:12:03 AM
#8
what do you think of storing your wallet backup in the cloud? like a storage service. like google drive / drop box / iCloud drive / etc...?

of course there is the USB stick and paper option too...

also how do you load a backup into bitcoin-qt?

Yeah, I use this method. I first PGP encrypt the wallet backup, then zip it, and finally attach it to a message on Gmail or some other mail service. Pretty convenient.

Even with a password protected wallet I would never leave it on the cloud without secondary encryption because someone could still see your transactions and addresses.

To restore the backup for bitcoin core, shut down the client and replace the current wallet.dat with your backup copy. Then restart the client.

even when it is pgp encrypted, you should never leave a wallet with potentially thousands dollars worth of coins in it in your mail or cloud. i know pgp encryption is very strong, but still it's not 100% safe.
legendary
Activity: 1778
Merit: 1043
#Free market
March 29, 2015, 05:00:14 AM
#7
If I can say my opinion, I never suggest to store your private key into a cloud service, there are a lot of dishonest person and I don't feel comfortable to save my keys online (I prefer to store it on my desktop wallet, obviously offline).
sr. member
Activity: 462
Merit: 250
March 29, 2015, 04:55:46 AM
#6
what do you think of storing your wallet backup in the cloud? like a storage service. like google drive / drop box / iCloud drive / etc...?

of course there is the USB stick and paper option too...

also how do you load a backup into bitcoin-qt?
The encrypted password should be very strong if you want to save your wallet in the cloud drive.
But a strong password is very easy to be forgotten.
Why don't you use blochchian.info wallet, I think it save than cloud backup wallet.
hero member
Activity: 676
Merit: 500
March 29, 2015, 04:12:06 AM
#5
Nice idea if diversifying storage places.
legendary
Activity: 2296
Merit: 1014
March 29, 2015, 03:09:47 AM
#4


Yeah, I use this method. I first PGP encrypt the wallet backup, then zip it, and finally attach it to a message on Gmail or some other mail service. Pretty convenient.

Even with a password protected wallet I would never leave it on the cloud without secondary encryption because someone could still see your transactions and addresses.

To restore the backup for bitcoin core, shut down the client and replace the current wallet.dat with your backup copy. Then restart the client.
Agree, it must be encrypted by you, before you put it in cloud
legendary
Activity: 2044
Merit: 1055
March 29, 2015, 03:09:13 AM
#3
The wallet.dat of bitcoin core is already encrypted with a strong algorithm.
If you use a decent password you are safe to put your wallet.dat on a cloud service like dropbox.
A decent password should be 15 characters or longer, containing uppercase, lowercase, digits and special characters. Don't use anything written in a book or which can be found in an internet resource. Even if you change a few characters in such phrase, it will not be safe enough.
donator
Activity: 1617
Merit: 1012
March 29, 2015, 03:01:23 AM
#2
what do you think of storing your wallet backup in the cloud? like a storage service. like google drive / drop box / iCloud drive / etc...?

of course there is the USB stick and paper option too...

also how do you load a backup into bitcoin-qt?

Yeah, I use this method. I first PGP encrypt the wallet backup, then zip it, and finally attach it to a message on Gmail or some other mail service. Pretty convenient.

Even with a password protected wallet I would never leave it on the cloud without secondary encryption because someone could still see your transactions and addresses.

To restore the backup for bitcoin core, shut down the client and replace the current wallet.dat with your backup copy. Then restart the client.
legendary
Activity: 1204
Merit: 1001
March 29, 2015, 02:41:13 AM
#1
what do you think of storing your wallet backup in the cloud? like a storage service. like google drive / drop box / iCloud drive / etc...?

of course there is the USB stick and paper option too...

also how do you load a backup into bitcoin-qt?
Jump to: