Pages:
Author

Topic: The biggest problem with cold storage wallets is making sure that your address.. - page 2. (Read 5921 times)

legendary
Activity: 1400
Merit: 1013
What's wrong with QT? It has been audited to an extreme. Armory is great with the paper wallets but putting a wallet.dat into cold storage should be ok.
Can you sign transactions offline with Bitcoin-Qt?
newbie
Activity: 29
Merit: 0
If you're doing cold storage and think that somehow involves Bitcoin-Qt you're doing something very wrong.

Use Armory for cold storage.
What's wrong with QT? It has been audited to an extreme. Armory is great with the paper wallets but putting a wallet.dat into cold storage should be ok.


I recommend against just using the wallet,dat file for your cold storage, as the wallet.dat format may change in future client versions, possibly loosing compatability with the current file layout (berkleydb vrsion incompatibilities, or dropping bdb entirely); making it a pain for you to read the keys from it.
Just dump the privkeys (or evern better, theres a dumpwallet command addded to bitcoin client which dumps out the wallets whole keyppool in a nice table for you).  and save that for storage,  pipe strait into openssl, or gpg, or whatever if wanna store encrypted or just to aviod writing raw key to disk/stdout...
full member
Activity: 238
Merit: 109

That's way to cheaty for me, if I used that, well, let's just say primedice would be out of their reserve for a long time. I'm a good person, however, so, I'll just report it as a bug to 'em.
hero member
Activity: 900
Merit: 1014
advocate of a cryptographic attack on the globe
If you're doing cold storage and think that somehow involves Bitcoin-Qt you're doing something very wrong.

Use Armory for cold storage.
What's wrong with QT? It has been audited to an extreme. Armory is great with the paper wallets but putting a wallet.dat into cold storage should be ok.
legendary
Activity: 1092
Merit: 1016
760930
A good way to bypass any RNG backdoors is to generate your random addresses using dice.
Several tools support that: NoBrainr (see link in signature), bitaddress.org, and a few others which you can find on this forum.
legendary
Activity: 1400
Merit: 1013
If you're doing cold storage and think that somehow involves Bitcoin-Qt you're doing something very wrong.

Use Armory for cold storage.
member
Activity: 67
Merit: 10
This is a massive thing people look after. A ubuntu developer couldn't do something like that easily, as it would be extremely noticeable, and people would wonder what reason he had to do so. Sorta like what went down on the android bitcoin app, everyone was notified that it was using an insecure RNG that the developers choose . Rest assured, it's not going to be easy to rampantly harvest addresses like that as you described. There would be a notable amount of address collisions, and an insecure RNG in ubuntu would wreak havoc in other applications. The bitcoin client uses openSSL, which is trusted by companies who have way more at stake than bitcoin's current cap.
member
Activity: 84
Merit: 10
Hello,
I'm finding a problem making sure my cold storage wallet is secure.. I find that the only loop hole in cold storage is making sure that the address generated in the offline pc are really random..
I can think of several issues:

1. a ubunto developer change the source code so that all users that create new address in bitcoin will create address from a pool of 200 million address  ( so each one will get a different one) but the developer know the keys for all of them

2. downloading a bitcoin-qt client that new address generated from this client is from a pool of 200 million address ( so each one will get a different one) but the bitcoin-qt developer/hacker will have the keys for all address.


What is the best way to be absolutely sure my address is random|?
Has anyone ever thought about this issue?


Thank You.
Pages:
Jump to: