Author

Topic: This is why you backup, seriously. (Read 961 times)

legendary
Activity: 1904
Merit: 1074
January 07, 2017, 02:21:46 PM
#19
I also think with Ransomware becoming more frequent, people should avoid storing backups on digital media. {Seed & private key} If at all possible

store this on a piece of paper. If they lock you out and infected your backups, then you are effectively fked. As time goes on, Ransomware

will become more sophisticated and they will seek out Wallet backups, like heat seeker missiles to a flame. Keep it offline and you will be fine.  Wink
full member
Activity: 210
Merit: 100
January 07, 2017, 02:14:26 PM
#18
I lost half a BTC by not backing up the private keys and working for that amount for over 6 months. What I really lost is the secondary password on my Blockchain wallet. I am happy I found this out sooner than I would have, because I wanted to reach 1BTC and then transfer the funds to a paper wallet and that would have probably meant six more months of work. Everyone has to learn their lesson, and the worst part is that I have the wallet backup but.. the addresses I have my money on are actually imported so nope, there's no way I can get them back unless I remind of my password (tried over 500 combinations in 2 days, lol). You know.. you can't find it exactly when you need it. Cheesy RIP $500.
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?
January 07, 2017, 09:01:11 AM
#17


Given the fact I remember the 24 word seed to my main savings wallet with the most coins in it the cloud issue even if it caused me a problem would only affect 20% holdings at most.

These passwords I originally wrote down, and recited many times over and over in the morning and evening until I recalled them and then destroyed them. 30 characters, random letters and numbers mixed in with random CD keys of games I reinstalled over several years over and random words and over complete with random symbols of my choice for the password.

glad you trust your memory like that.

my memory is toast. cant even remember who i am replying to.

i backup anything important to at least 3 different media in at least two physical locations. most backups are automated, all i have to do is remember to rotate the offline storage drives/sticks and swap the offsite stuff around.

biggest thing to remember about backups?    TEST THEM RELIGIOUSLY
legendary
Activity: 4424
Merit: 4794
January 06, 2017, 08:58:01 PM
#16
but the encrypted file containers are useless to anyone who may find them.

until a trojan horse key logger see's what you type in
Code:
SCREENDUMP
Hi baby ill be home soon[returnkey][tabkey]www.cloudservice.com[tabkey]jacobmayes94[tabkey]opensesamiseedbunwithcheeserelishandameatpatty[returnkey]

Cheesy

im not having a go at you personally, im more so expanding beyond your own precautions to make people aware of the weakness of each precaution. thus helping people experiment with putting valuable data in more than just 1 or 2 places
sr. member
Activity: 364
Merit: 250
January 06, 2017, 08:41:28 PM
#15
It is not the cloud storage that is safe, yes it can get hacked but the encrypted file containers are useless to anyone who may find them.

Human memory if it became a problem for me is no problem because even if I lost those passwords the seeds are written down where me and my partner can find them.

The cloud storage itself may not be secure, but the encrypted file container with those kind of passwords is. If by some messed up reason I forgot them then the seeds are safe where both me, my partner and my aunt knows.

Yes celebrity cloud was hacked, because they were not encrypted with a key only the client has.
legendary
Activity: 4424
Merit: 4794
January 06, 2017, 07:34:38 PM
#14
Given the fact I remember the 24 word seed to my main savings wallet with the most coins in it the cloud issue even if it caused me a problem would only affect 20% holdings at most.
These passwords I originally wrote down, and recited many times over and over in the morning and evening until I recalled them and then destroyed them. 30 characters, random letters and numbers mixed in with random CD keys of games I reinstalled over several years over and random words and over complete with random symbols of my choice for the password.

human memory is ok.. until you have a head injury and get amnesia.. and the hospital bills start piling up
human memory is ok.. until you get older and develop dementia/alzheimers.. and the hospital bills start piling up

So I think they are safe in the cloud and even if the cloud provider vanished its not my only backup.

Cloud storage CAN be used safely, if precautions are followed.

cloud storage safe?
um.. have you seen the latest batch of nude celebs gathered from their cloud storage.

have you seen the us government send subpoena's to apple to crack and release some users cloud services.

never ever trust one method of storage, no matter how much you rely on it or think its secure
hero member
Activity: 1106
Merit: 521
January 06, 2017, 07:20:48 PM
#13
Good point and thanks for sharing, it is always important to back up everything in bitcoin you never can be to careful,  i lost my phone a few weeks ago and luckily had backed up my seed for breadwallet or i would have lost some bitcoin,  again always backup
sr. member
Activity: 364
Merit: 250
January 06, 2017, 06:34:31 PM
#12
It is the ONLY WAY to safely store seeds in the cloud. A weak password would mean you might as well put your private keys in there directly and wait...

storing your seed in the cloud is a risk.
passwords will be weak.

if they were strong.. then the entropy would be huge and you would need to write down the password.
so ask yourself if you have to write down the password. then how is that any different than just writing the seed down on paper.

your reply might be that you want the seed in the cloud, so that if there was a house fire, the paper containing the seed which would burn wont be the only copy of the seed.
but now ask in that same house fire.. isnt your long entropy cloud password also burnt.. meaning you cant access the cloud.

secondly do you think the cloud service will be around in 5 years...(think about that)

the good thing about seeds is that they are separate words.
the best advice is to separate the words and have a cloud account using different cloud services for each word.

that way a hacker or inside man in the cloud hosting service has no access to the whole seed in one go
have the words on separate items around your house. like etch a word into the metal panel of your fridge/freezer etch another on the bottom side of your dinning room table, etc

and then have a puzzle/treasure map you create to know how to piece it together.

but going to these extremes are for those that hold/will hold enough funds worth worrying about

Given the fact I remember the 24 word seed to my main savings wallet with the most coins in it the cloud issue even if it caused me a problem would only affect 20% holdings at most.

These passwords I originally wrote down, and recited many times over and over in the morning and evening until I recalled them and then destroyed them. 30 characters, random letters and numbers mixed in with random CD keys of games I reinstalled over several years over and random words and over complete with random symbols of my choice for the password.

So I think they are safe in the cloud and even if the cloud provider vanished its not my only backup.

As for my main savings seed that covers several grand of bitcoin, that was generated when I set up my first ledger wallet and only ever existed on paper, I recited it over and over until I recalled it perfectly. This was tested when my ledger wiped itself last year. Recalled perfectly without having to refer to the paper copies. I only keep paper copies for if anything happened to me I want my partner to get at the holdings and he is well aware of this fact.

I have my wallet seed(s) encryption file named something like SystemRecovery.bak or PS2MemoryCard.bak (an example) when its actually an encrypted folder, the size is 8MB in line with a PS2 card, for example.

Cloud storage CAN be used safely, if precautions are followed.

The idea of splitting seeds is good though, especially for most passwords used.

Maybe my clear memory is to do with autism but I have a memory like an elephant and despite using these long and random phrases even two years later I was able to open an encrypted file container used with one of these.

An example password (I retired this after it became compromised and it is used for nothing)

59984956bballs-=[]'#pedro-has-a-drill,./1234567891122335

This one ended up being swiped (potentially) when I had my hack last year and I decided to retire it, but this is an example password I have used and none of my other passwords are like it, as it has been retired and changed. Yes maybe I have too much time on my hands remembering stuff like this! If anyone wonders, that was the password to my Bitcoin QT wallet at the time. None of my other passwords even follow a sequence like that.

Another example of a retired password from my childhood

ive-got-news-for-you-boy6563431742-zxzxzxzxzx'#-=452sdfa-fuck-the-system
[Word Phrase that I like] [random recited numbers] [key repetition] [symbols] [random] [word phrase]

That is just one of many password formats I use, many don't even have word phrases but a longer random string in it's place. The random recited phrases and symbols are my version of a 'salt' for the phrase, rendering dictionary and brute force attacks useless.

Good luck finding a password like that via brute force. Lets get a farm of GPUs onto it Wink And if it's not written down anywhere, it is useless to anyone looking for it that way. Neither of those two were written down whenever I used them.



Given some of the passwords I use, I might as well recite and recall the 12 word electrum seeds instead...

whywouldyouclimbtheempirestatebuilding is too simple and a directory attack would wipe a password like that out

Are my passwords as random as a true RNG? no. Are they better than a crappy PRNG? yes. Do they have enough entrophy to stop brute-forcing? I think so Wink

I use these measures for a few grand, not 100k. Why do I do it? because I don't feel any hacker should have easy access to my funds because they should earn an honest living if they want cash or get a job Wink! And if by chance they get through all that, they wasted so much recourses for next to nothing for the time involved.

In a program like veracrypt if you are concerned about brute-forcing, pick the slowest hashing algorithm which they give you the option for, would slow down a brute force considerably although if you fear potential brute force the password is not strong enough.
legendary
Activity: 1708
Merit: 1036
January 06, 2017, 02:46:41 PM
#11
I'm a newbie here but when I use private bitcoin wallet  I have to copy the file wallet.dat, bitcoin address and private key for it then I save them in USB flash before I can do something in my wallet. it will be safer and restored.

Beware that USB flash drives are not stable for long-term storage. At the very least plug it in every 6 months or so and verify that the drive is still working. (If I were relying on flash drives, I'd have 2-3 of them for redundancy in case one went dead at the same time my HD crashed.)

I also agree that Cloud storage can be done safely. Use a strong password, and then do NOT name your wallet something like Allmyvastwealth.XXX  - instead rename it to something like 2013VolleyballSchedule.txt and put it in the Sports folder on your cloud account.
hero member
Activity: 924
Merit: 501
January 06, 2017, 01:53:34 PM
#10
I think everyone eventually learns this lesson one way or another Sad I'm sure we all have lost valuable information doing something we all know we should have done from the start. Losing currency for me sounds the worst.

Always backup always always. Save and save again =)

Its always good to keep a physical copy of your most important data and information. In this day and age of cryptocurrency and bitcoin we cannot take these risks.
hero member
Activity: 910
Merit: 500
January 06, 2017, 11:59:06 AM
#9
I do agree with you to this one, basically bitcoin or any type of wallets are technologies and this can have loopholes for anytime especially to those times when you haven't expected it to happened. What am i trying to experiment by now as well is backing it up on a cloud storage(which i could still get a copy whenever  I go, Although there were a lot of issues of what a cloud storage security do really look like)
hero member
Activity: 504
Merit: 500
January 06, 2017, 11:53:08 AM
#8
Thanks for sharing your experience but i am using Electrum Desktop wallet and for me only saving the passphrase is enough for me to be secure as with this passphrase i can regenerate my desktop wallet any time any where, it is so easy i dont have to keep backups of wallet.dat file.

That is the main advantage of using Electrum Desktop wallet.
legendary
Activity: 4424
Merit: 4794
January 06, 2017, 11:51:06 AM
#7
I'm a newbie here but when I use private bitcoin wallet  I have to copy the file wallet.dat, bitcoin address and private key for it then I save them in USB flash before I can do something in my wallet. it will be safer and restored.

if your using private keys. be warned.
the private key is only connected to one public key.

the wallet.dat only stores the private keys held BEFORE the backup

when you spend funds, most wallets make new random privkeys. so funds will move to NEW privkeys and those privkeys wont be on your OLD wallet.dat.

meaning you have to re backup your wallet.dat on a regular bases.

seeds however use a long entropy pass phrase and all keys are made from that one original passphrase. meaning all keys can be re-established by that seed.

its best to move over to seed based key storage if you are not in a mindset/desire to constantly back up the old style privkeys every time you spend
legendary
Activity: 4424
Merit: 4794
January 06, 2017, 11:45:43 AM
#6
It is the ONLY WAY to safely store seeds in the cloud. A weak password would mean you might as well put your private keys in there directly and wait...

storing your seed in the cloud is a risk.
passwords will be weak.

if they were strong.. then the entropy would be huge and you would need to write down the password.
so ask yourself if you have to write down the password. then how is that any different than just writing the seed down on paper.

your reply might be that you want the seed in the cloud, so that if there was a house fire, the paper containing the seed which would burn wont be the only copy of the seed.
but now ask in that same house fire.. isnt your long entropy cloud password also burnt.. meaning you cant access the cloud.

secondly do you think the cloud service will be around in 5 years...(think about that)

the good thing about seeds is that they are separate words.
the best advice is to separate the words and have a cloud account using different cloud services for each word.

that way a hacker or inside man in the cloud hosting service has no access to the whole seed in one go
have the words on separate items around your house. like etch a word into the metal panel of your fridge/freezer etch another on the bottom side of your dinning room table, etc

and then have a puzzle/treasure map you create to know how to piece it together.

but going to these extremes are for those that hold/will hold enough funds worth worrying about
newbie
Activity: 32
Merit: 0
January 06, 2017, 11:43:51 AM
#5
I am an advocate of hardware wallets and secure diverse storage of your funds. So yesterday at 5PM i sell a KNC titan to a UK buyer, pleasant chap who paid me in Litecoin directly to my Litecoin QT wallet (this private key was also imported from electrum, generated from a seed but I also run a full node, but use this address for many transactions where i diverse my storage from there.

So I hold them in this wallet (£1750 worth of Litecoin) and made plans today to move them into my usual Hardware and cold storage wallets (all of which have multiple secure backups of their seeds).

My laptops SSD failed...  Gone. Nada. Before I moved the coins.

Of course, restoring my private keys from the written down seed was trivial, plus I had multiple backups of the encrypted wallet.dat of the private key.

Note there was also Litecoin from trading in there too, so we total about £2000 of litecoin.


Backup folks. I am not kidding. I have my electrum wallets, (all multisig) some business some personal on my laptop, backed up to random SD cards around the house, on my partner's PC and my tablet and phone. I imported the electrum wallet seeds to the mobile versions of electrum on my phone and tablet, i use my phone, tablet and ipod touch for google auth keys.

All seeds for HW wallets are written down and stored in multiple places, plus kept inside encrypted file containers THAT ARE ONLY EVER OPENED on an air-gapped PC  (or you efeat the purpose of a HW wallet, compromise of that password would mean compromising the seed inside otherwise, i use VeraCrypt) with a random password (which I do remember, i remember many years worth of game codes and random WiFi codes which i string together and add directory phrases between them plus symbols and number sequences).

This wallet was only used for temporary holding of funds from transactions, but that doesn't matter. NEVER DELETE wallets either.

Also a word of warning. A single backup of your  Bitcoin QT wallet is not enough if you send many transactions due to 'change' addresses when the keypool runs out. Use a deterministic wallet like electrum or hardware wallets.

Moral of the story, restoring from this took me 20 seconds, only had to rewrite a few 400 word articles which had not yet entered the days backup (and hadn't synced to onedrive yet) lost no coins and went on my merry way.

Contrary to popular belief, it is not unsafe to store seeds in the cloud IF and ONLY IF! you encrypt them using a SECURE (READ: Not directory words or simple) passwords on an air gapped PC and put them to the cloud in encrypted veracrypt containers via a memory stick and then download them from the cloud and open them on an air gapped PC once more. Provided the password has enough entrophy no hacking of your cloud account can reveal anything other than a useless encrypted container and the seed cant be stolen from hackers from it if you only enter the strong unique passphrase on an air gapped PC. I have not had to open these in ages but i am 100% sure of my password.

My main savings HW wallet i know the seed from memory now anyhow but i still have copies written down in case anyone else I know needed to get at it, and have restored it from memory only once, some of the older ledger's had a firmware bug which wiped them, since been fixed

It is the ONLY WAY to safely store seeds in the cloud. A weak password would mean you might as well put your private keys in there directly and wait...


I'm a newbie here but when I use private bitcoin wallet  I have to copy the file wallet.dat, bitcoin address and private key for it then I save them in USB flash before I can do something in my wallet. it will be safer and restored.
legendary
Activity: 2590
Merit: 1022
Leading Crypto Sports Betting & Casino Platform
January 06, 2017, 11:38:43 AM
#4
I use bitcoin core so I dont have a chance to spawn the wallet elsewhere through some sort of seed, this forces me to be really cautious and constantly make backups of my wallet.dat, so I got several wallet in several places, all encrypted of course. I got the wallet on several HDDs, some aren't connected to the computer (this guarantees the lifetime of the HDD is severely expanded). I got USB backups, SDCard backups, internal phone memory backups, I even got some floppy disk backups... everywhere I can think off. This way you guarantee its impossible you are ever left with 0 backups.

i also use core but i have plenty of backup of my wallet, into multiple wallets, usb and other computer, and i feel safe about the security of my coins, it's very unlikely that all my hdd fail at the same time
sr. member
Activity: 364
Merit: 250
January 06, 2017, 11:36:10 AM
#3
Make regular backups of wallet.dat due to change addresses if you use it, and you do it well, keep some offsite too. Plus while you are at it, not powering up a HDD is not guaranteed to extend it's life, actually power up is one of the most stressful times for a component, one that is always spun up is probably likely to last longer, but thats neither here nor there but just a fact XD

I am more of a litecoin than Bitcoin user due to cheaper fees as I have quite a few clients whom we have switched to LTC, only two pay me in BTC now. This bitcoin block size andtx  high fees for asian clients (the fees add up for daily txs of a few usd) has pushed us to move to LTC. Only my clients from india still pay me in BTC now, all my others pay me in LTC. Same backup schedule applies, though.
legendary
Activity: 1204
Merit: 1028
January 06, 2017, 11:33:41 AM
#2
I use bitcoin core so I dont have a chance to spawn the wallet elsewhere through some sort of seed, this forces me to be really cautious and constantly make backups of my wallet.dat, so I got several wallet in several places, all encrypted of course. I got the wallet on several HDDs, some aren't connected to the computer (this guarantees the lifetime of the HDD is severely expanded). I got USB backups, SDCard backups, internal phone memory backups, I even got some floppy disk backups... everywhere I can think off. This way you guarantee its impossible you are ever left with 0 backups.
sr. member
Activity: 364
Merit: 250
January 06, 2017, 11:16:00 AM
#1
I am an advocate of hardware wallets and secure diverse storage of your funds. So yesterday at 5PM i sell a KNC titan to a UK buyer, pleasant chap who paid me in Litecoin directly to my Litecoin QT wallet (this private key was also imported from electrum, generated from a seed but I also run a full node, but use this address for many transactions where i diverse my storage from there.

So I hold them in this wallet (£1750 worth of Litecoin) and made plans today to move them into my usual Hardware and cold storage wallets (all of which have multiple secure backups of their seeds).

My laptops SSD failed...  Gone. Nada. Before I moved the coins.

Of course, restoring my private keys from the written down seed was trivial, plus I had multiple backups of the encrypted wallet.dat of the private key.

Note there was also Litecoin from trading in there too, so we total about £2000 of litecoin.


Backup folks. I am not kidding. I have my electrum wallets, (all multisig) some business some personal on my laptop, backed up to random SD cards around the house, on my partner's PC and my tablet and phone. I imported the electrum wallet seeds to the mobile versions of electrum on my phone and tablet, i use my phone, tablet and ipod touch for google auth keys.

All seeds for HW wallets are written down and stored in multiple places, plus kept inside encrypted file containers THAT ARE ONLY EVER OPENED on an air-gapped PC  (or you efeat the purpose of a HW wallet, compromise of that password would mean compromising the seed inside otherwise, i use VeraCrypt) with a random password (which I do remember, i remember many years worth of game codes and random WiFi codes which i string together and add directory phrases between them plus symbols and number sequences).

This wallet was only used for temporary holding of funds from transactions, but that doesn't matter. NEVER DELETE wallets either.

Also a word of warning. A single backup of your  Bitcoin QT wallet is not enough if you send many transactions due to 'change' addresses when the keypool runs out. Use a deterministic wallet like electrum or hardware wallets.

Moral of the story, restoring from this took me 20 seconds, only had to rewrite a few 400 word articles which had not yet entered the days backup (and hadn't synced to onedrive yet) lost no coins and went on my merry way.

Contrary to popular belief, it is not unsafe to store seeds in the cloud IF and ONLY IF! you encrypt them using a SECURE (READ: Not directory words or simple) passwords on an air gapped PC and put them to the cloud in encrypted veracrypt containers via a memory stick and then download them from the cloud and open them on an air gapped PC once more. Provided the password has enough entrophy no hacking of your cloud account can reveal anything other than a useless encrypted container and the seed cant be stolen from hackers from it if you only enter the strong unique passphrase on an air gapped PC. I have not had to open these in ages but i am 100% sure of my password.

My main savings HW wallet i know the seed from memory now anyhow but i still have copies written down in case anyone else I know needed to get at it, and have restored it from memory only once, some of the older ledger's had a firmware bug which wiped them, since been fixed

It is the ONLY WAY to safely store seeds in the cloud. A weak password would mean you might as well put your private keys in there directly and wait...

Jump to: