Author

Topic: Trouble creating secure cold wallet (Read 1080 times)

newbie
Activity: 36
Merit: 0
July 18, 2012, 08:59:51 PM
#10
I would recommend a usb stick & encfs partition on the usb stick.
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
July 18, 2012, 12:53:35 PM
#9

How long are you planning on keeping the funds in cold storage? If it's for an extended period (several months or more) you might be better off using a paper wallet, since it'll avoid any chance of an electronic theft.

Electronic theft of an encrypted wallet is not a problem, as long as you keep your passphrase offline and safe.


Well, I suppose that depends on how computer savvy and/or paranoid one is.
hero member
Activity: 728
Merit: 500
In cryptography we trust
July 18, 2012, 12:37:06 PM
#8

How long are you planning on keeping the funds in cold storage? If it's for an extended period (several months or more) you might be better off using a paper wallet, since it'll avoid any chance of an electronic theft.

Electronic theft of an encrypted wallet is not a problem, as long as you keep your passphrase offline and safe.
legendary
Activity: 980
Merit: 1004
Firstbits: Compromised. Thanks, Android!
July 18, 2012, 11:24:18 AM
#7
How long are you planning on keeping the funds in cold storage? If it's for an extended period (several months or more) you might be better off using a paper wallet, since it'll avoid any chance of an electronic theft. There are a number of ways, including bitaddress.org and the vanitygen vanity address generator, to get a large number of bitcoin keypairs (an address with the private key) that you can print out. You can do this on a computer that has never touched the internet to be sure it's secure.

If you take this route, here's a few suggestions to make it a little easier:

1) Test the process first so you feel comfortable. Send 0.01 BTC to a paper address, then the next day import the private key and send it back to your main wallet.

2) Next, don't send it all to one address. Keep the bulk of it in one or more addresses, but also keep small amounts in a few more addresses. This way, when you finally want to access the bulk of your funds, you have a few low-risk addresses you can import first to make sure everything goes smoothly.

3) Finally, keep multiple copies of the addresses, and keep them in at least two separate, secure places.
hero member
Activity: 728
Merit: 500
In cryptography we trust
July 18, 2012, 10:51:06 AM
#6
well I am super paranoid since I once had a previous breach of an online wallet. truecrypt is considered the 'industry standard' i believe as it makes it exponentially more difficult to brute-force the password due to using bcrypt. i dont know anything about the bitcoin-qt encryption so i dont want to take any chances- it might be ok i dont know.

sure every reason to be paranoid about your money. I don't think too light about safety myself. But bitcoind wallet encryption uses AES256 and along with a good enough passphrase I tend to think it is "safe enough" for me at the moment.

http://en.bitcoin.it/wiki/Wallet_encryption

Wallet encryption uses AES-256-CBC to encrypt only the private keys that are held in a wallet. The keys are encrypted with a master key which is entirely random. This master key is then encrypted with AES-256-CBC with a key derived from the passphrase using SHA512 and OpenSSL's EVP_BytesToKey and a dynamic number of rounds determined by the speed of the machine which does the initial encryption (and is updated based on the speed of a computer which does a subsequent passphrase change).
sr. member
Activity: 250
Merit: 250
July 18, 2012, 10:29:13 AM
#5
well I am super paranoid since I once had a previous breach of an online wallet. truecrypt is considered the 'industry standard' i believe as it makes it exponentially more difficult to brute-force the password due to using bcrypt. i dont know anything about the bitcoin-qt encryption so i dont want to take any chances- it might be ok i dont know.
hero member
Activity: 728
Merit: 500
In cryptography we trust
July 18, 2012, 10:20:56 AM
#4
if you cant use linux just format an old windows laptop > truecrypt FDE > truecrypt containers with wallets with a long random (perferably ASCII) pass 30+ chars.

>encrypted wallets to usb stick > send to emails/friends

also make sure windows hibernation is turned off.

EDIT: forgot to mention this laptop never touches the internet under any circumstances and use a formatted usb stick

I decided to encrypt the wallet using "bitcoind encryptwallet [passphrase]"

Why do you prefer truecrypt?
legendary
Activity: 2506
Merit: 1010
July 17, 2012, 09:27:40 PM
#3
I am having trouble creating a secure cold wallet. The instructions suggest to use an Ubuntu Live CD so I have tried running bitcoind or bitcoin-qt after booting from the latest Ubuntu 12.04 Desktop CD (http://www.ubuntu.com/download/desktop) but it complains that there is no application for executable files. What would be the easiest way to do this?


Use BitSafe perhaps?

 - https://bitcointalksearch.org/topic/opensource-live-usb-os-bitsafe-a-safety-deposit-box-for-your-bitcoins-46916

Here's a related thread:
 - http://www.reddit.com/r/Bitcoin/comments/vuh41/issues_with_running_bitcoin_from_a_linux_live_usb/c57viic

sr. member
Activity: 250
Merit: 250
July 17, 2012, 05:46:50 PM
#2
if you cant use linux just format an old windows laptop > truecrypt FDE > truecrypt containers with wallets with a long random (perferably ASCII) pass 30+ chars.

>encrypted wallets to usb stick > send to emails/friends

also make sure windows hibernation is turned off.

EDIT: forgot to mention this laptop never touches the internet under any circumstances and use a formatted usb stick
hero member
Activity: 728
Merit: 500
In cryptography we trust
July 17, 2012, 05:29:41 PM
#1
I am having trouble creating a secure cold wallet. The instructions suggest to use an Ubuntu Live CD so I have tried running bitcoind or bitcoin-qt after booting from the latest Ubuntu 12.04 Desktop CD (http://www.ubuntu.com/download/desktop) but it complains that there is no application for executable files. What would be the easiest way to do this?
Jump to: