Topic: Trust No One - page 90. (Read 161317 times)
gotta be careful!
Well you still have given little info but search results are definitely narrowed. Now assuming there was someone who knew you personally outside the forums that person would have easier work.
I dare to say they wouldn't 
(But just in case, I'm not posting under my real name)
But just for clarity I'd like to summarize the idea behind this kind of password management again:
1. Have ONE unique, strong, long, master password, that is easy to remember (for you) yet incredibly difficult to guess for others (even people who know you personally) or brute force by dictionary attacks and common variations (mixing upper/lower case, 1337 speak, etc).
Just as examples, consider the xkcd comic about password strength (but more complex, that one is actually easy to brute force) or the points I mentioned above.
The name of your dog or mother + your birth year is NOT a good password.
2. For any account, email address, bitcoin wallet, encrypted drive, login, and anything else, use a unique, randomly generated (thus very hard to remember and impossible to guess) password. Store these passwords with KeePass or a similar solution (for example a .txt file inside a truecrypt container).
3. Protect (as in, encrypt) these passwords with the master password from step 1, the idea is your passwords should NEVER be stored in plaintext anywhere. And make sure to backup your password database (typically just a single data file or truecrypt container) regularly, to a remote location. Automatic backup solutions such as Dropbox can also help here.
You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password 
Well, my addition was not true either (or was it? you never know!)It was just for demonstration purposes.
Either way, I'm willing to bet a million BTC that even if I would reveal the actual basic construction of my password to anyone (which I won't), they wouldn't be able to guess/hack/crack/bruteforce it in a lifetime
Well you still have given little info but search results are definitely narrowed. Now assuming there was someone who knew you personally outside the forums that person would have easier work.
Very informative guide.
Simple rule of thumb, if it's too good to be true, it probably isn't true!
Simple rule of thumb, if it's too good to be true, it probably isn't true!
You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password
Well, my addition was not true either (or was it? you never know!)It was just for demonstration purposes.
Either way, I'm willing to bet a million BTC that even if I would reveal the actual basic construction of my password to anyone (which I won't), they wouldn't be able to guess/hack/crack/bruteforce it in a lifetime
What I'm doing is somewhat like this: I take memorable sentence, for example Old Mac Donald Had a Farm. Then I pick only the last and first letter of each word: dOcMdDdHamF.
But slightly more complicated (for my actual password I use two sentences, with some numbers and strange 'slang words' that only make sense to me).
You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password
+1
What I'm doing is somewhat like this: I take memorable sentence, for example Old Mac Donald Had a Farm. Then I pick only the last and first letter of each word: dOcMdDdHamF.
But slightly more complicated (for my actual password I use two sentences, with some numbers and strange 'slang words' that only make sense to me).
You should never say this this sort of stuff to anyone. I once managed to guess someone's password by asking them what's a good password
not even my own mother?
is ur password a hash?
hashing "ilovemymommy" gives you an incredibly hard to crack password, butis pretty easy to remember (you love your momma and the hashing algorithm)
No, this is actually easy to brute force. Such tricks are common.hashing "ilovemymommy" gives you an incredibly hard to crack password, butis pretty easy to remember (you love your momma and the hashing algorithm)
If "ilovemymommy" is a bad password (and it is), then so is hash("ilovemymommy"). In fact its md5 appears in several open dictionaries already (example).
What I'm doing is somewhat like this: I take memorable sentence, for example Old Mac Donald Had a Farm. Then I pick only the last and first letter of each word: dOcMdDdHamF.
But slightly more complicated (for my actual password I use two sentences, with some numbers and strange 'slang words' that only make sense to me).
is ur password a hash?
hashing "ilovemymommy" gives you an incredibly hard to crack password, butis pretty easy to remember (you love your momma and the hashing algorithm)
hashing "ilovemymommy" gives you an incredibly hard to crack password, butis pretty easy to remember (you love your momma and the hashing algorithm)
I agree
What if you forget one of your 25+ random characters passwords? Then how would you get your bitcoins back?
The passwords are stored in KeePass
And KeePass is protected with one Master password which is impossible to guess or bruteforce, but very easy (for me) to remember.
It looks like bd9x2G5!27cjEYd5v6k, but different
I only remember this particular password though. I wouldn't trust myself on having to remember more passwords like that one myself (that's what KeePass is for).
What if you forget one of your 25+ random characters passwords? Then how would you get your bitcoins back?
+1 extremely paranoid here too.
Besides "trust no one", I also like to stress: NO compromise when it comes to securing your bitcoins.
Here's what I do:
I have a dedicated VirtualBox VM with Ubuntu which I only use to run the Bitcoin client. I use an encrypted wallet. I store this wallet in a small truecrypt container (inside the VM). Furthermore the VM itself (well, the .vdi disk image containing the actual data) is inside a truecrypt container on the host machine.
I also make sure to have frequent remote backups (in case my house burns down, my PC gets stolen, the FBI takes it, whatever). After every few transactions, I compress the truecrypt container (I mean the small one inside the VM which contains just the wallet) using 7-zip with AES-256 encryption, and send this .7z to three webmail addresses (one yahoo, one hotmail, one gmail).
All passwords (for the truecrypt volumes and the encrypted wallet and the 7-zip archive etc) are 25+ random characters.
The passwords are stored in KeePass (and in the truecrypt mount and backup scripts in the VM so I never have to fill them in manually, except when I'd need to restore a backup).
I will not get f*cked.
Besides "trust no one", I also like to stress: NO compromise when it comes to securing your bitcoins.
Here's what I do:
I have a dedicated VirtualBox VM with Ubuntu which I only use to run the Bitcoin client. I use an encrypted wallet. I store this wallet in a small truecrypt container (inside the VM). Furthermore the VM itself (well, the .vdi disk image containing the actual data) is inside a truecrypt container on the host machine.
I also make sure to have frequent remote backups (in case my house burns down, my PC gets stolen, the FBI takes it, whatever). After every few transactions, I compress the truecrypt container (I mean the small one inside the VM which contains just the wallet) using 7-zip with AES-256 encryption, and send this .7z to three webmail addresses (one yahoo, one hotmail, one gmail).
All passwords (for the truecrypt volumes and the encrypted wallet and the 7-zip archive etc) are 25+ random characters.
The passwords are stored in KeePass (and in the truecrypt mount and backup scripts in the VM so I never have to fill them in manually, except when I'd need to restore a backup).
I will not get f*cked.
+1 extremely paranoid here too.
Besides "trust no one", I also like to stress: NO compromise when it comes to securing your bitcoins.
Here's what I do:
I have a dedicated VirtualBox VM with Ubuntu which I only use to run the Bitcoin client. I use an encrypted wallet. I store this wallet in a small truecrypt container (inside the VM). Furthermore the VM itself (well, the .vdi disk image containing the actual data) is inside a truecrypt container on the host machine.
I also make sure to have frequent remote backups (in case my house burns down, my PC gets stolen, the FBI takes it, whatever). After every few transactions, I compress the truecrypt container (I mean the small one inside the VM which contains just the wallet) using 7-zip with AES-256 encryption, and send this .7z to three webmail addresses (one yahoo, one hotmail, one gmail).
All passwords (for the truecrypt volumes and the encrypted wallet and the 7-zip archive etc) are 25+ random characters.
The passwords are stored in KeePass (and in the truecrypt mount and backup scripts in the VM so I never have to fill them in manually, except when I'd need to restore a backup).
I will not get f*cked.
Besides "trust no one", I also like to stress: NO compromise when it comes to securing your bitcoins.
Here's what I do:
I have a dedicated VirtualBox VM with Ubuntu which I only use to run the Bitcoin client. I use an encrypted wallet. I store this wallet in a small truecrypt container (inside the VM). Furthermore the VM itself (well, the .vdi disk image containing the actual data) is inside a truecrypt container on the host machine.
I also make sure to have frequent remote backups (in case my house burns down, my PC gets stolen, the FBI takes it, whatever). After every few transactions, I compress the truecrypt container (I mean the small one inside the VM which contains just the wallet) using 7-zip with AES-256 encryption, and send this .7z to three webmail addresses (one yahoo, one hotmail, one gmail).
All passwords (for the truecrypt volumes and the encrypted wallet and the 7-zip archive etc) are 25+ random characters.
The passwords are stored in KeePass (and in the truecrypt mount and backup scripts in the VM so I never have to fill them in manually, except when I'd need to restore a backup).
I will not get f*cked.
I think it depends how much funds do you have. I often engage in transactions where
I'm fully prepared to loose the funds involved. If the transaction would be too large
for me to allow such loss, I try to split it in smaller parts. Surprisingly, I have met very
few scammers.
I'm fully prepared to loose the funds involved. If the transaction would be too large
for me to allow such loss, I try to split it in smaller parts. Surprisingly, I have met very
few scammers.
Good advice,
I do like the idea of trusting people on their reputation though, but were to start off to build a reputation.
Greets,
I do like the idea of trusting people on their reputation though, but were to start off to build a reputation.
Greets,
Seriously. Don't trust the exchanges, don't trust online wallet services, don't trust your anti-virus software, and don't trust anybody online.
If you absolutely must trust someone with your bitcoins, for the love, choose carefully!
Insurance? Impossible, you say. Not so!
When I needed people to trust me to hold bitcoins for a contest, I deposited 50 bitcoins as a bond with a well-respected forum member, so that even if I did something stupid and lost people's money, they would still be reimbursed. You can read about it here: https://bitcointalksearch.org/topic/finished-bet-on-bitcoin-future-price-here-july-1st-2011-10008
Consider carefully who you will trust. With bitcoins, elaborate scams may be profitable. For instance, someone may develop trust for their user name over many months with small transactions on this forum, then take advantage of that trust to make off with a lot of money. Such a scam would only be worth doing on this forum. No other forum in the world would be worth the effort.
If you want someone to hold your bitcoins for you, there are NO online services that have the transparency and security to make me comfortable using them for storing bitcoins for more than a short time in small amounts. The only way to do it is like I did - choose someone whom you believe to be trustworthy, and approach them. If they approach you, or in any way say or insinuate that they are a trustworthy person to hold your coins, STAY AWAY.
If you are thinking that I might not be trustworthy, since I am writing this post about the issue, you are approaching the appropriate level of paranoia.
If you want to store your bitcoins with maximum security, there are lots of resources about how to do it, such as this: https://en.bitcoin.it/wiki/Securing_your_wallet
Here's my summary:
1. Put all your coins in a new wallet that has never connected to the network
2. Encrypt that wallet with the maximum security you can find, using the most secure password you can keep track of
3. Delete the plaintext wallet, and distribute the encrypted wallet to every piece of physical media you own, store it online, and send it to several people you trust
Don't think you can generate and remember a secure enough password? Create a super-long password, and store clues to help you remember it. For instance, your password clue file might say:
My standard password + My throwaway password (backwards, all caps) + &#$%@ + First two sentences of first paragraph of page 19 of my favorite book (include all capitalization and punctuation) + My wife's mother's middle name + My son's favorite superhero + My favorite number times 8734 + food my wife hates (backwards, all caps) + 9-digit number stored with my paper will + 10-character password stored in my safety deposit box + . . . .
You can go on in this way to create as long a password as you want. Store this password clue file with your encrypted wallet, and optionally encrypt both with a simple standard password to keep out snoopers.
In this way, not only can you recover your coins from your "savings account" at a later date, if you get hit by a chicken truck tomorrow and die, your loved ones can probably piece together your password and recover the coins too (better make sure you trust them, and that between them they have or can get the answers to those clues).
I recommend that you practice your wallet encryption and recovery a few times with a small number of coins, until you are very comfortable with the process before you try it with the bulk of your savings.
And remember, this is how most bitcoins services get started:
https://lh3.googleusercontent.com/-lgm4poF3JWE/TgsHwby-BlI/AAAAAAAADwQ/twan94HT6p4/020.jpg
Comic from: https://bitcointalksearch.org/topic/new-bitcoin-comic-13903
If you absolutely must trust someone with your bitcoins, for the love, choose carefully!
- Do you know their full name?
- Do you know where they are located?
- Have they demonstrated trustworthiness in the past?
- Are they asking you to trust them? (red flag)
- Do they have insurance?
Insurance? Impossible, you say. Not so!
When I needed people to trust me to hold bitcoins for a contest, I deposited 50 bitcoins as a bond with a well-respected forum member, so that even if I did something stupid and lost people's money, they would still be reimbursed. You can read about it here: https://bitcointalksearch.org/topic/finished-bet-on-bitcoin-future-price-here-july-1st-2011-10008
Consider carefully who you will trust. With bitcoins, elaborate scams may be profitable. For instance, someone may develop trust for their user name over many months with small transactions on this forum, then take advantage of that trust to make off with a lot of money. Such a scam would only be worth doing on this forum. No other forum in the world would be worth the effort.
If you want someone to hold your bitcoins for you, there are NO online services that have the transparency and security to make me comfortable using them for storing bitcoins for more than a short time in small amounts. The only way to do it is like I did - choose someone whom you believe to be trustworthy, and approach them. If they approach you, or in any way say or insinuate that they are a trustworthy person to hold your coins, STAY AWAY.
If you are thinking that I might not be trustworthy, since I am writing this post about the issue, you are approaching the appropriate level of paranoia.
If you want to store your bitcoins with maximum security, there are lots of resources about how to do it, such as this: https://en.bitcoin.it/wiki/Securing_your_wallet
Here's my summary:
1. Put all your coins in a new wallet that has never connected to the network
2. Encrypt that wallet with the maximum security you can find, using the most secure password you can keep track of
3. Delete the plaintext wallet, and distribute the encrypted wallet to every piece of physical media you own, store it online, and send it to several people you trust
Don't think you can generate and remember a secure enough password? Create a super-long password, and store clues to help you remember it. For instance, your password clue file might say:
My standard password + My throwaway password (backwards, all caps) + &#$%@ + First two sentences of first paragraph of page 19 of my favorite book (include all capitalization and punctuation) + My wife's mother's middle name + My son's favorite superhero + My favorite number times 8734 + food my wife hates (backwards, all caps) + 9-digit number stored with my paper will + 10-character password stored in my safety deposit box + . . . .
You can go on in this way to create as long a password as you want. Store this password clue file with your encrypted wallet, and optionally encrypt both with a simple standard password to keep out snoopers.
In this way, not only can you recover your coins from your "savings account" at a later date, if you get hit by a chicken truck tomorrow and die, your loved ones can probably piece together your password and recover the coins too (better make sure you trust them, and that between them they have or can get the answers to those clues).
I recommend that you practice your wallet encryption and recovery a few times with a small number of coins, until you are very comfortable with the process before you try it with the bulk of your savings.
And remember, this is how most bitcoins services get started:
https://lh3.googleusercontent.com/-lgm4poF3JWE/TgsHwby-BlI/AAAAAAAADwQ/twan94HT6p4/020.jpg
Comic from: https://bitcointalksearch.org/topic/new-bitcoin-comic-13903
The only one I trust is my son.
Wow. Your password ideas suggest deep paranoia. Warranted perhaps?
You can try the site that I am working on www.coineta.com to exchange funds using Paypal. I might add support for Payza in near future
I recently got this offer. Does it seem legit?
Quote
Im looking for AP(Alertypay but now known as payza) funds, if you could deposit with your card into your own payza.com account, we could do the exchange either with exchangezone.com or whatever other method you would prefer.
I will do the exchange at face value with no fees above the 2.5% + 25c receiver fee I would pay from receiving AP funds from you. Send me PM or reply in this thread if interested and we can figure something out.
I will do the exchange at face value with no fees above the 2.5% + 25c receiver fee I would pay from receiving AP funds from you. Send me PM or reply in this thread if interested and we can figure something out.
Interesting read, seems a bit drastic. I usually generate all my password randomly and keep them all inside a master key in my web browser, and the ones I use most, I physically write them down in a notepad then lock it away somewhere so no one else can look at it - No one looks at it anyway as I have no friends in real life and I trust my family members.
I'll definitely use this advice though, thanks!
and I trust my family members.I'll definitely use this advice though, thanks!
Jump to: