Author

Topic: Wallet backup (Read 1046 times)

hero member
Activity: 518
Merit: 521
March 25, 2013, 05:31:59 AM
#20
How do we know that blackchain.info isn't a giant trojan that's collecting passphrases and waiting for the right moment when they have millions of dollars worth stored there to abscond with?  I know it may be a ridiculous question but in matters like these I think skepticism is healthy.

The source code for blockchain.info is open-source and has been (and continues to be) reviewed by educated programmers for weaknesses and exploits.  From that review, nobody has seen any indication that the password is ever sent out over the internet.  It appears to be held within the browser for any purpose where it is needed.  There is a browser plug-in that can notify you if the code changes in such a way as to send your password to blockchain.info.

What is more worrisome is that if a government subsidized mining (especially after the debasement declines significantly in another 4 - 8 years), if the other miners thus found it non-profitable, the government could see where every transaction was originating from and going to on an IP basis (assuming not relayed through non-mining peers) and put the information together to track everything and the tax man cometh after those who are not reporting, etc....
legendary
Activity: 3472
Merit: 4801
March 25, 2013, 01:52:52 AM
#19
How do we know that blackchain.info isn't a giant trojan that's collecting passphrases and waiting for the right moment when they have millions of dollars worth stored there to abscond with?  I know it may be a ridiculous question but in matters like these I think skepticism is healthy.

The source code for blockchain.info is open-source and has been (and continues to be) reviewed by educated programmers for weaknesses and exploits.  From that review, nobody has seen any indication that the password is ever sent out over the internet.  It appears to be held within the browser for any purpose where it is needed.  There is a browser plug-in that can notify you if the code changes in such a way as to send your password to blockchain.info.

No security is 100% fool proof.  If you have malware installed on your computer (a keylogger perhaps?) it is possible that your password could be compromised and your bitcoins stolen, but that can happen with any wallet running on an online computer.  Armory goes a LONG way towards protecting you from such security holes by keeping all your private keys on an offline computer, but that security comes with added inconvenience.

Now we're talking.  That sounds quite cool.  And the backups out of blockchain.info are easily imported to any other client including the standard bitcoin-qt?

I think one of the clients (MultiBit maybe?) has a feature to import blockchain.info wallets, I'm not sure.  However tools exist that would allow you to decrypt the blockchain.info wallet and extract the private keys (as long as you have the decryption password).  Once you have the private keys, most wallets have functionality to import a private key.  This process might be cumbersome and take some effort, but it is good to know that the bitcoins aren't "lost" as long as you have a recent copy of the wallet file even if blockchain.info were to disappear.
newbie
Activity: 14
Merit: 0
March 25, 2013, 01:42:53 AM
#18
Quote

The only two clients that I can think of that meet those requirements right now are Electrum and MultiBit.

You might also consider using the web hosted wallet at https://blockchain.info/wallet

With blockchain.info the wallet that they store at the website is encrypted, meaning that only the person with the encryption password (you) are able to spend any of the bitcoins hosted there.  They have the ability to configure the wallet so that it sends you an encrypted copy of your wallet every time you create a new address.  This way if they ever cease to exist, you can decrypt the wallet and load the information into some other client and still access your bitcoins.

Now we're talking.  That sounds quite cool.  And the backups out of blockchain.info are easily imported to any other client including the standard bitcoin-qt?

Are there any drawbacks to blcokchain.info and electrum and multibit for that matter?

How do we know that blackchain.info isn't a giant trojan that's collecting passphrases and waiting for the right moment when they have millions of dollars worth stored there to abscond with?  I know it may be a ridiculous question but in matters like these I think skepticism is healthy.
newbie
Activity: 14
Merit: 0
March 25, 2013, 01:38:06 AM
#17
I read your post but I don't see how it answers the question. You just say there is a problem with hidden addresses.

You DO NOT need to back up your wallet after each tx (the more technical details were to try and explain that you do still need to make regular backups).


So I'm still curious what happens if I do not do it.  Besides the hidden address issue.  What if I just make a bunch of spend transactions and I haven't backedup?

Thanks.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
March 25, 2013, 12:55:22 AM
#16
Can anyone recommend a client that keeps all my keys, wallet.dat, addresses, transactions, etc. stored locally but verifies the transactions via a centrally stored block chain so that I could do something with bitcoins more quickly without having download the whole block chain yet still have the piece of mind that my wallet is not stored on a server I don't control?

Thanks.

Those clients are called light clients. There is Multibit and Electrum for computers and Bitcoin Spinner for Android. My personal experience has only been with the android app. They rely on centralized servers (which can generally be trusted.) but all private keys are on your local machine (or cellphone or tablet.)
legendary
Activity: 3472
Merit: 4801
March 25, 2013, 12:39:39 AM
#15
Be careful where you take your advice.

CIYAM is giving you good information.

anillos has no idea what he is talking about and is completely misleading you.

rhombus_77 has failed to mention that When using Armory, you are actually running 2 clients.  You run the Armory client on an offline computer that is never intended to be connected to the internet.  This makes it "hack proof" since any hacker would need physical access to the computer to try and hack it. Armory then requires that you run the Bitcoin-Qt full node client on an "online" computer.  This client maintains the entire blockchain and is used to send transactions that are created on the Armory machine.  You have to physically transfer transactions back and forth between the Armory offline computer and the Bitcoin-Qt online computer (I think USB drive is the typical method, but I'm not sure).

- snip -
Can anyone recommend a client that keeps all my keys, wallet.dat, addresses, transactions, etc. stored locally but verifies the transactions via a centrally stored block chain so that I could do something with bitcoins more quickly without having download the whole block chain yet still have the piece of mind that my wallet is not stored on a server I don't control?
- snip -

The only two clients that I can think of that meet those requirements right now are Electrum and MultiBit.

You might also consider using the web hosted wallet at https://blockchain.info/wallet

With blockchain.info the wallet that they store at the website is encrypted, meaning that only the person with the encryption password (you) are able to spend any of the bitcoins hosted there.  They have the ability to configure the wallet so that it sends you an encrypted copy of your wallet every time you create a new address.  This way if they ever cease to exist, you can decrypt the wallet and load the information into some other client and still access your bitcoins.
newbie
Activity: 33
Merit: 0
March 25, 2013, 12:20:33 AM
#14
I wouldn't connect the offline computer to the outside world.  Put it this way: think of the offline computer as your safe/vault.  You keep it hidden behind a painting or in the closet.  You don't carry it with you as you walk down the street.  Sure, your contents are locked away in the safe, but now people know you have a safe!  

If you create an offline wallet in Armory and decide later that you want to store your coin elsewhere, you can either transfer the coins to a new wallet via Armory or you can decrypt your Armory wallet and access the private key.  I don't think the Armory wallet file can transfer across to another program (it might), but you do have your public address and your private key.  That is all your essentially need.  So if you decide to go to an online wallet, like blockchain.info, you can create a wallet with your Armory address and key
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
March 25, 2013, 12:14:56 AM
#13
I read your post but I don't see how it answers the question. You just say there is a problem with hidden addresses.

You DO NOT need to back up your wallet after each tx (the more technical details were to try and explain that you do still need to make regular backups).

If you have a lot of tx's occurring regularly then you might consider increasing the pool size.
How do I do that?

There is a setting you can put into bitcoin.conf (although for most average usage it should not be necessary to change this).

If you want to just have a *single* backup then you will need to use a client that creates a "deterministic" wallet (the Satoshi client does not have this capability yet).
newbie
Activity: 14
Merit: 0
March 25, 2013, 12:08:31 AM
#12
I like Armory.  It runs in conjunction with Bitcoin-QT.  The way I use it is how they lay it out on the website.

One offline computer (never touches the internet) is needed.  I had an old netbook.  I installed Ubuntu on it (via usb flash drive).  After installation I installed Armory on it (again, with usb flash drive).  An "offline" wallet is created on the offline computer.  A file is made and you put it on a flash drive.

A second computer (internet connected) is needed.  You download Bitcoin-qt and Armory on it.  Bitcoin-qt takes awhile to initialize as it downloads the whole blockchain.  It took me four-five hours.  Once everything is good to go, you follow the prompts on the online computer's Armory for importing offline wallet from the usb flash drive.  

Now you have your balance, and public address for your offline wallet, but your private key is no where near your internet connected computer

Does the second computer have to always be offline or can it just be temporarily offline to do the operations to get your wallet on a flash drive and then you can go back to using it normally?

The other question I have is if I use Armory and import my wallet am I then stuck forever with armory or can I go back and forth?  In other words does importing my wallet to armory do something that causes me not to be able to use regular standard bit coin client anymore?

Can anyone recommend a client that keeps all my keys, wallet.dat, addresses, transactions, etc. stored locally but verifies the transactions via a centrally stored block chain so that I could do something with bitcoins more quickly without having download the whole block chain yet still have the piece of mind that my wallet is not stored on a server I don't control?

Thanks.
newbie
Activity: 14
Merit: 0
March 25, 2013, 12:04:45 AM
#11
The sounds uncharacteristically stupid compared to the rest of the design of the system.  Why does it do this?  Can you prevent it?  Is there a client that prevents this?

It doesn't work like that as I tried to explain (perhaps scroll back up and read my post).


I read your post but I don't see how it answers the question. You just say there is a problem with hidden addresses.
newbie
Activity: 33
Merit: 0
March 24, 2013, 11:33:25 PM
#10
I like Armory.  It runs in conjunction with Bitcoin-QT.  The way I use it is how they lay it out on the website.

One offline computer (never touches the internet) is needed.  I had an old netbook.  I installed Ubuntu on it (via usb flash drive).  After installation I installed Armory on it (again, with usb flash drive).  An "offline" wallet is created on the offline computer.  A file is made and you put it on a flash drive.

A second computer (internet connected) is needed.  You download Bitcoin-qt and Armory on it.  Bitcoin-qt takes awhile to initialize as it downloads the whole blockchain.  It took me four-five hours.  Once everything is good to go, you follow the prompts on the online computer's Armory for importing offline wallet from the usb flash drive.  

Now you have your balance, and public address for your offline wallet, but your private key is no where near your internet connected computer
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
March 24, 2013, 11:28:39 PM
#9
The sounds uncharacteristically stupid compared to the rest of the design of the system.  Why does it do this?  Can you prevent it?  Is there a client that prevents this?

It doesn't work like that as I tried to explain (perhaps scroll back up and read my post).
newbie
Activity: 14
Merit: 0
March 24, 2013, 11:21:47 PM
#8
So if it was sent to an new address and I don't have a backup it will be lost?
Yes, because You don't have the key for the new address.

What happens if I did spend money and my backup comes from before I spent?
If the original client created a new address (hidden), the small amount of money on that new hidded addres could be lost.
Not always these hidden addresses are created.

For example, my first transaction was like this:

I had 0.008 BTC on my wallet (0.005 from Faucet and 0.003 from Dailybitcoin).
I sent 0.003 to the Free software foundation (FSF) as a experiment.
The fee size was 0.0005 BTC.
0.005 coins was used.
0.003 BTC were sent to FSF.
0.0015 BTC were sent back to me, in a hidden address.

0.005 = 0.0005 (fee) + 0.0015 (hidden address) + 0.003 (FSF)

You can search these hidden addresses with Blockexplorer: http://blockexplorer.com/

PS: IMHO these hidden addresses are a problem.

The sounds uncharacteristically stupid compared to the rest of the design of the system.  Why does it do this?  Can you prevent it?  Is there a client that prevents this?

I know online wallets prevent you from having to store locally and backup but I don't like the idea of my wallet being out of my possession. 

What's the deal with Armory?  Does it eliminate all these problems?  Does it allow me to have full control of my wallet or is it stored by a third party?



newbie
Activity: 14
Merit: 0
March 24, 2013, 11:19:02 PM
#7


If you have a lot of tx's occurring regularly then you might consider increasing the pool size.
 

How do I do that?
sr. member
Activity: 462
Merit: 250
March 24, 2013, 11:16:36 PM
#6
So if it was sent to an new address and I don't have a backup it will be lost?
Yes, because You don't have the key for the new address.

What happens if I did spend money and my backup comes from before I spent?
If the original client created a new address (hidden), the small amount of money on that new hidded addres could be lost.
Not always these hidden addresses are created.

For example, my first transaction was like this:

I had 0.008 BTC on my wallet (0.005 from Faucet and 0.003 from Dailybitcoin).
I sent 0.003 to the Free software foundation (FSF) as a experiment.
The fee size was 0.0005 BTC.
0.005 coins was used.
0.003 BTC were sent to FSF.
0.0015 BTC were sent back to me, in a hidden address.

0.005 = 0.0005 (fee) + 0.0015 (hidden address) + 0.003 (FSF)

You can search these hidden addresses with Blockexplorer: http://blockexplorer.com/

PS: IMHO these hidden addresses are a problem.
newbie
Activity: 33
Merit: 0
March 24, 2013, 11:03:02 PM
#5
If you are using a determinstic wallet (like Armory), you only need to back it up once.
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
March 24, 2013, 10:58:36 PM
#4
If you are using the Satoshi client then the address pool size by default is 100 (so you don't need to make a back up after every tx but remember even when you send typically a change address is generated so best to back up at least every 50 tx's).

If you have a lot of tx's occurring regularly then you might consider increasing the pool size.
 
newbie
Activity: 14
Merit: 0
March 24, 2013, 10:47:04 PM
#3
If You create a new address for that coin, You will need a new backup.

Also, if You spend some money, sometimes a new address is created, and You will need to backup again.

PD: use two or more backups.

So if it was sent to an new address and I don't have a backup it will be lost?


What happens if I did spend money and my backup comes from before I spent?

sr. member
Activity: 462
Merit: 250
March 24, 2013, 10:36:48 PM
#2
If You create a new address for that coin, You will need a new backup.

Also, if You spend some money, sometimes a new address is created, and You will need to backup again.

PD: use two or more backups.
newbie
Activity: 14
Merit: 0
March 24, 2013, 10:34:23 PM
#1
Do I have to backup my wallet every time I receive coins or do I just need to back it up once?

For example if I backed it up right after installation with a zero balance and I put it on a thumb drive and stick it in a vault today.

Tomorrow I receive 1 coin.

In two weeks my hard drive crashes.  Do I still have my coin?
Jump to: