Topic: Wallet Security - Again (Read 1222 times)

I think all those steps are solid and need to be done.  The only thing I fear is some kind on MitM against bitaddress.org and the bad version generating non-random private keys.  The tech savvy can check bitaddress' signatures, but even they may have been spoofed.  I think what my method adds to the steps you outlined is that it makes such a MitM attack basically useless.  My method would effectively reduce the key space vs. true random (due to the non-random, human element), but even if it reduced the random space to 200-bits, it would still be intractable.

I would sleep like a baby with a wallet created following the steps I outline here: http://www.reddit.com/r/Bitcoin/comments/16fxfd/how_do_i_secure_the_living_shit_out_of_my_wallet/c7voymq

I posted by accident before I was finished writing, but I think the rest of what I wrote may address your concern.

Human beings are notoriously bad at doing anything "random".  You will probably end up with a private key that has more pattern to is and less randomness if you start playing around with the values that are randomly generated.

Bitaddress.org has a feature where you can type in your own private key and it will generate the associated addresses.  It seems like typing in your own random string for the private key would guarantee that key to be unknowable.  You would not be at risk of social engineering if you used an offline computer, not even an attack from the bitaddress.org code.  Even stronger would be using the purportedly random private keys the program generates on its own, replace a few characters and digits here and there, and then finally replace 4 - 8 characters with a recognizable word.  While a word would slightly reduce the absolute difficultly in guessing the private key, it would help the end user to avoid being tricked by a non-random sequence.  Finally, it would be good to verify your private keys yield the same addresses when computed with a different program.  This would all be hassle and inconvenient, but it is the only way I can think of to really have secure keys unless you can write your own code.  But even then, if there was a flaw in the random number generation libraries that could be discovered, they keys could be much weaker than originally though.  Mixing machine randomness and your own verifiability-human element, in this case, a word, would seriously reduce that possibility.

I've been moving coins for a while from some old wallets I had saved in truecrypt containers and my jaw dropped when I opened one of those expecting to find a wallet.dat realizing it was empty! Now after some pondering on what to do I realized that I still had the virtual machine I used while generating these wallets a few years ago and sure enough I was able to retrive it from there, but it gave me the chills

Now what I have been using is https://www.bitaddress.org and tails CD to generate addresses (with my computer being offline of course). I feel pretty safe, but as the price climbs I can't help but feel some what of uneasiness. Is it really secure? I can't imagine nothing worse than opening some old wallets thinking you have millions of dollars, then realize that no, you have $0. You made a mistake 3 years ago. Oppss..

I totally agree with this, and it allays some of my concerns.  The difficulty - and problem - is in implementing that advice in a fool-proof way.

It needs to be clear exactly which versions of "...the most widely used and supported open source clients..."  have been vetted by the community. That's why one of my suggestions was to have one version that we all sick with for a while. The 'switcharoo' attack, where someone tinkers with the Armory website and sticks a bunk, nasty version, that looks pretty much the same as the old code, except for one critical change.  The key pairs would actually come from a predetermined list which the attack would have a copy of.  Even if this mistake was corrected within hours, there could be many people how downloaded the bad version and not even know.  The attacker could even just make the swap for a few minutes and then pull the bad version themselves, knowing that addresses would be created well into the future by those few, corrupt downloads.

Edited to remove random strike through

Use only clients that are open source.  Use the most widely used and supported open source client to ensure that many, many eyes are looking specifically at that part of the code.   Use only official releases or build from the source yourself so as to ensure nothing slips in. 


There are varying levels of security needed for various use profiles.  The bitcoin address created by the Javascript source running in my browser might be entirely sufficient for the way I intend to use it.  Anyone safeguarding a million-dollar wallet might have differing requirements and use whatever method is appropriate for the specifics for that profile.  (Though the Javascript method running from an offline browser booted on a LiveOS image is probably going to provide the same level of security.)

I know this has been brought up countless times, but as the value of bitcoin rises, so do the threats facing our money!  How should I have confidence that someone is not going to slip a weakness into one of the many pieces of code that purport to securely generate key pairs?  I think the way to most easily bypass the 'offline' approach is to use a non-random seed for the generation private key.  Would it be easier and more secure if there was 'one' generation solution that was locked down, who's version number remained the same for years, was singed by all sorts of pgp keys and such, and was by the community to be the standard?

Having very few lines of code would help make it audit-able.  Would it be more secure to use keyboard mashing techniques instead of a psudo-random number generators?  That way you could know for sure that the private key was directly your input.  I think in this case easy and secure have to go hand in hand, since the more complicated the approach, the more able an attacker would be to slip something by.  I consider myself an advanced computer user but I'm not enough of a programmer to vet complicated code.

Do folks feel your current security measures adequate to safeguard a million-dollar wallet?  I think it would be wise for an attacker to let lots of time pass before cashing in on their exploit, so I don't think we are safe yet.