Author

Topic: Wallets (Read 514 times)

newbie
Activity: 28
Merit: 0
April 16, 2013, 06:29:43 PM
#7
I'm currently using MultiBit, with TrueCrypt (I can only open MultiBit after decrypting the volume). My question is this: since I have already decrypted the volume, is my wallet still secure? All my files are offline, so without some sore of virus that can get through a 6x encrypted hidden file, I should be good. I just want to know that my files are safe when I am using my wallet.

Thanks
legendary
Activity: 3472
Merit: 4801
April 16, 2013, 05:32:46 PM
#6
Coinbase is a pooled online wallet.  It falls under "High-risk" in the list above.
Other wallets in the same category:

  • Coinbase
  • MtGox
  • BitFloor
  • Mining pool wallets

Other wallets that fit in the "Medium-risk" category as listed in the post above:

  • Strongcoin
  • blockchain.info
  • Electrum
  • MultiBit
full member
Activity: 187
Merit: 100
April 14, 2013, 07:48:27 AM
#5
Where does "Coinbase" fit in on the levels of security?  I just started using it and I cannot find the 2 (letter and number combination) keys.
donator
Activity: 1218
Merit: 1015
April 13, 2013, 05:45:08 PM
#4
I noticed that besides the address where people can send bitcoins, there is an even longer number with numbers and letters. So, it's essential for me to save/keep 4 things: 1.) The site or program for the wallet, 2.) the address for receiving bitcoins, 3.) the long letter/number key and 4.) my password.  So, the only thing I have to give an outsider is the address for sending me bitcoins. Grin
You got it. You can get as secure as you want. Security can generally be tiered as follows:

High-risk: pooled online wallets
These wallets do not let you extract a private key, so if the site goes down, you lose access to your BTC. Additionally, if the site's compromised and someone can access the admin privkey(s), they can take all your funds, so you're totally trusting in the competence of the admin.
Examples: MtGox, most mining pool wallets, MyBitcoin

Medium-high-risk: Individually-keyed online wallets which store privkeys on their server long-term (unencrypted hot wallets also belong here)
These wallets let you extract a private key in case the site goes down, but if the admin accounts are compromised, your BTC can be stolen. A crooked admin can also take your funds at will.
Examples: GLBSE v1, Huh

Medium-risk (or medium-low risk depending on implementation): Individually-keyed online wallets (and many lightweight clients) which do not store privkeys long-term (or might use a signature system)
These wallets let you extract a private key and do not have long-term access to your accounts. In some cases they have no access. There may be some dangers of a type of MitM attack either from a third-party attacker or possibly the admin depending on implementation. These usually allow encryption of the wallets.
Examples: Strongcoin, Blockchain.info

Low-risk: Encrypted, local hot wallets ("hot" meaning the computer hosting it is connected to the Internet)
This is probably the most popular choice for those willing to host and keep up with the blockchain. You can extract and backup your keys, and if your wallet files are stolen, your funds will probably still be safe so long as your password is reasonably secure.
Examples: BitcoinQT

Ultra-low-risk: Encrypted offline wallets
Here, privkeys are kept on a computer not connected to the Internet or your local network. You have an online computer which can broadcast transactions, but these transactions need to be "authorized" by the offline computer. Generally, you use something like a thumb-drive to transfer files back and forth. This still has vulnerabilities, however.
Examples: Armory, paper/brain wallets (see Mike's post)


(apologies for any misinfo in advance. I didn't mean to write something so long, and I'm no expert.)
full member
Activity: 187
Merit: 100
April 13, 2013, 05:14:30 PM
#3
I noticed that besides the address where people can send bitcoins, there is an even longer number with numbers and letters. So, it's essential for me to save/keep 4 things: 1.) The site or program for the wallet, 2.) the address for receiving bitcoins, 3.) the long letter/number key and 4.) my password.  So, the only thing I have to give an outsider is the address for sending me bitcoins. Grin
legendary
Activity: 1078
Merit: 1003
April 13, 2013, 04:58:50 PM
#2
The way I do it:

Keep one wallet full of most of your Bitcoin.  Turn it into a brain wallet/paper wallet, so your Bitcoins are totally secure (you can do this with Electrum.)  You want to stay in complete control of your private keys; if someone gets ahold of your unencrypted wallet and/or gets the password to it, your bitcoin is as good as gone.  An encrypted wallet is better, but a keylogger can still get ahold of your password.

Then keep a separate wallet (wherever is most convenient) with "spending money" (however much you're comfortable with losing) and use that for sending coins.  Whenever you get more, send them to the storage wallet, and keep some for spending.

I wouldn't recommend keeping too much Bitcoin online (as in online wallets or exchanges) as people have lost tons of Bitcoin this way when those websites go down for whatever reason.  But there's nothing wrong with keeping an amount you're OK with losing in an online wallet.
full member
Activity: 187
Merit: 100
April 13, 2013, 04:50:34 PM
#1
What are some important tips for newbies concerning wallets?  Is an online wallet like "Strongcoin" good? How about the android wallet app. that you can download to your smartphone?  Is there any problem with trusting the wallet that is incorporated with the coinbase.com website?

I've been told that under NO circumstances do you want to lose your password.  How about having paper copies of wallets?  What is the purpose of that?

Is it good to have multiple wallets with various addresses?

Thanks.
Jump to: