What are YOU guys doing for security?

joele

legendary

Activity: 1022

Merit: 1000

Quote from: canth on January 20, 2014, 11:27:34 AM

Quote from: joele on January 20, 2014, 09:32:56 AM

Store more of my bitcoins in my brain wallet, so I can keep them wherever I go, passphrase words that do not exist on the web and longer than private key. I can easily remember it because it's all personal to me.

That's fine for long term storage of 1 or maybe a few wallets - depends upon how solid your memory is. The question is how you will spend your BTC and how you'll manage security when doing these transactions. Eventually you have to deal with having a node on the internet, which is why I feel that the offline/online airgap setup is a good compromise.

True, I believe in the near future we will see new wallet that is hack proof, but for the meantime I store it in paper or brain wallet for long term and some in online app/services for spending.

shadallion

full member

Activity: 304

Merit: 102

I use a bitcoin firesafe (TM) with a BIP38 brainwallet to store my largest chunk of BTC.

canth

legendary

Activity: 1442

Merit: 1001

Quote from: joele on January 20, 2014, 09:32:56 AM

Store more of my bitcoins in my brain wallet, so I can keep them wherever I go, passphrase words that do not exist on the web and longer than private key. I can easily remember it because it's all personal to me.

That's fine for long term storage of 1 or maybe a few wallets - depends upon how solid your memory is. The question is how you will spend your BTC and how you'll manage security when doing these transactions. Eventually you have to deal with having a node on the internet, which is why I feel that the offline/online airgap setup is a good compromise.

bitpop

legendary

Activity: 2912

Merit: 1060

Quote from: joele on January 20, 2014, 09:32:56 AM

Store more of my bitcoins in my brain wallet, so I can keep them wherever I go, passphrase words that do not exist on the web and longer than private key. I can easily remember it because it's all personal to me.

You can add more security by hashing it yourself 1000 extra times

joele

legendary

Activity: 1022

Merit: 1000

Store more of my bitcoins in my brain wallet, so I can keep them wherever I go, passphrase words that do not exist on the web and longer than private key. I can easily remember it because it's all personal to me.

canth

legendary

Activity: 1442

Merit: 1001

Quote from: bitpop on January 20, 2014, 08:20:38 AM

True and if it's gone, sweep immediately

Exactly. Encryption gives you time to easily beat out even talented thieves from accessing your private keys. Maybe with today's computing power it would take a year to bruteforce a strong password. Maybe in 5 years, it'll take a week. That's fine since by then you'll have distributed your (hopefully) insanely valuable BTC across multiple wallets and addresses.

bitpop

legendary

Activity: 2912

Merit: 1060

Quote from: canth on January 20, 2014, 08:16:28 AM

Quote from: bitpop on January 20, 2014, 08:08:13 AM

Quote from: canth on January 20, 2014, 07:56:31 AM

Quote from: bitpop on January 20, 2014, 07:50:31 AM

There's nothing you can do about physical access except physical access is easy.

Layered encryption is a good challenge to physical access and yes, physical access is relatively easy. As Andreas M Antonopoulos says, "...humans are great at physical security, but we suck at digital security."

Yup. There's the frozen memory and firewire attacks at the physical level, just to begin with.

Frozen memory and firewire attacks do not work on a powered down laptop with an encrypted drive protected by a boot PIN. Keep the laptop with the keys powered off and you're much better off.

True and if it's gone, sweep immediately

canth

legendary

Activity: 1442

Merit: 1001

Quote from: bitpop on January 20, 2014, 08:08:13 AM

Quote from: canth on January 20, 2014, 07:56:31 AM

Quote from: bitpop on January 20, 2014, 07:50:31 AM

There's nothing you can do about physical access except physical access is easy.

Layered encryption is a good challenge to physical access and yes, physical access is relatively easy. As Andreas M Antonopoulos says, "...humans are great at physical security, but we suck at digital security."

Yup. There's the frozen memory and firewire attacks at the physical level, just to begin with.

Frozen memory and firewire attacks do not work on a powered down laptop with an encrypted drive protected by a boot PIN. Keep the laptop with the keys powered off and you're much better off.

bitpop

legendary

Activity: 2912

Merit: 1060

Quote from: canth on January 20, 2014, 07:56:31 AM

Quote from: bitpop on January 20, 2014, 07:50:31 AM

There's nothing you can do about physical access except physical access is easy.

Layered encryption is a good challenge to physical access and yes, physical access is relatively easy. As Andreas M Antonopoulos says, "...humans are great at physical security, but we suck at digital security."

Yup. There's the frozen memory and firewire attacks at the physical level, just to begin with.

canth

legendary

Activity: 1442

Merit: 1001

Quote from: bitpop on January 20, 2014, 07:50:31 AM

There's nothing you can do about physical access except physical access is easy.

Layered encryption is a good challenge to physical access and yes, physical access is relatively easy. As Andreas M Antonopoulos says, "...humans are great at physical security, but we suck at digital security."

bitpop

legendary

Activity: 2912

Merit: 1060

There's nothing you can do about physical access except physical access is easy.

canth

legendary

Activity: 1442

Merit: 1001

Quote from: Sledge on January 19, 2014, 08:43:31 PM

That laptop that you "never connect to the internet" -- if I got my hands on it, I bet I could extract the private keys you made with it. Security concern. After generating keys, it should be erased and then fresh installed (use whatever techniques make this faster of course, like images etc.).

1) If you got your hands on it, I'd probably know it went missing and the coins would be moved before you managed to get the private keys.
2) TrueCrypt + a strong boot password is reasonably hard to overcome. I do not leave it running except when signing transactions.
3) Digital copies of the wallet are stored on TrueCrypt encrypted USB sticks - if you can break into a safe deposit box, again, I'd probably be aware of it before you broke the encryption.

I'm not saying that it's impossible, but I sleep comfortably at night.

Sledge

newbie

Activity: 56

Merit: 0

That laptop that you "never connect to the internet" -- if I got my hands on it, I bet I could extract the private keys you made with it. Security concern. After generating keys, it should be erased and then fresh installed (use whatever techniques make this faster of course, like images etc.).

canth

legendary

Activity: 1442

Merit: 1001

Quote from: DieJohnny on January 19, 2014, 05:24:25 PM

Use a YubiKey and LastPass, inexpensive, one password and physical key.

For Bitcoin I do not use any wallet.dat. i save my private keys in last pass encrypted file.

I also have one private key stored in two safe deposit box

LastPass is pretty trustworthy, but when it comes down to large sums money I don't consider any centralized company, subject to possible government coercion good enough. Better to use tools that are open and under full end user control. Aka, TrueCrypt, Password Safe and KeePass.

Also, do you use this same computer for email, gaming, running altcoin wallets? If so, then you're at risk of running targeted malware which could take advantage of any vulnerabilities in LastPass' client side, closed source software.

canth

legendary

Activity: 1442

Merit: 1001

Quote from: bitpop on January 19, 2014, 05:20:35 PM

I was using paper wallets but I'm not fully confident. I'm switching to offline armory.

Though I'm removing the Wi-Fi card and gluing the Ethernet.

A paper wallet created with an offline, dedicated laptop is secure but makes for less convenience when you need to send BTC transactions. I'm comfortable with the Armory offline/online setup as a good mix of security and convenience.

DieJohnny

legendary

Activity: 1639

Merit: 1006

Use a YubiKey and LastPass, inexpensive, one password and physical key.

For Bitcoin I do not use any wallet.dat. i save my private keys in last pass encrypted file.

I also have one private key stored in two safe deposit box

bitpop

legendary

Activity: 2912

Merit: 1060

I was using paper wallets but I'm not fully confident. I'm switching to offline armory.

Though I'm removing the Wi-Fi card and gluing the Ethernet.

canth

legendary

Activity: 1442

Merit: 1001

Quote from: bitpop on January 19, 2014, 04:46:26 PM

Os? Truecrypt? Paper wallets? How do you do securities?

My opinion on a solid setup:

OS doesn't really matter. Run whatever you have stronger knowledge and comfort with.
Use 2 virgin dedicated laptops and a dedicated USB stick. Never use them for anything other than cryptocurrencies.
Install Armory on each.
The offline laptop never connects to the internet. Disable all networking interfaces including Bluetooth at the driver and service level.
The online laptop runs a watching wallet only.
Send transactions are initiated on the online laptop, signed by the offline laptop and then sent by the online.

Backups can be handled by digital encrypted on USB stick + paper multi-part backups. Store in 3 or more locations including a safe deposit box.

bitpop

legendary

Activity: 2912

Merit: 1060

Os? Truecrypt? Paper wallets? How do you do securities?

Topic: What are YOU guys doing for security? (Read 1018 times)