Securing your wallet. All about cryptocurrency - Bitcoin

Windows Bitcoin trojan in the wild.

submitted by Satoshi_Nakamoto to Bitcoin [link] [comments]

Looking for an External Disk Encryption package (on Ubuntu, but also accepted like TrueCrypt for (somewhat) easy/universal access independent of OS).

I'm migrating an external 300GB HDD I have from TrueCrypt. Should have done it sooner since that was discontinued and basically denounced by the authors, but I never got around to it.
I'm on Ubuntu 14.04, but feel comfortable enough with Guake (or a normal terminal, though I'm really fond of Guake) to install just about anything (provided if I have to compile myself, the Makefile doesn't throw up tons and tons of issues).
I've done some looking around for something else to use, and dm-crypt seems to be a popular one, but it and the others like it aren't exactly centralized -- I rather cherished that TrueCrypt was/is used by lots of people, so if I need to access the data on another borrowed system, I could (ignoring the OS) use TrueCrypt (or install it if neccessary first). With dm-crypt and the other options I'm seeing, I don't see a centralized alternative.
Am I just missing something? Or are most disk-encryption based packages not centralized across all the major OSes?
To be clear, I'm not looking to encrypt the local disk Ubuntu is running on -- I'm just talking about an external drive where I can put the important stuff as well as some backups of things that are important, but need to be on the local HDD.
submitted by k2trf to linuxquestions [link] [comments]

Senate passed a bill to give ISPs the ability to sell your web data; it has to pass House next week. Regardless of outcome, here's stuff you can do.

First of all, there's nothing you can do about the vote. Calling your Reps, I mean they don't give a s*t about you. We know that. Don't waste your time. They know our position already. Internet has spoken. We don't like it. We don't want this. They won't listen. Revolving door and lobbying > Internet.
But you can do stuff about your privacy even if this passes

Anti-Censorship / Sovereignty Tools

Tool Description
Linux Mint Viable open source (free) desktop OS that can be made fairly secure and is easy to use
Tails w/Tor USB-based security/privacy OS bundled with Torbrowser -- alternatives to Tails, Subgraph
Firefox Privacy Extensions BetterPrivacy, Bluhell Firewall, Decentraleyes, HTTPS Everywhere, WorldIP, YesScript, NoScript (difficult/annoying to use but useful), uBlock Origin, Adblock Plus, Flashblock, Lightbeam, UserAgent Switcher, Disconnect
Iridium Security/Privacy-hardened chromium (chrome) browser
VeraCrypt Sec-hardened truecrypt: full-disk encryption
QuiteRSS RSS newsreader to search / track news across many websites
BleachBit "like with a cloth or something?" --HRC
Privoxy Ad-destroying privacy proxy for prefiltering your web browsing to cut out ads, web bugs, beacons, xss javascript, garbage
Yandex Mail Russian Gmail, in case you think its better Putin spy on you than Hillary's CIA
Yandex, Ixquick.eu Alternatives to Google Search; Although there really is no comparison to Google. (And there's a reason for that)
Thunderbird with Enigmail plugin PGP (GnuPG) email encryption -- you will need a public keyserver also -- still too advanced for most ppl
Vid.me Youtube Alternative because of recent censorship and demonetization of alternative media
Gab.ai Twitter Alternative because of recent censorship and de-exposure of alternative media and alternative public opinion
Freenet Censorship-resistant, anonymous distributed filesystem; extremely, extremely slow
I2P Anonymous overlay network, similar to TOR
DD-WRT Vastly more secure, 3rd-party router firmware with way more advanced options, specifically stateful firewall (only allows inbound response that was requested by outbound req.)
DNSCrypt Encrypted DNS requests; an option in DD-WRT router firmware. Requires a server but dd-wrt offers opendns as a very good option
Bitcoin Decentralized semi-anonymous cryptocurrency without hungry intermediaries
Coinbase Online, Secure bitcoin wallet and bitcoin bank/currency exchange
Goldmoney Online precious-metals backed bank
VPNs No longer recommended as they are universaly useless now. Nearly all VPNs are now being blocked by VPN provider's public IP range by a bunch of collusionary industry a-holes including but not limited to Netflix, Hulu, Amazon, Paypal, all MSM, anyone using top 5 credit card processors and ACH due to Obama era legislation and anti-citizen tomfoolery. Ask yourself: Why would a company that you login to with your credentials care if you use a VPN or not? A: they shouldn't but someone is leaning on them to block your VPN and it's the american intelligence community
submitted by 911bodysnatchers322 to conspiracy [link] [comments]

Secure bitcoin storage - please help me bring my solution up to 2017 standards

Long term hodler from 2013. Still waiting for my Monarch j/k. My solution has always been;
Running full node on Linux and using what was the core client in 2013 (I haven't really been up to date all the splintering factions or anything, so let me know if that's terrible) as my wallet. I update the client from the PPA (potentially also terrible without verifying each release).
My wallet.dat lives in an encrypted file container created under the last known safe TrueCrypt 7.. I have not updated TrueCrypt from that version. Additionally, I'm using the wallet password in the client.
Passwords for the encrypted container and wallet live in a cloud password managed secured by a master password and 2FA. I have a copy in a KeePass container in case the company goes bust or servers are down.
Encrypted file container lives on multiple hard drives and multiple cloud storage locations (all with 2FA).
Workflow is
  1. Open password manager [password1 + 2FA].
  2. Decrypt container [password2] (TrueCrypt) and mount.
  3. Copy wallet.dat to bitcoin folder.
  4. Open client [password3] and sync.
  5. Transact.
  6. Close client, copy wallet.dat back to container.
  7. Delete wallet.dat from O/S.
  8. Unmount container, re-upload to local and cloud storage.
This was something I put together back in the day and I suspect there are betteeasier ways today. I'm not using a live install either - I wanted to be a full node and it sucks messing around with installs and the data directory each time. So yes... deleting the wallet after use is not exactly 'deleting' it to be precise, but I consider this to be the least likely attack vector.
Is this a terrible setup? If so - which is the weakest link?
What have I missed in the past four years? What is multi-sig? Are hardware wallets any good and what problem with my setup do they solve?
Edit: formatting
submitted by AcceptsBitcoin to btc [link] [comments]

Safety of open source Bitcoin wallet software/apps

Open source software are considered safe/safer because the source code can be audited/reviewed. This thread is not about the source code, but the potential risk caused by the compilation process, or in other words, the possibility that the software/apps aren't complied from the claimed source code.
Here is a link about some version of TrueCrypt's Windows executable being suspicious:
https://blog.cryptographyengineering.com/2013/10/14/lets-audit-truecrypt/
[T]he Windows version of TrueCrypt 7.0a deviates from the Linux version in that it fills the last 65,024 bytes of the header with random values whereas the Linux version fills this with encrypted zero bytes. From the point of view of a security analysis the behavior of the Windows version is problematic. By an analysis of the decrypted header data it can’t be distinguished whether these are indeed random values or a second encryption of the master and XTR key with a back door password. From the analysis of the source we could preclude that this is a back door… As it can’t be ruled out that the published Windows executable of Truecrypt 7.0a is compiled from a different source code than the code published in “TrueCrypt_7.0a_Source.zip” we however can’t preclude that the binary Windows package uses the header bytes after the key for a back door.
As far as I understand, a good way of using an open source software is to build your own executable, which is not possible for most users. A even better way it's to match your executable with the official one, if it supports deterministic build. But deterministic build is even more intimidating. I wonder how many people actually build their own Bitcoin Core software, or Tor, or TrueCrypt.
In addition, every time the software is updated, you have to go through the build process. If you use downloaded executables (even from the official source), as long as one version is compromised, all your bitcoins may be gone. The updates of software are my biggest concern.
Is the concern legit? Is there anyone who actually builds his/her Bitcoin software/app (every time it's updated)?
On a different but relevant matter, is there any trustworthy Bitcoin wallet software/app based on scripting/interpreted language? I've heard JavaScript-based ones are not to be trusted because the language is not strongly-typed.
Thanks.
submitted by exab to Bitcoin [link] [comments]

Could Bitcoin be the catalyst that finally makes the typical computer user take security seriously? (Also, how to build a secure offline computer)

With all the inevitable posts from new users jumping head first into this 'magic internet currency' from malware infected systems using weak and/or duplicate passwords and no proper backups who then go on to mysteriously lose all their shiny new Bitcoin, it made me realize that money is a powerful motivator. Depending on how much is lost it will probably only take one or two instances of losing money before most people start to understand what we tech guys have been trying to tell you this entire time.
While we're on the subject, I will repost for you a comment I made to the security guide (permalink here) detailing my procedure for building a secured offline system for anyone wishing to protect large (and small) amounts of Bitcoin.
  1. Take an old computer and first epoxy the ethernet port so it is not able to go online. Remove or disconnect any WiFi and/or Bluetooth cards, and any other networking components. Disconnect and/or disable any microphones and speakers.
  2. Install Windows completely formatting the drive in the process. Many users here will tell you to avoid Windows and use Linux but since this computer is completely offline it does not much matter. Use your preferred OS. I additionally uninstalled and/or disabled certain services critical for networking but otherwise unneeded for normal operation. It is also good to disable any other unnecessary services. Be sure to disable autoplay. Set the BIOS to not automatically boot from CD or USB. You can set up BIOS security as well but if you do, be sure document the passwords.
  3. Install TrueCrypt and fully encrypt the system drive. All software installers and other files will need to be transferred via a thumb drive. Use an extremely strong password that you do not use elsewhere. MEMORIZE THIS PASSWORD AND WRITE IT DOWN TEMPORARILY ON A PIECE OF PAPER!!! NEVER ENTER THIS PASSWORD INTO ANY OTHER COMPUTER OR DEVICE. Let the encryption process complete 100% before proceeding. Reboot the system and test to ensure you are able to decrypt the drive and log in to the operating system.
  4. Install Armory, KeePass, Foxit PDF, CutePDF writer, and Eraser. You may wish to install Electrum as well. You will need a printer so it may be necessary to load a driver for it as well. If possible, use a printer without network capabilities or persistent memory.
  5. Create a KeePass file. I always secure KeePass with a key file in addition to a password. Do not use the same password for the KeePass file as you used to encrypt your drive. This password should also be memorized. DO NOT ENTER YOUR TRUECRYPT PASSWORD INTO THE KEEPASS FILE! You can however enter your windows and bios passwords if you like. I also configure KeePass to generate random 30+ character passwords using upper, lower, and numeric.
  6. I generate my wallets in Armory. Since this computer is offline Armory does not require a great deal of resources and will not download the blockchain. Note that you will not be able to check balances from this system. I secure each wallet with a separate KeePass generated password and document these in the KeePass file. I then generate watching only wallets that I store to a folder on the offline computer and also attach them to the associated KeePass entry for ease of access. DO NOT ATTACH YOUR ACTUAL WALLET, OR ANY DIGITAL OR PAPER BACKUPS TO KEEPASS! I also create a paper backup and save this on the offline computer using CutePDF Writer as well as a digital backup of the wallet file. Since Armory creates deterministic wallets, these are the only backups you will ever need. Print the paper backups and place them into a tamper evident envelope. Keep this in a secured location such as a safe deposit box. NOTE: This can also be done using Electrum but Armory has a much better interface and multi-wallet support. The online version of Armory however does require a robust computer and a full download of the blockchain. I will use Electrum only if I expect that the specific wallet I am generating will be the only wallet monitored on an online system with limited resources.
  7. Create a text file on the offline computer documenting the TrueCrypt password and key files, KeePass password and key files, the operating system and BIOS passwords, as well as instructions on how to access the offline computer, TrueCrypt file, KeePass file, paper wallets, key files, and any other critical information they may need. Print this out, place it in a temper evident envelope, and keep it in a second secured location available to whomever might need access to it in case of death or an emergency. Be sure you and they have access to unencrypted copies of your key files. You can now destroy the paper on which you originally wrote your TrueCrypt password.
  8. Create a TrueCrypt file on the offline computer. For simplicity you can use the same encryption password as you did for the HDD earlier but you may also wish to add a key file. Place copies of the KeePass file, digital backups, watch only backups, and anything else you may ever need should the offline computer fail. Optionally, you can also add the paper backups and written instructions (read paragraph in italics for considerations). You can now copy the TrueCrypt file to a thumb drive and from there various other locations from where it may be reliably accessed.
You may wish to choose not to store copies of the paper backups in the TrueCrypt file. The paper backups are enough in themselves to fully restore your wallets and spend funds, therefore, if somebody does manage to open your TrueCrypt file, they would have total control over your Bitcoin. By not storing the paper backups in the TrueCrypt file, you ensure someone would need access to both the digital backups (stored in the TrueCrypt file) and the passwords (stored in KeePass) to move funds. The same holds true for the offline computer. If you do choose not to save the paper backups (or delete them using Eraser), even if somebody manages to decrypt your drive they will still need to open KeePass to spend your Bitcoin. For this to be effective however, you must be sure not to copy the instructions file you created earlier into the TrueCrypt file, or in the case of the offline computer, you should use Eraser to delete it, because it contains your KeePass password. The main disadvantage to not including these files would be if, unbeknownst to you, one of your digital wallet files were corrupt. If this were the case and for some reason you cannot access the paper backup you could lose your coins.
You can test the integrity of an offline wallet without compromising security by signing a message from the offline computer using the private key then, from another computer, validating the signature against the public key.
IMPORTANT: IF FOR ANY REASON THE TRUECRYPT FILE IS EVER DECRYPTED FROM A SYSTEM OTHER THAN ANOTHER OFFLINE COMPUTER OVER WHICH YOU HAVE COMPLETE CONTROL, ALL YOUR WALLETS AND ENCRYPTION KEYS SHOULD BE CONSIDERED COMPROMISED. IF THIS OCCURS, I ADVISE YOU TO REPEAT THIS ENTIRE PROCESS USING COMPLETELY DIFFERENT PASSWORDS AND TRANSFER ALL BITCOIN TO THE NEW WALLETS!!!
Even though the KeePass file does contain all of your wallet passwords, since it holds neither any wallet backups nor your TrueCrypt password, even if an attacker gains access to this file your Bitcoin will be secure. Still, if you suspect the KeePass file to have been compromised you should again at the very least create new wallets using different passwords and move your coins (and don't forget to back them up again!)
That is it. You can now set up a fully operational copy of Armory (or Electrum) on an online system and import your watching only wallets as well as your KeePass file. These can be copied unencrypted from the offline computer to a live system via a thumb drive. (Just be sure that you are not also copying your actual wallets, digital or paper backups, or instructions file.) This way you can track balances and receive Bitcoin. If you ever need to spend any Bitcoin, you can create the transaction from your online computer and sign it with the offline computer using a thumb drive (Armory makes this very easy). For added convenience, you can import a full digital backup of one or more of your wallets to hold smaller amounts of Bitcoin on your live system so you don't have to sign minor transactions offline. Just remember that whichever wallets you do bring online should never again be considered as secure as those kept completely offline.
submitted by danomaly to Bitcoin [link] [comments]

Bitcoin Live USB Linux Distribution

I'm throwing together a USB Linux distribution that includes essential tools for bitcoin-related tasks.
My current list of tools is as follows:
Any suggestions?
EDIT: Formatting
EDIT 2: An up-to-date list can be found on github
submitted by zdwolfe1 to Bitcoin [link] [comments]

~10 BTC lost from unencrypted Mycelium, and I don't know how (I have a theory thought)

I'm an idiot and had unencrypted mycelium wallet on my phone. Then my bitcoins disappeared to unknown address. I have no idea how I was compromised, but I have some theories.
The phone couldn't be fully compromised, because I also had other unencrypted bitcoin wallet (2x idiot), and the btc weren't stolen from there. I still have the other wallet there and the coins still haven't moved.
I stored the backup phrase on truecrypt partition on a linux server. In theory, the backup phrase could have been compromised, but I doubt it.
1st theory: sometime ago I installed popcorn time android app. I guess it is possible for other android apps to read the mycelium keys, if they aren't encrypted. Not sure though.
Other theory: targeted, physical attack. Someone technically could have snatched the phone while I left it at table at bar or something. However I usually take quite a good care of my phone.
Paranoidity level: high. Supidity level: ultra high. Any other theories?
submitted by throwaway-bitcoiner to Bitcoin [link] [comments]

Using Electrum and Bootable Ubuntu USB to Create a Secure Cold Storage Wallet

Here is a short guide that is hopefully newb friendly for creating a cold-storage wallet with Electrum. All you will need is at least one USB flash drive with at least 2 GB of free space, your PC, and pen & paper.
You will need The Universal USB Installer, as well as the Ubuntu .iso image file. Choose the 32 bit version to be safe. Download both, plug in your USB flash drive, and launch the installer. Select Ubuntu in Step 1 in the installer. Then in Step 2 browse and locate the Ubuntu .iso image file you downloaded. Then in Step 3 select the drive you have inserted, as well as click the box to format the drive and erase contents. Do NOT set a persistence as this will reduce the security. Then click create and wait for it to finish.
Once booted into Ubuntu, make sure to click "try ubuntu". You are only trying it out on the USB, and not installing it onto your main hard drive. The reason for using the bootable drive is everything exists in memory and mostly disappears when you shut down Ubuntu.
(It would be more ideal to install electrum in a complete cold environment, but I have heard that could cause some problems with Electrum at this time and it is best to install it while connected to the internet. But if you want true cold storage you must have zero internet connection at the time of creating the wallet. Since we are disconnecting before Electrum creates the seed, we should be good.)
At this point you are done, just shut down Ubuntu to make sure the evidence of the seed is erased. Then you can send Bitcoins to your cold storage wallet. You have effectively created a very secure cold storage wallet, in my opinion. To restore the cold wallet, just launch electrum and choose "restore wallet" option, type in your seed, and voila you have a hot wallet ready to spend again.
Extra: Using Truecrypt Encryption
Bonus tutorial is if you would prefer to save your seed on another USB or digital device. It is not recommended to do this, unless the seed in encrypted. Even then I would only leave it on a USB and not plug it into any hot device just to be safe. I would recommend Truecrypt although its possible the NSA has hacked Truecrypt, so use at your own risk.
sudo add-apt-repository ppa:stefansundin/truecrypt
sudo apt-get update
sudo apt-get install truecrypt
Hit enter after each command. If it asks permission, press y. Sometimes I had problems getting commands to work in the past. For some reason first installing flash from the software center fixes the problem, but I have no idea why.
Choose a size for the file, probably 5 MB is enough, but by all means choose more if you want to hold more files. Click next and make sure to choose a SECURE password for the file. If you don't pick a good enough password it will be brute forced easily. Use numbers, letters, capitals, lowercase, symbols, and make it long as possible. Try to have it something you can memorize if possible. Then click next. Then format it as FAT, and click next. Move your mouse around for entropy and then click Format, and your truecrypt container has been created.
I think this is a decent easy to follow tutorial. Hopefully this can help some newbies out, if I made any mistakes please feel free to correct me.
Edit: Sorry formatting sucks.
submitted by btcfreedom to Bitcoin [link] [comments]

PSA don't keep your coins in an exchange. Follow this simple 22 step process to create a secure, offline prison wallet

First log into your VPN then open a TOR session to browse to overstock where you will purchase a single purpose laptop with bitcoin. Once you have the laptop you'll want to install mycelium, coliseum, elysium, truecrypt, Linux, and unix. Take the laptop to your Faraday cage and boot up. You'll create a wallet file in this environment. Afterwards you'll want to remove the disc drive from the laptop and place it into a latex bag which should be vacuum sealed. This is then inserted into a body cavity for secure storage.
submitted by tea-bone to Bitcoincirclejerk [link] [comments]

A n00b vents: barrier to entry of bitcoin, the implications for general uptake, and the future

Being mindful of the general truism whereby you forget how hard something was to begin with once you get setup into the pattern of efficient minimal usage, it felt like a good time to vent, slash get the opinions of the community.
The problem: once someone has been titillated enough by the prospects of bitcoin, they'll then try to get into it. How many will fail? Let's be honest, on a quite-nerdy website, we're probably relatively a lot nerdier, so should arguably be finding these things very easy if we hope that the general populace will be adopting, no?
My experiences:
MY OVERALL POINT
There's loads of evangelism going on in bitcoin, which is great (not sarcasm), but I wonder to what extent part A (getting people interested) is being undermined by part B (people being able to get onboard)?
Is there a step by step guide, or flow diagram, for how people should get onboard once they've decided they want to? This and this is good, but maybe should be expanded to include the security one should have and a stepwise guide to get there, plus what to expect/prepare when signing up to the wallet sites?
TLDR: technical papercuts barrier uptake to bitcoin, thus working against the promotional work of the community. How can these be reduced? Have they been improving with time?
submitted by Sharky-PI to Bitcoin [link] [comments]

A helpful discussion about wallet security (esp. Electrum)

I was recently contacted via private message by a redditor who read a comment of mine about wallet storage (I assume this comment). I think there was quite a bit of useful information in it for other bitcoin beginners, so I am reposting it here in full (with permission). The redditor in question wanted to remain anonymous though.
I hope this is of use to some of you here!
From: Anonymous Redditor
I saw your post regarding your wallet storage and had a few noob questions if you don't mind.
My plan is similar to yours but I was unsure whether to use armory or electrum (electrum's seed creation scares me a bit).
You mentioned you have a bootable LINUX (ubuntu?) USB stick that you keep your wallet on....do you only boot this onto an always offline computer?
Do you use something like Truecrypt to further protect your wallet.dats?
Thanks for your time!
From: SanderMarechal
My plan is similar to yours but I was unsure whether to use armory or electrum (electrum's seed creation scares me a bit).
For me it is the other way around. Armory (and bitcoin-qt) scare me. Armory is just a wallet. It still needs bitcoin-qt running in the background. For me the problem is two-fold:
1) Size
bitcoin-qt (and armory) need to download the entire blockchain. That 13+ GB that takes hours to download and days to verify. And if you ever lose it, you need to do it again.
2) Random keys
armory and bitcoin-qt generate random private keys. You get 100. If you use a few (you use them when you send coins for example) then new ones are created. So, if you create an armory wallet and make a backup, that backup will have 100 keys. Then, if you make 33(!) transactions, your 100 keys are used up and you will have 100 different random keys. If someone then steals your computer (or your house burns down) then you cannot use your backup anymore. It only has the 100 old keys and none of the new keys. So you have lost all your bitcoins.
Why 33 transactions and not 100? Because of change addresses. If you have 10 BTC and send me 2 BTC then most wallets will create 2 transactions. 2 BTC from your old addres to me, and 8 BTC from your old address to a new (random) address. This process costs 3 private keys. 2 keys for the transactions and 1 key to create a new address.
This means that after every few dozen transactions you need to refresh your backup so it has the newer keys. For me that is impractical. It means that I need to keep my backup close by because I often need it.
Electrum does not have this problem. The seed solves this. Private keys are not random but are created from the seed. If you have the seed then you have, by definition, all the private keys you will ever need. Your backup can never be out-of-date. This is easy for me. I save the seed in a file, encrypt it, put it on an USB stick and give copies to a few family members who have safes in their homes.
If my computer is ever stolen, or my house burns down, I can go to a family member, decrypt the seed file and use the seed to restore my electrum wallet. Even if that USB stick is 10 years old.
You mentioned you have a bootable LINUX (ubuntu?) USB stick that you keep your wallet on....do you only boot this onto an always offline computer?
It depends on how secure you want to be. For maximum security, keep the computer always offline. But if you want to spend the bitcoins from your wallet, you will need to be online.
I use the USB stick for my savings account. It only receives coins and I do not send. So I do not need to boot up my USB stick. I have created a second wallet on blockchain.info that I use for day-to-day transactions. All BTC I receive goes to my blockchain account. Then I transfer a part of that to my savings account and only keep a bit of change that I need in the blockchain account.
Do you use something like Truecrypt to further protect your wallet.dats?
No. Electrum does not have a wallet.dat. It has the seed. I simply copy the seed to a TXT file and encrypt it using GPG and symmetric encryption. Example:
gpg --armor --symmetric --cipher-algo AES256 seed.txt 
Make sure you use a password that is strong and that you cannot forget! If you need to write the password down on paper and your house burns down, then you cannot decrypt the seed anymore!
From: Anonymous Redditor
Forgive the naivety here: Correct me if I'm wrong - The safest way to generate your wallet seed is on an offline computer correct? So, theoretically, generate the seed on an offline-only computer, copy to txt...encrypt. back up on multiple USB's. Then on your online computer, load electrum and import Seed?
Thanks so much for the thorough explanation! I'm a potato when it comes to reddit's bitcoin tip bot. Send me an address - would like to send some internet magic money your way.
From: SanderMarechal
The safest way to generate your wallet seed is on an offline computer correct? So, theoretically, generate the seed on an offline-only computer, copy to txt...encrypt. back up on multiple USB's. Then on your online computer, load electrum and import Seed?
Not quite. The risk with an online computer is malware and people breaking in. If you generate the seed on an offline computer and then move it to an online computer, you don't really take that risk away. You still have your wallet on an online computer which you use for day-to-day work and which is exposed to hackers and malware.
I suggest you make two wallets. One wallet is your "savings" wallet. You can use the USB stick Linux for this. Generate the wallet offline, backup and encrypt the seed onto multiple USB sticks and note down the bitcoin address somewhere so you can transfer funds to it. The only time you should use the USB stick to go online is when you want to transfer funds out of your savings wallet.
The, on your normal computer (or your smartphone if you prefer), create a second wallet using a different password. This is the wallet you keep only a little money in for your day-to-day transactions. Note down the seen, encrypt (with a different password than you used to encrypt the seed from your savings wallet) and add it to the USB keys. You can use Electrun for this second wallet as well, but you can also use something different. I use a blockchain.info wallet for my day-to-day expenses.
Whenever you have a larger amount of bitcoins in your day-to-day wallet, transfer some to the wallet on the USB stick. You don't need to boot up the USB stick for this. You only need the address you wrote down.
When you want to spend a large amount of money, boot up from the USB stick and transfer coins from your savings wallet to your day-to-day wallet. Reboot into your normal computer and use the day-to-day wallet to pay for what you wanted to buy.
The core of the issue is simple: Don't store a lot of money in a wallet on a computer that you use a lot. Computers that are used a lot get attacked a lot. Simple :-)
Thanks so much for the thorough explanation! I'm a potato when it comes to reddit's bitcoin tip bot. Send me an address - would like to send some internet magic money your way.
That is very kind! My address is: 1PAXiscvKoGRJ5XxMZvri3CMNeKYYb8wMQ
From: Anonymous Redditor
You are awesome:) Thank you again for the insight! Sent some your way.
From: SanderMarechal*
Your welcome. And thanks for the coin!
From: Anonymous Redditor
Last question(s) (I promise)...
Would a netbook like this be appropriate to 1)dban 2) boot up via USB ubuntu and 3) create the electrum seed?
This would of course never go online, be backed up and encrypted, etc.
http://www.newegg.com/Product/Product.aspx?Item=N82E16834131403
Thanks again.
From: SanderMarechal
I don't know. You would be better off asking this on www.ubuntuforums.org for example. I don't know if that computer's hardware is compatible with Ubuntu. Speed-wise the bottleneck will be the USB stick and not the CPU or memory. USB sticks are much slower than hard drives.
Note that you don't have to buy a computer for this. You can use the computer you already have and still run Ubuntu off an USB stick for your Electrum wallet.
What I said in my previous post about not using your day-to-day computer for your wallet, with that I mean the operating system and software. Not the hardware. Unless you're afraid someone put a hardware keylogger inside your computer :-)
From: Anonymous Redditor
Fascinating!
My tin foil hat is in full effect:) Thanks again for your time and patience.
From: SanderMarechal
Your welcome. Have fun with bitcoin!
Oh, I have a question for you now. Would you mind if I repost our entire private conversation here to /BitcoinBeginners? I think other redditors there would also be interested. And if I can repost it, do you want your username in there or should I replace it with "Anonymous Redditor" or something?
From: Anonymous Redditor
You can certainly repost it! And yes, if you wouldn't mind removing the username I would very much appreciate it.
Thanks for asking btw!
Anyway, I hope this is useful for some people out here.
submitted by SanderMarechal to BitcoinBeginners [link] [comments]

Ideas for really safe Cold Storage

The Three Legged Stool of safe storage. I've given a lot of thought about how I can safely store my Bitcoins. I want to share my method in the hope others may find this helpful and any discussion could also help me. I'm not intending this as a beginners guide to cold storage, plenty already exist. But people, both new and familiar with cold storage, can benefit from the applications and ideas I'm suggesting here.
The Three Legged Stool, what's this about? There are just three ways to unintentionally lose your coins: Leg 1, They can be stolen Leg 2, They can be physically lost Leg 3, You can forget how to access them
The snag is that anything done to improve security to one Leg tends to increase the risk of loss caused by being out of balance with the other two Legs. For example, to protect your coins against Leg 1 (being stolen) you may hide the coins private key in a password protected container somewhere in your house. My point is that you have reduced the risk of Leg 1 (getting them stolen) but at the same time increased the risk of Leg 2 (physically lost) and Leg 3 (forget the password). This is especially true with long term storage. Equally, not using a password protects against Leg 3 but increases the risks from Leg 1 and is of no help against Leg 2. The objective is a balanced stool, keeping your coins safe and also always available for spending.
How it can be done: My preferred method is using Paper Wallets with BIP38 encryption. With secure passwords, these are so safe you can keep multiple copies of the same wallet all over the place. Keep copies at work, at home, at your parents house and even carry the private key QR code with your phone in case you want to spend a chunk of Bitcoins unexpectedly. Brute force attacks on BIP38 wallets are so slow, I can't think it's possible to crack a strong password of let's say 10 random letters, numbers and symbols. So this is total protection against Leg 1 and Leg 2 but forget that password Leg 3.... and your coins are gone forever!
Here's the clever bit. So how can you guarantee never to forget that complex wallet password? Yes! There's an App for that, "Infinite Password Generator" (IPG) is truly brilliant. https://play.google.com/store/apps/details?id=yuku.infinitepassgen.app
The only permission this App has is to access Google Play payment services so I don't think it can give any secrets back to the developer. Install this app and make backups of the APK, save backups on several devices in case it's ever removed from Google Play. If you change your phone you will want to be able to install IPG from your APK backups and it's best not to update this App. If you do update it then always check it is generating the same passwords using the procedure explained below.
IPG generates complex passwords by combining your own "Master Password" with a Keyword. As an example, your Master Password must be something you can NEVER forget like the house number and road name you lived in as a child. The Keyword is a unique identifier for this Paper Wallet, maybe a name and incrementing sequence number like wallet3. IPG combines these two fields to generate a secure repeatable password you can use as the input to the BIP38 encryption.
IPG let's you save its configuration settings and you need to do this: Fill in the Master Password, put your name in the Keyword field, press Show and select the type and length of BIP38 password you want then press Copy (to the clipboard). Now, paste the generated password over the Personal notes (optional) field. Next, delete the Master Password field and Save, then exit IPG.
Open IPG and Load your saved file, fill in Master Password then Copy/paste the generated password under the original copy of the password and if you did this all correctly you will have generated exactly the same password, confirming you put in the Master Password correctly. Now change the Keyword field to your chosen Wallet Identifier, let's use my example above wallet3 and this will generate the required unique password for that BIP38 Paper Wallet you're about to make. I would write 3 as a hint on all copies of this Paper Wallet to make sure I don't forget the full Keyword. The next Paper Wallet I generate being wallet4, marked 4. Also I paste a copy of the IPG generated password into a Truecrypt encrypted container as a last chance disaster recovery.
Final steps to use IPG safely. You must close this App correctly otherwise it stays a while in memory containing all your secret information. Then you need to clear the clipboard of the wallet password and I've been using an App called Clipboard Autoclear+ to do this. https://play.google.com/store/apps/details?id=de.tactilesoftworks.clipboardsentinel
I've used two Paper Wallet generators, my favorite is https://www.bitaddress.org but it's a bit cumbersome to produce multiple copies of the same wallet. I also like https://bitcoinpaperwallet.com because they can produce Testnet Wallets which is a coin identical to Bitcoin but uses valueless coins purely to be for testing purposes. Google Testnet Wallets for more info.
Spending from your Paper Wallet is easier to do than explain and I started by using the Blockchain.info Android App. But this has let me down with an error message "insufficient funds" and I see many complaints about this problem. I wrote to Blockchain.info about it but got no reply. Since then I moved to Mycelium Wallet https://play.google.com/store/apps/details?id=com.mycelium.wallet and have had no problems with this. Also they do a Testnet version of Mycelium which is incredibly useful.
In Mycelium you just scan your Paper Wallets public address to watch how many Bitcoins there are in them. When you want to spend from the Paper Wallet, first run IPG, load the file and fill in the passwords then copy the Paper Wallet password to the clipboard. During the Send transaction Mycelium will ask to scan the wallet Private Key, it then asks for the BIP38 password which you can paste in from IPG and the amount of Bitcoin to send and off it goes.
A couple of important points to consider if you're not spending the full amount from the Paper Wallet. Once your private key has been used like this you really should send the remaining Bitcoins the next Paper Wallet in the sequence called, using my example, wallet4. That's because once a private key has been used or exposed to an online device, it's no longer safe to consider it as cold storage. If you don't spend all the coins on your Paper Wallet it's likely you will get back change and you must be sure the Wallet App you're using supports this or your change will disappear as a donation to the mining community. Mycelium and Blockchain.info Wallets automatically look after sending your change back to the Paper Wallet's corresponding public address. OTHER APPS MIGHT NOT DO THIS SO BE CAREFUL.
Generating Paper Wallets should be done on an offline device such as an old Android phone factory reset and only used for this purpose or a bootable Linux USB.
In conclusion this approach overcomes my doubts about my ability to remember long term secure passwords, possibly years after I made them up, because I shouldn't forget the Master Password as it's something so personal to me and the Keyword is almost attached to the Paper Wallet. Leg 3 is dealt with and Legs 2 and 3 now take care of themselves.
I do hope some of you find these ideas helpful. The developer of IPG Yukuku does not make any provision for donations and I would happily make a donation for this excellent App that is also available for Windows.
Disclaimer, these ideas are for your consideration and debate only. I take no responsibility whatsoever for any losses that may arise however they are incurred. I have absolutely no connection or financial interest in any of the applications I have referred to here.
submitted by LeScarecrow to Bitcoin [link] [comments]

Some questions about the blockchain, wallet.dat, and Truecrypt on Windows

1) Do I need to download the entire blockchain before I can send bitcoins from the official bitcoin client, even if blockexplorer.com says my address has received them? The blockchain is taking a long time for my client to download and my balance is unchanged. (On getblockchain.com, the blockchain is currently 475MB compressed and 1.42GiB uncompressed, although the site is more targeted to linux users.)
2) After following the Bitcoin wiki regarding Truecrypt, if I launch bitcoin.exe with the -datadir option pointing to a Truecrypt container file that contains wallet.dat, does the ever-growing blockchain also have to be in that container file? Can I point the client to one location for the blockchain and another location for the wallet file?
3) Can I leave the blockchain in its normal directory and do I just need to copy wallet.dat out of the Truecrypt container file when I need it? (Or decompress it with 7-zip or decrypt it with GPG4win?) Wouldn't it then be vulnerable to trojans like Infostealer.Coinbit or the metasploit module bitcoin_jacker.rb?
4) Will the plaintext wallet issue be obsolete by version 0.4.0.0 of the official client? And will a headers-only client make it so every user doesn't have to download a neverending blockchain?
submitted by SpaceBuxTon to Bitcoin [link] [comments]

Is there a BIP38 equivalent to encrypt my Electrum seed?

Hey guys and gals,
Just put some BTC into Electrum to test it out. I plan to use it as cold storage for as long as client side bitcoin wallets are the best method for storing bitcoins.
I generated the Electrum wallet on a USB live linux, and imported the master public key onto my online computer. I then wrote the seed down on paper for now. I plan to burn the paper later.
So the question I have is: Is there a way to encrypt my electrum seed so that I can safely upload it into the cloud so that I don't have to worry about storing it phyiscally?
I heard things of TrueCrypt etc but today is the first day I have used the program. Still new to it, so i'd like any opinions possible, thanks.
submitted by v1- to BitcoinBeginners [link] [comments]

Wallet security.

Hello all, I'm new to Reddit but have been following this subreddit for a little over a week. I thoroughly enjoy the information that everyone has contributed.
With that being said, I am very excited to join the bitcoin community. I have a small transaction to start off with pending at coinbase.
My concern is that I have taken such drastic steps to secure my offline wallet that I will be a burden to recover it in the event that I lose the original data file.
Here are the steps that I have taken.
Installed linux on an offline machine. Logical volume of offline machine is encrypted. Strong user password. Home directory where wallet.dat is stored is also encrypted. Armory wallet encrypted. Armory wallet digital backup stored in Truecrypt file container on new USB flash drive. Flash drive to be placed in safety deposit box.
Am I just being paranoid or is this overkill? I was also thinking of keeping another copy of the USB flash drive in a fireproof safe at home.
submitted by jsrob to Bitcoin [link] [comments]

[Security] I worked on my BTC security last night. How did I do?

I am getting to the point now where I have a substantial amount of BTC (not massively life changing, but it has turned into more than I have in fiat, which I have accepted and I am ok with.)
I wanted to secure these coins for long term safe-keeping, and I have a few questions for you very smart folks.
  1. Would you diversify your coins into multiple security methods, or are you comfortable with using 1 method that you know and trust for all of your coins?
  2. Please pick apart the process I used below to secure my coins:
This was all done on the same computer with the exception of using another computer to add a public key to blockchain.info
How did I do? I am a bit nervous about having all of my eggs in one basket.
submitted by btcthrowaway5 to Bitcoin [link] [comments]

Thoughts on a cold(ish) wallet storage

So with everything going on (mt gox and others), I'm thinking of doing a cold storage of all my coins. Here is what I was thinking.. First get a copy of Knoppix or a linux distro and make a live CD. Run it on my laptop. Download and install all the QT wallets (bitcoin, litecoin and dogecoin). Let them sync up. I have a address. I will make a transfer to it and test to make sure it goes thru. When it does, I will make a large transfer from my other wallets into it and create my "piggy bank". I will then make a truecrypt drive and place the wallet.dat into it (by the file ->backup wallet setting). Then I will copy this onto a USB drive. I will also keep a copy on dropbox. Since it's encrypted there's n access to the wallet.dat Next, I will do a dumpprivkey for each of the public keys to get the private keys. with that, I will make a QR Code and paste it on a piece of paper with the Public key. Then I got a physical paper in addition to the usb drive which I can keep locked away.
Hopefully since I backed up using the qt wallets, I shouldn't have any transaction limits.
Thoughts?
I've been reading a bit about the transaction limits. Do those apply only when I was to send the coins out? Is there a limit on receiving? For instance, could I say weekly send money to the "piggy bank"?
What exactly is the key pool? I'm seeing notes that it is per transaction. Others are per wallet.
submitted by plunderisley to BitcoinBeginners [link] [comments]

Security Question and Answer: How secure is my Bitcoin wallet?

I thought I'd make a thread where the less savvy bitcoiners can describe how they store their bitcoins, and the experts among us can weigh in their opinions on how secure our situation is. I'll start.
I have a dedcated brand new linux laptop with multibit installed onto a truecrypted usb flash drive. The USB drive is never used on any other machine. My wallet is also encrypted. The laptop stays offline until I run mulitbit, and I go back offline after transactions are done. I do not use the browser. I have backed up the usb drives onto 2 other usb drives that I store in separate locations.
submitted by OperativeProvocateur to Bitcoin [link] [comments]

Help with a very secure Live USB OS

I have a 16GB thumb drive and want to fool around with making a very secure live OS.
Install linux mint as main OS and have a second persistant partition for saving GPG keys and other sensitive files.
Have VM installed, one with Tails and one with another linux mint. The linux mint VM will not allow any type of internet access.
The linux mint VM would house programs such as GPG and a bitcoin wallet.
The main OS will have a bitcoin wallet for every day use.
I would like to have this fully encrypted maybe via truecrypt - I have been reading that it is not possible to do a full encrypted usb, but the information i was reading was from years ago. Is this still true?
Any suggestions on the feasibility of any of this? I am new to all of this.
Thanks.
submitted by _Natoshi_Sakamoto_ to security [link] [comments]

Thoughts on a cold(ish) wallet storage

So with everything going on (mt gox and others), I'm thinking of doing a cold storage of all my coins. Here is what I was thinking..
First get a copy of Knoppix or a linux distro and make a live CD. Run it on my laptop. Download and install all the QT wallets (bitcoin, litecoin and dogecoin). Let them sync up.
I have a address. I will make a transfer to it and test to make sure it goes thru. When it does, I will make a large transfer from my other wallets into it and create my "piggy bank".
I will then make a truecrypt drive and place the wallet.dat into it (by the file ->backup wallet setting). Then I will copy this onto a USB drive. I will also keep a copy on dropbox. Since it's encrypted there's n access to the wallet.dat
Next, I will do a dumpprivkey for each of the public keys to get the private keys. with that, I will make a QR Code and paste it on a piece of paper with the Public key. Then I got a physical paper in addition to the usb drive which I can keep locked away.
Hopefully since I backed up using the qt wallets, I shouldn't have any transaction limits.
Thoughts?
I've been reading a bit about the transaction limits. Do those apply only when I was to send the coins out? Is there a limit on receiving? For instance, could I say weekly send money to the "piggy bank"?
submitted by plunderisley to dogecoin [link] [comments]

Low-tech signing and sending

So I've got an incredibly small amount of BTC that I've scraped from bitcoinget.com for testing and learning purposes, which I sent to a wallet that I generated from bitaddress.org. I want to eventually keep larger amounts of BTC on a freshly-installed Linux distro on a perpetually-offline netbook. While I do have access to a second, online computer, it doesn't have the hardware resources to run the Armory client, or even the full Bitcoin-QT client with it's large multi-GB blockchain download. Furthermore, that computer is at my workplace - I have complete administrative control over the machine, however the network admins here block the necessary port (8333), presumably to keep people from using our server rooms for mining.
So my question is, given the contraints described above, how do I go about coming up with a workable, secure method for using BTC? If I have an address with 1 BTC, and I want to send, say .53756 BTC to a new address, what tools should I go about using to sign/send the transaction? What about the remaining fraction of BTC in the original address? Is there some easy tool or way to break up the BTC contained in one address across multiple others, that is workable with my constraints? E.g. "send .53756 to address A and send the remainder in that wallet to address B"?
submitted by hags_claw to BitcoinBeginners [link] [comments]

Bitcoin Mining Tools - 5 BTC Generate Information Video How to backup Litecoin wallet on linux LIVEHow to hack bitcoin wallet using just browser Setup Bitcoin Core Wallet  Bitcoin core wallet  How to use Bitcoin Core How to install Bitcoin Core wallet in any Linux distribution

Lazarus Long August 9, 2018 at 6:13 pm. Yes , the same company that gave us Windows 95 (in 96), 95B (in 97), 98 (in early 98), 98SE (in late98) , and ME, 2000, and XP, all in one and one half years between late 99 and early 2001. The main purpose of a redeemable code is to use it as a means of funding and “redeeming” funds associated with a certain bitcoin wallet address. However, it is important to note that paper wallets should only be used once, because a paper wallet is not a bitcoin wallet intended for daily use. Paper wallets can serve many purposes. A popular open-source encryption program often used to secure desktop bitcoin wallets is compromised, according to its developers. The program, TrueCrypt, was deemed “not secure” due to “unfixed security issues” according to a notice on its SourceForge page that appeared on 28th May. Hardware wallet are one of the most secure way to handle your cryptocurrency like bitcoin. The trezor is a hardware bitcoin and other cryptocurrency wallet made by satoshilabs used to secure online transactions. The security reside in the fact that the private key used to sign a transaction never leave the device. Wallet Encryption using TrueCrypt & Smart Cards. So I'm just recently getting into bitcoin and was wondering if anybody is using TrueCrypt to encrypt their wallets? I am currently doing this however I'd like to start using a Smart Card as the key to the TrueCrypt volume.

[index] [3393] [5397] [20522] [28126] [8529] [5501] [4798] [8426] [25417] [18674]

Bitcoin Mining Tools - 5 BTC Generate Information Video

It is recommended to generate a new Bitcoin Wallet Address everytime you want to receive Bitcoin. If you do not have a Bitcoin wallet, you may create Just With Email From Blockchain Or Coinbase . 2. Song death bed (coffee for your head) Artist Powfu; Licensed to YouTube by SME (on behalf of Columbia); UMPG Publishing, UNIAO BRASILEIRA DE EDITORAS DE MUSICA - UBEM, LatinAutor - SonyATV, ASCAP ... Top Bitcoin Core Dev Greg Maxwell DevCore: Must watch talk on mining, block size, and more - Duration: 55:04. The Bitcoin Foundation 19,796 views Setup Bitcoin Core Wallet, There are many different Bitcoin wallets for Linux, but one of the best wallets available to use is Bitcoin Core. One of the main reasons to go with it is that it’s ... Let's try to Bruteforce a bitcoin wallet with btcrecover or hashcat (non-spendable watch only) - Duration: ... Hak5 - Configuring an OpenSSH Server in Linux, Hak5 1109.3 - Duration: 22:12.

Flag Counter