https://en.bitcoin.it/w/api.php?action=feedcontributions&feedformat=atom&user=EorituzBitcoin Wiki - User contributions [en]2026-06-03T10:02:47ZUser contributionsMediaWiki 1.43.8https://en.bitcoin.it/w/index.php?title=Cold_storage&diff=43529Cold storage2013-12-31T12:53:00Z<p>Eorituz: </p>
<hr />
<div>'''Cold storage''' in the context of Bitcoin refers to keeping a reserve of Bitcoins offline.<br />
<br />
For example, a Bitcoin exchange typically offers an instant withdrawal feature, and might be a steward over hundreds of thousands of Bitcoins. To minimize the possibility that an intruder could steal the entire reserve in a security breach, the operator of the website follows a best practice by keeping the majority of the reserve in ''cold storage'', or in other words, not present on the web server or any other computer. The only amount kept on the server is the amount needed to cover anticipated withdrawals.<br />
<br />
Methods of cold storage include keeping bitcoins:<br />
* On a USB drive or other data storage medium in a safe place (e.g. safety deposit box, safe)<br />
* On a [[paper wallet]]<br />
* On a bearer item such as a [[physical bitcoin]].<br />
* Online, but on encrypted media where the encryption key is offline.<br />
* Use a offline Bitcoin [[Hardware wallet]] (So far only [http://www.pi-wallet.com/products/pi-wallet Pi-Wallet] is operational.)<br />
<br />
'''Deep cold storage''' refers to keeping a reserve of Bitcoins offline, using a method that makes retrieving coins from storage significantly more difficult than sending them there. This could be done for safety's sake, such as to prevent theft or robbery.<br />
<br />
Because Bitcoins can be sent to a wallet by anyone knowing the wallet address, it is trivial to put a wallet in cold storage but to keep a copy of the addresses needed to send funds to it.<br />
<br />
A simple example of deep cold storage is opening a safety deposit box and putting a USB stick containing an encrypted wallet file in it. The public (sending) addresses can be used any time to send additional bitcoins to the wallet, but spending the bitcoins would require physical access to the box (in addition to knowledge of the encryption password).<br />
<br />
Deep cold storage would typically be used for holding large amounts of bitcoins, or for a trustee holding bitcoins on behalf of others. In such a case, additional precautions should be taken beyond a simple example of a single safety deposit box.<br />
* The box could be accessed by bank or maintenance personnel, so the contents of the box alone should not be sufficient to access the wallet.<br />
* The box could be stolen or destroyed in a disaster, or the media could become unreadable, so the box should not contain the only copy of the wallet.<br />
* The trustee could die or become incapacitated. If access to the wallet or knowledge of its location is lost, or encryption passwords are lost, the bitcoins are gone forever. Provisions should be made so that the box can be accessed by someone else as appropriate, including any encryption passwords.<br />
<br />
== See also ==<br />
* [[How to import private keys]]<br />
* [[How to set up a secure offline savings wallet]]<br />
* [http://codinginmysleep.com/bitcoin-cold-storage-in-plain-english Bitcoin Cold Storage In Plain English] by David Perry<br />
* [https://blockchain.info/wallet/paper-tutorial Paper Wallet Tutorial] blockchain.info<br />
<br />
[[Category:Introduction]]<br />
[[Category:Security]]</div>Eorituzhttps://en.bitcoin.it/w/index.php?title=Cold_storage&diff=43528Cold storage2013-12-31T12:50:24Z<p>Eorituz: </p>
<hr />
<div>'''Cold storage''' in the context of Bitcoin refers to keeping a reserve of Bitcoins offline.<br />
<br />
For example, a Bitcoin exchange typically offers an instant withdrawal feature, and might be a steward over hundreds of thousands of Bitcoins. To minimize the possibility that an intruder could steal the entire reserve in a security breach, the operator of the website follows a best practice by keeping the majority of the reserve in ''cold storage'', or in other words, not present on the web server or any other computer. The only amount kept on the server is the amount needed to cover anticipated withdrawals.<br />
<br />
Methods of cold storage include keeping bitcoins:<br />
* On a USB drive or other data storage medium in a safe place (e.g. safety deposit box, safe)<br />
* On a [[paper wallet]]<br />
* On a bearer item such as a [[physical bitcoin]].<br />
* Online, but on encrypted media where the encryption key is offline.<br />
* Use a offline Bitcoin [[Hardware wallet]]<br />
<br />
'''Deep cold storage''' refers to keeping a reserve of Bitcoins offline, using a method that makes retrieving coins from storage significantly more difficult than sending them there. This could be done for safety's sake, such as to prevent theft or robbery.<br />
<br />
Because Bitcoins can be sent to a wallet by anyone knowing the wallet address, it is trivial to put a wallet in cold storage but to keep a copy of the addresses needed to send funds to it.<br />
<br />
A simple example of deep cold storage is opening a safety deposit box and putting a USB stick containing an encrypted wallet file in it. The public (sending) addresses can be used any time to send additional bitcoins to the wallet, but spending the bitcoins would require physical access to the box (in addition to knowledge of the encryption password).<br />
<br />
Deep cold storage would typically be used for holding large amounts of bitcoins, or for a trustee holding bitcoins on behalf of others. In such a case, additional precautions should be taken beyond a simple example of a single safety deposit box.<br />
* The box could be accessed by bank or maintenance personnel, so the contents of the box alone should not be sufficient to access the wallet.<br />
* The box could be stolen or destroyed in a disaster, or the media could become unreadable, so the box should not contain the only copy of the wallet.<br />
* The trustee could die or become incapacitated. If access to the wallet or knowledge of its location is lost, or encryption passwords are lost, the bitcoins are gone forever. Provisions should be made so that the box can be accessed by someone else as appropriate, including any encryption passwords.<br />
<br />
== See also ==<br />
* [[How to import private keys]]<br />
* [[How to set up a secure offline savings wallet]]<br />
* [http://codinginmysleep.com/bitcoin-cold-storage-in-plain-english Bitcoin Cold Storage In Plain English] by David Perry<br />
* [https://blockchain.info/wallet/paper-tutorial Paper Wallet Tutorial] blockchain.info<br />
<br />
[[Category:Introduction]]<br />
[[Category:Security]]</div>Eorituzhttps://en.bitcoin.it/w/index.php?title=Software&diff=43503Software2013-12-29T11:53:53Z<p>Eorituz: /* Bitcoin clients */</p>
<hr />
<div>List of Bitcoin-related '''software'''. See also [[:Category:Software|Category:Software]].<br />
<br />
Be sure to keep on top of the latest [[CVEs|security vulnerabilities]]!<br />
<br />
==Bitcoin clients==<br />
===Bitcoin clients===<br />
::''Main article and feature comparison: [[Clients]]''<br />
*[[Bitcoin-Qt]] - C++/Qt based tabbed UI. Linux/MacOSX/Windows. Full-featured [[Thin Client Security|thick client]] that downloads the entire [[block chain]], using code from the original Bitcoin client.<br />
*[[bitcoind]] - GUI-less version of the original Bitcoin client, providing a [[API reference (JSON-RPC)|JSON-RPC]] interface<br />
*[[MultiBit]] - lightweight [[Thin Client Security|thin client]] for Windows, MacOS and Linux with support for opening multiple wallets simultaneously<br />
*[[Electrum]] - a "blazing fast, open-source, multi-OS Bitcoin client/wallet with a very active community" - also a [[Thin Client Security|thin client]].<br />
*[[Bitcoin-js-remote]] - JavaScript RPC client, support for QR codes<br />
*[https://github.com/TheSeven/Bitcoin-WebUI Bitcoin WebUI] - JavaScript RPC client<br />
*[https://github.com/zamgo/bitcoin-webskin Bitcoin Webskin] - PHP web interface to bitcoind and namecoind<br />
*[https://bitcointalk.org/index.php?topic=50721.0 subvertx] - command line bitcoin tools<br />
*[[Bitcoiner]] - Java RPC client (Android)<br />
*[[Armory]] - Python-based client currently in beta-level<br />
*[[Spesmilo]] - Python/PySide RPC client (abandoned)<br />
*[[Gocoin]] - WebUI client written in Go language, with a cold deterministic brain-wallet.<br />
<br />
====Frontends to eWallet====<br />
*[[BitPay]] - Android application<br />
*[https://blockchain.info/wallet Blockchain] - Javascript bitcoin client with client side encryption.<br />
<br />
====Experimental====<br />
*[[Freecoin]] - C++ client, supports alternative currencies like [https://bitcointalk.org/index.php?topic=9493.0 Beertoken]<br />
*[[BitDroid]] - Java client<br />
*[[Bitdollar]] - C++/Qt client, unstable beta version<br />
<br />
===Libraries===<br />
*[https://bitcointalk.org/index.php?topic=30646.0 libbitcoin]<br />
*[[BitCoinJ]] - Java client library, early development stage but used in live projects already<br />
*[[BCCAPI]] (Bitcoin Client API) - a java library designed for making secure light-weight bitcoin clients.<br />
<br />
==Bitcoin Trade Data==<br />
*[[Bitcoin Charts]] – Prices, volume, and extensive charting on virtually all Bitcoin markets.<br />
*[[MtGox Live]] - An innovative chart showing a live feed of [[MtGox]] trades and market depth. (Must Use Chrome)<br />
*[http://btccharts.com BTCCharts] - An innovative chart showing a live feed of multiple markets, currencies and timeframes.<br />
*[http://MY-BTC.info MY-BTC.INFO] - A free profit/loss portfolio manager for Bitcoins and other digital currencies including many charts.<br />
*[http://BitcoinExchangeRate.org BitcoinExchangeRate.org] - Bitcoin and USD converter with convenient URL scheme and Auto-updating Portfolio Spreadsheet.<br />
*[[Bitcoin Sentiment Index]] - A financial index that collects and disseminates sentiment data about bitcoin.<br />
*[[Preev]] - Bitcoin converter with live exchange rates.<br />
*[[Skami]] - Bitcoin Market Exchange comparison charts.<br />
*[[BitcoinSentiment]] - Crowdvoting site offering means of voting and viewing voters sentiment towards bitcoin.<br />
*[[TradingView]] – network where traders exchange ideas about Bitcoin using advanced free online charts<br />
<br />
==Bitcoin software==<br />
<br />
===Web interfaces for merchants===<br />
*[[BTCMerch]] - Payment processor for bitcoins and other cryptocurrencies. 0.5% transaction fee. Sandbox is available.<br />
*[[BitMerch]] - Embeddable HTML buttons, instant sign-up, instant payouts, automatic price adjustment for other currencies. No programming skills required to set up.<br />
*[[Bitcoin Evolution]] - Non wallet-based Buy Now button to insert into websites (handles sales tracking; client must be used for actual transaction)<br />
*[[BitPay]] - Buy Now buttons, Checkout posts/callbacks, Mobile Checkout, JSON API<br />
*[[Btceconomy]] - a JavaScript widget listing items for sale<br />
*[[Javascript Bitcoin Converter]] - currency conversion<br />
*[[WalletBit]] - Easy JavaScript Buy Now buttons, Instant Payment Notification, Application Programming Interface (JSON API), Mobile Checkout, QR-Code<br />
* [https://PikaPay.com PikaPay] ([[PikaPay|info]]) Buy Now buttons, Twitter Integration, JSON API<br />
<br />
===Shopping Cart Integration in eCommerce-Systems===<br />
*[[Zen Cart Bitcoin Payment Module]] - a payment module that interacts with bitcoind for the Zen Cart eCommerce shopping chart.<br />
*[[Karsha Shopping Cart Interface]] - is a mobile payment-interface which enables its users to accept payments.<br />
*[[Bitcoin-Cash]] - an easy to use payment module for xt:Commerce<br />
*[[BitPay]] - bitcoin plugins for Magento, Opencart, Zencart, PHP, JSON API<br />
*[[WalletBit]] - Plugins for PrestaShop, OpenCart, PHP, JSON API<br />
*[[OpenCart Bitcoin]] - An OpenCart payment module that communicates with a bitcoin client using JSON RPC.<br />
*[[OsCommerce_Bitcoin_Payment_Module|OsCommerce Bitcoin Payment Module]] - a payment module that uses a python monitoring script to interact with bitcoind for OsCommerce<br />
* [http://drupal.org/project/uc_bitcoin Drupal Ubercart Bitcoin payment method] enables you to accept Bitcoin as payment for your Drupal/Ubercart enabled website product/services.<br />
<br />
=== Enterprise server ===<br />
*[http://bitsofproof.com Bits of Proof] - a modular enterprise-ready implementation of the Bitcoin protocol.<br />
<br />
===Web apps (opensource)===<br />
*[[Bitcoin Central]] - currency exchange<br />
*[[Bitcoin Poker Room]] - poker site<br />
*[[Abe]] - block chain viewer<br />
*[[Simplecoin]] - PHP web frontend for a pool<br />
*[[bitcoin_simple_php_tools]] simple php tools for webmasters<br />
<br />
===Browser extensions===<br />
*[[Bitcoin Extension]] - check balance and send bitcoins (Chrome)<br />
*[[Bitcoin Prices (extension)]] - monitoring price (Firefox)<br />
*[[Bitcoin Ticker]] - monitoring price (Chrome)<br />
*[[Biticker]] - Bitcoin ticker, currency converter and history price graph (Chrome)<br />
*[https://chrome.google.com/webstore/detail/bitcoin-microformats/bkanicejfbhlidgjkpenmddnacjengld?hl=en Bitcoin Microformats] Show bitcoin address metadata embedded in a page (Chrome)<br />
*[https://chrome.google.com/webstore/detail/bitcoin-address-lookup/pmlblkdmadbidammhjiponepngbfcpge?hl=en Bitcoin Address Lookup] Right click an address to view its value. (Chrome)<br />
<br />
===PC apps===<br />
*[https://sourceforge.net/projects/bitcointrader/ Qt Bitcoin Trader] - Open Source Mt.Gox, BTC-e, Bitstamp and BTCChina trading client for Windows, Mac OS X and Linux<br />
*[[http://www.mybtc-trader.com MyBTC-Trader.com]] - a MtGox Bitcoin trading client for windows with GUI<br />
*[[Mining Explorer]] - monitoring tool for bitcoin mining<br />
*[[Bitcoin SMS Alert]] - sends SMS text alerts to a user's phone based on BTC price / percent thresholds.<br />
*[[BTConvert]] - currency conversion<br />
*[[Sierra Chart MtGox Bridge]] - real-time charting<br />
*[[BitTicker]] - monitoring price (Mac OS X)<br />
*[[ToyTrader]] - a command line trading tool for [[MtGox]]<br />
*[[goxsh]] - a command-line frontend to the [[MtGox|Mt. Gox Bitcoin Exchange]] (Python)<br />
*[[MyBitcoins gadget]] - monitoring pool earnings / price (Windows gadget)<br />
*[[Bitcoin QR Popup]] - streamlined interface to bitcoin for POS systems (Windows)<br />
*[http://gnome-help.org/content/show.php/Bitcoin+Rate?content=138572 Bitcoin Rate] - Desktop widget with BTC exchange rate (KDE)<br />
*[http://kde-apps.org/content/show.php?content=142344 Bitcoin Monitor] - Desktop widget to monitor status of your Bitcoin miners on mining pools (KDE)<br />
<br />
===Mobile apps===<br />
==== iPhone / iPad ====<br />
*[https://blockchain.info/wallet/iphone-app Blockchain] - Fully featured iphone bitcoin app.<br />
*[[Bitcoin Ticker (iPhone)]] - monitoring price w/push notifications<br />
*[[BitCoins Mobile]] - First iPad native app! Live market data, news feeds, mining pool statistics, full screen exchange price charts, bitcoin network statistical charts. (iPad only, iPhone/iPod Touch coming soon!)<br />
*[https://github.com/teeman/BitcoinTrader BitcoinTrader] - Spend/receive BTC via QR codes, trade, deposit/withdraw, etc. Supports Mt. Gox, TradeHill, ExchB, CampBX, and InstaWallet.<br />
*[[Bit-pay]] - Mobile Checkout, set prices in any currency and receive mobile-to-mobile payment<br />
*[[Easywallet.org]] - Web based wallet, works with QR Code scanner on iPhone/iPad/iPod touch<br />
*[https://itunes.apple.com/us/app/btc-miner/id648411895?ls=1&mt=8 BTC Miner (iPhone)] - monitor mining results from various mining pools on iPhone/iPad/iPod touch<br />
*[[BitTick]] - Real-time Bitcoin ticker. Real-time currency convert(support 50+ currency. USD, GBP, EUR, CNY, JPY, CAD, RUB, AUD, BRL, NZD, PLN, KRW…) <br />
<br />
==== Android ====<br />
* Direct link to Android Market bitcoin apps. https://play.google.com/store/search?q=bitcoin<br />
*[[BitCare]] - Track bitcoin wallet balance, trade on Mt.Gox, monitor mining pool hashrate, balance, worker status. <br />
*[[Bitcoin Alert]] - monitoring price (Android)<br />
*[[Bitcoin-android]] - Does not appear to be being maitained anymore. https://market.android.com/details?id=com.bitcoinandroid<br />
*[[Bitcoin Wallet Balance]] - view your balance in real time on your android phone<br />
*[[Bitcoin Wallet]] - This is the most functional Android bitcoin wallet application. https://market.android.com/details?id=de.schildbach.wallet<br />
*[[BitcoinSpinner]] - Single address, easy to use, lightweight and open source client. Keys stored on device.<br />
*[[BitcoinX]] - monitoring price (Android)<br />
*[[BitPay]] - https://market.android.com/details?id=com.bitcoin.bitpay (Is not related to the bit-pay.com online payment processor.)<br />
*[[Bridgewalker]] - euro-denominated wallet for the Bitcoin economy<br />
*[https://blockchain.info/wallet/android-app Blockchain] - Lightweight Android Bitcoin Client - Also works with blockchain.info web interface and iphone app.<br />
*[[http://coincliff.com CoinCliff]] - Monitors price and fires alarms to wake you up, or notifications, as in text messages (Android)<br />
*[[Easywallet.org]] - Web based wallet, works with QR Code scanner on Android devices<br />
*[[Miner Status]] - monitoring miner status (Android)<br />
*[[SMS Bitcoins]] - transactions by SMS<br />
<br />
==== Windows Phone 7 ====<br />
*Direct link to Windows Phone Marketplace Bitcoin apps: [http://www.windowsphone.com/en-us/store/search?q=bitcoin]<br />
<br />
==== Windows Phone 8 ====<br />
*[[Bitcoin Can]] - Monitoring prices, account balances and mobile trading on multiple exchanges including MtGox and CampBX. http://www.windowsphone.com/en-us/store/app/bitcoin-can/57fcf4d6-497a-4663-8da3-93cb26c83b11<br />
<br />
see also [[Bitcoin Payment Apps]]<br />
<br />
===Operating systems===<br />
*[[MinePeon]] - Bitcoin mining on the Raspberry PI<br />
*BAMT - a minimal Linux based OS intended for headless mining. Initially announced [https://bitcointalk.org/index.php?topic=65915.0 here] (not maintained)<br />
*[[LinuxCoin]] - a lightweight Debian-based OS, with the Bitcoin client and GPU mining software (not maintained)<br />
<br />
===Mining apps===<br />
Main page: [[Mining software]]<br />
*[[50Miner]] - A GUI frontend for Windows(Poclbm, Phoenix, DiabloMiner, cgminer)<br />
*[[BFGMiner]] - Modular ASIC/FPGA/GPU miner in C<br />
*[http://www.groupfabric.com/bitcoin-miner/ Bitcoin Miner by GroupFabric] - Free easy-to-use DirectX GPU miner on the Windows Store<br />
*[[BTCMiner]] - Bitcoin Miner for ZTEX FPGA Boards<br />
*[[Bit Moose]] - Run Miners as a Windows Service.<br />
*[[Poclbm]] - Python/OpenCL GPU miner ([[Poclbm-gui|GUI(Windows & MacOS X)]])<br />
*[[CGMiner]] - ASIC/FPGA/GPU miner in C<br />
*[[Poclbm-mod]] - more efficient version of [[Poclbm]] ([[Poclbm-mod-gui|GUI]])<br />
*[[DiabloMiner]] - Java/OpenCL GPU miner ([[DiabloMiner.app|MAC OS X GUI]])<br />
*[[RPC Miner]] - remote RPC miner ([[RPCminer.app|MAC OS X GUI]])<br />
*[[Phoenix miner]] - miner<br />
*[[Cpu Miner]] - miner<br />
*[[Ufasoft miner]] - miner<br />
*[[Pyminer]] - Python miner, reference implementation<br />
*[[Remote miner]] - mining pool software<br />
*[[Open Source FGPA Bitcoin Miner]] - a miner that makes use of an FPGA Board<br />
*[https://github.com/mkburza/Flash-Player-Bitcoin-Miner Flash Player Bitcoin Miner] - A proof of concept Adobe Flash Player miner<br />
*[http://fabulouspanda.co.uk/macminer/ MacMiner] - A native Mac OS X Bitcoin/Litecoin miner based on cgminer, bfgminer, cpuminer and poclbm<br />
*[[Asteroid]] - Mac-specific GUI based on cgminer<br />
*[[MultiMiner]] - GUI based on cgminer/bfgminer for Windows, OS X and Linux, allows switching between currencies based on profitability<br />
<br />
===Mining Pool Servers (backend)===<br />
Main page: [[Poolservers]]<br />
<br />
*[[ecoinpool]] - Erlang poolserver (not maintained)<br />
*[[Eloipool]] - Fast Python3 poolserver<br />
*[[Pushpoold]] - Old mining poolserver in C (not maintained)<br />
*[[Poold]] - Old Python mining poolserver (not maintained)<br />
*[[PoolServerJ]] - Java mining poolserver (not maintained)<br />
<br />
===Utilities, libraries, and interfaces:===<br />
*[[BitcoinCrypto]] - a lightweight Bitcoin crypto library for Java/Android<br />
*[[Bitcoin Dissector]] - a wireshark dissector for the bitcoin protocol<br />
*[[Bitcointools]] - a set of Python tools accessing the transaction database and the wallet<br />
*[[Finance::MtGox]] - a Perl module which interfaces with the Mt. Gox API<br />
*[[libblkmaker]] - C library implementation of [[getblocktemplate]] decentralized mining protocol<br />
*[[python-blkmaker]] - Python module implementation of [[getblocktemplate]] decentralized mining protocol<br />
<br />
===Lists of software===<br />
*[[BitGit]] - list of Bitcoin-related opensource projects hosted at Git<br />
<br />
===Developer resources===<br />
*[[:Category:Developer|Category:Developer]]<br />
*[[:Category:Technical|Category:Technical]]<br />
*[[Original Bitcoin client/API calls list]]<br />
*[[API reference (JSON-RPC)]]<br />
*[[PHP_developer_intro|PHP Developer Introduction]]<br />
<br />
===Other===<br />
*[[Namecoin]] - a distributed naming system based on Bitcoin technology<br />
*[[Bitcoin Consultancy]] - an organization providing open source software and Bitcoin-related consulting<br />
*[[Open Transactions]] - a financial crypto and digital cash software library, complementary to Bitcoin<br />
*[[Moneychanger]] - Java-based GUI for [[Open Transactions]]<br />
*[http://btcnames.org/ BTCnames] - a webbased aliasing service which allows to handle unlimited names for your BTC deposit hashes<br />
*[[Devcoin]] - the open source developer coin<br />
<br />
[[Category:Software|*]]</div>Eorituzhttps://en.bitcoin.it/w/index.php?title=Securing_your_wallet&diff=43459Securing your wallet2013-12-27T10:10:33Z<p>Eorituz: /* Hardware wallets */</p>
<hr />
<div>==Introduction==<br />
<br />
Wallet security can be broken down into two independent goals:<br />
# Protecting your wallet against loss.<br />
# Protecting your wallet against theft.<br />
<br />
In the case that your current wallet hasn't been protected adequately (e.g. put online with a weaker password):<br />
# Making a new secure wallet, using appropriate long-term protection.<br />
<br />
''For a brief overview see also: [[Wallet Security Dos and Don'ts|Wallet Security Dos and Don'ts]]''<br />
<br />
==Paper Wallets==<br />
[[Paper wallet]]s are a fairly simple way to store your bitcoins independent of a computer. When generated securely and stored on paper, or other offline storage media, a paper wallet decreases the chances of your bitcoins being stolen by hackers, or computer viruses.<br />
<br />
With each entry on a paper wallet, you are securing a sequence of secret numbers that is used to prove your right to spend the bitcoins assigned to one of your addresses. This secret number, called a [[private key]], is most commonly written as a sequence of fifty-one alphanumeric characters, beginning with a '5'.<br />
<br />
One way you can create a paper wallet is by visiting the [[BitAddress|BitAddress.org]] or [[BitcoinPaperWallet|BitcoinPaperWallet.com]] websites. These websites feature a free client-side paper wallet generator written in JavaScript. The HTML for either of these generators can be downloaded from GitHub and used on an offline computer. Using either of these generators online by directly connecting to their websites is relatively safe for storing smaller amounts of bitcoin, but extra precautions should be taken to ensure that keys are not compromised by spyware that may be monitoring browser activity. Blockchain.info offers a [https://blockchain.info/wallet/paper-tutorial tutorial on how to generate a paper wallet] with an online component so you can check your balance easily.<br />
<br />
To generate a safer paper wallet, first save the paper wallet generating code to a newly-formatted USB stick. Then "clean-boot" your computer with a bootable CD (such as a Linux Live CD) ''while disconnected from the Internet''. Disconnecting from the Internet guarantees that that the paper wallet generator is truly self-contained and isn't communicating with an online service. Then insert the USB stick and open the wallet generator's HTML file from the web browser. Print your paper wallets or store them on external media (do not save them on the computer), and then shut down the computer. You may need to load an appropriate printer driver in order to print while booted from the live CD.<br />
<br />
A paper wallet includes at least one public bitcoin address and its corresponding private key. You can send bitcoins to the public address and they will be inaccessible until the private key is imported into a wallet. As of version 0.6.0, the bitcoin QT software has a command line feature called "importprivkey" that can load private keys. Online exchanges and wallets such as [[MtGox]], CoinBase and Blockchain.info have features for importing (or "sweeping") private keys as well.<br />
<br />
Remember, spyware and viruses often attempt to monitor your computer activities so that their authors can steal from you. They are interested in passwords to online accounts, and anything of value. Bitcoin wallets and private keys are something of value that have already been targeted by malware. Paper wallets isolate you from much of this risk.<br />
<br />
If your computer is infected with spyware or viruses - even if there are no symptoms, or your antivirus isn't reporting anything - then anything you type, view, or save on your computer, could potentially be stolen by someone remotely controlling your computer. Your private key can then be intercepted while you enter it, so only enter a Bitcoin private key into your computer when your intent is to redeem its value ''immediately''.<br />
<br />
== Hardware wallets ==<br />
[[Hardware wallet]]s are a major effort to provide a good combination of enhanced security and usability.<br />
<br />
So far only [http://www.pi-wallet.com/ Pi Wallet] is operational.<br />
<br />
==Importance of security updates==<br />
<br />
No software is perfect, and from time to time there may be security vulnerabilities found in your Bitcoin client as well.<br />
Be sure you keep your client updated with the latest bug fixes, especially when a new vulnerability is discovered.<br />
We maintain a [[CVEs|list a known vulnerabilities]] on this wiki - you can watch that page to get updates.<br />
Note that you ''don't'' need to be running the latest major client version: some clients, including the popular Bitcoin-Qt, have older versions available with bugfix-only updates.<br />
<br />
==Securing the Bitcoin-QT or bitcoind wallet==<br />
<br />
Bitcoin transactions send Bitcoins to a specific public key. A Bitcoin address is an encoded hash of a public key. In order to use received Bitcoins, you need to have the private key matching the public key you received with. This is sort of like a super long password associated with an account (the account is the public key). Your Bitcoin wallet contains all of the private keys necessary for spending your received transactions. If you delete your wallet without a backup, then you no longer have the authorization information necessary to claim your coins, and the coins associated with those keys are lost forever.<br />
<br />
The wallet contains a pool of queued keys. By default there are 100 keys in the [[key pool]]. The size of the pool is configurable using the "-keypool" command line argument. When you need an address for whatever reason (send, “new address”, generation, etc.), the key is not actually generated freshly, but taken from this pool. A brand new address is generated to fill the pool back to 100. So when a backup is first created, it has all of your old keys plus 100 unused keys. After sending a transaction, it has 99 unused keys. After a total of 100 new-key actions, you will start using keys that are not in your backup. Since the backup does not have the private keys necessary for authorizing spends of these coins, restoring from the old backup will cause you to lose Bitcoins.<br />
<br />
Creating a new address generates a new pair of public and private keys, which are added to your wallet. Each keypair is mostly random numbers, so they cannot be known prior to generation. If you backup your wallet and then create more than 100 new addresses, the keypair associated with the newest addresses will not be in the old wallet because the new keypairs are only known after creating them. Any coins received at these addresses will be lost if you restore from the backup.<br />
<br />
The situation is made somewhat more confusing because the receiving addresses shown in the UI are not the only keys in your wallet. Each Bitcoin generation is given a new public key, and, more importantly, each sent transaction also sends some number of Bitcoins back to yourself at a new key. When sending Bitcoins to anyone, you generate a new keypair for yourself and simultaneously send Bitcoins to your new public key and the actual recipient's public key. This is an anonymity feature – it makes tracking Bitcoin transactions much more difficult.<br />
<br />
So if you create a backup, do more than 100 things that cause a new key to be used, and then restore from the backup, some Bitcoins will be lost. Bitcoin has not deleted any keys (keys are never deleted) – it has created a new key that is not in your old backup and then sent Bitcoins to it.<br />
<br />
== Making a new wallet ==<br />
<br />
If a wallet or an encrypted wallet's password has been compromised, it is wise to create a new wallet and transfer the full balance of bitcoins to addresses contained only in the newly created wallet. Examples of ways a wallet may be compromised are through password re-use, minimal strength passwords, computer hack or virus attack.<br />
<br />
There are a number of ways to create a new wallet with Bitcoin-QT or bitcoind but this is a process that has been tested with bitcoind 0.6.3. We use the copy command to minimize the chance of any data loss but you are warned to make backups of any wallet.dat that holds a balance for you.<br />
<br />
:1. Shut down the Bitcoin program.<br />
:2. Find and make a backup of the "compromised" wallet.dat file and rename it, perhaps adding a short description:<br />
:::wallet.dat -> wallet-compromised.dat<br />
:Depending on your OS, the wallet file will be located at:<br />
:::Windows: %APPDATA%\Bitcoin\<br />
:::Linux: ~/.bitcoin/<br />
:::Mac: ~/Library/Application Support/Bitcoin/<br />
:3. Start the Bitcoin program and it will create a new wallet.dat. You may then encrypt the wallet as desired and make a new backup.<br />
:4. Once you've made a new wallet, you can obtain one or more addresses and copy them into a text editor. After obtaining the new address(es), shut down the Bitcoin program, make a backup of the new wallet.dat file and copy it to a new file named wallet-new.dat.<br />
:5. Copy the wallet-compromised.dat file back to wallet.dat, start the Bitcoin program and transfer your balance to the new address(es) you put in your text editor. Once the balance is back to 0 for your compromised wallet, you may want to wait a couple minutes or for a confirmation or check block explorer to be sure the transactions have been broadcasted. Then you may shut down the Bitcoin program.<br />
:6. Rename wallet.dat to wallet-compromised.dat. <br />
:7. Rename wallet-new.dat to wallet.dat.<br />
<br />
You should now have a new wallet with all the bitcoins from the old wallet.<br />
<br />
==Making a secure workspace==<br />
<br />
If you are using your computer to handle bitcoins, a wallet, Bitcoin-related passwords, or Bitcoin private keys, you must take care that the system is free of malware, viruses, keyloggers, remote access tools, and other tools that may be used to make remote copies of any of the above. In the case that your computer is compromised, the precautions taken below may provide additional protection.<br />
<br />
===Debian-based Linux===<br />
<br />
The first step is to make a [http://www.howtogeek.com/howto/ubuntu/add-a-user-on-ubuntu-server/ new user]. In order for that new user to have an encrypted home directory, you'll first need the encryption utility. Run:<br />
<br />
<code>sudo apt-get install ecryptfs-utils</code><br />
<br />
Now you're ready to create a new user<br />
<br />
<code>sudo adduser --encrypt-home new_user_name</code><br />
<br />
You'll need to come up with a [[#Choosing_A_Strong_Password|secure]] new password for that user.<br />
<br />
When you get to the prompt 'Enter the new value, or press ENTER for the default', just keep hitting ENTER.<br />
<br />
Then switch user to the new user. To get to the new user you can use the switch user icon for your system, which on Ubuntu is in the 'System/Quit' screen, or if there is no switch icon on your system you can log out and log back in as the new user.<br />
<br />
Since the home folder of this user is encrypted, if you're not logged in as that user, data that is saved there can't be browsed, even by a root user. If something goes wrong with your system, and you need to decrypt the new user's files, you'll need its decryption key.<br />
<br />
<code>ecryptfs-unwrap-passphrase</code><br />
<br />
It will ask you for your user's password and give you the decryption key. '''WRITE DOWN OR SAVE THE CODE IT RETURNS''' because you will need it if you ever have to pull your data off while the OS is not working. (You can run it again later if you need to, but run it now so that you can get your data if your Linux install gets botched.)<br />
<br />
The encrypted folder data is not encrypted while it's in memory, and so if it's ever sent to the swap partition it can be stolen from there unless that too is encrypted - be aware that this will mean you cannot use Hibernate anymore, as the bootloader won't be able to restore the hibernation data.<br />
<br />
<code>ecryptfs-setup-swap</code><br />
<br />
Then click on a folder in the new user to display the file browser, then keep going up folders until you see the new user home directory, then right click to bring up the Properties dialog, then click on the Permissions tab, then in the Others section, set the folder access to None.<br />
<br />
For secure browsing, open Firefox, and then go into the Edit menu and click Preferences. Starting from the left, click on the General tab, and in the 'Startup/When Firefox starts' pop up menu, choose 'Show a Blank Page'. Then click on the Content tab, and deselect 'Load images automatically' and deselect 'Enable JavaScript'. Then click on the Privacy tab, and in the 'History/Firefox will' pop up menu, choose 'Never remember history'. Then click on the Security tab, and in the Passwords section, deselect 'Remember passwords for sites' and deselect 'Use a master password'. Then click on the Advanced tab, then click on the Update tab, and then in the 'Automatically check for updates to' section, deselect 'Add-ons' and 'Search Engines'.<br />
<br />
When JavaScript is disabled, the [http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.23/bitcoin-0.3.23-linux.tar.gz/download Linux download page] will not download automatically, so you'll have to click on the 'direct link' part of the "Problems with the download? Please use this 'direct link' or try another mirror." line.<br />
<br />
===Mac===<br />
This solution '''does not scale'''; the amount of needed space can grow beyond the image size.<br />
<br />
===Windows===<br />
<br />
Due to the frequency with which Windows computers are compromised, it is advised to encrypt your wallet or to keep your wallet on an encrypted disk image created by third-party software, such as [http://www.truecrypt.org/ TrueCrypt] (open source) or [http://www.jetico.com/encryption-bestcrypt/ Jetico BestCrypt] (commercial). This also applies to the storage of passwords, private keys and other data that can be used to access any of your Bitcoin balances.<br />
<br />
Assuming that you have installed the Windows Bitcoin client and run it at least once, the process is described below.<br />
<br />
<p><b>To mount the Bitcoin data directory on an encrypted drive</b></p><br />
<ol start=1 type=1><br />
<li>Use the third-party disk image encryption program of your choice to create and mount an encrypted disk image of at least 5GB in size. This procedure stores the entire block chain database with the wallet.dat file so the required size of the encrypted disk image required may grow in the future.</li><br />
<li>Locate the Bitcoin data directory, and copy the directory with all contents to the encrypted drive.<br />
<p>For help finding this directory, see <b>[[Securing_your_wallet#Locating_Bitcoin_s_data_directory|Locating Bitcoin's Data Directory]]</b>.</p></li><br />
<li>Create a Windows shortcut that starts Bitcoin with the <code>-datadir</code> parameter and specifies the encrypted drive and directory.<br />
<p>For example, if you installed Bitcoin in the default directory, mounted your Bitcoin encrypted drive as <code>E:\</code>, and stored your Bitcoin data directory on it as <code>Bitcoin</code>, you would type the following command as the shortcut Target:</p><br />
<blockquote><code>C:\Program Files\Bitcoin\bitcoin.exe -datadir=E:\Bitcoin</code></blockquote></li><br />
<li>Open Bitcoin's settings and configure it <b>NOT</b> to start automatically when you start Windows.<br />
<p>This is to allow you to mount the Bitcoin encrypted disk image before starting Bitcoin.</p></li><br />
<li>Shut down Bitcoin, and then restart it from the new shortcut.</li><br />
</ol><br />
<br />
After doing this, any time you want to use Bitcoin, you must first mount the Bitcoin encrypted disk image using the same drive designation, and then run Bitcoin from the shortcut that you created, so that it can find its data and your wallet.<br />
<br />
<br />
=== General Solutions ===<br />
<br />
Your wallet.dat file is not encrypted by the Bitcoin program by default but the most current release of the Bitcoin client provides a method to encrypt with a passphrase the private keys stored in the wallet. Anyone who can access an unencrypted wallet can easily steal all of your coins. Use one of these encryption programs if there is any chance someone might gain access to your wallet.<br />
* [http://www.7-zip.org/ 7-zip] - Supports strongly-encrypted archives.<br />
* [http://www.axantum.com/axcrypt/ AxCrypt by Axantum]<br />
* [http://lrzip.kolivas.org lrzip] - Compression software for Linux and OSX that supports very high grade password protected encryption<br />
* [http://www.truecrypt.org/ TrueCrypt] - Volume-based on-the-fly encryption (for advanced users)<br />
<br />
There is also a list of [[OpenSourceEncryptionSoftware|open source encryption software.]]<br />
<br />
Decrypting and encrypting the wallet.dat every time you start or quit the Bitcoin client can be ''tedious'' (and outright error-prone). If you want to keep your wallet encrypted (except while you're actually running the Bitcoin client), it's better to relegate the automation to a [http://lorelei.kaverit.org/bitcoin.sh small shell script] that handles the en/decryption and starting up Bitcoin client for you (Linux and OSX). <br />
<br />
There is also a method to print out and encrypt your wallet.dat as a special, scannable code. See details here: [[WalletPaperbackup]]<br />
<br />
==== Password Strength ====<br />
Brute-force password cracking has come a long way. A password including capitals, numbers, and special characters with a length of 8 characters can be trivially solved now (using appropriate hardware). The recommended length is '''at least''' 12 characters long. You can also use a multi-word password and there are techniques to increase the strength of your passwords without sacrificing usability. [http://www.baekdal.com/tips/password-security-usability The Usability of Passwords] <br />
<br />
However, simply using dictionary words is also insecure as it opens you up to a dictionary attack. If you use dictionary words, be sure to include random symbols and numbers in the mix as well.<br />
<br />
If you use keyfiles in addition to a password, it is unlikely that your encrypted file can ever be cracked using brute-force methods, even when even a 12 character password might be too short.<br />
<br />
Assume that any encrypted files you store online (eg. Gmail, Dropbox) will be stored somewhere forever and can never be erased.<br />
<br />
===== Choosing A Strong Password =====<br />
Make sure you pick at least one character in each group:<br /><br />
<br />
Lowercase: abcdefghijklmnopqrstuvwxyz<br />
Uppercase: ABCDEFGHIJKLMNOPQRSTUVWXYZ<br />
Number: 1234567890<br />
Symbol: `~!@#$%^&*()-_=+\|[{]};:'",<.>/? (space)<br />
<br />
<9 char = unsuitable for use<br />
09 char = insecure<br />
10 char = low security<br />
11 char = medium security<br />
12 char = good security (good enough for your wallet)<br />
13 char = very good, enough for anything.<br />
<br />
You might want to read [http://security.stackexchange.com/questions/662/what-is-your-way-to-create-good-passwords-that-can-actually-be-remembered What is your way to create good passwords that can actually be remembered?] and [http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase XKCD #936: Short complex password, or long dictionary passphrase?]<br />
<br />
== Backing up your wallet ==<br />
See [[Backingup_your_wallet|Backing up your wallet]].<br />
<br />
==Erasing Plain-text Wallets==<br />
<br />
In most operating systems, including Windows, Linux, and Mac OS X, simply deleting a wallet.dat file will ''not'' generally destroy it. It is likely that advanced tools can still be used to recover the wallet.dat file, even after it has been deleted.<br />
<br />
The Linux '''shred''' command can be used to overwrite the wallet file with random data prior to deleting; this particular copy of the file will then be practically impossible to recover. Using shred (and similar tools on Windows) however does not guarantee that still other copies don't exist somewhere hidden on your HD. That will depend on your system configuration and what packages you have installed. Some system restore and backup tools, for instance, create periodic snapshots of your filesystem, duplicating your wallet.dat.<br />
<br />
In Mac OS, the equivalent of '''shred''' is '''srm''' (introduced in Leopard). Using the Finder to remove files, clicking "Secure Empty Trash" in the Finder menu will shred the contents of the trash can. As with any OS this doesn't guarantee that there are not other copies elsewhere on your system.<br />
<br />
For Windows, the built-in command ''cipher /W'' will shred all previously-deleted files. [http://www.cylog.org/utilities/cybershredder.jsp CyberShredder] can securely deleted individual files.<br />
<br />
==Online and Mobile Wallets==<br />
<br />
Thus far, this article has been discussing the security of a wallet file for Bitcoin-QT or bitcoind that is under your sole control. Additional wallets applications and services have become available that offer other features and more convenience but not without introducing additional risk. When storing bitcoins with an [[eWallet]] such as Instawallet or Easywallet, you are essentially storing your private keys or wallet with that provider. <br />
<br />
Online wallets have a number of pros and cons to consider. For example, you can access your wallet on any computer in the world, but depending on the service, your bitcoins may be lost if the service is compromised. <br />
<br />
Mobile wallet applications are available for Android devices that allow you to send bitcoins by QR code or NFC, but this opens up the possibility of loss if mobile device is compromised. It may be possible to encrypt and backup the wallet or private keys on a mobile device but it is not advisable to store a large amount of bitcoins there without doing your own research and testing.<br />
<br />
==See Also==<br />
<br />
* [[Data directory]]<br />
* [[How to import private keys]]<br />
* [http://startbitcoin.com/how-to-create-a-secure-bitcoin-wallet/ Secure Bitcoin Wallet Tutorial]<br />
* [[How to set up a secure offline savings wallet]]<br />
* [http://arimaa.com/bitcoin/ Bitcoin Gateway - A Peer-to-peer Bitcoin Vault and Payment Network]<br />
* [http://blog.cyplo.net/2012/04/01/bitcoin-wallet-recovery-photorec/ Find lost wallet eg. after disk format, using Photorec]<br />
<br />
[[Category:Security]]<br />
<br />
[[de:Sichere deine Geldbörse]]<br />
[[ru:Bitcoin и безопасность]]<br />
[[es:Cómo asegurar su monedero]]<br />
[[zh-cn:保护你的钱包]]</div>Eorituzhttps://en.bitcoin.it/w/index.php?title=Securing_your_wallet&diff=43378Securing your wallet2013-12-23T10:37:30Z<p>Eorituz: /* Hardware wallets */</p>
<hr />
<div>==Introduction==<br />
<br />
Wallet security can be broken down into two independent goals:<br />
# Protecting your wallet against loss.<br />
# Protecting your wallet against theft.<br />
<br />
In the case that your current wallet hasn't been protected adequately (e.g. put online with a weaker password):<br />
# Making a new secure wallet, using appropriate long-term protection.<br />
<br />
''For a brief overview see also: [[Wallet Security Dos and Don'ts|Wallet Security Dos and Don'ts]]''<br />
<br />
==Paper Wallets==<br />
[[Paper wallet]]s are a fairly simple way to store your bitcoins independent of a computer. When generated securely and stored on paper, or other offline storage media, a paper wallet decreases the chances of your bitcoins being stolen by hackers, or computer viruses.<br />
<br />
With each entry on a paper wallet, you are securing a sequence of secret numbers that is used to prove your right to spend the bitcoins assigned to one of your addresses. This secret number, called a [[private key]], is most commonly written as a sequence of fifty-one alphanumeric characters, beginning with a '5'.<br />
<br />
One way you can create a paper wallet is by visiting the [[BitAddress|BitAddress.org]] or [[BitcoinPaperWallet|BitcoinPaperWallet.com]] websites. These websites feature a free client-side paper wallet generator written in JavaScript. The HTML for either of these generators can be downloaded from GitHub and used on an offline computer. Using either of these generators online by directly connecting to their websites is relatively safe for storing smaller amounts of bitcoin, but extra precautions should be taken to ensure that keys are not compromised by spyware that may be monitoring browser activity. Blockchain.info offers a [https://blockchain.info/wallet/paper-tutorial tutorial on how to generate a paper wallet] with an online component so you can check your balance easily.<br />
<br />
To generate a safer paper wallet, first save the paper wallet generating code to a newly-formatted USB stick. Then "clean-boot" your computer with a bootable CD (such as a Linux Live CD) ''while disconnected from the Internet''. Disconnecting from the Internet guarantees that that the paper wallet generator is truly self-contained and isn't communicating with an online service. Then insert the USB stick and open the wallet generator's HTML file from the web browser. Print your paper wallets or store them on external media (do not save them on the computer), and then shut down the computer. You may need to load an appropriate printer driver in order to print while booted from the live CD.<br />
<br />
A paper wallet includes at least one public bitcoin address and its corresponding private key. You can send bitcoins to the public address and they will be inaccessible until the private key is imported into a wallet. As of version 0.6.0, the bitcoin QT software has a command line feature called "importprivkey" that can load private keys. Online exchanges and wallets such as [[MtGox]], CoinBase and Blockchain.info have features for importing (or "sweeping") private keys as well.<br />
<br />
Remember, spyware and viruses often attempt to monitor your computer activities so that their authors can steal from you. They are interested in passwords to online accounts, and anything of value. Bitcoin wallets and private keys are something of value that have already been targeted by malware. Paper wallets isolate you from much of this risk.<br />
<br />
If your computer is infected with spyware or viruses - even if there are no symptoms, or your antivirus isn't reporting anything - then anything you type, view, or save on your computer, could potentially be stolen by someone remotely controlling your computer. Your private key can then be intercepted while you enter it, so only enter a Bitcoin private key into your computer when your intent is to redeem its value ''immediately''.<br />
<br />
== Hardware wallets ==<br />
[[Hardware wallet]]s are a major effort to provide a good combination of enhanced security and usability.<br />
<br />
So far there is only [http://www.pi-wallet.com/ Pi Wallet] operational.<br />
<br />
==Importance of security updates==<br />
<br />
No software is perfect, and from time to time there may be security vulnerabilities found in your Bitcoin client as well.<br />
Be sure you keep your client updated with the latest bug fixes, especially when a new vulnerability is discovered.<br />
We maintain a [[CVEs|list a known vulnerabilities]] on this wiki - you can watch that page to get updates.<br />
Note that you ''don't'' need to be running the latest major client version: some clients, including the popular Bitcoin-Qt, have older versions available with bugfix-only updates.<br />
<br />
==Securing the Bitcoin-QT or bitcoind wallet==<br />
<br />
Bitcoin transactions send Bitcoins to a specific public key. A Bitcoin address is an encoded hash of a public key. In order to use received Bitcoins, you need to have the private key matching the public key you received with. This is sort of like a super long password associated with an account (the account is the public key). Your Bitcoin wallet contains all of the private keys necessary for spending your received transactions. If you delete your wallet without a backup, then you no longer have the authorization information necessary to claim your coins, and the coins associated with those keys are lost forever.<br />
<br />
The wallet contains a pool of queued keys. By default there are 100 keys in the [[key pool]]. The size of the pool is configurable using the "-keypool" command line argument. When you need an address for whatever reason (send, “new address”, generation, etc.), the key is not actually generated freshly, but taken from this pool. A brand new address is generated to fill the pool back to 100. So when a backup is first created, it has all of your old keys plus 100 unused keys. After sending a transaction, it has 99 unused keys. After a total of 100 new-key actions, you will start using keys that are not in your backup. Since the backup does not have the private keys necessary for authorizing spends of these coins, restoring from the old backup will cause you to lose Bitcoins.<br />
<br />
Creating a new address generates a new pair of public and private keys, which are added to your wallet. Each keypair is mostly random numbers, so they cannot be known prior to generation. If you backup your wallet and then create more than 100 new addresses, the keypair associated with the newest addresses will not be in the old wallet because the new keypairs are only known after creating them. Any coins received at these addresses will be lost if you restore from the backup.<br />
<br />
The situation is made somewhat more confusing because the receiving addresses shown in the UI are not the only keys in your wallet. Each Bitcoin generation is given a new public key, and, more importantly, each sent transaction also sends some number of Bitcoins back to yourself at a new key. When sending Bitcoins to anyone, you generate a new keypair for yourself and simultaneously send Bitcoins to your new public key and the actual recipient's public key. This is an anonymity feature – it makes tracking Bitcoin transactions much more difficult.<br />
<br />
So if you create a backup, do more than 100 things that cause a new key to be used, and then restore from the backup, some Bitcoins will be lost. Bitcoin has not deleted any keys (keys are never deleted) – it has created a new key that is not in your old backup and then sent Bitcoins to it.<br />
<br />
== Making a new wallet ==<br />
<br />
If a wallet or an encrypted wallet's password has been compromised, it is wise to create a new wallet and transfer the full balance of bitcoins to addresses contained only in the newly created wallet. Examples of ways a wallet may be compromised are through password re-use, minimal strength passwords, computer hack or virus attack.<br />
<br />
There are a number of ways to create a new wallet with Bitcoin-QT or bitcoind but this is a process that has been tested with bitcoind 0.6.3. We use the copy command to minimize the chance of any data loss but you are warned to make backups of any wallet.dat that holds a balance for you.<br />
<br />
:1. Shut down the Bitcoin program.<br />
:2. Find and make a backup of the "compromised" wallet.dat file and rename it, perhaps adding a short description:<br />
:::wallet.dat -> wallet-compromised.dat<br />
:Depending on your OS, the wallet file will be located at:<br />
:::Windows: %APPDATA%\Bitcoin\<br />
:::Linux: ~/.bitcoin/<br />
:::Mac: ~/Library/Application Support/Bitcoin/<br />
:3. Start the Bitcoin program and it will create a new wallet.dat. You may then encrypt the wallet as desired and make a new backup.<br />
:4. Once you've made a new wallet, you can obtain one or more addresses and copy them into a text editor. After obtaining the new address(es), shut down the Bitcoin program, make a backup of the new wallet.dat file and copy it to a new file named wallet-new.dat.<br />
:5. Copy the wallet-compromised.dat file back to wallet.dat, start the Bitcoin program and transfer your balance to the new address(es) you put in your text editor. Once the balance is back to 0 for your compromised wallet, you may want to wait a couple minutes or for a confirmation or check block explorer to be sure the transactions have been broadcasted. Then you may shut down the Bitcoin program.<br />
:6. Rename wallet.dat to wallet-compromised.dat. <br />
:7. Rename wallet-new.dat to wallet.dat.<br />
<br />
You should now have a new wallet with all the bitcoins from the old wallet.<br />
<br />
==Making a secure workspace==<br />
<br />
If you are using your computer to handle bitcoins, a wallet, Bitcoin-related passwords, or Bitcoin private keys, you must take care that the system is free of malware, viruses, keyloggers, remote access tools, and other tools that may be used to make remote copies of any of the above. In the case that your computer is compromised, the precautions taken below may provide additional protection.<br />
<br />
===Debian-based Linux===<br />
<br />
The first step is to make a [http://www.howtogeek.com/howto/ubuntu/add-a-user-on-ubuntu-server/ new user]. In order for that new user to have an encrypted home directory, you'll first need the encryption utility. Run:<br />
<br />
<code>sudo apt-get install ecryptfs-utils</code><br />
<br />
Now you're ready to create a new user<br />
<br />
<code>sudo adduser --encrypt-home new_user_name</code><br />
<br />
You'll need to come up with a [[#Choosing_A_Strong_Password|secure]] new password for that user.<br />
<br />
When you get to the prompt 'Enter the new value, or press ENTER for the default', just keep hitting ENTER.<br />
<br />
Then switch user to the new user. To get to the new user you can use the switch user icon for your system, which on Ubuntu is in the 'System/Quit' screen, or if there is no switch icon on your system you can log out and log back in as the new user.<br />
<br />
Since the home folder of this user is encrypted, if you're not logged in as that user, data that is saved there can't be browsed, even by a root user. If something goes wrong with your system, and you need to decrypt the new user's files, you'll need its decryption key.<br />
<br />
<code>ecryptfs-unwrap-passphrase</code><br />
<br />
It will ask you for your user's password and give you the decryption key. '''WRITE DOWN OR SAVE THE CODE IT RETURNS''' because you will need it if you ever have to pull your data off while the OS is not working. (You can run it again later if you need to, but run it now so that you can get your data if your Linux install gets botched.)<br />
<br />
The encrypted folder data is not encrypted while it's in memory, and so if it's ever sent to the swap partition it can be stolen from there unless that too is encrypted - be aware that this will mean you cannot use Hibernate anymore, as the bootloader won't be able to restore the hibernation data.<br />
<br />
<code>ecryptfs-setup-swap</code><br />
<br />
Then click on a folder in the new user to display the file browser, then keep going up folders until you see the new user home directory, then right click to bring up the Properties dialog, then click on the Permissions tab, then in the Others section, set the folder access to None.<br />
<br />
For secure browsing, open Firefox, and then go into the Edit menu and click Preferences. Starting from the left, click on the General tab, and in the 'Startup/When Firefox starts' pop up menu, choose 'Show a Blank Page'. Then click on the Content tab, and deselect 'Load images automatically' and deselect 'Enable JavaScript'. Then click on the Privacy tab, and in the 'History/Firefox will' pop up menu, choose 'Never remember history'. Then click on the Security tab, and in the Passwords section, deselect 'Remember passwords for sites' and deselect 'Use a master password'. Then click on the Advanced tab, then click on the Update tab, and then in the 'Automatically check for updates to' section, deselect 'Add-ons' and 'Search Engines'.<br />
<br />
When JavaScript is disabled, the [http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.23/bitcoin-0.3.23-linux.tar.gz/download Linux download page] will not download automatically, so you'll have to click on the 'direct link' part of the "Problems with the download? Please use this 'direct link' or try another mirror." line.<br />
<br />
===Mac===<br />
This solution '''does not scale'''; the amount of needed space can grow beyond the image size.<br />
<br />
===Windows===<br />
<br />
Due to the frequency with which Windows computers are compromised, it is advised to encrypt your wallet or to keep your wallet on an encrypted disk image created by third-party software, such as [http://www.truecrypt.org/ TrueCrypt] (open source) or [http://www.jetico.com/encryption-bestcrypt/ Jetico BestCrypt] (commercial). This also applies to the storage of passwords, private keys and other data that can be used to access any of your Bitcoin balances.<br />
<br />
Assuming that you have installed the Windows Bitcoin client and run it at least once, the process is described below.<br />
<br />
<p><b>To mount the Bitcoin data directory on an encrypted drive</b></p><br />
<ol start=1 type=1><br />
<li>Use the third-party disk image encryption program of your choice to create and mount an encrypted disk image of at least 5GB in size. This procedure stores the entire block chain database with the wallet.dat file so the required size of the encrypted disk image required may grow in the future.</li><br />
<li>Locate the Bitcoin data directory, and copy the directory with all contents to the encrypted drive.<br />
<p>For help finding this directory, see <b>[[Securing_your_wallet#Locating_Bitcoin_s_data_directory|Locating Bitcoin's Data Directory]]</b>.</p></li><br />
<li>Create a Windows shortcut that starts Bitcoin with the <code>-datadir</code> parameter and specifies the encrypted drive and directory.<br />
<p>For example, if you installed Bitcoin in the default directory, mounted your Bitcoin encrypted drive as <code>E:\</code>, and stored your Bitcoin data directory on it as <code>Bitcoin</code>, you would type the following command as the shortcut Target:</p><br />
<blockquote><code>C:\Program Files\Bitcoin\bitcoin.exe -datadir=E:\Bitcoin</code></blockquote></li><br />
<li>Open Bitcoin's settings and configure it <b>NOT</b> to start automatically when you start Windows.<br />
<p>This is to allow you to mount the Bitcoin encrypted disk image before starting Bitcoin.</p></li><br />
<li>Shut down Bitcoin, and then restart it from the new shortcut.</li><br />
</ol><br />
<br />
After doing this, any time you want to use Bitcoin, you must first mount the Bitcoin encrypted disk image using the same drive designation, and then run Bitcoin from the shortcut that you created, so that it can find its data and your wallet.<br />
<br />
<br />
=== General Solutions ===<br />
<br />
Your wallet.dat file is not encrypted by the Bitcoin program by default but the most current release of the Bitcoin client provides a method to encrypt with a passphrase the private keys stored in the wallet. Anyone who can access an unencrypted wallet can easily steal all of your coins. Use one of these encryption programs if there is any chance someone might gain access to your wallet.<br />
* [http://www.7-zip.org/ 7-zip] - Supports strongly-encrypted archives.<br />
* [http://www.axantum.com/axcrypt/ AxCrypt by Axantum]<br />
* [http://lrzip.kolivas.org lrzip] - Compression software for Linux and OSX that supports very high grade password protected encryption<br />
* [http://www.truecrypt.org/ TrueCrypt] - Volume-based on-the-fly encryption (for advanced users)<br />
<br />
There is also a list of [[OpenSourceEncryptionSoftware|open source encryption software.]]<br />
<br />
Decrypting and encrypting the wallet.dat every time you start or quit the Bitcoin client can be ''tedious'' (and outright error-prone). If you want to keep your wallet encrypted (except while you're actually running the Bitcoin client), it's better to relegate the automation to a [http://lorelei.kaverit.org/bitcoin.sh small shell script] that handles the en/decryption and starting up Bitcoin client for you (Linux and OSX). <br />
<br />
There is also a method to print out and encrypt your wallet.dat as a special, scannable code. See details here: [[WalletPaperbackup]]<br />
<br />
==== Password Strength ====<br />
Brute-force password cracking has come a long way. A password including capitals, numbers, and special characters with a length of 8 characters can be trivially solved now (using appropriate hardware). The recommended length is '''at least''' 12 characters long. You can also use a multi-word password and there are techniques to increase the strength of your passwords without sacrificing usability. [http://www.baekdal.com/tips/password-security-usability The Usability of Passwords] <br />
<br />
However, simply using dictionary words is also insecure as it opens you up to a dictionary attack. If you use dictionary words, be sure to include random symbols and numbers in the mix as well.<br />
<br />
If you use keyfiles in addition to a password, it is unlikely that your encrypted file can ever be cracked using brute-force methods, even when even a 12 character password might be too short.<br />
<br />
Assume that any encrypted files you store online (eg. Gmail, Dropbox) will be stored somewhere forever and can never be erased.<br />
<br />
===== Choosing A Strong Password =====<br />
Make sure you pick at least one character in each group:<br /><br />
<br />
Lowercase: abcdefghijklmnopqrstuvwxyz<br />
Uppercase: ABCDEFGHIJKLMNOPQRSTUVWXYZ<br />
Number: 1234567890<br />
Symbol: `~!@#$%^&*()-_=+\|[{]};:'",<.>/? (space)<br />
<br />
<9 char = unsuitable for use<br />
09 char = insecure<br />
10 char = low security<br />
11 char = medium security<br />
12 char = good security (good enough for your wallet)<br />
13 char = very good, enough for anything.<br />
<br />
You might want to read [http://security.stackexchange.com/questions/662/what-is-your-way-to-create-good-passwords-that-can-actually-be-remembered What is your way to create good passwords that can actually be remembered?] and [http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase XKCD #936: Short complex password, or long dictionary passphrase?]<br />
<br />
== Backing up your wallet ==<br />
See [[Backingup_your_wallet|Backing up your wallet]].<br />
<br />
==Erasing Plain-text Wallets==<br />
<br />
In most operating systems, including Windows, Linux, and Mac OS X, simply deleting a wallet.dat file will ''not'' generally destroy it. It is likely that advanced tools can still be used to recover the wallet.dat file, even after it has been deleted.<br />
<br />
The Linux '''shred''' command can be used to overwrite the wallet file with random data prior to deleting; this particular copy of the file will then be practically impossible to recover. Using shred (and similar tools on Windows) however does not guarantee that still other copies don't exist somewhere hidden on your HD. That will depend on your system configuration and what packages you have installed. Some system restore and backup tools, for instance, create periodic snapshots of your filesystem, duplicating your wallet.dat.<br />
<br />
In Mac OS, the equivalent of '''shred''' is '''srm''' (introduced in Leopard). Using the Finder to remove files, clicking "Secure Empty Trash" in the Finder menu will shred the contents of the trash can. As with any OS this doesn't guarantee that there are not other copies elsewhere on your system.<br />
<br />
For Windows, the built-in command ''cipher /W'' will shred all previously-deleted files. [http://www.cylog.org/utilities/cybershredder.jsp CyberShredder] can securely deleted individual files.<br />
<br />
==Online and Mobile Wallets==<br />
<br />
Thus far, this article has been discussing the security of a wallet file for Bitcoin-QT or bitcoind that is under your sole control. Additional wallets applications and services have become available that offer other features and more convenience but not without introducing additional risk. When storing bitcoins with an [[eWallet]] such as Instawallet or Easywallet, you are essentially storing your private keys or wallet with that provider. <br />
<br />
Online wallets have a number of pros and cons to consider. For example, you can access your wallet on any computer in the world, but depending on the service, your bitcoins may be lost if the service is compromised. <br />
<br />
Mobile wallet applications are available for Android devices that allow you to send bitcoins by QR code or NFC, but this opens up the possibility of loss if mobile device is compromised. It may be possible to encrypt and backup the wallet or private keys on a mobile device but it is not advisable to store a large amount of bitcoins there without doing your own research and testing.<br />
<br />
==See Also==<br />
<br />
* [[Data directory]]<br />
* [[How to import private keys]]<br />
* [http://startbitcoin.com/how-to-create-a-secure-bitcoin-wallet/ Secure Bitcoin Wallet Tutorial]<br />
* [[How to set up a secure offline savings wallet]]<br />
* [http://arimaa.com/bitcoin/ Bitcoin Gateway - A Peer-to-peer Bitcoin Vault and Payment Network]<br />
* [http://blog.cyplo.net/2012/04/01/bitcoin-wallet-recovery-photorec/ Find lost wallet eg. after disk format, using Photorec]<br />
<br />
[[Category:Security]]<br />
<br />
[[de:Sichere deine Geldbörse]]<br />
[[ru:Bitcoin и безопасность]]<br />
[[es:Cómo asegurar su monedero]]<br />
[[zh-cn:保护你的钱包]]</div>Eorituzhttps://en.bitcoin.it/w/index.php?title=Securing_your_wallet&diff=43377Securing your wallet2013-12-23T10:33:00Z<p>Eorituz: /* Hardware wallets */</p>
<hr />
<div>==Introduction==<br />
<br />
Wallet security can be broken down into two independent goals:<br />
# Protecting your wallet against loss.<br />
# Protecting your wallet against theft.<br />
<br />
In the case that your current wallet hasn't been protected adequately (e.g. put online with a weaker password):<br />
# Making a new secure wallet, using appropriate long-term protection.<br />
<br />
''For a brief overview see also: [[Wallet Security Dos and Don'ts|Wallet Security Dos and Don'ts]]''<br />
<br />
==Paper Wallets==<br />
[[Paper wallet]]s are a fairly simple way to store your bitcoins independent of a computer. When generated securely and stored on paper, or other offline storage media, a paper wallet decreases the chances of your bitcoins being stolen by hackers, or computer viruses.<br />
<br />
With each entry on a paper wallet, you are securing a sequence of secret numbers that is used to prove your right to spend the bitcoins assigned to one of your addresses. This secret number, called a [[private key]], is most commonly written as a sequence of fifty-one alphanumeric characters, beginning with a '5'.<br />
<br />
One way you can create a paper wallet is by visiting the [[BitAddress|BitAddress.org]] or [[BitcoinPaperWallet|BitcoinPaperWallet.com]] websites. These websites feature a free client-side paper wallet generator written in JavaScript. The HTML for either of these generators can be downloaded from GitHub and used on an offline computer. Using either of these generators online by directly connecting to their websites is relatively safe for storing smaller amounts of bitcoin, but extra precautions should be taken to ensure that keys are not compromised by spyware that may be monitoring browser activity. Blockchain.info offers a [https://blockchain.info/wallet/paper-tutorial tutorial on how to generate a paper wallet] with an online component so you can check your balance easily.<br />
<br />
To generate a safer paper wallet, first save the paper wallet generating code to a newly-formatted USB stick. Then "clean-boot" your computer with a bootable CD (such as a Linux Live CD) ''while disconnected from the Internet''. Disconnecting from the Internet guarantees that that the paper wallet generator is truly self-contained and isn't communicating with an online service. Then insert the USB stick and open the wallet generator's HTML file from the web browser. Print your paper wallets or store them on external media (do not save them on the computer), and then shut down the computer. You may need to load an appropriate printer driver in order to print while booted from the live CD.<br />
<br />
A paper wallet includes at least one public bitcoin address and its corresponding private key. You can send bitcoins to the public address and they will be inaccessible until the private key is imported into a wallet. As of version 0.6.0, the bitcoin QT software has a command line feature called "importprivkey" that can load private keys. Online exchanges and wallets such as [[MtGox]], CoinBase and Blockchain.info have features for importing (or "sweeping") private keys as well.<br />
<br />
Remember, spyware and viruses often attempt to monitor your computer activities so that their authors can steal from you. They are interested in passwords to online accounts, and anything of value. Bitcoin wallets and private keys are something of value that have already been targeted by malware. Paper wallets isolate you from much of this risk.<br />
<br />
If your computer is infected with spyware or viruses - even if there are no symptoms, or your antivirus isn't reporting anything - then anything you type, view, or save on your computer, could potentially be stolen by someone remotely controlling your computer. Your private key can then be intercepted while you enter it, so only enter a Bitcoin private key into your computer when your intent is to redeem its value ''immediately''.<br />
<br />
== Hardware wallets ==<br />
So far there is only [http://www.pi-wallet.com/ Pi Wallet] operational. [[Hardware wallet]]s are a major effort to provide a good combination of enhanced security and usability.<br />
<br />
==Importance of security updates==<br />
<br />
No software is perfect, and from time to time there may be security vulnerabilities found in your Bitcoin client as well.<br />
Be sure you keep your client updated with the latest bug fixes, especially when a new vulnerability is discovered.<br />
We maintain a [[CVEs|list a known vulnerabilities]] on this wiki - you can watch that page to get updates.<br />
Note that you ''don't'' need to be running the latest major client version: some clients, including the popular Bitcoin-Qt, have older versions available with bugfix-only updates.<br />
<br />
==Securing the Bitcoin-QT or bitcoind wallet==<br />
<br />
Bitcoin transactions send Bitcoins to a specific public key. A Bitcoin address is an encoded hash of a public key. In order to use received Bitcoins, you need to have the private key matching the public key you received with. This is sort of like a super long password associated with an account (the account is the public key). Your Bitcoin wallet contains all of the private keys necessary for spending your received transactions. If you delete your wallet without a backup, then you no longer have the authorization information necessary to claim your coins, and the coins associated with those keys are lost forever.<br />
<br />
The wallet contains a pool of queued keys. By default there are 100 keys in the [[key pool]]. The size of the pool is configurable using the "-keypool" command line argument. When you need an address for whatever reason (send, “new address”, generation, etc.), the key is not actually generated freshly, but taken from this pool. A brand new address is generated to fill the pool back to 100. So when a backup is first created, it has all of your old keys plus 100 unused keys. After sending a transaction, it has 99 unused keys. After a total of 100 new-key actions, you will start using keys that are not in your backup. Since the backup does not have the private keys necessary for authorizing spends of these coins, restoring from the old backup will cause you to lose Bitcoins.<br />
<br />
Creating a new address generates a new pair of public and private keys, which are added to your wallet. Each keypair is mostly random numbers, so they cannot be known prior to generation. If you backup your wallet and then create more than 100 new addresses, the keypair associated with the newest addresses will not be in the old wallet because the new keypairs are only known after creating them. Any coins received at these addresses will be lost if you restore from the backup.<br />
<br />
The situation is made somewhat more confusing because the receiving addresses shown in the UI are not the only keys in your wallet. Each Bitcoin generation is given a new public key, and, more importantly, each sent transaction also sends some number of Bitcoins back to yourself at a new key. When sending Bitcoins to anyone, you generate a new keypair for yourself and simultaneously send Bitcoins to your new public key and the actual recipient's public key. This is an anonymity feature – it makes tracking Bitcoin transactions much more difficult.<br />
<br />
So if you create a backup, do more than 100 things that cause a new key to be used, and then restore from the backup, some Bitcoins will be lost. Bitcoin has not deleted any keys (keys are never deleted) – it has created a new key that is not in your old backup and then sent Bitcoins to it.<br />
<br />
== Making a new wallet ==<br />
<br />
If a wallet or an encrypted wallet's password has been compromised, it is wise to create a new wallet and transfer the full balance of bitcoins to addresses contained only in the newly created wallet. Examples of ways a wallet may be compromised are through password re-use, minimal strength passwords, computer hack or virus attack.<br />
<br />
There are a number of ways to create a new wallet with Bitcoin-QT or bitcoind but this is a process that has been tested with bitcoind 0.6.3. We use the copy command to minimize the chance of any data loss but you are warned to make backups of any wallet.dat that holds a balance for you.<br />
<br />
:1. Shut down the Bitcoin program.<br />
:2. Find and make a backup of the "compromised" wallet.dat file and rename it, perhaps adding a short description:<br />
:::wallet.dat -> wallet-compromised.dat<br />
:Depending on your OS, the wallet file will be located at:<br />
:::Windows: %APPDATA%\Bitcoin\<br />
:::Linux: ~/.bitcoin/<br />
:::Mac: ~/Library/Application Support/Bitcoin/<br />
:3. Start the Bitcoin program and it will create a new wallet.dat. You may then encrypt the wallet as desired and make a new backup.<br />
:4. Once you've made a new wallet, you can obtain one or more addresses and copy them into a text editor. After obtaining the new address(es), shut down the Bitcoin program, make a backup of the new wallet.dat file and copy it to a new file named wallet-new.dat.<br />
:5. Copy the wallet-compromised.dat file back to wallet.dat, start the Bitcoin program and transfer your balance to the new address(es) you put in your text editor. Once the balance is back to 0 for your compromised wallet, you may want to wait a couple minutes or for a confirmation or check block explorer to be sure the transactions have been broadcasted. Then you may shut down the Bitcoin program.<br />
:6. Rename wallet.dat to wallet-compromised.dat. <br />
:7. Rename wallet-new.dat to wallet.dat.<br />
<br />
You should now have a new wallet with all the bitcoins from the old wallet.<br />
<br />
==Making a secure workspace==<br />
<br />
If you are using your computer to handle bitcoins, a wallet, Bitcoin-related passwords, or Bitcoin private keys, you must take care that the system is free of malware, viruses, keyloggers, remote access tools, and other tools that may be used to make remote copies of any of the above. In the case that your computer is compromised, the precautions taken below may provide additional protection.<br />
<br />
===Debian-based Linux===<br />
<br />
The first step is to make a [http://www.howtogeek.com/howto/ubuntu/add-a-user-on-ubuntu-server/ new user]. In order for that new user to have an encrypted home directory, you'll first need the encryption utility. Run:<br />
<br />
<code>sudo apt-get install ecryptfs-utils</code><br />
<br />
Now you're ready to create a new user<br />
<br />
<code>sudo adduser --encrypt-home new_user_name</code><br />
<br />
You'll need to come up with a [[#Choosing_A_Strong_Password|secure]] new password for that user.<br />
<br />
When you get to the prompt 'Enter the new value, or press ENTER for the default', just keep hitting ENTER.<br />
<br />
Then switch user to the new user. To get to the new user you can use the switch user icon for your system, which on Ubuntu is in the 'System/Quit' screen, or if there is no switch icon on your system you can log out and log back in as the new user.<br />
<br />
Since the home folder of this user is encrypted, if you're not logged in as that user, data that is saved there can't be browsed, even by a root user. If something goes wrong with your system, and you need to decrypt the new user's files, you'll need its decryption key.<br />
<br />
<code>ecryptfs-unwrap-passphrase</code><br />
<br />
It will ask you for your user's password and give you the decryption key. '''WRITE DOWN OR SAVE THE CODE IT RETURNS''' because you will need it if you ever have to pull your data off while the OS is not working. (You can run it again later if you need to, but run it now so that you can get your data if your Linux install gets botched.)<br />
<br />
The encrypted folder data is not encrypted while it's in memory, and so if it's ever sent to the swap partition it can be stolen from there unless that too is encrypted - be aware that this will mean you cannot use Hibernate anymore, as the bootloader won't be able to restore the hibernation data.<br />
<br />
<code>ecryptfs-setup-swap</code><br />
<br />
Then click on a folder in the new user to display the file browser, then keep going up folders until you see the new user home directory, then right click to bring up the Properties dialog, then click on the Permissions tab, then in the Others section, set the folder access to None.<br />
<br />
For secure browsing, open Firefox, and then go into the Edit menu and click Preferences. Starting from the left, click on the General tab, and in the 'Startup/When Firefox starts' pop up menu, choose 'Show a Blank Page'. Then click on the Content tab, and deselect 'Load images automatically' and deselect 'Enable JavaScript'. Then click on the Privacy tab, and in the 'History/Firefox will' pop up menu, choose 'Never remember history'. Then click on the Security tab, and in the Passwords section, deselect 'Remember passwords for sites' and deselect 'Use a master password'. Then click on the Advanced tab, then click on the Update tab, and then in the 'Automatically check for updates to' section, deselect 'Add-ons' and 'Search Engines'.<br />
<br />
When JavaScript is disabled, the [http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.23/bitcoin-0.3.23-linux.tar.gz/download Linux download page] will not download automatically, so you'll have to click on the 'direct link' part of the "Problems with the download? Please use this 'direct link' or try another mirror." line.<br />
<br />
===Mac===<br />
This solution '''does not scale'''; the amount of needed space can grow beyond the image size.<br />
<br />
===Windows===<br />
<br />
Due to the frequency with which Windows computers are compromised, it is advised to encrypt your wallet or to keep your wallet on an encrypted disk image created by third-party software, such as [http://www.truecrypt.org/ TrueCrypt] (open source) or [http://www.jetico.com/encryption-bestcrypt/ Jetico BestCrypt] (commercial). This also applies to the storage of passwords, private keys and other data that can be used to access any of your Bitcoin balances.<br />
<br />
Assuming that you have installed the Windows Bitcoin client and run it at least once, the process is described below.<br />
<br />
<p><b>To mount the Bitcoin data directory on an encrypted drive</b></p><br />
<ol start=1 type=1><br />
<li>Use the third-party disk image encryption program of your choice to create and mount an encrypted disk image of at least 5GB in size. This procedure stores the entire block chain database with the wallet.dat file so the required size of the encrypted disk image required may grow in the future.</li><br />
<li>Locate the Bitcoin data directory, and copy the directory with all contents to the encrypted drive.<br />
<p>For help finding this directory, see <b>[[Securing_your_wallet#Locating_Bitcoin_s_data_directory|Locating Bitcoin's Data Directory]]</b>.</p></li><br />
<li>Create a Windows shortcut that starts Bitcoin with the <code>-datadir</code> parameter and specifies the encrypted drive and directory.<br />
<p>For example, if you installed Bitcoin in the default directory, mounted your Bitcoin encrypted drive as <code>E:\</code>, and stored your Bitcoin data directory on it as <code>Bitcoin</code>, you would type the following command as the shortcut Target:</p><br />
<blockquote><code>C:\Program Files\Bitcoin\bitcoin.exe -datadir=E:\Bitcoin</code></blockquote></li><br />
<li>Open Bitcoin's settings and configure it <b>NOT</b> to start automatically when you start Windows.<br />
<p>This is to allow you to mount the Bitcoin encrypted disk image before starting Bitcoin.</p></li><br />
<li>Shut down Bitcoin, and then restart it from the new shortcut.</li><br />
</ol><br />
<br />
After doing this, any time you want to use Bitcoin, you must first mount the Bitcoin encrypted disk image using the same drive designation, and then run Bitcoin from the shortcut that you created, so that it can find its data and your wallet.<br />
<br />
<br />
=== General Solutions ===<br />
<br />
Your wallet.dat file is not encrypted by the Bitcoin program by default but the most current release of the Bitcoin client provides a method to encrypt with a passphrase the private keys stored in the wallet. Anyone who can access an unencrypted wallet can easily steal all of your coins. Use one of these encryption programs if there is any chance someone might gain access to your wallet.<br />
* [http://www.7-zip.org/ 7-zip] - Supports strongly-encrypted archives.<br />
* [http://www.axantum.com/axcrypt/ AxCrypt by Axantum]<br />
* [http://lrzip.kolivas.org lrzip] - Compression software for Linux and OSX that supports very high grade password protected encryption<br />
* [http://www.truecrypt.org/ TrueCrypt] - Volume-based on-the-fly encryption (for advanced users)<br />
<br />
There is also a list of [[OpenSourceEncryptionSoftware|open source encryption software.]]<br />
<br />
Decrypting and encrypting the wallet.dat every time you start or quit the Bitcoin client can be ''tedious'' (and outright error-prone). If you want to keep your wallet encrypted (except while you're actually running the Bitcoin client), it's better to relegate the automation to a [http://lorelei.kaverit.org/bitcoin.sh small shell script] that handles the en/decryption and starting up Bitcoin client for you (Linux and OSX). <br />
<br />
There is also a method to print out and encrypt your wallet.dat as a special, scannable code. See details here: [[WalletPaperbackup]]<br />
<br />
==== Password Strength ====<br />
Brute-force password cracking has come a long way. A password including capitals, numbers, and special characters with a length of 8 characters can be trivially solved now (using appropriate hardware). The recommended length is '''at least''' 12 characters long. You can also use a multi-word password and there are techniques to increase the strength of your passwords without sacrificing usability. [http://www.baekdal.com/tips/password-security-usability The Usability of Passwords] <br />
<br />
However, simply using dictionary words is also insecure as it opens you up to a dictionary attack. If you use dictionary words, be sure to include random symbols and numbers in the mix as well.<br />
<br />
If you use keyfiles in addition to a password, it is unlikely that your encrypted file can ever be cracked using brute-force methods, even when even a 12 character password might be too short.<br />
<br />
Assume that any encrypted files you store online (eg. Gmail, Dropbox) will be stored somewhere forever and can never be erased.<br />
<br />
===== Choosing A Strong Password =====<br />
Make sure you pick at least one character in each group:<br /><br />
<br />
Lowercase: abcdefghijklmnopqrstuvwxyz<br />
Uppercase: ABCDEFGHIJKLMNOPQRSTUVWXYZ<br />
Number: 1234567890<br />
Symbol: `~!@#$%^&*()-_=+\|[{]};:'",<.>/? (space)<br />
<br />
<9 char = unsuitable for use<br />
09 char = insecure<br />
10 char = low security<br />
11 char = medium security<br />
12 char = good security (good enough for your wallet)<br />
13 char = very good, enough for anything.<br />
<br />
You might want to read [http://security.stackexchange.com/questions/662/what-is-your-way-to-create-good-passwords-that-can-actually-be-remembered What is your way to create good passwords that can actually be remembered?] and [http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase XKCD #936: Short complex password, or long dictionary passphrase?]<br />
<br />
== Backing up your wallet ==<br />
See [[Backingup_your_wallet|Backing up your wallet]].<br />
<br />
==Erasing Plain-text Wallets==<br />
<br />
In most operating systems, including Windows, Linux, and Mac OS X, simply deleting a wallet.dat file will ''not'' generally destroy it. It is likely that advanced tools can still be used to recover the wallet.dat file, even after it has been deleted.<br />
<br />
The Linux '''shred''' command can be used to overwrite the wallet file with random data prior to deleting; this particular copy of the file will then be practically impossible to recover. Using shred (and similar tools on Windows) however does not guarantee that still other copies don't exist somewhere hidden on your HD. That will depend on your system configuration and what packages you have installed. Some system restore and backup tools, for instance, create periodic snapshots of your filesystem, duplicating your wallet.dat.<br />
<br />
In Mac OS, the equivalent of '''shred''' is '''srm''' (introduced in Leopard). Using the Finder to remove files, clicking "Secure Empty Trash" in the Finder menu will shred the contents of the trash can. As with any OS this doesn't guarantee that there are not other copies elsewhere on your system.<br />
<br />
For Windows, the built-in command ''cipher /W'' will shred all previously-deleted files. [http://www.cylog.org/utilities/cybershredder.jsp CyberShredder] can securely deleted individual files.<br />
<br />
==Online and Mobile Wallets==<br />
<br />
Thus far, this article has been discussing the security of a wallet file for Bitcoin-QT or bitcoind that is under your sole control. Additional wallets applications and services have become available that offer other features and more convenience but not without introducing additional risk. When storing bitcoins with an [[eWallet]] such as Instawallet or Easywallet, you are essentially storing your private keys or wallet with that provider. <br />
<br />
Online wallets have a number of pros and cons to consider. For example, you can access your wallet on any computer in the world, but depending on the service, your bitcoins may be lost if the service is compromised. <br />
<br />
Mobile wallet applications are available for Android devices that allow you to send bitcoins by QR code or NFC, but this opens up the possibility of loss if mobile device is compromised. It may be possible to encrypt and backup the wallet or private keys on a mobile device but it is not advisable to store a large amount of bitcoins there without doing your own research and testing.<br />
<br />
==See Also==<br />
<br />
* [[Data directory]]<br />
* [[How to import private keys]]<br />
* [http://startbitcoin.com/how-to-create-a-secure-bitcoin-wallet/ Secure Bitcoin Wallet Tutorial]<br />
* [[How to set up a secure offline savings wallet]]<br />
* [http://arimaa.com/bitcoin/ Bitcoin Gateway - A Peer-to-peer Bitcoin Vault and Payment Network]<br />
* [http://blog.cyplo.net/2012/04/01/bitcoin-wallet-recovery-photorec/ Find lost wallet eg. after disk format, using Photorec]<br />
<br />
[[Category:Security]]<br />
<br />
[[de:Sichere deine Geldbörse]]<br />
[[ru:Bitcoin и безопасность]]<br />
[[es:Cómo asegurar su monedero]]<br />
[[zh-cn:保护你的钱包]]</div>Eorituzhttps://en.bitcoin.it/w/index.php?title=Hardware_wallet&diff=43368Hardware wallet2013-12-22T18:43:53Z<p>Eorituz: </p>
<hr />
<div>A '''hardware wallet''' is a device that stores a part of a user's [[wallet]] securely in mostly-offline hardware. They have major advantages over other wallet types:<br />
<br />
* the key is often stored in a protected area of a microcontroller, and cannot be transferred out of the device in plaintext<br />
* immune to computer viruses that steal from software wallets<br />
* can be used securely and interactively, as opposed to a [[paper wallet]] which must be imported to software at some point<br />
* much of the time, the software is open source, allowing a user to validate the entire operation of the device<br />
<br />
This page is an attempt to summarize all the known developments of hardware wallets that can use Bitcoin as part of their operation.<br />
<br />
<br />
<br />
== Purchasable hardware wallets ==<br />
<br />
=== Pi Wallet - cold storage ===<br />
[[File:Piwallet.jpeg|300px|thumb|left|Pi-Wallet]]<br />
[http://www.pi-wallet.com/ Pi-Wallet Shop]<br />
<br />
[http://www.pi-wallet.com/pages/what-is-pi-wallet Further informations about Pi-Wallet]<br />
<br />
The Pi-Wallet is comparable to an offline Notebook. <br />
<br />
However it combines all features of the Armory bitcoin client (e.g. offline transaction signing) with the advantages of a tiny computer.<br />
<br />
To sign offline-transaction you will need an (unused) USB stick.<br />
<br />
<br />
<br clear="all"><br />
<br />
<br />
== Not purchasable hardware wallets ==<br />
<br />
=== BitcoinCard Megion Technologies-Card based wallet ===<br />
[[File:Bitcoincard-medley-large.jpg|400px|thumb|left|Bitcoin Card]]<br />
[http://www.bitcoincard.org/ Bitcoincard Home Page]<br />
<br />
[http://blog.bitinstant.com/blog/2012/6/19/our-discovery-in-vienna-the-bitcoin-card.html Excellent review by evoorhees]<br />
<br />
Incorporates a e-paper display, keypad, and radio (custom ISM band protocol.) Unfortunately it is fairly limited in terms of transaction I/O, requiring a radio gateway or another bitcoincard wherever funds need to be transferred.<br />
<br />
<br clear="all"><br />
=== Trezor - slush/stick hardware wallet ===<br />
[[File:Trezor-wallet-casing.jpg|300px|thumb|left|Trezor Wallet (case)]]<br />
<br />
[https://bitcointalk.org/index.php?topic=122438.0 Hardware wallet project]<br />
<br />
A simple transaction-signing device, requires software on the receiving side to send and receive transactions. Talks over USB, OLED display, confirm/cancel buttons.<br />
<br clear="all"><br />
=== BitSafe - allten/someone42's hardware wallet ===<br />
[[File:Bitsafe-wallet-sizecompare.jpg|200px|thumb|left|Bitsafe wallet]]<br />
[https://bitcointalk.org/index.php?topic=127587.0 BitSafe Hardware Wallet Development - BOM Ready - 50 kits being prepared]<br />
<br />
Signing transactions only, requires USB host software for transactions & USB power. Has a OLED display and Confirm/Cancel buttons. Evolved out of someone42's prototype below, and has significant contributions from someone42 as well.<br />
<br clear="all"><br />
=== someone42's original prototype ===<br />
[[File:Someone42-wallet-prototype.jpg|300px|thumb|left|someone42's original prototype]]<br />
[https://bitcointalk.org/index.php?topic=78614.0 Hardware Bitcoin wallet - a minimal Bitcoin wallet for embedded devices]<br />
<br />
Signing transactions only, requires USB host software for transactions & USB power. All work is rolled into the above BitSafe wallet currently.<br />
<br clear="all"><br />
=== BTChip btchip USB based transaction signer and private key holder ===<br />
[[File:Btchip-wallet.jpg|300px|thumb|left|BTChip]]<br />
[https://bitcointalk.org/index.php?topic=134999.0 ANN Smartcard wallet project + btchip implementation (no reader required)]<br />
<br />
[http://www.btchip.com www.btchip.com]<br />
<br />
USB smartcard dedicated to bitcoins, no keypad or display so trust in the host device is required. An improvement has been implemented that uses a secret value known to the user during the transaction for additional security.<br />
<br clear="all"><br />
=== Other/Defunct but with good discussion: ===<br />
* natman3400's BitClip Jun 2011 [https://bitcointalk.org/index.php?topic=24852.0 https://bitcointalk.org/index.php?topic=24852.0]<br />
:Seems to have gone defunct around Dec 2011. Some good ideas though and seemed to have started on execution.<br />
* jim618 hardware wallet proposal Apr 2012 [https://bitcointalk.org/index.php?topic=77553.0 Dedicated bitcoin devices - dealing with untrusted networks]<br />
:Great discussion and good ideas from jim618. Also linked the following video:<br />
* Prof. Clemens Cap's hardware wallet? (video:)[https://www.youtube.com/watch?v=IavQ-Wc8S1U Clemens Cap about electronic bitcoin wallet at EuroBit]<br />
:Clemens Cap of Uni Rostock explains the Electronic Bitcoin wallet device he's working on. It's based on adafruit microtouch device.<br />
* ripper234's discussion based on Yubikeys Aug 2012 [https://bitcointalk.org/index.php?topic=99492 Having a YUBIKEY as one of the parties for m-of-n signatures]<br />
:The use of Yubikeys. They only support symmetric crypto, so you'd have to trust the host device.<br />
* kalleguld's hardware wallet proposal Oct 2012 [https://bitcointalk.org/index.php?topic=115294.0 Proposal: Hardware wallet (Win 3 BTC)]<br />
* Vaporware: Matthew N Wright's ellet [https://bitcointalk.org/index.php?topic=85931.0 ANN The world's first handheld Bitcoin device, the Ellet!] (Vaporware)<br />
<br />
== Smart Card based wallets ==<br />
This type of device requires complete trust in the host device, as there is no method for user input.<br />
See [[Smart card wallet]]<br />
<br />
== Related Resources ==<br />
* slush's Hardware wallet wire protocol discussion: [https://bitcointalk.org/index.php?topic=125383.0 Hardware wallet wire protocol]<br />
* kjj's Todo List discussion for client protocol requirements: [https://bitcointalk.org/index.php?topic=19080.msg272348#msg272348 in topic Re: Split private keys]<br />
* paybitcoin's original post: [https://bitcointalk.org/index.php?topic=134277.0 Hardware Wallet Roundup]<br />
* [https://bitcointalk.org/index.php?topic=135090.0 This thread] about editing this very wiki entry.<br />
<br />
[[Category:Security]]<br />
[[Category:Wallets]]<br />
[[Category:Hardware]]</div>Eorituzhttps://en.bitcoin.it/w/index.php?title=File:Piwallet.jpeg&diff=43367File:Piwallet.jpeg2013-12-22T18:24:20Z<p>Eorituz: Picture of Pi-Wallet 2</p>
<hr />
<div>== Summary ==<br />
Picture of Pi-Wallet 2<br />
== Licensing ==<br />
{{self|GFDL|cc-by-3.0|migration=redundant}}</div>Eorituzhttps://en.bitcoin.it/w/index.php?title=File:Pi-Wallet2.jpg&diff=43366File:Pi-Wallet2.jpg2013-12-22T18:16:56Z<p>Eorituz: Pi-Wallet picture 2</p>
<hr />
<div>== Summary ==<br />
Pi-Wallet picture 2<br />
== Licensing ==<br />
{{self|GFDL|cc-by-3.0|migration=redundant}}</div>Eorituzhttps://en.bitcoin.it/w/index.php?title=File:Pi-Wallet1.jpg&diff=43365File:Pi-Wallet1.jpg2013-12-22T17:52:05Z<p>Eorituz: Picture of Pi-Wallet</p>
<hr />
<div>== Summary ==<br />
Picture of Pi-Wallet<br />
== Licensing ==<br />
{{self|GFDL|cc-by-3.0|migration=redundant}}</div>Eorituz