https://en.bitcoin.it/w/api.php?action=feedcontributions&feedformat=atom&user=IjelBitcoin Wiki - User contributions [en]2026-04-09T08:37:35ZUser contributionsMediaWiki 1.43.8https://en.bitcoin.it/w/index.php?title=Talk:Securing_your_wallet&diff=23692Talk:Securing your wallet2012-02-11T03:55:33Z<p>Ijel: /* ‘Shred’ cannot always be assumed to be secure on modern filesystems! */ Don't mind me, I'm just a freaking perfectionist. I'll try not to edit spam so much next time. :-)</p>
<hr />
<div>The article is too huge. The Mac solution does not scale; the suggested sizes are too low and the maximum size is infinite. [[User:X|X]] 17:10, 8 January 2012 (GMT)<br />
<br />
This article needs a rewrite following the introduction of the Bitcoin.org client's ability to passphrase protect the keys in the wallet. Perhaps some sections also -- something like "typical consumer use" (where the client's encryption is adequate) and "commercial-grade protection" where the topics such as encryption at the filesystem is addressed. - [[User:Sgornick|Sgornick]] 10:24, 28 December 2011 (GMT) <br />
<br />
The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]<br />
<br />
Note: the backupwallet.sh script in the linux section doesn't actually work.<br />
I suspect it is caused by the wiki changing the formatting.<br />
I wrote my own version that uses much more standard shell syntax.<br />
<br />
[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)<br />
<br />
I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)<br />
<br />
The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)<br />
<br />
== Time Sensitivity ==<br />
<br />
Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)<br />
<br />
== How often is it needed to backup the Wallet? ==<br />
<br />
Is it necessary to make a backup after each transaction? This page is not clear about this.<br />
Please add this information to the page!<br />
<br />
== Creating a New Wallet ==<br />
<br />
This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)<br />
<br />
== Making a secure workspace ==<br />
<br />
For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)<br />
<br />
I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)<br />
<br />
== Flaws with argument regarding encryption ==<br />
<br />
Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:<br />
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.<br />
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.<br />
<br />
Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.<br />
<br />
Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.<br />
<br />
This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.<br />
<br />
::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.<br />
<br />
::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)<br />
<br />
====Added a new entry to backup methods====<br />
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper<br />
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)<br />
<br />
== Unsecure suggestion for passwords ==<br />
<br />
Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must<br />
also be safe in the future when it comes to wallet storing.<br />
This is definitely not given with this system. It might be true, that<br />
with today's brute-force tools, the "d0g..........." pw is safer than<br />
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)<br />
there will be new tools, that will find out, what kind of simplifiers<br />
are often used by humans and will combine brutforce with simplifiers<br />
and thus come to "d0g............" very quickly!<br />
<br />
== Section 4.2 ==<br />
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.<br />
<br />
== Back-Translation of German Version ==<br />
<br />
Hi,<br />
<br />
I have translated the page to the German Version, expanded it by several points and concepts which seem important to me - namely, a disticion between data confidentality, system integrity and the notion of technical compromise, and adapted the ordering according to these concepts. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)<br />
<br />
<br />
----<br />
<br />
=== Introduction ===<br />
The security of the wallet can be divided into two separate objectives:<br />
<br />
1. Safeguard against loss<br />
<br />
2. Secure against theft<br />
<br />
In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):<br />
<br />
3. New, create a mew secure wallet (with a reasonably long password)<br />
<br />
=== Technical background ===<br />
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.<br />
<br />
The safety of deposits in Bitcoin depends on three conditions:<br />
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use<br />
# The '''integrity''' of the software on the system used.<br />
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk<br />
<br />
The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins are stolen. A computer on which '''malware''' in the form of some trojan is installed or which runs any virus, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.<br />
<br />
A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.<br />
<br />
=== Securing the confidentiality and integrity of the Wallet and Software ===<br />
<br />
==== Creating a New Wallet ====<br />
<br />
In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.<br />
<br />
Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.<br />
<br />
==== Creating a safe and secure work space ====<br />
<br />
Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.<br />
<br />
===== Digression: Secure Passwords =====<br />
<br />
====== Passwords ======<br />
A proven method for producing safe, but still learnable passwords goes as follows:<br />
<br />
* Make up a nonsense phrase like<br />
"Thirty crows fly backwards to the moon, but they do not have a ticket."<br />
The more bizarre the sentence, the better you remember it.<br />
<br />
* The first letters and numbers are used for the password:<br />
30CfbwttM,btdnhaT<br />
<br />
* Now we get creative and replace a few characters, eg "A" looks like but like "4":<br />
30Cfbw2tM,b|dnh@T<br />
<br />
* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:<br />
3ß0Cþfböw2tM,b|dnh@฿T<br />
<br />
Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])<br />
<br />
* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.<br />
<br />
Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password, sent new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!<br />
<br />
*'''The written-down password''' should be preserved in something like a bank deposit box (can be rented for a few bucks yearly) or in a fireproof safe. I you have USD 100,000 in BTC, you want to have a fireproof safe if your house has burned down. Believe me.<br />
<br />
====== Passphrases (password phrases) or mantras ======<br />
<br />
* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.<br />
<br />
* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."<br />
<br />
* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).<br />
<br />
* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.<br />
<br />
* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.<br />
<br />
===== Special Linux distributions =====<br />
<br />
To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.<br />
<br />
As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:<br />
<br />
* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.<br />
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.<br />
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.<br />
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining<br />
<br />
<br />
The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:<br />
<br />
* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].<br />
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.<br />
<br />
===== Linux =====<br />
====== Protected user account ======<br />
<br />
The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:<br />
<br />
sudo adduser <code> new_user_name </code><br />
<br />
On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.<br />
<br />
Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.<br />
<br />
The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.<br />
<br />
There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.<br />
<br />
# If the home directory is not empty, first backup it to some other medium.<br />
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)<br />
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.<br />
# The current directory change so that it is not in the home folder, eg "Cd /".<br />
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)<br />
# If it succeeds then you can press ALT + F8 to go back and log in X11.<br />
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''<br />
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.<br />
<br />
(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])<br />
<br />
====== For more information ======<br />
* [https://help.ubuntu.com/community/Security Security features on ubuntu]<br />
<br />
* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]<br />
<br />
===== Windows =====<br />
<br />
* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]<br />
<br />
* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:<br />
** [http://support.microsoft.com/kb/905056/en Windows XP]<br />
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]<br />
<br />
====Browser Security ====<br />
<br />
===== Firefox =====<br />
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).<br />
<br />
* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).<br />
* By "content" (content)<br />
** The option "Load images automatically / Load images automatically" opt out,<br />
** Also "Enable Javascript Enable / javascript" opt out.<br />
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".<br />
* In the tab "Security" in the "Passwords"<br />
** The "remember passwords / passwords save" deselect<br />
** Also "use a master password" / "master password".<br />
* Finally, in the tab "Advanced" / "Advanced" option<br />
** "Automatically check for updates" deselect<br />
** As "add-ons" and<br />
** "Search engines" / "search engines" opt out.<br />
<br />
If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.<br />
<br />
=== Protect against data loss: Backup ===<br />
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.<br />
<br />
You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.<br />
<br />
==== Where to find the Bitcoin folder ====<br />
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.<br />
<br />
===== Windows =====<br />
Click on "Start", then Run and enter this:<br />
:% APPDATA% \ Bitcoin<br />
A folder should open now, for most it would be:<br />
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)<br />
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)<br />
<br />
<!---<br />
<br />
===== Windows =====<br />
<br />
If you are using Windows XP or Windows 7, you can keep your wallet on an encrypted disk image created by third-party software, such as [http://www.truecrypt.org/ TrueCrypt] (open source) or [http: / / www.jetico.com/encryption-bestcrypt/ Jetico BestCrypt] (commercial). You can probably do the same with Windows Vista or Windows 2000.<br />
<br />
'''NOTE:''' You should configure Bitcoin in this manner only on computers where you use Bitcoin, but not do use that computer to mine. For example, this is a good configuration for a notebook or tablet computer.<br />
<br />
Assuming that you have installed the Windows client Bitcoin and run it at least once, the process is Described below.<br />
<br />
To mount the <p> Bitcoin DataDirectory on an encrypted drive </ b> </ p><br />
<ol start=1 type=1><br />
<li> use the third-party disk image encryption program of your choice to create and mount an encrypted disk image of at least 100 MB in size. </ li><br />
Locate the <li> Bitcoin data directory, and copy the directory with all contents to the encrypted drive.<br />
<p> For help finding this directory, see <b> [[# Securing_your_wallet Locating_BitCoin_s_data_directory | Locating Bitcoin's data directory]] </ b> </ p> </ li>.<br />
Create a Windows shortcut <li> that starts with the Bitcoin <code>-datadir </ code> parameter specifier and the encrypted drive and directory.<br />
<p> For example, if you Bitcoin installed in the default directory, mounted encrypted drive as your Bitcoin <code> E: \ </ code>, and stored it on your Bitcoin DataDirectory as <code> Bitcoin </ code>, you would type the following command as the shortcut target: </ p><br />
blockquote <code> C: \ Program Files \ Bitcoin \ bitcoin.exe-datadir = E: \ Bitcoin </ code> </ blockquote> </ li><br />
Open <li> Bitcoin's settings and configure it <b> NOT </ b> to start automatically when you start Windows.<br />
This is to allow <p> you to mount the encrypted disk image Bitcoin before starting Bitcoin. </ p> </ li><br />
Shut down <li> Bitcoin, and then restart it from the new shortcut. </ li><br />
</ Ol><br />
<br />
After doing this, any time you want to use Bitcoin, you must first mount the encrypted disk image Bitcoin using the same drive designation, and then run from the shortcut that you Bitcoin created so that it can find its data and your wallet. :-)<br />
<br />
--><br />
<br />
===== Linux =====<br />
Bitcoin should create a hidden folder in your home directory of the running user.<br />
~ /. Bitcoin /<br />
<br />
It should not be there, it can be possibly due<br />
Find /-name wallet.dat-print 2> / dev / null<br />
. find Or as root<br />
: Updatedb<br />
followed by<br />
: Locate wallet.dat<br />
<br />
The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).<br />
<br />
====== Individual encryption of the wallet.dat file ======<br />
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.<br />
<br />
* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.<br />
<br />
* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].<br />
<br />
* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.<br />
<br />
===== Mac ===== <br />
<br />
''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''<br />
<br />
The directory containing the Bitcoin wallet.dat is usually here:<br />
~ / Library / Application Support / Bitcoin /<br />
<br />
====== Secure all data (500 megabytes) ======<br />
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:<br />
# Disk Utility Open<br />
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.<br />
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)<br />
# A strong and secure password select<br />
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image<br />
# Create symlink to the old place, so the app can benuutzen it<br />
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin<br />
<br />
Do not forget to mount the image before using Bitcoin and unmount afterwards.<br />
<br />
====== Backup file wallet.dat purses alone (40MB ) ======<br />
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.<br />
<br />
# Disk Utility Open<br />
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.<br />
# Store in a place where you will not lose the backup.<br />
# A secure and strong password, select<br />
# The file wallet.dat move in the image<br />
# Create symlink to the old place, so the app can find and use the file<br />
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat<br />
<br />
[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]<br />
Do not forget to mount the image before using Bitcoin and unmount afterwards.<br />
<br />
<br />
'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.<br />
<br />
'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.<br />
<br />
Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]<br />
<br />
<br />
==== General solution ====<br />
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.<br />
<br />
Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.<br />
<br />
* [http://www.7-zip.org/ 7-Zip]<br />
* [http://www.axantum.com/axcrypt/ AxCrypt]<br />
* [http://www.truecrypt.org/ TrueCrypt]<br />
* [http://www.rarlab.com/ WinRar]<br />
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)<br />
<br />
==== Encryption with Smart Card ====<br />
<br />
Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:<br />
<br />
[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]<br />
<br />
[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]<br />
<br />
<br />
==== Storing the Archives ====<br />
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.<br />
<br />
<br />
=== BOTG: Bitcoin Off The Grid===<br />
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.<br />
<br />
=Securing your wallet on Ubuntu and/or Suse=<br />
For users that use a Linux system that comes with AppArmor, it is probably possible to use<br />
the MinorFs system with a procedure not unlike that described here for secure ssh without a passphrase:<br />
<br />
http://minorfs.polacanthus.net/wiki/Ssh_private_keys_without_passphrase<br />
<br />
Its a bit of a hack, but it would make it impossible for malware running under the same user id as<br />
bitcoin to gain access to the wallet. <br />
<br />
It may be worth it if someone would describe the correct procedure to secure the bitcoin wallet using MinorFs/AppArmor in a way similar to described in the above link for ssh keys without passphrases.<br />
<br />
= ‘Shred’ cannot always be assumed to be secure on modern filesystems! =<br />
<br />
I don't feel entirely comfortable with the suggested usage of the ‘shred’ command in the given Linux script. My understanding (and according to shred's manpage) is that on modern (especially journaled) filesystems, there is ''no'' guarantee that when an application like shred asks the OS to overwrite a file, that the file will actually be physically overwritten in place on the disk. Unless there have been features implemented to allow special handling by the kernel for such security applications (I haven't investigated, so maybe there are, or maybe not), it would probably be safer to disable all system swap (i.e., with ‘swapoff’) and then store the unencrypted data on a temporary RAM disk only, then unmount the RAM disk afterwards to ensure it never gets written to disk. I've done this before, though unfortunately it's a bit of a hassle and normally requires running commands that need root privileges or sudo, etc. Comments?<br />
~ [[User:Ijel|Ijel]] 03:49, 11 February 2012 (GMT)</div>Ijelhttps://en.bitcoin.it/w/index.php?title=Talk:Securing_your_wallet&diff=23691Talk:Securing your wallet2012-02-11T03:52:58Z<p>Ijel: /* Protected user account */ Fix incorrect end tag that was messing up formatting up rest of page ;-)</p>
<hr />
<div>The article is too huge. The Mac solution does not scale; the suggested sizes are too low and the maximum size is infinite. [[User:X|X]] 17:10, 8 January 2012 (GMT)<br />
<br />
This article needs a rewrite following the introduction of the Bitcoin.org client's ability to passphrase protect the keys in the wallet. Perhaps some sections also -- something like "typical consumer use" (where the client's encryption is adequate) and "commercial-grade protection" where the topics such as encryption at the filesystem is addressed. - [[User:Sgornick|Sgornick]] 10:24, 28 December 2011 (GMT) <br />
<br />
The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]<br />
<br />
Note: the backupwallet.sh script in the linux section doesn't actually work.<br />
I suspect it is caused by the wiki changing the formatting.<br />
I wrote my own version that uses much more standard shell syntax.<br />
<br />
[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)<br />
<br />
I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)<br />
<br />
The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)<br />
<br />
== Time Sensitivity ==<br />
<br />
Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)<br />
<br />
== How often is it needed to backup the Wallet? ==<br />
<br />
Is it necessary to make a backup after each transaction? This page is not clear about this.<br />
Please add this information to the page!<br />
<br />
== Creating a New Wallet ==<br />
<br />
This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)<br />
<br />
== Making a secure workspace ==<br />
<br />
For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)<br />
<br />
I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)<br />
<br />
== Flaws with argument regarding encryption ==<br />
<br />
Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:<br />
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.<br />
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.<br />
<br />
Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.<br />
<br />
Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.<br />
<br />
This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.<br />
<br />
::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.<br />
<br />
::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)<br />
<br />
====Added a new entry to backup methods====<br />
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper<br />
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)<br />
<br />
== Unsecure suggestion for passwords ==<br />
<br />
Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must<br />
also be safe in the future when it comes to wallet storing.<br />
This is definitely not given with this system. It might be true, that<br />
with today's brute-force tools, the "d0g..........." pw is safer than<br />
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)<br />
there will be new tools, that will find out, what kind of simplifiers<br />
are often used by humans and will combine brutforce with simplifiers<br />
and thus come to "d0g............" very quickly!<br />
<br />
== Section 4.2 ==<br />
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.<br />
<br />
== Back-Translation of German Version ==<br />
<br />
Hi,<br />
<br />
I have translated the page to the German Version, expanded it by several points and concepts which seem important to me - namely, a disticion between data confidentality, system integrity and the notion of technical compromise, and adapted the ordering according to these concepts. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)<br />
<br />
<br />
----<br />
<br />
=== Introduction ===<br />
The security of the wallet can be divided into two separate objectives:<br />
<br />
1. Safeguard against loss<br />
<br />
2. Secure against theft<br />
<br />
In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):<br />
<br />
3. New, create a mew secure wallet (with a reasonably long password)<br />
<br />
=== Technical background ===<br />
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.<br />
<br />
The safety of deposits in Bitcoin depends on three conditions:<br />
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use<br />
# The '''integrity''' of the software on the system used.<br />
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk<br />
<br />
The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins are stolen. A computer on which '''malware''' in the form of some trojan is installed or which runs any virus, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.<br />
<br />
A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.<br />
<br />
=== Securing the confidentiality and integrity of the Wallet and Software ===<br />
<br />
==== Creating a New Wallet ====<br />
<br />
In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.<br />
<br />
Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.<br />
<br />
==== Creating a safe and secure work space ====<br />
<br />
Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.<br />
<br />
===== Digression: Secure Passwords =====<br />
<br />
====== Passwords ======<br />
A proven method for producing safe, but still learnable passwords goes as follows:<br />
<br />
* Make up a nonsense phrase like<br />
"Thirty crows fly backwards to the moon, but they do not have a ticket."<br />
The more bizarre the sentence, the better you remember it.<br />
<br />
* The first letters and numbers are used for the password:<br />
30CfbwttM,btdnhaT<br />
<br />
* Now we get creative and replace a few characters, eg "A" looks like but like "4":<br />
30Cfbw2tM,b|dnh@T<br />
<br />
* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:<br />
3ß0Cþfböw2tM,b|dnh@฿T<br />
<br />
Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])<br />
<br />
* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.<br />
<br />
Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password, sent new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!<br />
<br />
*'''The written-down password''' should be preserved in something like a bank deposit box (can be rented for a few bucks yearly) or in a fireproof safe. I you have USD 100,000 in BTC, you want to have a fireproof safe if your house has burned down. Believe me.<br />
<br />
====== Passphrases (password phrases) or mantras ======<br />
<br />
* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.<br />
<br />
* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."<br />
<br />
* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).<br />
<br />
* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.<br />
<br />
* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.<br />
<br />
===== Special Linux distributions =====<br />
<br />
To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.<br />
<br />
As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:<br />
<br />
* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.<br />
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.<br />
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.<br />
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining<br />
<br />
<br />
The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:<br />
<br />
* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].<br />
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.<br />
<br />
===== Linux =====<br />
====== Protected user account ======<br />
<br />
The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:<br />
<br />
sudo adduser <code> new_user_name </code><br />
<br />
On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.<br />
<br />
Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.<br />
<br />
The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.<br />
<br />
There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.<br />
<br />
# If the home directory is not empty, first backup it to some other medium.<br />
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)<br />
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.<br />
# The current directory change so that it is not in the home folder, eg "Cd /".<br />
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)<br />
# If it succeeds then you can press ALT + F8 to go back and log in X11.<br />
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''<br />
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.<br />
<br />
(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])<br />
<br />
====== For more information ======<br />
* [https://help.ubuntu.com/community/Security Security features on ubuntu]<br />
<br />
* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]<br />
<br />
===== Windows =====<br />
<br />
* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]<br />
<br />
* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:<br />
** [http://support.microsoft.com/kb/905056/en Windows XP]<br />
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]<br />
<br />
====Browser Security ====<br />
<br />
===== Firefox =====<br />
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).<br />
<br />
* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).<br />
* By "content" (content)<br />
** The option "Load images automatically / Load images automatically" opt out,<br />
** Also "Enable Javascript Enable / javascript" opt out.<br />
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".<br />
* In the tab "Security" in the "Passwords"<br />
** The "remember passwords / passwords save" deselect<br />
** Also "use a master password" / "master password".<br />
* Finally, in the tab "Advanced" / "Advanced" option<br />
** "Automatically check for updates" deselect<br />
** As "add-ons" and<br />
** "Search engines" / "search engines" opt out.<br />
<br />
If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.<br />
<br />
=== Protect against data loss: Backup ===<br />
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.<br />
<br />
You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.<br />
<br />
==== Where to find the Bitcoin folder ====<br />
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.<br />
<br />
===== Windows =====<br />
Click on "Start", then Run and enter this:<br />
:% APPDATA% \ Bitcoin<br />
A folder should open now, for most it would be:<br />
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)<br />
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)<br />
<br />
<!---<br />
<br />
===== Windows =====<br />
<br />
If you are using Windows XP or Windows 7, you can keep your wallet on an encrypted disk image created by third-party software, such as [http://www.truecrypt.org/ TrueCrypt] (open source) or [http: / / www.jetico.com/encryption-bestcrypt/ Jetico BestCrypt] (commercial). You can probably do the same with Windows Vista or Windows 2000.<br />
<br />
'''NOTE:''' You should configure Bitcoin in this manner only on computers where you use Bitcoin, but not do use that computer to mine. For example, this is a good configuration for a notebook or tablet computer.<br />
<br />
Assuming that you have installed the Windows client Bitcoin and run it at least once, the process is Described below.<br />
<br />
To mount the <p> Bitcoin DataDirectory on an encrypted drive </ b> </ p><br />
<ol start=1 type=1><br />
<li> use the third-party disk image encryption program of your choice to create and mount an encrypted disk image of at least 100 MB in size. </ li><br />
Locate the <li> Bitcoin data directory, and copy the directory with all contents to the encrypted drive.<br />
<p> For help finding this directory, see <b> [[# Securing_your_wallet Locating_BitCoin_s_data_directory | Locating Bitcoin's data directory]] </ b> </ p> </ li>.<br />
Create a Windows shortcut <li> that starts with the Bitcoin <code>-datadir </ code> parameter specifier and the encrypted drive and directory.<br />
<p> For example, if you Bitcoin installed in the default directory, mounted encrypted drive as your Bitcoin <code> E: \ </ code>, and stored it on your Bitcoin DataDirectory as <code> Bitcoin </ code>, you would type the following command as the shortcut target: </ p><br />
blockquote <code> C: \ Program Files \ Bitcoin \ bitcoin.exe-datadir = E: \ Bitcoin </ code> </ blockquote> </ li><br />
Open <li> Bitcoin's settings and configure it <b> NOT </ b> to start automatically when you start Windows.<br />
This is to allow <p> you to mount the encrypted disk image Bitcoin before starting Bitcoin. </ p> </ li><br />
Shut down <li> Bitcoin, and then restart it from the new shortcut. </ li><br />
</ Ol><br />
<br />
After doing this, any time you want to use Bitcoin, you must first mount the encrypted disk image Bitcoin using the same drive designation, and then run from the shortcut that you Bitcoin created so that it can find its data and your wallet. :-)<br />
<br />
--><br />
<br />
===== Linux =====<br />
Bitcoin should create a hidden folder in your home directory of the running user.<br />
~ /. Bitcoin /<br />
<br />
It should not be there, it can be possibly due<br />
Find /-name wallet.dat-print 2> / dev / null<br />
. find Or as root<br />
: Updatedb<br />
followed by<br />
: Locate wallet.dat<br />
<br />
The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).<br />
<br />
====== Individual encryption of the wallet.dat file ======<br />
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.<br />
<br />
* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.<br />
<br />
* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].<br />
<br />
* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.<br />
<br />
===== Mac ===== <br />
<br />
''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''<br />
<br />
The directory containing the Bitcoin wallet.dat is usually here:<br />
~ / Library / Application Support / Bitcoin /<br />
<br />
====== Secure all data (500 megabytes) ======<br />
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:<br />
# Disk Utility Open<br />
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.<br />
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)<br />
# A strong and secure password select<br />
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image<br />
# Create symlink to the old place, so the app can benuutzen it<br />
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin<br />
<br />
Do not forget to mount the image before using Bitcoin and unmount afterwards.<br />
<br />
====== Backup file wallet.dat purses alone (40MB ) ======<br />
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.<br />
<br />
# Disk Utility Open<br />
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.<br />
# Store in a place where you will not lose the backup.<br />
# A secure and strong password, select<br />
# The file wallet.dat move in the image<br />
# Create symlink to the old place, so the app can find and use the file<br />
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat<br />
<br />
[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]<br />
Do not forget to mount the image before using Bitcoin and unmount afterwards.<br />
<br />
<br />
'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.<br />
<br />
'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.<br />
<br />
Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]<br />
<br />
<br />
==== General solution ====<br />
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.<br />
<br />
Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.<br />
<br />
* [http://www.7-zip.org/ 7-Zip]<br />
* [http://www.axantum.com/axcrypt/ AxCrypt]<br />
* [http://www.truecrypt.org/ TrueCrypt]<br />
* [http://www.rarlab.com/ WinRar]<br />
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)<br />
<br />
==== Encryption with Smart Card ====<br />
<br />
Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:<br />
<br />
[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]<br />
<br />
[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]<br />
<br />
<br />
==== Storing the Archives ====<br />
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.<br />
<br />
<br />
=== BOTG: Bitcoin Off The Grid===<br />
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.<br />
<br />
=Securing your wallet on Ubuntu and/or Suse=<br />
For users that use a Linux system that comes with AppArmor, it is probably possible to use<br />
the MinorFs system with a procedure not unlike that described here for secure ssh without a passphrase:<br />
<br />
http://minorfs.polacanthus.net/wiki/Ssh_private_keys_without_passphrase<br />
<br />
Its a bit of a hack, but it would make it impossible for malware running under the same user id as<br />
bitcoin to gain access to the wallet. <br />
<br />
It may be worth it if someone would describe the correct procedure to secure the bitcoin wallet using MinorFs/AppArmor in a way similar to described in the above link for ssh keys without passphrases.<br />
<br />
= ‘Shred’ cannot always be assumed to be secure on modern filesystems! =<br />
<br />
I don't feel entirely comfortable with the suggested usage of the ‘shred’ command in the given Linux script. My understanding (and according to shred's manpage) is that on modern filesystems, it is ''no'' guarantee that when an application like shred asks the OS to overwrite a file, that the file will actually be physically overwritten in place on the disk. Unless there have been features implemented to allow special handling by the kernel for such security applications (I haven't investigated, so maybe there are, or maybe not), it would probably be safer to disable all system swap (i.e., with ‘swapoff’) and then store the unencrypted data on a temporary RAM disk only, then unmount the RAM disk afterwards to ensure it never gets written to disk. I've done this before, though unfortunately it's a bit of a hassle and normally requires running commands that need root privileges or sudo, etc. Comments?<br />
~ [[User:Ijel|Ijel]] 03:49, 11 February 2012 (GMT)</div>Ijelhttps://en.bitcoin.it/w/index.php?title=Talk:Securing_your_wallet&diff=23690Talk:Securing your wallet2012-02-11T03:50:59Z<p>Ijel: Whoops, the “add topic” button didn't thread properly for some reason</p>
<hr />
<div>The article is too huge. The Mac solution does not scale; the suggested sizes are too low and the maximum size is infinite. [[User:X|X]] 17:10, 8 January 2012 (GMT)<br />
<br />
This article needs a rewrite following the introduction of the Bitcoin.org client's ability to passphrase protect the keys in the wallet. Perhaps some sections also -- something like "typical consumer use" (where the client's encryption is adequate) and "commercial-grade protection" where the topics such as encryption at the filesystem is addressed. - [[User:Sgornick|Sgornick]] 10:24, 28 December 2011 (GMT) <br />
<br />
The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]<br />
<br />
Note: the backupwallet.sh script in the linux section doesn't actually work.<br />
I suspect it is caused by the wiki changing the formatting.<br />
I wrote my own version that uses much more standard shell syntax.<br />
<br />
[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)<br />
<br />
I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)<br />
<br />
The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)<br />
<br />
== Time Sensitivity ==<br />
<br />
Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)<br />
<br />
== How often is it needed to backup the Wallet? ==<br />
<br />
Is it necessary to make a backup after each transaction? This page is not clear about this.<br />
Please add this information to the page!<br />
<br />
== Creating a New Wallet ==<br />
<br />
This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)<br />
<br />
== Making a secure workspace ==<br />
<br />
For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)<br />
<br />
I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)<br />
<br />
== Flaws with argument regarding encryption ==<br />
<br />
Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:<br />
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.<br />
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.<br />
<br />
Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.<br />
<br />
Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.<br />
<br />
This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.<br />
<br />
::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.<br />
<br />
::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)<br />
<br />
====Added a new entry to backup methods====<br />
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper<br />
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)<br />
<br />
== Unsecure suggestion for passwords ==<br />
<br />
Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must<br />
also be safe in the future when it comes to wallet storing.<br />
This is definitely not given with this system. It might be true, that<br />
with today's brute-force tools, the "d0g..........." pw is safer than<br />
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)<br />
there will be new tools, that will find out, what kind of simplifiers<br />
are often used by humans and will combine brutforce with simplifiers<br />
and thus come to "d0g............" very quickly!<br />
<br />
== Section 4.2 ==<br />
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.<br />
<br />
== Back-Translation of German Version ==<br />
<br />
Hi,<br />
<br />
I have translated the page to the German Version, expanded it by several points and concepts which seem important to me - namely, a disticion between data confidentality, system integrity and the notion of technical compromise, and adapted the ordering according to these concepts. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)<br />
<br />
<br />
----<br />
<br />
=== Introduction ===<br />
The security of the wallet can be divided into two separate objectives:<br />
<br />
1. Safeguard against loss<br />
<br />
2. Secure against theft<br />
<br />
In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):<br />
<br />
3. New, create a mew secure wallet (with a reasonably long password)<br />
<br />
=== Technical background ===<br />
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.<br />
<br />
The safety of deposits in Bitcoin depends on three conditions:<br />
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use<br />
# The '''integrity''' of the software on the system used.<br />
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk<br />
<br />
The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins are stolen. A computer on which '''malware''' in the form of some trojan is installed or which runs any virus, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.<br />
<br />
A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.<br />
<br />
=== Securing the confidentiality and integrity of the Wallet and Software ===<br />
<br />
==== Creating a New Wallet ====<br />
<br />
In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.<br />
<br />
Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.<br />
<br />
==== Creating a safe and secure work space ====<br />
<br />
Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.<br />
<br />
===== Digression: Secure Passwords =====<br />
<br />
====== Passwords ======<br />
A proven method for producing safe, but still learnable passwords goes as follows:<br />
<br />
* Make up a nonsense phrase like<br />
"Thirty crows fly backwards to the moon, but they do not have a ticket."<br />
The more bizarre the sentence, the better you remember it.<br />
<br />
* The first letters and numbers are used for the password:<br />
30CfbwttM,btdnhaT<br />
<br />
* Now we get creative and replace a few characters, eg "A" looks like but like "4":<br />
30Cfbw2tM,b|dnh@T<br />
<br />
* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:<br />
3ß0Cþfböw2tM,b|dnh@฿T<br />
<br />
Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])<br />
<br />
* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.<br />
<br />
Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password, sent new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!<br />
<br />
*'''The written-down password''' should be preserved in something like a bank deposit box (can be rented for a few bucks yearly) or in a fireproof safe. I you have USD 100,000 in BTC, you want to have a fireproof safe if your house has burned down. Believe me.<br />
<br />
====== Passphrases (password phrases) or mantras ======<br />
<br />
* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.<br />
<br />
* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."<br />
<br />
* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).<br />
<br />
* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.<br />
<br />
* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.<br />
<br />
===== Special Linux distributions =====<br />
<br />
To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.<br />
<br />
As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:<br />
<br />
* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.<br />
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.<br />
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.<br />
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining<br />
<br />
<br />
The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:<br />
<br />
* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].<br />
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.<br />
<br />
===== Linux =====<br />
====== Protected user account ======<br />
<br />
The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:<br />
<br />
sudo adduser <code> new_user_name </ code><br />
<br />
On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.<br />
<br />
Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.<br />
<br />
The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.<br />
<br />
There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.<br />
<br />
# If the home directory is not empty, first backup it to some other medium.<br />
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)<br />
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.<br />
# The current directory change so that it is not in the home folder, eg "Cd /".<br />
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)<br />
# If it succeeds then you can press ALT + F8 to go back and log in X11.<br />
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''<br />
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.<br />
<br />
(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])<br />
<br />
====== For more information ======<br />
* [https://help.ubuntu.com/community/Security Security features on ubuntu]<br />
<br />
* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]<br />
<br />
===== Windows =====<br />
<br />
* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]<br />
<br />
* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:<br />
** [http://support.microsoft.com/kb/905056/en Windows XP]<br />
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]<br />
<br />
====Browser Security ====<br />
<br />
===== Firefox =====<br />
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).<br />
<br />
* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).<br />
* By "content" (content)<br />
** The option "Load images automatically / Load images automatically" opt out,<br />
** Also "Enable Javascript Enable / javascript" opt out.<br />
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".<br />
* In the tab "Security" in the "Passwords"<br />
** The "remember passwords / passwords save" deselect<br />
** Also "use a master password" / "master password".<br />
* Finally, in the tab "Advanced" / "Advanced" option<br />
** "Automatically check for updates" deselect<br />
** As "add-ons" and<br />
** "Search engines" / "search engines" opt out.<br />
<br />
If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.<br />
<br />
=== Protect against data loss: Backup ===<br />
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.<br />
<br />
You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.<br />
<br />
==== Where to find the Bitcoin folder ====<br />
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.<br />
<br />
===== Windows =====<br />
Click on "Start", then Run and enter this:<br />
:% APPDATA% \ Bitcoin<br />
A folder should open now, for most it would be:<br />
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)<br />
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)<br />
<br />
<!---<br />
<br />
===== Windows =====<br />
<br />
If you are using Windows XP or Windows 7, you can keep your wallet on an encrypted disk image created by third-party software, such as [http://www.truecrypt.org/ TrueCrypt] (open source) or [http: / / www.jetico.com/encryption-bestcrypt/ Jetico BestCrypt] (commercial). You can probably do the same with Windows Vista or Windows 2000.<br />
<br />
'''NOTE:''' You should configure Bitcoin in this manner only on computers where you use Bitcoin, but not do use that computer to mine. For example, this is a good configuration for a notebook or tablet computer.<br />
<br />
Assuming that you have installed the Windows client Bitcoin and run it at least once, the process is Described below.<br />
<br />
To mount the <p> Bitcoin DataDirectory on an encrypted drive </ b> </ p><br />
<ol start=1 type=1><br />
<li> use the third-party disk image encryption program of your choice to create and mount an encrypted disk image of at least 100 MB in size. </ li><br />
Locate the <li> Bitcoin data directory, and copy the directory with all contents to the encrypted drive.<br />
<p> For help finding this directory, see <b> [[# Securing_your_wallet Locating_BitCoin_s_data_directory | Locating Bitcoin's data directory]] </ b> </ p> </ li>.<br />
Create a Windows shortcut <li> that starts with the Bitcoin <code>-datadir </ code> parameter specifier and the encrypted drive and directory.<br />
<p> For example, if you Bitcoin installed in the default directory, mounted encrypted drive as your Bitcoin <code> E: \ </ code>, and stored it on your Bitcoin DataDirectory as <code> Bitcoin </ code>, you would type the following command as the shortcut target: </ p><br />
blockquote <code> C: \ Program Files \ Bitcoin \ bitcoin.exe-datadir = E: \ Bitcoin </ code> </ blockquote> </ li><br />
Open <li> Bitcoin's settings and configure it <b> NOT </ b> to start automatically when you start Windows.<br />
This is to allow <p> you to mount the encrypted disk image Bitcoin before starting Bitcoin. </ p> </ li><br />
Shut down <li> Bitcoin, and then restart it from the new shortcut. </ li><br />
</ Ol><br />
<br />
After doing this, any time you want to use Bitcoin, you must first mount the encrypted disk image Bitcoin using the same drive designation, and then run from the shortcut that you Bitcoin created so that it can find its data and your wallet. :-)<br />
<br />
--><br />
<br />
===== Linux =====<br />
Bitcoin should create a hidden folder in your home directory of the running user.<br />
~ /. Bitcoin /<br />
<br />
It should not be there, it can be possibly due<br />
Find /-name wallet.dat-print 2> / dev / null<br />
. find Or as root<br />
: Updatedb<br />
followed by<br />
: Locate wallet.dat<br />
<br />
The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).<br />
<br />
====== Individual encryption of the wallet.dat file ======<br />
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.<br />
<br />
* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.<br />
<br />
* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].<br />
<br />
* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.<br />
<br />
===== Mac ===== <br />
<br />
''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''<br />
<br />
The directory containing the Bitcoin wallet.dat is usually here:<br />
~ / Library / Application Support / Bitcoin /<br />
<br />
====== Secure all data (500 megabytes) ======<br />
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:<br />
# Disk Utility Open<br />
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.<br />
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)<br />
# A strong and secure password select<br />
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image<br />
# Create symlink to the old place, so the app can benuutzen it<br />
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin<br />
<br />
Do not forget to mount the image before using Bitcoin and unmount afterwards.<br />
<br />
====== Backup file wallet.dat purses alone (40MB ) ======<br />
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.<br />
<br />
# Disk Utility Open<br />
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.<br />
# Store in a place where you will not lose the backup.<br />
# A secure and strong password, select<br />
# The file wallet.dat move in the image<br />
# Create symlink to the old place, so the app can find and use the file<br />
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat<br />
<br />
[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]<br />
Do not forget to mount the image before using Bitcoin and unmount afterwards.<br />
<br />
<br />
'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.<br />
<br />
'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.<br />
<br />
Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]<br />
<br />
<br />
==== General solution ====<br />
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.<br />
<br />
Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.<br />
<br />
* [http://www.7-zip.org/ 7-Zip]<br />
* [http://www.axantum.com/axcrypt/ AxCrypt]<br />
* [http://www.truecrypt.org/ TrueCrypt]<br />
* [http://www.rarlab.com/ WinRar]<br />
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)<br />
<br />
==== Encryption with Smart Card ====<br />
<br />
Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:<br />
<br />
[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]<br />
<br />
[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]<br />
<br />
<br />
==== Storing the Archives ====<br />
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.<br />
<br />
<br />
=== BOTG: Bitcoin Off The Grid===<br />
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.<br />
<br />
=Securing your wallet on Ubuntu and/or Suse=<br />
For users that use a Linux system that comes with AppArmor, it is probably possible to use<br />
the MinorFs system with a procedure not unlike that described here for secure ssh without a passphrase:<br />
<br />
http://minorfs.polacanthus.net/wiki/Ssh_private_keys_without_passphrase<br />
<br />
Its a bit of a hack, but it would make it impossible for malware running under the same user id as<br />
bitcoin to gain access to the wallet. <br />
<br />
It may be worth it if someone would describe the correct procedure to secure the bitcoin wallet using MinorFs/AppArmor in a way similar to described in the above link for ssh keys without passphrases.<br />
<br />
= ‘Shred’ cannot always be assumed to be secure on modern filesystems! =<br />
<br />
I don't feel entirely comfortable with the suggested usage of the ‘shred’ command in the given Linux script. My understanding (and according to shred's manpage) is that on modern filesystems, it is ''no'' guarantee that when an application like shred asks the OS to overwrite a file, that the file will actually be physically overwritten in place on the disk. Unless there have been features implemented to allow special handling by the kernel for such security applications (I haven't investigated, so maybe there are, or maybe not), it would probably be safer to disable all system swap (i.e., with ‘swapoff’) and then store the unencrypted data on a temporary RAM disk only, then unmount the RAM disk afterwards to ensure it never gets written to disk. I've done this before, though unfortunately it's a bit of a hassle and normally requires running commands that need root privileges or sudo, etc. Comments?<br />
~ [[User:Ijel|Ijel]] 03:49, 11 February 2012 (GMT)</div>Ijelhttps://en.bitcoin.it/w/index.php?title=Talk:Securing_your_wallet&diff=23689Talk:Securing your wallet2012-02-11T03:49:21Z<p>Ijel: /* ‘Shred’ cannot always be assumed to be secure on modern filesystems! */ new section</p>
<hr />
<div>The article is too huge. The Mac solution does not scale; the suggested sizes are too low and the maximum size is infinite. [[User:X|X]] 17:10, 8 January 2012 (GMT)<br />
<br />
This article needs a rewrite following the introduction of the Bitcoin.org client's ability to passphrase protect the keys in the wallet. Perhaps some sections also -- something like "typical consumer use" (where the client's encryption is adequate) and "commercial-grade protection" where the topics such as encryption at the filesystem is addressed. - [[User:Sgornick|Sgornick]] 10:24, 28 December 2011 (GMT) <br />
<br />
The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]<br />
<br />
Note: the backupwallet.sh script in the linux section doesn't actually work.<br />
I suspect it is caused by the wiki changing the formatting.<br />
I wrote my own version that uses much more standard shell syntax.<br />
<br />
[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)<br />
<br />
I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)<br />
<br />
The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)<br />
<br />
== Time Sensitivity ==<br />
<br />
Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)<br />
<br />
== How often is it needed to backup the Wallet? ==<br />
<br />
Is it necessary to make a backup after each transaction? This page is not clear about this.<br />
Please add this information to the page!<br />
<br />
== Creating a New Wallet ==<br />
<br />
This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)<br />
<br />
== Making a secure workspace ==<br />
<br />
For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)<br />
<br />
I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)<br />
<br />
== Flaws with argument regarding encryption ==<br />
<br />
Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:<br />
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.<br />
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.<br />
<br />
Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.<br />
<br />
Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.<br />
<br />
This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.<br />
<br />
::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.<br />
<br />
::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)<br />
<br />
====Added a new entry to backup methods====<br />
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper<br />
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)<br />
<br />
== Unsecure suggestion for passwords ==<br />
<br />
Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must<br />
also be safe in the future when it comes to wallet storing.<br />
This is definitely not given with this system. It might be true, that<br />
with today's brute-force tools, the "d0g..........." pw is safer than<br />
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)<br />
there will be new tools, that will find out, what kind of simplifiers<br />
are often used by humans and will combine brutforce with simplifiers<br />
and thus come to "d0g............" very quickly!<br />
<br />
== Section 4.2 ==<br />
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.<br />
<br />
== Back-Translation of German Version ==<br />
<br />
Hi,<br />
<br />
I have translated the page to the German Version, expanded it by several points and concepts which seem important to me - namely, a disticion between data confidentality, system integrity and the notion of technical compromise, and adapted the ordering according to these concepts. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)<br />
<br />
<br />
----<br />
<br />
=== Introduction ===<br />
The security of the wallet can be divided into two separate objectives:<br />
<br />
1. Safeguard against loss<br />
<br />
2. Secure against theft<br />
<br />
In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):<br />
<br />
3. New, create a mew secure wallet (with a reasonably long password)<br />
<br />
=== Technical background ===<br />
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.<br />
<br />
The safety of deposits in Bitcoin depends on three conditions:<br />
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use<br />
# The '''integrity''' of the software on the system used.<br />
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk<br />
<br />
The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins are stolen. A computer on which '''malware''' in the form of some trojan is installed or which runs any virus, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.<br />
<br />
A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.<br />
<br />
=== Securing the confidentiality and integrity of the Wallet and Software ===<br />
<br />
==== Creating a New Wallet ====<br />
<br />
In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.<br />
<br />
Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.<br />
<br />
==== Creating a safe and secure work space ====<br />
<br />
Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.<br />
<br />
===== Digression: Secure Passwords =====<br />
<br />
====== Passwords ======<br />
A proven method for producing safe, but still learnable passwords goes as follows:<br />
<br />
* Make up a nonsense phrase like<br />
"Thirty crows fly backwards to the moon, but they do not have a ticket."<br />
The more bizarre the sentence, the better you remember it.<br />
<br />
* The first letters and numbers are used for the password:<br />
30CfbwttM,btdnhaT<br />
<br />
* Now we get creative and replace a few characters, eg "A" looks like but like "4":<br />
30Cfbw2tM,b|dnh@T<br />
<br />
* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:<br />
3ß0Cþfböw2tM,b|dnh@฿T<br />
<br />
Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])<br />
<br />
* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.<br />
<br />
Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password, sent new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!<br />
<br />
*'''The written-down password''' should be preserved in something like a bank deposit box (can be rented for a few bucks yearly) or in a fireproof safe. I you have USD 100,000 in BTC, you want to have a fireproof safe if your house has burned down. Believe me.<br />
<br />
====== Passphrases (password phrases) or mantras ======<br />
<br />
* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.<br />
<br />
* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."<br />
<br />
* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).<br />
<br />
* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.<br />
<br />
* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.<br />
<br />
===== Special Linux distributions =====<br />
<br />
To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.<br />
<br />
As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:<br />
<br />
* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.<br />
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.<br />
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.<br />
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining<br />
<br />
<br />
The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:<br />
<br />
* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].<br />
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.<br />
<br />
===== Linux =====<br />
====== Protected user account ======<br />
<br />
The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:<br />
<br />
sudo adduser <code> new_user_name </ code><br />
<br />
On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.<br />
<br />
Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.<br />
<br />
The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.<br />
<br />
There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.<br />
<br />
# If the home directory is not empty, first backup it to some other medium.<br />
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)<br />
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.<br />
# The current directory change so that it is not in the home folder, eg "Cd /".<br />
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)<br />
# If it succeeds then you can press ALT + F8 to go back and log in X11.<br />
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''<br />
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.<br />
<br />
(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])<br />
<br />
====== For more information ======<br />
* [https://help.ubuntu.com/community/Security Security features on ubuntu]<br />
<br />
* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]<br />
<br />
===== Windows =====<br />
<br />
* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]<br />
<br />
* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:<br />
** [http://support.microsoft.com/kb/905056/en Windows XP]<br />
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]<br />
<br />
====Browser Security ====<br />
<br />
===== Firefox =====<br />
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).<br />
<br />
* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).<br />
* By "content" (content)<br />
** The option "Load images automatically / Load images automatically" opt out,<br />
** Also "Enable Javascript Enable / javascript" opt out.<br />
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".<br />
* In the tab "Security" in the "Passwords"<br />
** The "remember passwords / passwords save" deselect<br />
** Also "use a master password" / "master password".<br />
* Finally, in the tab "Advanced" / "Advanced" option<br />
** "Automatically check for updates" deselect<br />
** As "add-ons" and<br />
** "Search engines" / "search engines" opt out.<br />
<br />
If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.<br />
<br />
=== Protect against data loss: Backup ===<br />
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.<br />
<br />
You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.<br />
<br />
==== Where to find the Bitcoin folder ====<br />
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.<br />
<br />
===== Windows =====<br />
Click on "Start", then Run and enter this:<br />
:% APPDATA% \ Bitcoin<br />
A folder should open now, for most it would be:<br />
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)<br />
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)<br />
<br />
<!---<br />
<br />
===== Windows =====<br />
<br />
If you are using Windows XP or Windows 7, you can keep your wallet on an encrypted disk image created by third-party software, such as [http://www.truecrypt.org/ TrueCrypt] (open source) or [http: / / www.jetico.com/encryption-bestcrypt/ Jetico BestCrypt] (commercial). You can probably do the same with Windows Vista or Windows 2000.<br />
<br />
'''NOTE:''' You should configure Bitcoin in this manner only on computers where you use Bitcoin, but not do use that computer to mine. For example, this is a good configuration for a notebook or tablet computer.<br />
<br />
Assuming that you have installed the Windows client Bitcoin and run it at least once, the process is Described below.<br />
<br />
To mount the <p> Bitcoin DataDirectory on an encrypted drive </ b> </ p><br />
<ol start=1 type=1><br />
<li> use the third-party disk image encryption program of your choice to create and mount an encrypted disk image of at least 100 MB in size. </ li><br />
Locate the <li> Bitcoin data directory, and copy the directory with all contents to the encrypted drive.<br />
<p> For help finding this directory, see <b> [[# Securing_your_wallet Locating_BitCoin_s_data_directory | Locating Bitcoin's data directory]] </ b> </ p> </ li>.<br />
Create a Windows shortcut <li> that starts with the Bitcoin <code>-datadir </ code> parameter specifier and the encrypted drive and directory.<br />
<p> For example, if you Bitcoin installed in the default directory, mounted encrypted drive as your Bitcoin <code> E: \ </ code>, and stored it on your Bitcoin DataDirectory as <code> Bitcoin </ code>, you would type the following command as the shortcut target: </ p><br />
blockquote <code> C: \ Program Files \ Bitcoin \ bitcoin.exe-datadir = E: \ Bitcoin </ code> </ blockquote> </ li><br />
Open <li> Bitcoin's settings and configure it <b> NOT </ b> to start automatically when you start Windows.<br />
This is to allow <p> you to mount the encrypted disk image Bitcoin before starting Bitcoin. </ p> </ li><br />
Shut down <li> Bitcoin, and then restart it from the new shortcut. </ li><br />
</ Ol><br />
<br />
After doing this, any time you want to use Bitcoin, you must first mount the encrypted disk image Bitcoin using the same drive designation, and then run from the shortcut that you Bitcoin created so that it can find its data and your wallet. :-)<br />
<br />
--><br />
<br />
===== Linux =====<br />
Bitcoin should create a hidden folder in your home directory of the running user.<br />
~ /. Bitcoin /<br />
<br />
It should not be there, it can be possibly due<br />
Find /-name wallet.dat-print 2> / dev / null<br />
. find Or as root<br />
: Updatedb<br />
followed by<br />
: Locate wallet.dat<br />
<br />
The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).<br />
<br />
====== Individual encryption of the wallet.dat file ======<br />
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.<br />
<br />
* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.<br />
<br />
* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].<br />
<br />
* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.<br />
<br />
===== Mac ===== <br />
<br />
''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''<br />
<br />
The directory containing the Bitcoin wallet.dat is usually here:<br />
~ / Library / Application Support / Bitcoin /<br />
<br />
====== Secure all data (500 megabytes) ======<br />
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:<br />
# Disk Utility Open<br />
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.<br />
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)<br />
# A strong and secure password select<br />
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image<br />
# Create symlink to the old place, so the app can benuutzen it<br />
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin<br />
<br />
Do not forget to mount the image before using Bitcoin and unmount afterwards.<br />
<br />
====== Backup file wallet.dat purses alone (40MB ) ======<br />
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.<br />
<br />
# Disk Utility Open<br />
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.<br />
# Store in a place where you will not lose the backup.<br />
# A secure and strong password, select<br />
# The file wallet.dat move in the image<br />
# Create symlink to the old place, so the app can find and use the file<br />
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat<br />
<br />
[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]<br />
Do not forget to mount the image before using Bitcoin and unmount afterwards.<br />
<br />
<br />
'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.<br />
<br />
'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.<br />
<br />
Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]<br />
<br />
<br />
==== General solution ====<br />
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.<br />
<br />
Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.<br />
<br />
* [http://www.7-zip.org/ 7-Zip]<br />
* [http://www.axantum.com/axcrypt/ AxCrypt]<br />
* [http://www.truecrypt.org/ TrueCrypt]<br />
* [http://www.rarlab.com/ WinRar]<br />
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)<br />
<br />
==== Encryption with Smart Card ====<br />
<br />
Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:<br />
<br />
[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]<br />
<br />
[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]<br />
<br />
<br />
==== Storing the Archives ====<br />
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.<br />
<br />
<br />
=== BOTG: Bitcoin Off The Grid===<br />
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.<br />
<br />
=Securing your wallet on Ubuntu and/or Suse=<br />
For users that use a Linux system that comes with AppArmor, it is probably possible to use<br />
the MinorFs system with a procedure not unlike that described here for secure ssh without a passphrase:<br />
<br />
http://minorfs.polacanthus.net/wiki/Ssh_private_keys_without_passphrase<br />
<br />
Its a bit of a hack, but it would make it impossible for malware running under the same user id as<br />
bitcoin to gain access to the wallet. <br />
<br />
It may be worth it if someone would describe the correct procedure to secure the bitcoin wallet using MinorFs/AppArmor in a way similar to described in the above link for ssh keys without passphrases.<br />
<br />
== ‘Shred’ cannot always be assumed to be secure on modern filesystems! ==<br />
<br />
I don't feel entirely comfortable with the suggested usage of the ‘shred’ command in the given Linux script. My understanding (and according to shred's manpage) is that on modern filesystems, it is ''no'' guarantee that when an application like shred asks the OS to overwrite a file, that the file will actually be physically overwritten in place on the disk. Unless there have been features implemented to allow special handling by the kernel for such security applications (I haven't investigated, so maybe there are, or maybe not), it would probably be safer to disable all system swap (i.e., with ‘swapoff’) and then store the unencrypted data on a temporary RAM disk only, then unmount the RAM disk afterwards to ensure it never gets written to disk. I've done this before, though unfortunately it's a bit of a hassle and normally requires running commands that need root privileges or sudo, etc. Comments?<br />
~ [[User:Ijel|Ijel]] 03:49, 11 February 2012 (GMT)</div>Ijelhttps://en.bitcoin.it/w/index.php?title=Weaknesses&diff=23688Weaknesses2012-02-11T02:40:25Z<p>Ijel: Update some broken forum links</p>
<hr />
<div>== Might be a problem ==<br />
=== Wallet Vulnerable To Theft ===<br />
<br />
The [[wallet]] is stored unencrypted, by default, and thus becomes a valuable target for theft. Recent releases of the Bitcoin client now supports encryption to protect the wallet data, though the user must opt-in.<br />
<br />
=== Tracing a coin's history ===<br />
Tracing a coin's history can be used to connect identities to addresses. [[Anonymity|More info]].<br />
<br />
=== Cancer nodes ===<br />
It's trivial for an attacker to fill the network with clients controlled by him. This might be helpful in the execution of other attacks.<br />
<br />
For example, an attacker might connect 100,000 IP addresses to the IRC bootstrap channel. You would then be very likely to connect only to attacker nodes. This state can be exploited in (at least) the following ways:<br />
* The attacker can refuse to relay blocks and transactions from everyone, disconnecting you from the network.<br />
* The attacker can relay only blocks that he creates, putting you on a separate network. You're then open to double-spending attacks.<br />
* If you rely on transactions with 0 confirmations, the attacker can just filter out certain transactions to execute a double-spending attack.<br />
* Low-latency encryption/anonymization of Bitcoin's transmissions (With Tor, JAP, etc.) can be defeated relatively easy with a timing attack if you're connected to several of the attacker's nodes and the attacker is watching your transmissions at your ISP.<br />
<br />
Bitcoin makes these attacks more difficult by only making an outbound connection to one IP address per /16 (x.y.0.0). Incoming connections are unlimited and unregulated, but this is generally only a problem in the anonymity case, where you're probably already unable to accept incoming connections.<br />
<br />
Looking for suspiciously low network hash-rates may help prevent the second one.<br />
<br />
=== No authentication for IP transfers ===<br />
Since there's no authentication when sending to an [[IP address]] (as opposed to a [[Address|Bitcoin address]]), executing a man-in-the-middle attack and stealing the sent BitCoins is trivial. This attack is downright ''likely'' if you're using Tor.<br />
<br />
=== Packet sniffing ===<br />
Someone who can see all of your Internet traffic can easily see when you send a transaction that you didn't receive (which means that it's yours). This would be made more difficult (but not impossible) if node-to-node encryption was used.<br />
<br />
=== Denial of Service (DoS) attacks ===<br />
Sending lots of data to a node may make it so busy it cannot process normal bitcoin transactions. Bitcoin has some denial-of-service prevention built-in (it will drop connections to peers that send it too much data too quickly), but is likely still vulnerable to more sophisticated denial-of-service attacks.<br />
<br />
=== Forcing clock drift against a target node ===<br />
<br />
See [http://culubas.blogspot.com/2011/05/timejacking-bitcoin_802.html Timejacking] for a description of this attack. It can be fixed by changing how nodes calculate the current time.<br />
<br />
=== Illegal content in the block chain ===<br />
It is illegal in some countries to possess/distribute certain kinds of data. Since arbitrary data can be included in Bitcoin transactions, and clients must normally have a copy of all unspent transactions, this could cause legal problems.<br />
<br />
Unspent transactions can be safely forgotten if more than half of all users are forgetting those transactions. If a miner neglects to forget an unspent transaction and is in the minority, its blocks will be rejected by the majority if those transactions are subsequently spent. Probably users will not want to coordinate enough to forget illegal transactions, as it would require a high degree of centralization. Miners can safely refuse to accept illegal transactions, which may be enough to avoid legal problems, but this is basically impractical due to illegal content being extremely complex to detect.<br />
<br />
Transaction data can also be deleted with minimal risk if it can be proven that data will never be used. For example, if the standard template for a tx output is used, the only place you can put arbitrary data is the pubkey hash. If you set this to, say, English text or part of a JPEG, that tx output can be deleted because the chances of anyone finding a public key that hashes to that specific bit of meaningful data is very remote. However, someone could still encrypt the data so miners cannot detect it, and this carries the same liability for miners who neglect to drop it.<br />
<br />
== Probably not a problem ==<br />
<br />
===Breaking the cryptography===<br />
SHA-256 and ECDSA are considered very strong currently, but they might be broken in the far future. If that happens, BitCoin can shift to a stronger algorithm. [https://bitcointalk.org/index.php?topic=191.msg1585#msg1585 More info].<br />
<br />
===Scalability===<br />
BitCoin can easily scale beyond the level of traffic VISA sees globally today. See the discussion on the [[scalability]] page for more information.<br />
<br />
===Segmentation===<br />
If there is even a "trickle" of a connection between two sides of a segmented network, things should still work perfectly. When block chains are combined, all of the non-generation transactions in the shorter chain are re-added to the transaction pool -- they'll start over at 0/unconfirmed, but they'll still be valid. No mature transactions will be lost unless the segmentation persists for longer than ~120 blocks. Then generations will start to mature, and any transactions based on those generations will become invalid when recombined with the longer chain. [https://bitcointalk.org/index.php?topic=241.msg2071#msg2071 More info].<br />
<br />
=== Attacking all users ===<br />
The IP addresses of most users are totally public. You can use Tor to hide this, but the network won't work if everyone does this. BitCoin requires that ''some'' country is still free.<br />
<br />
=== Dropping transactions ===<br />
Nodes that generate blocks can choose not to include a transaction in their blocks. When this happens, the transaction remains "active" and can be included in a later block. Two things discourage this:<br />
* Nodes only hash a fixed-size ''header'', so there is no speed advantage to dropping transactions.<br />
* [[Satoshi]] has [https://bitcointalk.org/index.php?topic=165.msg1595#msg1595 communicated] that he will write code to stop this kind of thing if it becomes a problem.<br />
<br />
=== Attacker has a lot of computing power ===<br />
An attacker that controls more than 50% of the network's computing power can, for the time that he is in control, exclude and modify the ordering of transactions. This allows him to:<br />
* Reverse transactions that he sends while he's in control<br />
* Prevent some or all transactions from gaining any confirmations<br />
* Prevent some or all other miners from mining any valid blocks<br />
The attacker ''can't'':<br />
* Reverse other people's transactions<br />
* Prevent transactions from being sent at all (they'll show as 0/unconfirmed)<br />
* Change the number of coins generated per block<br />
* Create coins out of thin air<br />
* Send coins that never belonged to him<br />
<br />
It's much more difficult to change historical blocks, and it becomes exponentially more difficult the further back you go. As above, changing historical blocks only allows you to exclude and change the ordering of transactions. It's impossible to change blocks created before the last checkpoint.<br />
<br />
Since this attack doesn't permit all that much power over the network, it is expected that no one will attempt it. A profit-seeking person will always gain more by just following the rules, and even someone trying to destroy the system will probably find other attacks more attractive. However, if this attack is successfully executed, it will be difficult or impossible to "untangle" the mess created -- any changes the attacker makes might become permanent.<br />
<br />
=== Spamming transactions ===<br />
<br />
It is easy to send transactions to yourself repeatedly. If these transactions fill blocks to the maximum size (1MB), other transactions would be delayed until the next block.<br />
<br />
This is made expensive by the [[transaction fee|fees]] that would be required after the 50KB of free transactions per block are exhausted. An attacker will eventually eliminate free transactions, but Bitcoin fees will always be low because raising fees above 0.01 BTC per KB would require spending transaction fees. An attacker will eventually run out of money. Even if an attacker wants to waste money, transactions are further prioritized by the time since the coins were last spent, so attacks spending the same coins repeatedly are less effective.<br />
<br />
=== The "Finney" attack ===<br />
Named for Hal Finney, who first described this variation of a double-spend attack involving accepting [http://www.bitcointalk.org/index.php?topic=3441.msg48384#msg48384 0-confirmation transactions]. Accepting 0-confirmation large-value transactions is problematic; accepting them for low-value transactions (after waiting several seconds to detect an ordinary double-spend attempt) is probably safe.<br />
<br />
===Rival/malicious client code===<br />
Any rival client must follow Bitcoin's rules or else all current BitCoin clients will ignore it. You'd have to actually get people to ''use'' your client. A better client that pretends to follow the same rules, but with an exception known only to the author (possibly by making it closed source), might conceivably be able to gain widespread adoption. At that point, its author could use his exception and go largely unnoticed.<br />
<br />
== Definitely not a problem ==<br />
<br />
===Coin destruction===<br />
Bitcoin has 2.1 quadrillion raw units, making up 8 decimals of BTC precision, so the entire network could potentially operate on much less than the full quantity of Bitcoins. If deflation gets to the point where transactions of more than 10 BTC are unheard of, clients can just switch to another unit so that, for example, it shows 10 mBTC rather than 0.01 BTC.<br />
<br />
The maximum number of raw units might not be enough if the ''entire world'' starts using BTC, but it would not be too difficult to increase precision in that case. The transaction format and version number would be scheduled to change at some particular block number after a year or two, and everyone would have to update by then.<br />
<br />
===Generating tons of addresses===<br />
Generating an address doesn't touch the network at all. You'd only be wasting your CPU resources and disk space.<br />
<br />
Also, a collision is highly unlikely.<br />
<br />
Keys are 256 bit in length and are hashed in a 160 bit address.(2^160th power)<br />
Divide it by the world population and you have about 215,000,000,000,000,000,000,000,000,000,000,000,000 addresses per capita.(2.15 x 10^38)[http://www.wolframalpha.com/input/?i=2^160+%2F+world+population]<br />
<br />
===Everyone calculates at the same rate===<br />
If everyone began with identical blocks and started their nonce at 1 and incremented, the fastest machine would always win. However, each block contains a new, random public key known only to you in the list of transactions. The 256-bit "Merkle tree" hash of this is part of the block header.<br />
<br />
So everyone begins with slightly different blocks and everyone truly has a random chance of winning (modified by CPU power).<br />
<br />
===Generate "valid" blocks with a lower difficulty than normal===<br />
Using unmodified Bitcoin code, an attacker could segment himself from the main network and generate a long block chain with a lower difficulty than the real network. These blocks would be totally valid for his network. However, it would be impossible to combine the two networks (and the "false" chain would be destroyed in the process).<br />
<br />
* Even though your network's difficulty can be less than the real difficulty, this doesn't give you any advantage over the real network. You'll gain ground when the real network is taking more than 10 minutes to generate a block, but you'll lose ground when the network takes less than 10 minutes.<br />
* Every few releases of Bitcoin, a recent block hash is hardcoded into the source code. Any blocks before that point can't be changed. An attacker starting at that point would have to reduce the difficulty, but this would require him to generate blocks at a much slower rate than once per 10 minutes. By the time he finally gets to a difficulty of 1, a new version of Bitcoin with an updated hardcoded block will probably have been released.<br />
* "Block chain length" is calculated from the combined difficulty of all the blocks, not just the number of blocks in the chain. The one that represents the most CPU usage will win.<br />
<br />
[[Category:Technical]]</div>Ijelhttps://en.bitcoin.it/w/index.php?title=Help:Introduction&diff=23686Help:Introduction2012-02-11T02:34:32Z<p>Ijel: General copyediting</p>
<hr />
<div>The purpose of this page is to provide a general overview of the Bitcoin system and economy.<br />
<br />
==Basic Concepts==<br />
<br />
===Currency===<br />
<br />
Alice is far away from Bob and wants to buy his [http://www.grasshillalpacas.com/alpacaproductsforbitcoinoffer.html Alpaca socks]. In return, she wants to send him a dollar. A dollar bill is a piece of paper which is very easy to create (by those who can), but which is accepted by people in exchange for valuable products and services in the real world, such as the socks Alice wants to buy. One simple thing Alice can do is put a dollar bill in an envelope, mail it to Bob, and then wait for Bob to send the socks to her.<br />
<br />
===Banks===<br />
<br />
Another thing Alice can do is to "wire" the money to Bob. She can do that by first giving her dollar bills to an institution called a bank, the job of which is to safe-keep Alice's dollar bills and, in return, to give Alice a written promise (called a "bank statement") that, whenever she wishes, she can come to the bank to take back the same number of dollar bills that she deposited. Since the money is still Alice's, she is entitled to do with it whatever she pleases, and the bank (like most banks), for a small fee, will do Alice the service of "giving" the dollar bills to Bob instead of her. This could be done by sending a person to Bob's door, with Alice's dollar bills in hand but usually it is done by Alice's bank by giving the dollar bills to Bob's bank and informing them that the money is for Bob, who will then see the amount in his next statement, or, if he is in a hurry, the next time he contacts his bank asking about how much money they have for him.<br />
<br />
Since banks have many customers, and bank employees require money for doing the job of talking to people and signing documents, banks in recent times have been using machines such as ATMs and web servers that do the job of interacting with customers instead of paid bank employees. The job of these machines is to learn what each customer wants to do with his money and, to the extent that it is possible, act on what the customer wants (for example, ATMs can hand cash). The people can always know how much money they have in their accounts, and they are confident that the numbers they see in their bank statements and on their computer screens accurately reflect the number of dollars that they can get from the bank on demand. They can be so sure of this that they can accept those numbers in the same way they accept paper dollars (this is similar to the way people started accepting paper dollars when they had been accepting gold or silver).<br />
<br />
Such a system has several disadvantages:<br />
* It is costly. EFTs in Europe can cost 25 euros. Credit transactions can cost several percent of the transaction.<br />
* It is slow. Checking services take days to complete.<br />
* In most cases, it cannot be anonymous.<br />
* Accounts can be frozen. <br />
* Banks and other payment processors like PayPal, Visa, and Mastercard can and sometimes do refuse to process payments for legal entities. <br />
<br />
<br />
Bitcoin is a system of owning and voluntarily transferring amounts of so-called ''bitcoins'', in a manner similar to an on-line banking interface, but anonymously and without reliance on a central authority to maintain account balances. These bitcoins are valuable because they are useful and limited in supply.<br />
<br />
==Bitcoin Basics==<br />
<br />
===Creation of coins===<br />
The creation of coins must be limited for the currency to have any value. <br />
<br />
New coins are slowly [[Mining|mined]] into existence by following a mutually agreed-upon set of rules. A user [[Mining|mining]] bitcoins is running a program that searches tirelessly for a solution to a very difficult math problem whose difficulty is precisely known. The difficulty is automatically adjusted regularly so that the number of solutions found globally, by everyone, is constant: an average of 6 per hour. When a solution is found, the user may tell everyone of the existence of this newly found solution, along with other information, packaged together in what is called a "[[Block|block]]". <br />
<br />
Blocks contain 50 bitcoins at present. This amount is an incentive for people to perform the computation work required for block generation. Roughly every 4 years, the number of bitcoins that can be "mined" in a block reduces by 50%. Any blocks that are created by a malicious user that do not follow this rule (or any other rules) will be rejected by everyone else. The result is that no more than 21 million bitcoins will ever exist. <br />
<br />
Because the mining incentive to put forth the computational power to create blocks will eventually diminish, miners will some day instead pay for their hardware and electricity costs by collecting [[Transaction_fee|transaction fees]]. The sender of money may voluntarily pay a small transaction fee which will be kept by whoever finds the next block. Paying this fee will encourage the miner to include the transaction in a block more quickly.<br />
<br />
===Transferring a coin===<br />
To guarantee that an eavesdropper, Eve, cannot access other people's bitcoins by creating transactions in their names we use a [[Wikipedia:Public-key_cryptography|public key system]] to make digital signatures. In this system, each person, such as Alice or Bob, has a pair of public and private keys which he/she stores in a safe [[Wallet|wallet]]. Only the user with his secret private key can sign a document, such as the transaction to give some of his bitcoins to somebody else, but any one can validate the signature using the user’s public key.<br />
<br />
Suppose Alice wants to send a bitcoin to Bob.<br />
* Bob sends his public key to Alice.<br />
* Alice adds Bob’s public key along with the amount she wants to transfer to a message: a 'transaction' message.<br />
* Alice signs the transaction with her secret private key.<br />
* Alice broadcasts the transaction out over the bitcoin network for all to see.<br />
<br />
(Only the first step is actually completed by a human. The rest is done by the bitcoin client software.)<br />
<br />
As a result, anyone who knows the public keys of both Alice and Bob can now see that Alice agreed to transfer the amount to Bob, because nobody other than Alice has Alice's private key. Alice would be foolish to give her private key to other people, as this would allow them to sign transactions in her name, removing funds from her control.<br />
<br />
Later on, when Bob wishes to transfer the same bitcoin to Charley, he will do the same thing:<br />
* Charlie sends Bob his public key.<br />
* Bob adds Charlie's public key along with the amount he wants to transfer to a message: a 'transaction' message.<br />
* Bob signs the transaction with his private key.<br />
* Bob broadcasts the transaction out over the bitcoin network for all to see. <br />
<br />
Only Bob can do this because only Bob has the private key that corresponds to the public key Alice included in the previous transaction. <br />
<br />
Eve cannot change who the coins belong to by replacing Bob’s public key with her public key, because Alice signed the transfer to Bob using her private key, declaring that the coins which belonged to her now belong to Bob, and Alice's private key is kept secret from Eve. So if Charley accepts that the original coin was in the hands of Alice he will also accept the fact that this coin was later passed to Bob and now Bob is passing this same coin to him.<br />
<br />
===Preventing double-spending===<br />
The process described above does not prevent Alice from using a coin in more than one transaction. The following process does. This is the primary innovation behind Bitcoin.<br />
<br />
* Details about the [[Transactions|transaction]] are [[Network|sent and forwarded]] to all or as many other computers as possible.<br />
* A constantly growing chain of [[Blocks|blocks]] that contains a record of all transactions is collectively maintained by all computers (each has a full copy).<br />
* To be accepted in the chain, transaction blocks must be valid and must include [[proof of work]] (one block generated by the network every 10 minutes).<br />
* Blocks are chained in a way so that, if any one is modified, all following blocks will have to be recomputed.<br />
* When multiple valid continuations to this chain appear, only the longest such branch is accepted and it is then extended further.<br />
<br />
When Bob sees that his transaction has been included in a block, which has been made part of the single longest and fastest-growing block chain (extended with significant computational effort), he can be confident that the transaction by Alice has been accepted by the computers in the network and is permanently recorded, preventing Alice from creating a second transaction with the same coin. In order for Alice to thwart this system and double-spend her coins, she would need to muster more computing power than all other bitcoin users combined.<br />
<br />
===Anonymity===<br />
There are no bitcoin "accounts" to set up, no e-mail addresses and no user-names and passwords to give, just for owning bitcoins. Each balance is simply associated with a randomly generated public-private key pair, and the money "belongs" to whoever has the private key and can sign transactions with it. Moreover, those keys do not have to be registered anywhere in advance, as they are only actually used if and when there is a transaction involving them. Transacting parties do not need to know each other's identity in the same way that a store owner does not know Bob's name is Bob when Bob goes and buys groceries with cash.<br />
<br />
A [[Address|Bitcoin address]] mathematically corresponds to a public key and looks like this:<br />
<br />
:15VjRaDX9zpbA8LVnbrCAFzrVzN7ixHNsC<br />
<br />
Each person can have many such addresses, each with its own balance, which makes it very difficult to know which person owns what amount. In order to protect his [[Anonymity|privacy]], Bob can even generate a new public-private key pair for each individual transaction. The Bitcoin software encourages this behavior by default. Continuing the example from above, when Charlie receives the bitcoin from Bob, Charlie will not be able to identify who owned the coin before Bob (not without asking Bob).<br />
<br />
You have completed reading our Bitcoin introduction!<br />
<br />
==Where to see and explore==<br />
You can directly explore the system in action by visiting [http://blockchain.info/ Blockchain.info] or [http://blockexplorer.com/ Bitcoin Block Explorer].<br />
The site shows you the latest blocks in the block chain. The [[Block_chain|block chain]] contains the agreed history of all transactions that took place in the system.<br />
Note how many blocks were generated in the last hour, which on average will be 6. Also notice the number of transactions and the total amount transferred in the last hour (last time I checked it was about 64 and 15K).<br />
This should give you an indication of how active the system is.<br />
<br />
Next, navigate to one of these blocks.<br />
The block's [[hash|hash]] begins with a run of zeros. This is what made creating the block so difficult; a hash that begins with many zeros is much more difficult to find than a hash with few or no zeros. The computer that generated this block had to try many ''Nonce'' values (also listed on the block's page) until it found one that generated this run of zeros.<br />
Next, see the line titled ''Previous block''. Each block contains the hash of the block that came before it. This is what forms the chain of blocks.<br />
Now take a look at all the transactions the block contains. The first transaction is the income earned by the computer that generated this block. It includes a fixed amount of coins created out of "thin air" and possibly a fee collected from other transactions in the same block.<br />
<br />
Drill down into any of the transactions and you will see how it is made up of one or more amounts coming in and out.<br />
Having more than one incoming and outgoing amount in a transaction enables the system to join and break amounts in any possible way, allowing for any fractional amount needed. Each incoming amount is a past transaction (which you can also view) from someone's address, and each outgoing amount is addressed to someone and will be part of a future transaction (which you can also navigate down into if it has already taken place.)<br />
<br />
Finally you can follow any of the [[Address|addresses]] links and see what public information is available for them.<br />
<br />
To get an impression of the amount of activity on the Bitcoin network, you might like to visit the monitoring websites [[Bitcoin Monitor]] and [[Bitcoin Watch]]. The first shows a real-time visualization of events on the Bitcoin network, and the second lists general statistics on the amount and size of recent transactions.<br />
<br />
===How many people use Bitcoin?===<br />
<br />
This is quite a difficult question to answer accurately. The best estimation is to count how many bitcoin clients connected to the network in the last 24 hours. We can do this as the clients transmit their addresses to the other members of the network periodically. The estimate as of September 2011 is about 60,000 users. To get a more current estimate see [http://bitcoinstatus.rowit.co.uk/ Bitcoin Network Status Charts]<br />
<br />
==See Also==<br />
<br />
* [http://www.youtube.com/watch?v=Um63OQz3bjo What is Bitcoin?] video introduction<br />
* Installing Bitcoin [[getting started]] <br />
* [[How bitcoin works]]<br />
* [[Using Bitcoin]]<br />
* A gentle introduction to Bitcoin - [[BitcoinMe]]<br />
* [http://coinlab.com/2011/12/bitcoin-primer Bitcoin Primer] from CoinLab<br />
* Another introduction, ''The Rebooting Of Money'' podcast is found at [[Bitcoin Money]]<br />
* A beginner's step-by-step guide to using Bitcoin, use of alternative wallets, and generally keeping your money and computer secure - [http://BitcoinIntro.com BitcoinIntro.com]<br />
<br />
[[zh-cn:简介]]<br />
<br />
[[de:Einführung]]</div>Ijelhttps://en.bitcoin.it/w/index.php?title=User:Ijel&diff=23684User:Ijel2012-02-11T01:57:41Z<p>Ijel: Created page with "Hi. I like to proofread things and stuff. :-) Contributors Award participant: 1DZiVND3NWkMZ9x5MS6HMc8YTfvYd9Si7W"</p>
<hr />
<div>Hi. I like to proofread things and stuff. :-)<br />
<br />
Contributors Award participant: 1DZiVND3NWkMZ9x5MS6HMc8YTfvYd9Si7W</div>Ijel