Bitcoin Wiki - User contributions [en]

Donation-accepting organizations and projects

2012-12-28T12:45:42Z

Joise: Freifunk Rheinland e.V., currently being fined because providing unrestricted WiFI access in Germany, source http://www.heise.de/newsticker/meldung/Operation-Stoererhaftung-1774690.html

Here is a list of organizations that accept bitcoin donations.
Only notable donation-accepting sites should be added here.

{| class="wikitable"
|-
! Organization
! Purpose
! Donation Page
|-
| [https://www.facebook.com/pages/Animals-in-Distress-Sanctuary/18914014768 Animals in Distress Sanctuary]
|Animals in Distress Sanctuary
| [https://propster.me/tipjar/0cigdnk]
|-
| [http://piratelinux.org/ Pirate Linux]
|A .deb installer and an Ubuntu based OS that installs, I2p Tor, bitcoin wallet and many other privacy and file sharing apps
| [http://piratelinux.org/?page_id=271]
|-
|'''[http://www.archive.org/ Archive.org]'''
|Digital archive of public domain media, original open/free media and historical website backups
|[http://www.archive.org/donate]
|-
| [http://thefnf.org/ The Free Network Foundation]
|To create free internetworks controlled and operated by communities. Plus help them operate with encryption by using 'Freedom Boxes' ect.
| [http://commons.thefnf.org/index.php/Needs]
|-
| [http://antiwar.com/ Antiwar.com]
|Devoted to the cause of non-interventionism and anti-imperialism.
|[http://antiwar.com/blog/2012/11/27/an-alternative-way-to-help-antiwar-com/]
|-
|[http://www.stjohnsgoshen.com Church of Saint John the Evangelist]
|A Church in Goshen, NY
|[http://www.stjohnsgoshen.com/bitcoin]
|-
|[http://www.osiris-sps.org Osiris-sps.org]
|Software for decentralized portal, managed and shared via P2P between members.
|[http://www.osiris-sps.org/donations/]
|-
|[http://www.bitcoinfunding.com BitcoinFunding.com]Donation-accepting_organizations_and_projects
|[Raise money with bitcoins] Kickstarter style website to raise funds for projects.
|[http://bitcoinfunding.com/]
|-
|[https://ahmia.fi/ Ahmia.fi]
|AHMIA is working with Tor related projects including running Tor Nodes and the only public Tor Hidden Service search.
|[https://ahmia.fi/]
|-
|[http://www.AncientBeast.com AncientBeast.com]
|[Free Open Source] Turn Based Strategy Game Played Online Against Other People. Master your beasts!
|[http://http://ancientbeast.com/bitcoin]
|-
|[http://www.anonyops.com/index.php Anonyops.com]
|News about Anonymous actions and operations
|[http://anonyops.com/bitcoindonate.php]
|-
|[http://www.anonnews.org/ Anonnews.org]
|Open news platform for Anonymous
|[http://anonnews.org/bitcoin.html]
|-
|[http://awesome.naquadah.org/ awesome]
|Window manager for X11
|[http://awesome.naquadah.org/community/]
|-
|[https://iplayernotifier.appspot.com/ BBC iPlayer Notifier]
|Email and Google Talk notification of new content available on BBC iPlayer
|[https://iplayernotifier.appspot.com/]
|-
|[http://www.beatingdebt.org BeatingDebt.org]
|Teaching debt prevention by placing educational ads, supporting debt prevention groups, and providing online resources
|[http://www.beatingdebt.org/donate.php#BitCoinDonation]
|-
|[http://www.backbox.org/ Backbox]
|Ubuntu-based GNU/Linux distribution for perform penetration tests and security assessments for ethical hacking
|[http://www.backbox.org/services]
|-
|[http://www.kk-velikelasce.si/ Basketball club KK Velike Lašče]
|Basketball club KK Velike Lašče from Slovenia playing in the lower national league
|[http://www.kk-velikelasce.si/pokrovitelji/]
|-
|[http://www.bitcharity.org/ BitCharity]
|Hub for donating to charities using Bitcoin (currently inactive)
|[http://www.bitcharity.org]
|-
|[https://bitcointalk.org/index.php?topic=52543.0 Bitcoin 100]
|Bitcoin 100: A Kickstarter for Charities (1BTC1oo)
|[https://bitcointalk.org/index.php?topic=52543.0]
|-
|[https://bitcoinfoundation.org Bitcoin Foundation]
|Bitcoin Foundation standardizes, protects and promotes the use of Bitcoin cryptographic money for the benefit of users worldwide.
|[https://bitcoinfoundation.org/donate]
|-
|[http://www.bitcoinspot.nl/ Bitcoinspot]
|Dutch website and forum about Bitcoins, how to acquire and how to use them.
|[http://www.bitcoinspot.nl/nieuws-algemeen/bitcoin-browser-integratie.html]
|-
|[http://www.bluetile.org Bluetile]
|Tiling window manager for GNOME
|[http://www.bluetile.org/#development]
|-
|[http://brmlab.cz/ Brmlab, hackerspace]
|The first hackerspace in the Czech Republic
|[http://brmlab.cz/project/bitcoin]
|-
|[http://www.bund-berlin.de/ BUND Berlin e.V.]
|environmental NGO, Berlin branch of BUND / Friends of the Earth, Germany
|[http://www.bund-berlin.de/bund_berlinde/spenden/bitcoin_spenden/bitcoin_english.html]
|-
|[http://c4ss.org/ Center for a Stateless Society]
|Builds public awareness of, and support for, market anarchism
|[http://c4ss.org/support-the-center]
|-
|[http://www.cheat-sheets.org/ Cheat-Sheets.org]
|Cheat/round-up/reference cards/guides/sheets for programming languages and software
|[http://www.cheat-sheets.org/]
|-
|[http://www.chambaproject.in/ Chamba Project]
|An effort to create a Swathanthra (Free/Libre/Open/Mukt) Animation Movie by pooling in contributions from people around the world and funding artists directly.
|[http://www.chambaproject.in/contribute/]
|-
|[http://www.bitcoinsreview.com Consumer - Merchant Trust Project]
|An initiative to increase trust between Consumer and Bitcoin Merchants. Proceedspay for hosting, ads, etc.
|[http://www.bitcoinsreview.com/donate/]
|-
|[http://convergence.io Convergence]
|Agile, distributed, and secure strategy for replacing certificate authorities.
|[http://convergence.io/involved.html]
|-
|[http://ccbib.org Creative Commons Bibliothek]
|Creative Commons and Public Domain library. Includes book source code for easy reprinting with custom layout. Local groups produce paper versions for lending.
|[http://ccbib.org/donate/]
|-
|[http://www.cryto.net/ Cryto Coding Collective]
|Host for IRC and web for free/libre software and cultural projects
|[http://www.cryto.net/donate/]
|-
|[http://www.DecryptedMatrix.com/ Decrypted Matrix ]
|Blog on science, society, nature, politics etc.
|[http://www.DecryptedMatrix.com]
|-
|[http://www.degenernet.com/ Degenernet Radio]
|Online radio station dedicated independent music from all genres
|[http://www.degenernet.com/donate.php]
|-
|[http://dia-installer.de/ dia-installer.de]
|Dia, popular open source diagramming software for Windows, Mac OS X and Linux
|[http://dia-installer.de/support/donations.html]
|-
|[http://diasporaproject.org/ DIASPORA* Project]
|A distributed privacy aware "social network" which is run non-profit
|[https://propster.me/tipjar/0cfj4eg]
|-
|[http://www.digitalprecursor.org/ Digital Precursor]
|Website and Forum dedicated to scientific learning (particularly energetics)
|[http://www.digitalprecursor.org/content.php/93-Anonymous-Donations-Now-Available]
|-
|[http://www.dosbox.com/ DOSBox]
|An x86 emulator with DOS
|[http://www.dosbox.com/crew.php]
|-
|[http://www.downsizedc.org/link?uri=/&src=btc-wiki DownsizeDC.org]
|USA federal government downsizing movement
|[https://secure.downsizedc.org/contribute/]
|-
|[http://www.duplicati.com/ Duplicati]
|Free, open source backup client that securely stores encrypted, incremental, compressed backups on cloud storage services and remote file servers. It works with Amazon S3, Windows Live SkyDrive, Google Drive (Google Docs), Rackspace Cloud Files or WebDAV, SSH, FTP (and many more).
|[http://www.duplicati.com/]
|-
|[http://www.dyne.org Dyne.org]
|Since the year 2000 producing free and open source software for media activism: makers of the 100% Free Dyne:bolic GNU/Linux distribution and more software to record, edit and stream audio and video materials on-line, encrypt private communications and recycle existing hardware.
|[http://www.dyne.org]
|-
|[http://spices.org.my/ Early Intervention Program at SPICES]
|Non-profit organization providing services to children with learning disabilities since 1997
|[http://spices.org.my/be-involved/donations/]
|-
|[http://encyclopediadramatica.ch/Main_Page Encyclopedia Dramatica]
|4chan's Wikipedia
|[http://encyclopediadramatica.ch/donate.php]
|-
|[https://www.erowid.org/ Erowid]
|Portal on psychoactive plants and chemicals, meditation, lucid etc.
|[https://www.erowid.org/donations/donations_bitcoin.php]
|-
|[http://eudemocracia.org/english.html Eudemocracia] NGO
|Dedicated to the creation of a modern form of government that combines direct democracy and internet.
|[http://wiki.eudemocracia.org/en/donaciones]
|-
|[http://www.expanton.com Expanton]
|Occupy Wall Street Support
|[http://www.expanton.com/]
|-
|[http://www.ezyorg.com/ Ezyorg.com]
|Organizing & Planning Tool
|[http://ezyorg.com/]
|-
|[http://www.Brikcius.com/ Festival Brikcius]
|Support "Festival Brikcius" - the chamber music concert series at the Stone Bell House in Prague.
|[http://www.Brikcius.com/Contact.uk.html]
|-
|[http://www.foo.be/forban/ Forban]
|Filesharing protocol for local area networks
|[http://www.foo.be/forban/]
|-
|[http://freedomboxfoundation.org FreedomBox Foundation]
|Non-profit turning small plug computers into personal servers that guard your privacy, anonymity and security.
|[https://freedomboxfoundation.org/donate]
|-
| [http://FreedomsPhoenix.com/ FreedomsPhoenix]
|Reigniting the flames of freedom, Phoenix based daily radio show, news aggregator and Digital eZine.
| [https://www.freedomsphoenix.com/Secure/Contributions.htm?EdNo=001]
|-
|[https://freenetproject.org/ Freenet Project]
|The Free Network
|[https://freenetproject.org/donate.html]
|-
|[http://www.fsf.org Free Software Foundation]
|Worldwide advocate for software freedom and host organization for the GNU Project.
|[https://my.fsf.org/donate/other]
|-
|[http://www.freetalklive.com/ Free Talk Live]
|Help spread the message of liberty by donating to a liberty leaning nationally syndicated radio show!
|[http://www.freetalklive.com/bitcoin]
|-
|[http://freedomainradio.com/ Freedomain Radio]
|Online philosophical conversation about freedom, religion, the state, and the family
|[http://board.freedomainradio.com/forums/t/30241.aspx]
|-
|[http://www.freehal.org/ FreeHAL]
|a self-learning artificial intelligence available as free software
|[http://www.freehal.net/funds/?p=do&l=en]
|-
|[http://www.FreezingMoon.org FreezingMoon.org]
|Free Open Source Game Development Organization
|[http://http://FreezingMoon.org/bitcoin]
|-
|[http://freifunk-rheinland.net Freifunk Rheinland e.V.]
| Organization fighting legislation against unrestricted WiFi access in Germany
|[http://freifunk-rheinland.org/operation-storerhaftung.html]
|-
|[http://www.gentlelan.de/ GentleLAN]
|Since many years free private LANs in Bremen / Germany
|[http://www.gentlelan.de/?page_id=193]
|-
|[http://www.girlsgonebitcoin.info GirlsGoneBitcoin]
|Girls gone wild with bitcoin accepting donations!
|[http://www.girlsgonebitcoin.info/]
|-
|[http://http://www.groupbstrepinternational.org/ Group B Strep International]
|Promoting GBS Awareness Worldwide
|[http://www.groupbstrepinternational.org/donate.html]
|-
|[http://gzzt.org/ GZZT.org]
|Popular Useful Links Reference Site
|[http://gzzt.org]
|-
|[http://www.reddit.com/r/hackbloc HackBloc on Reddit]
|Hacktivism, Crypto-anarchy, Darknets.
|[http://www.reddit.com/r/hackbloc]
|-
|[http://hacktolive.org hacktolive]
|Development of Linux-based distro "Super OS" and other open-source software
|[http://hacktolive.org]
|-
|[http://www.heavensentgaming.com Heaven Sent Gaming]
|Heaven Sent Gaming is a new media entertainment group founded by Mario Lucero and Isabel Ruiz, in 2006, as a game development team.
|[http://heavensentgaming.com/support-and-donations/]
|-
|[http://www.helplinux.ru Help Linux]
|Russian language Linux support
|[http://helplinux.ourproject.org/wiki/about:start]
|-
|[http://thejuicemedia.com Juice Rap News]
|Juice Rap News - the news show for the Internet nation, delivering a bulletin to restore your faith in the fourth estate, make you nod your head to the beat even as you shake it in disbelief.
|[http://thejuicemedia.com/donate/]
|-
|[http://www.jurn.org/ JURN]
|Search over 4,000 'open access' academic ejournals in the arts & humanities. Find and access full-text academic articles, for free, from anywhere.
|[http://www.jurn.org/]
|-
|[http://i2p2.de/ I2P Anonymous Network]
|Anonymising network similar to tor
|[http://www.i2p2.de/donate.html]
|-
|[http://www.intercom.gs/ Intercom - Emergency Communications Division]
|We Build Censorship Resistant Phone and Communications Networks
|[http://www.intercom.gs/support.html]
|-
|[http://www.partito-pirata.it/ Italian Pirate Party]
|Italian Pirate Party - Associazione Partito Pirata Italia
|[http://www.partito-pirata.it/magazzino/payBTC.html]
|-
|[http://lifeboat.com Lifeboat Foundation]
|Organization for scientific advancements and against harm from technological progress
|[https://lifeboat.com/ex/summer.growth]
|-
|[http://www.lojban.org/tiki/Lojban Logical Language Group]
|The Logical Language Group, Inc. is a non-profit organization meant to serve the needs of the '''Lojban''' community.
|[http://www.lojban.org/tiki/Donations]
|-
|[http://lorea.org/ Lorea]
|A distributed and federated organization working on pushing open source for social networking, social economy and autonomy of the people.
|[https://n-1.cc/pg/pages/view/14888/]
|-
|[http://biohackers.la/ Los Angeles Biohackers]
|Grass-roots biotechnology lab in downtown Los Angeles
|[http://www.socal-diybio.org/Main_Page#Donate]
|-
|[http://la.indymedia.org/ Los Angeles Indymedia]
|User-generated left-wing news.
|[http://la.indymedia.org/]
|-
|[http://love2d.org/ LÖVE]
|An open source 2D game engine that uses the Lua programming language.
|[http://love2d.org/]
|-
|[http://joyridelabs.de/game Nikki and the Robots]
|Cute cross-platform open source platformer game by Joyride Labs
|[http://joyridelabs.de/blog]
|-
|[https://github.com/FellowTraveler/Open-Transactions/ Open Transactions]
|Easy-to-use, Financial Crypto and Digital Cash Library.
|[https://github.com/FellowTraveler/Moneychanger]
|-
|[http://opengameart.org/ OpenGameArt.org]
|Produces and hosts freely licensed art for use in open source games
|[http://opengameart.org/content/donate-bitcoins]
|-
|[http://www.openwall.com Openwall Project]
|Development of information security related free software, information security research, publications, and community activities aimed at making existing free software safer to use.
|[http://www.openwall.com/donations/]
|-
|[https://www.operationanonymous.org/ Operation Anonymous]
|Anonymous Political Group
|[http://www.operationanonymous.org/]
|-
|[http://www.organicdesign.co.nz OrganicDesign]
|A group developing methods and tools to support open-source bottom-up peer-to-peer governance for the people
|[http://www.organicdesign.co.nz]
|-
|[http://www.paniq.cc paniq.cc]
|Music from the other side of the universe
|[http://www.paniq.cc]
|-
|[http://www.liberallibertario.org Partido Liberal Libertario]
|Libertarian Party of Argentina
|[http://www.liberallibertario.org/aportes]
|-
|[http://http://www.p2pfoundation.net P2P Foundation]
|Researching, documenting and promoting peer to peer practices
|[http://blog.p2pfoundation.net/why-the-p2p-foundation-is-paying-its-salaries-in-bitcoin/2012/03/28]
|-
|[http://patch-tag.com/ Patch-Tag.com]
|Darcs and gitit wiki hosting for open source projects
|[http://patch-tag.com/h/pricing]
|-
|[http://pioneerone.tv/ Pioneer One]
|TV series funded purely through donations
|[https://twitter.com/pioneeronetv/status/36119594439544832]
|-
|[http://pirax.de/ PiraX]
|Hacker collective and web-tool pioneers.
|[http://pirax.de/donate/]
|-
|[http://plankhead.com/ Plankhead]
|Free/open source media and arts organization
|[http://plankhead.com/donate]
|-
|[http://plaztika.com/?lang=en Plaztika]
|Virtual art space. Non-profit/runs on donations. New artists are welcome to join.
|[http://plaztika.com/Who-are-we]
|-
|[https://privacybox.de/index.en.html PrivacyBox]
|System for anonymous and non-trackable contact forms
|[https://privacybox.de/donations.en.html]
|-
|[http://bitcoinintro.com/project-hidden-treasure/ Project Hidden Treasure]
|Promotes Bitcoin to new users by 'hiding' them in Geocaches. Also explains Bitcoin use and security.
|[http://bitcoinintro.com/project-hidden-treasure/]
|-
|[http://prometheusfusionperfection.com/ Prometheus Fusion Perfection]
|Open source nuclear fusion research
|[http://prometheusfusionperfection.com/2011/02/04/bitcoin-fundraiser/]
|-
|[http://protestbarrick.net/ Protest Barrick]
|A global campaign against the world's largest gold miner
|[http://protestbarrick.net/article.php?id=764]
|-
|[http://queeky.com/ Queeky]
|an online drawing community with special drawing tools and creative users from all around the world
|[http://www.queeky.com/content/support-queeky-and-donate]
|-
|[http://www.reactos.org/ ReactOS]
|Free open source Windows-compatible operating system
|[http://www.reactos.org/en/foundation_donate.html]
|-
|[http://www.recycles.org/ Recycles.Org]
|Nonprofit Recycling and ReUse Network - Nationwide (USA) technology exchange clearinghouse for nonprofits
|[http://www.recycles.org/computer/donation/support/]
|-
|[https://ripplepay.com/ Ripple]
|Payment system based on trust networks
|[https://ripplepay.com/donate/]
|-
| [https://riseup.net/ Riseup]
| Anti-capitalist collective
|[https://help.riseup.net/en/donate#bitcoin]
|-
|[http://rusinfo.cc/ RusInfo]
|Russian info agency
|[http://rusinfo.cc/help]
|-
|[http://seasteading.org The Seasteading Institute]
|To further the establishment and growth of permanent, autonomous ocean communities, enabling innovation with new political and social systems.
|[http://twitter.com/#!/patrissimo/status/76392851558244353]
|-
|[http://showrss.karmorra.info/ showRSS]
|A service that provides feeds to automatically download TV show torrents for DVR/Tivo like applications
|[http://showrss.karmorra.info/?cs=help&m=donate]
|-
|[http://singinst.org Singularity Institute]
|Artificial Intelligence
|[http://singinst.org/donate]
|-
|[http://somefunnypranks.com/ SomeFunnyPranks.com]
|Audio recordings of phone pranks under Creative Commons
|[http://somefunnypranks.com/]
|-
|[http://sosmazunte.weeno.net/ ¡SOS Mazunte!]
|Support campaign after the Carlotta hurricane that hit the coast of Oaxaca (Mexico), particularly the community of Mazunte, on June 15th.
|[http://sosmazunte.weeno.net/]
|-
|[http://www.demokracjabezposrednia.pl Stowarzyszenie Więcej Demokracji]
|Association for direct democracy in Poland
|[http://www.demokracjabezposrednia.pl/donate]
|-
|[http://wiki.sugarlabs.org Sugar Labs]
|Free/open sourcee education/learning software
|[http://wiki.sugarlabs.org/go/Donate]
|-
|[http://gorod-solnca.org/ Sun City]
|Ukrainian centre for children in difficult circumstances
|[http://sms.gorod-solnca.org/]
|-
|[http://www.symphonyofscience.com/ Symphony of Science]
|A musical project headed by John Boswell, to deliver scientific knowledge in musical form.
|[http://www.symphonyofscience.com/]
|-
|[http://tahoe-lafs.org/ Tahoe-LAFS]
|A distributed filesystem with funky redundancy properties
|[http://tahoe-lafs.org/trac/tahoe-lafs/wiki/BitCoinPage]
|-
|[http://tangorin.com Tangorin Japanese Dictionary]
|Free online Japanese dictionary in development since October 2007 by a former Japanology student.
|[http://tangorin.com/bitcoin]
|-
|[http://tmac.technitium.com/ Technitium]
|Freeware MAC Address Changer
|[http://blog.technitium.com/2011/08/accepting-donations-again.html]
|-
|[http://the-alternative.co.uk/support-us/ The-alternative.co.uk]
|Alternative news and articles
|[http://the-alternative.co.uk/support-us/]
|-
|[http://theexperiments.com The Experiments]
|A rock / punk band who's music is free to download and licensed under the Creative Commons
|[http://theexperiments.com]
|-
|[http://theicarusproject.net The Icarus Project]
|A mutual aid/peer support organization dedicated to radical mental health
|[http://theicarusproject.net/about-us/donate-to-the-icarus-project]
|-
| [http://ThePythonGameBook.com ThePythonGameBook]
| Free CC/GPL licensed wikibook to learn open source game programming in Python
| [http://thepythongamebook.com/en:help?&#donating_money]
|-
|[http://Tn3t.com/ TN3T LLC TOR Project]
|TN3T LLC operates 2 TOR exit nodes.
| [http://tn3t.com/donate.txt]
|-
|[http://torchat.googlecode.com/ TorChat]
|A serverless encrypted anonymous instant messenger running on top of the Tor network
|[http://torchat.googlecode.com/]
|-
|[https://www.torservers.net/ Torservers.net]
|Runs [http://www.torproject.org/ Tor] relays and bridges
|[https://www.torservers.net/donate.html#anonymous]
|-
|[http://www.unitednationsoffilm.com/ United Nations of Film]
|Truth Investigation and Whistleblower Site fighting for the Right to Privacy, Freedom, Equality and Prosperity for all Humanity.
|[http://unitednationsoffilm.com/?page_id=2]
|-
|[https://vaizard.org/ Vaizard institute]
| Backing people who want to make the world a better place by making their ideas real.
|[https://vaizard.org/en/about/contacts/]
|-
|[http://wikileaks.org Wikileaks]
|Whistleblower website
|[http://wikileaks.org/support.html]
|-
|[http://wlcentral.org/ WL Central]
|News, analysis and actions related to Wikileaks
|[http://wlcentral.org/q-a]
|-
|[http://www.wakingupmovie.com Waking Up Movie Project]
|Humanist collaborative film project
|[http://www.wakingupmovie.com/2011/12/bitcoin-donations/]
|-
|[http://www.wikispeed.com WIKISPEED]
|first car-maker in the world to accept Bitcoin
|[http://www.wikispeed.com/wikispeed-team-blog/wikispeed-first-car-maker-in-the-world-to-accept-bitcoin-press-release]
|-
|[https://wikispooks.com/wiki/Main_Page Wikispooks]
|An encyclopedia of deep political structures and events
|[https://wikispooks.com/wiki/WikiSpooks:Donate]
|-
|[http://yorba.org Yorba]
|Software group developing free desktop applications for GNOME
|[http://yorba.org/donate]
|-
|[http://420chan.org/ 420chan]
|Imageboard community
|[http://420chan.org/donate/]
|-
|[http://zerostate.net Zero State]
|Grassroots technoprogressive community implementing practical solutions to advance the human condition.
|[http://zerostate.net/membership.html Category 2 membership] (Category 1 is free, category 3 is achievement based.)
|-
|[http://f-droid.org/ F–Droid]
|Android App market (like google play market) for open source apps
|[http://f-droid.org/]
|-
|[http://wordswithmeaning.org/ WordswithMeaning!]
|An "alternative" affairs online editorial focusing on non-conservative views and aiming criticism towards copyright and the modern media.
|[https://wordswithmeaning.org/page/support-wordmean]
|-
|[http://www.fairewinds.com Fairewinds Energy Education]
| Educates the public about nuclear power and other energy issues.
|[http://www.fairewinds.com/donations]
|-
|[http://www.VideoNeat.com Videoneat]
| Watch free documentaries and lectures online
|[http://www.videoneat.com/documentaries/#donatepopup]
|}

[[de:Spenden]]

Talk:Securing your wallet

2011-08-14T10:31:44Z

Joise: /* Back-Translation of German Version */

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.

::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points and concepts which seem important to me - namely, a disticion between data confidentality, system integrity and the notion of technical compromise, and adapted the ordering according to these concepts. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1. Safeguard against loss

2. Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3. New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins are stolen. A computer on which '''malware''' in the form of some trojan is installed or which runs any virus, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still learnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password, sent new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''' should be preserved in something like a bank deposit box (can be rented for a few bucks yearly) or in a fireproof safe. I you have USD 100,000 in BTC, you want to have a fireproof safe if your house has burned down. Believe me.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T09:32:32Z

Joise: /* Technical background */

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.

::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points and concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1. Safeguard against loss

2. Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3. New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins are stolen. A computer on which '''malware''' in the form of some trojan is installed or which runs any virus, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still learnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password, sent new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''' should be preserved in something like a bank deposit box (can be rented for a few bucks yearly) or in a fireproof safe. I you have USD 100,000 in BTC, you want to have a fireproof safe if your house has burned down. Believe me.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T09:29:49Z

Joise: /* Passwords */

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.

::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points and concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1. Safeguard against loss

2. Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3. New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins are stolen. A computer on which '''malware''' in the form of some trojan is installed, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still learnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password, sent new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''' should be preserved in something like a bank deposit box (can be rented for a few bucks yearly) or in a fireproof safe. I you have USD 100,000 in BTC, you want to have a fireproof safe if your house has burned down. Believe me.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T09:28:16Z

Joise: /* Passwords */

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.

::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points and concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1. Safeguard against loss

2. Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3. New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins are stolen. A computer on which '''malware''' in the form of some trojan is installed, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still learnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password, sent new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''', and should be preserved in something like a bankl deposit box (can be rented for a few bucks yearsly) or in a fireproof safe.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T09:26:47Z

Joise: /* Passwords */

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.

::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points and concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1. Safeguard against loss

2. Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3. New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins are stolen. A computer on which '''malware''' in the form of some trojan is installed, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still learnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password sent, new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''', and should be preserved in something like a bankl deposit box (can be rented for a few bucks yearsly) or in a fireproof safe.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T09:22:35Z

Joise: /* Technical background */

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.

::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points and concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1. Safeguard against loss

2. Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3. New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins are stolen. A computer on which '''malware''' in the form of some trojan is installed, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still earnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password sent, new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''', and should be preserved in something like a bankl deposit box (can be rented for a few bucks yearsly) or in a fireproof safe.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T09:21:50Z

Joise: /* Introduction */

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.

::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points and concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1. Safeguard against loss

2. Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3. New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins be stolen. A computer on which '''malware''' in the form of some trojan is installed, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still earnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password sent, new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''', and should be preserved in something like a bankl deposit box (can be rented for a few bucks yearsly) or in a fireproof safe.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T09:19:49Z

Joise: /* Back-Translation of German Version */

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.

::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points and concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1st Safeguard against loss

2nd Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3rd New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins be stolen. A computer on which '''malware''' in the form of some trojan is installed, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still earnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password sent, new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''', and should be preserved in something like a bankl deposit box (can be rented for a few bucks yearsly) or in a fireproof safe.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T09:17:29Z

Joise: /* Technical background */

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.

::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points anc concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1st Safeguard against loss

2nd Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3rd New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins be stolen. A computer on which '''malware''' in the form of some trojan is installed, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still earnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password sent, new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''', and should be preserved in something like a bankl deposit box (can be rented for a few bucks yearsly) or in a fireproof safe.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T09:16:56Z

Joise: /* Technical background */

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.

::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points anc concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1st Safeguard against loss

2nd Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3rd New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins be stolen. A computer on which '''malware''' in the form of some trojan is installed, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition if it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised of the system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still earnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password sent, new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''', and should be preserved in something like a bankl deposit box (can be rented for a few bucks yearsly) or in a fireproof safe.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T09:16:13Z

Joise: /* Technical background */

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.

::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points anc concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1st Safeguard against loss

2nd Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3rd New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The '''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business of some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins be stolen. A computer on which '''malware''' in the form of some trojan is installed, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised of the system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still earnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password sent, new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''', and should be preserved in something like a bankl deposit box (can be rented for a few bucks yearsly) or in a fireproof safe.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T09:14:48Z

Joise: /* Back-Translation of German Version */

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.

::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points anc concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect. Nevertheless, I hope it's helpful. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1st Safeguard against loss

2nd Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3rd New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The'''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins be stolen. A computer on which '''malware''' in the form of some trojan is installed, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised of the system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still earnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password sent, new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''', and should be preserved in something like a bankl deposit box (can be rented for a few bucks yearsly) or in a fireproof safe.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T09:14:08Z

Joise: /* Flaws with argument regarding encryption */

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

::The fundamental flaw is trying to secure the wallet when the whole system is already technically compromised. It does not help to have a secure wallet then. What a trojan could do is, for example, to replace the bitcoin client by a sligthly changed one that usually works as expected, but once in a while sends the money to an address which is owned by the attacker. The people you think you pay will become angry because the money you think to send never does arrive at them. Of course, the malicious client can be intelligent enough to wait until the is some real amount of coins in the play. One day you'll think you bought a car but the money is somewhere else. The same applies, for example, if the payment addresses you receive are modified by some malicious e-mail program.

::So what is the bottom line? Encrypting the wallet helps against a roommate stealing your coins if he has two minutes of physical access to your computer. It helps against burglary and forgetting the laptop in the train. It generally does NOT help against compromise of the system. The '''whole''' system '''must''' be kept safe, not just the data in the wallet. And this is not something that the bitcoin software is responsible for. It is the responsibility of the user to install and maintain a secure system. It is a fundamental fallacy to expect that a certain piece of software should still work as the user expects if the whole system is not any more under the control of the user. In this sense, bitcoin can not go mainstream. Instead, main stream users need to reach some point of mental sanity. --[[User:Joise|Joise]] 09:14, 14 August 2011 (GMT)

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points anc concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect.

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1st Safeguard against loss

2nd Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3rd New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The'''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins be stolen. A computer on which '''malware''' in the form of some trojan is installed, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised of the system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still earnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password sent, new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''', and should be preserved in something like a bankl deposit box (can be rented for a few bucks yearsly) or in a fireproof safe.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T08:51:53Z

Joise:

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points anc concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect.

----

=== Introduction ===
The security of the wallet can be divided into two separate objectives:

1st Safeguard against loss

2nd Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3rd New, create a mew secure wallet (with a reasonably long password)

=== Technical background ===
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The'''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins be stolen. A computer on which '''malware''' in the form of some trojan is installed, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised of the system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

=== Securing the confidentiality and integrity of the Wallet and Software ===

==== Creating a New Wallet ====

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

==== Creating a safe and secure work space ====

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

===== Digression: Secure Passwords =====

====== Passwords ======
A proven method for producing safe, but still earnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password sent, new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''', and should be preserved in something like a bankl deposit box (can be rented for a few bucks yearsly) or in a fireproof safe.

====== Passphrases (password phrases) or mantras ======

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

===== Special Linux distributions =====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

===== Linux =====
====== Protected user account ======

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

====== For more information ======
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

===== Windows =====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

====Browser Security ====

===== Firefox =====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

=== Protect against data loss: Backup ===
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

==== Where to find the Bitcoin folder ====
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

===== Windows =====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



===== Linux =====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

====== Individual encryption of the wallet.dat file ======
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

===== Mac =====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

====== Secure all data (500 megabytes) ======
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

====== Backup file wallet.dat purses alone (40MB ) ======
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

==== General solution ====
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

==== Encryption with Smart Card ====

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

==== Storing the Archives ====
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

=== BOTG: Bitcoin Off The Grid===
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Securing your wallet

2011-08-14T08:46:50Z

Joise: /* Back-Translation of German Version */ new section

The five paragraphs in Technical Background all say the same thing. --[[User:Mcandre|Mcandre]]

Note: the backupwallet.sh script in the linux section doesn't actually work.
I suspect it is caused by the wiki changing the formatting.
I wrote my own version that uses much more standard shell syntax.

[[User:Wscott|Wscott]] 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- [[User:Mweather|Mweather]] 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --[[User:GusGustavo|GusGustavo]] 13:33, 26 May 2011 (GMT)

== Time Sensitivity ==

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? [[User:Daniel.benoy|Daniel.benoy]] 23:18, 8 June 2011 (GMT)

== How often is it needed to backup the Wallet? ==

Is it necessary to make a backup after each transaction? This page is not clear about this.
Please add this information to the page!

== Creating a New Wallet ==

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) [[User:ErgoOne|ErgoOne]] 15:19, 9 June 2011 (GMT)

== Making a secure workspace ==

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). [[User:Hartrock|Hartrock]] 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --[[User:ChocoboLee|ChocoboLee]] 19:18, 15 June 2011 (GMT)

== Flaws with argument regarding encryption ==

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances:
1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection.
2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

====Added a new entry to backup methods====
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)

== Unsecure suggestion for passwords ==

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
also be safe in the future when it comes to wallet storing.
This is definitely not given with this system. It might be true, that
with today's brute-force tools, the "d0g..........." pw is safer than
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
there will be new tools, that will find out, what kind of simplifiers
are often used by humans and will combine brutforce with simplifiers
and thus come to "d0g............" very quickly!

== Section 4.2 ==
If you recommend that one backup wallet.dat on a mac via creating an encrypted image file, don't you think you should also remind the user to backup his ~/Library/Keychains directory? There is little point in backing up wallet.dmg on Wuala or whatever if you lose your AES key to the image, and the scenario when you need to recover wallet.dmg is probably the scenario where you've also lost ~/Library/Keychains... e.g. laptop stolent, etc.

== Back-Translation of German Version ==

Hi,

I have translated the page to the German Version, expanded it by several points anc concepts which seem important to me. Here is the back-translated version as a suggestion what could be expanded. I've translated it quickly using Google Translate, that means wording and style can't be expected to be perfect.

----

== Introduction ==
The security of the wallet can be divided into two separate objectives:

1st Safeguard against loss

2nd Secure against theft

In the case of a currently not adequately secured wallet (eg with a weak password uploaded on the Internet):

3rd New, create a mew secure wallet (with a reasonably long password)

== Technical background ==
The important first objective of the design of the wallet is protection against data loss. The personal bitcoin wallet has a pool of queued keys stored in a file named wallet.dat. The default number is 100 keys in the [[Key Pool | Key pool.]] The number of can be adjusted with the "-keypool" parameter in the command line. If for some reason you need a new address, it is not generated on the fly, but taken from the pool. A new key is then created to fill the pool back to 100 keys. If a backup is first created, it contains all used keys plus 100 unused ones. After a transaction, 99 unused keys remain. After 100 operations which require a new key, new keys are used, which are not present in the backup. Because the backup does not have these new keys, this backup can possibly lead to a recovery loss of Bitcoins if the wallet file is destroyed, for example by a head crash.

The safety of deposits in Bitcoin depends on three conditions:
# The'''confidentiality (secrecy)''' of the private key for the entire time from initial production to final use
# The '''integrity''' of the software on the system used.
# As well as the '''protection from loss of wallet''' eg by failure of the hard disk

The bitcoin software assumes (for very good reasons) that integrity and confidentality of the computer and user account is intact. The reason for this is that, strictly spoken, securing the computer is not the business some application software like bitcoin. A computer which has not '''both''' its confidentiality '''and''' integrity ensured, is '''compromised'''. This means, that it can not longer be excluded that Bitcoins be stolen. A computer on which '''malware''' in the form of some trojan is installed, is always compromised. All data - including the bitcoin wallet - could be "stolen". On the other hand - and this is far more far-reaching and important - the other software on the computer is absolutely no longer under control of the user. A compromised system can '''only''' be brought back to a safe condition it is completely erased, fully installed with a fresh operating system and all new security updates are applied. A "disinfection" of virus-infected programs is not enough! Erasing the old, compromised of the system can also mean it is necessary to flash the BIOS and do a BIOS update - there is some malware which modifies the BIOS.

A password that belongs to a data backup must be permanently protected from loss just like the files themselves, otherwise in case of doubt the backup is worthless.

== Securing the confidentiality and integrity of the Wallet and Software ==

=== Creating a New Wallet ===

In the event that the wallet was possibly or actually stored in a compromised state, or spreaded, it is wise to create a new wallet and to transfer all money amounts in the old wallet to the new. Once this is done, someone who has attained knowledge of the old private keys, can not longer use them to steal bitcoins. Keep in mind that leaked keys can be used much later from their generation. For example, if you generate some keys to day, transfer them to a new computer in three years, and throw the old computer in ten years to the trash, and it still contains keys that you have created today, these could still be used to access bitcoins that you received in the meantime.

Creating a new wallet can be useful, for example, if someone has saved a wallet with a password of 12 characters for a service online. Meanwhile, passwords with 12 up to about 15 characters are decoded and the private keys are no longer safe. The strategy only to re-encrypt the wallet is not enough, because the keys are not safe.

=== Creating a safe and secure work space ===

Large and complex programs like Web browsers are never completely safe. Therefore, it is extremely useful, not to run the Bitcoin client program with the user identity that you use to surf the Web or read e-mails. The modern operating systems can isolate applications for different user IDs from each other quite effectively, and this is a huge advantage to security.

==== Digression: Secure Passwords ====

===== Passwords =====
A proven method for producing safe, but still earnable passwords goes as follows:

* Make up a nonsense phrase like
"Thirty crows fly backwards to the moon, but they do not have a ticket."
The more bizarre the sentence, the better you remember it.

* The first letters and numbers are used for the password:
30CfbwttM,btdnhaT

* Now we get creative and replace a few characters, eg "A" looks like but like "4":
30Cfbw2tM,b|dnh@T

* Now insert one or a few signs that are not found on English keyboards [https://en.bitcoin.it/wiki/Microsoft_Windows_Unicode_Input (Tips)]:
3ß0Cþfböw2tM,b|dnh@฿T

Strong passwords are now, where huge computing resources like hashed databases and botnets are available for cracking, about 15 to 20 characters long. Few people can remember so long passwords error-free, especially if they make some longer holiday. Therefore, write to the password and put it in his wallet. (That's still heretical but I have a good Reference - [http://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier] [http://www.schneier.com/blog/archives/2005/06/write_down_your.html])

* To protect against unauthorized use of the written down password one should append some characters that you really have in your head.

Now it is so that a forgotten password is at least as bad as a cracked. A button labeled "Forgot your password sent, new by e-mail" does not exist in Bitcoin. '''So the consequence of "Password away" is inevitable "money away "'''. Don't forget that!

*'''The written-down password''', and should be preserved in something like a bankl deposit box (can be rented for a few bucks yearsly) or in a fireproof safe.

===== Passphrases (password phrases) or mantras =====

* An alternative to passwords which has at least the same strength against techniques like rainbow tables, '''but is in comparison much easier to remember''' is the use of '''pass-phrases''' or a "mantra". The required length depends on the use. Passphrases for online services may be safe enough with four common words. Secure passphrases for files (which can be rapidly tried off-line) should contain at least six unusual words and at least 35 characters in length. This [http://www.explainxkcd.com/2011/08/10/password-strength/ comic by XKCD] explains the principle.

* An example sentence would be: "The Lemon flambé the okapi a phosphorescent absolution."

* Much of the strength of this method relies on technical reasons: Once a password has reached a certain minimal complexity, the fastest way to crack the password is a brute-force search with rainbow tables and charts. And since for this methods, the length of the password is the decisive factor, long pass phrases, which are comparatively much better to remember, win over short very complex passwords (which are hard to remember but easier to crack).

* In-depth information on passphrases here: [http://www.iusmentis.com/security/passphrasefaq/ passphrase FAQ] by Randall T. Williams.

* Warning: Completely unsuitable are fixed expressions and popular idioms. Don't use any meaningful sentence and anything that might be published on the web.

==== Special Linux distributions ====

To secure a Windows system comprehensively is a complex and difficult task. Securing which is appropriate for the administration of five-figure amounts requires knowledge which the average user does not have.

As an alternative, there are some special Linux distributions. Using them, one can create a secure space specially for Bitcoin, and they require almost no setup:

* [http://www.heise.de/ct/projekte/Sicheres-Online-Banking-mit-Bankix-284099.html c't Bankix], a distribution for online banking, is a adapted and, of course, free version of Ubuntu that was created by the renowned German Heise magazine publisher. Following to the (important) first update the system will be put on a read-only medium and cannot longer be manipulated by unauthorized changes to the software.
* [http://en.wikipedia.org/wiki/Damn_Small_Linux Damn Small Linux] is a popular, small Debian-based Linux, which contains only the most important functions and thus provides less attack surface. The derivation from Debian guarantees speedy and thorough security updates.
* [http://en.wikipedia.org/wiki/Knoppix Knoppix] is a popular live-CD distribution with excellent hardware detection, which has a slightly larger footprint than Damn Small Linux, and a number of interesting features. For example, it offers support for blind and visually impaired persons.
* [http://forum.bitcoin.org/index.php?topic=7374 LinuxCoin], many additional functions for mining

The following distributions are suitable only for users with good knowledge. However, their excellent safety features makes them quite interesting starting points for Bitcoin Appliances:

* [http://en.wikipedia.org/wiki/Tin_Hat_Linux Tin Hat Linux] is a [http://en.wikipedia.org/wiki/Hardened_Gentoo Hardened Gentoo] derivative. In addition to a very small size and a very comprehensive encryption it has interesting additional security features, such as [http://en.wikipedia.org/wiki/Grsecurity Grsecurity].
* [http://en.wikipedia.org/wiki/Alpine_Linux Alpine Linux] uses, similar to Tin Hat Linux etc. Kernel functions with Stack Smashing Protection. It uses instead of the standard glibc the uClibc, which means that the Bitcoin client needs to be compiled specifically for this distribution.

==== Linux ====
===== Protected user account =====

The first step is [https://help.ubuntu.com/8.04/serverguide/C/user-management.html to create a new user], which goes with the command:

sudo adduser <code> new_user_name </ code>

On the message "Enter a new value or press ENTER for the default" one needs only to press the Return key.

Then do you register as a new user, eg "Switch User" with (at Ubuntu in the menu to log off). If you are logged in, we search for the file manager, select this from the home directory (with the house icon), then right-click "Properties", then the access permissions. Here you select "Other" and set the permissions to "nobody". With this step, other programs can not read the other user's wallet.

The newly created user should be safe to use in order to keep him safe, exclusively for Bitcoin.

There is also a good idea to encrypt this user's home directory with the package ecryptfs-utils.

# If the home directory is not empty, first backup it to some other medium.
# Now install ecryptfs-utils (Ubuntu: sudo apt-get install ecryptfs-utils)
# From X11 (graphical system) log and log in with Ctrl + Alt + F1 in the Linux console - if you are logged in X11, the home directory is encrypted.
# The current directory change so that it is not in the home folder, eg "Cd /".
# The migration tool to run: (in Ubuntu: sudo ecryptfs-migrate-home-u username)
# If it succeeds then you can press ALT + F8 to go back and log in X11.
# Run the command 'ecryptfs-unwrap-passphrase'. Without exception '''write and store the code that you receive on a secure medium''. '''Without this code no data - including the wallet - can be accessed if the system does not work'''
# Run the command 'ecryptfs-setup-swap' run, which encrypts the swap partition. Otherwise, keys in your purse in plain text can go to the the swap partition where they might be stolen. This unfortunately also means that "idle" or Hibernate can not be used anymore because the bootloader can not restore the dump. An more conventient alternative is to overwrite the swap partition when you shut down the machine (after the deactivation of virtual memory) with random data.

(Instructions from [http://bodhizazen.net/Tutorials/Ecryptfs/ # Migrate])

===== For more information =====
* [https://help.ubuntu.com/community/Security Security features on ubuntu]

* [http://www.techrepublic.com/blog/10things/10-ways-to-secure-your-linux-desktop/359 10 ways to secure your lInux desktop]

==== Windows ====

* [http://windows.microsoft.com/de-DE/windows7/help/security-privacy-user-accounts Basics]

* Create an extra user, under which only the Bitcoin software is running. So the wallet is somewhat protected from malicious code in applications for other users:
** [http://support.microsoft.com/kb/905056/en Windows XP]
** [http://windows.microsoft.com/en-US/windows7/Create-a-user-account Windows 7]

===Browser Security ===

==== Firefox ====
To secure the browser, you start Firefox, go to menu "Edit" (edit), and select "Preferences" (Settings).

* Now you start with the tabs on the left, select the "Startup" option "Show a blank page" (Clean Slate).
* By "content" (content)
** The option "Load images automatically / Load images automatically" opt out,
** Also "Enable Javascript Enable / javascript" opt out.
* In the tab "privacy / data protection" in the "History / History History," select "Never remember history" / "do not save history".
* In the tab "Security" in the "Passwords"
** The "remember passwords / passwords save" deselect
** Also "use a master password" / "master password".
* Finally, in the tab "Advanced" / "Advanced" option
** "Automatically check for updates" deselect
** As "add-ons" and
** "Search engines" / "search engines" opt out.

If Javascript is disabled, the page linux download page] to download new versions of the Bitcoin Clients will no longer automatically download, so you have to link to the "direct link" on notice "Problems with the download? Please use this 'direct link' or try another mirror." . click Once you make the effort made, of course you checked the download of new clients Bitcoin the checksums, which are indicated on the sourceforge page, with the program sha1.

== Protect against data loss: Backup ==
Secure the only file you need is the wallet.dat. Advance to make sure that Bitcoin not running anymore! The best way would be to encrypt the file and store somewhere safe.

You can also [[API | backupwallet]] JSON-RPC command used to create a backup on the fly.

=== Where to find the Bitcoin folder ===
The [[Bitcoin folder]] is the folder where the data is wallet.dat along with the file.

==== Windows ====
Click on "Start", then Run and enter this:
:% APPDATA% \ Bitcoin
A folder should open now, for most it would be:
C: \ Documents and Settings \ username \ Application Data \ Bitcoin (XP)
C: \ Users \ username \ appdata \ roaming \ Bitcoin (Vista and 7)



==== Linux ====
Bitcoin should create a hidden folder in your home directory of the running user.
~ /. Bitcoin /

It should not be there, it can be possibly due
Find /-name wallet.dat-print 2> / dev / null
. find Or as root
: Updatedb
followed by
: Locate wallet.dat

The handiest backup method under Linux is probably the copy on one or more wallet.dat used for USB flash drives or memory cards that are kept in a safe place (fireproof safe, bank safe, aquarium with piranhas, etc).

===== Individual encryption of the wallet.dat file =====
* For individual encryption of the purse, the available cross-platform program'''[http://ccrypt.sourceforge.net/ ccrypt]''' is well suited. It encodes a variant of the AES Rijndael algorithm. a recognized standard, which is considered very safe. The plain-text version of Wallet.dat will be replaced automatically. As with all strong encryption, a careful backup of data and keys is essential - under Linux, the risk of loss due to forgetting the key is much higher than by computer intrusions and malware.

* For automatic storage of encrypted copies GnuPG (Gnu Privacy Guard) is well suited. To encrypt data, ones need only the public key. Only to decrypt a backup, the private key is used, which can be stored otherwise in a safe place. Using a fixed pair of keys reduces also the risk of loss of a key by unnoticed typos when typing them.

* Additional protection against attacks by key loggers provide smart cards and hardware tokens like the [http://www.privacyfoundation.de/crypto_stick/ Crypto Stick] the Deutsch Privacy Foundation or the GnuPG Fellowship smart card. The special advantage is that you GnuPG keys that are very safe due to their length, and can be stored on the smart card. A six-digit PIN code protects the contents of the smart card. If it is entered incorrectly multiple times, then the content will be deleted. [https://www.privacyfoundation.de/wiki/CryptoStickSoftware instructions here].

* Together with the FUSE-based file system [http://de.wikipedia.org/wiki/EncFS EncFS] can you also back up individual files as wallet.dat individually. The entire list can Bitcoin but are not used because the database is encrypted with EncFS.

==== Mac ====

''Note: The following instruction are not checked due to lack of hardware. Please check and correct if necessary, then remove the note!''

The directory containing the Bitcoin wallet.dat is usually here:
~ / Library / Application Support / Bitcoin /

===== Secure all data (500 megabytes )=====
These steps (chain wallet and block) of all data stored on Bitcoin an encrypted disk image:
# Disk Utility Open
# Click on "New Image", 500MB, 128-bit or 256-bit (faster or more secure) encryption specify eintelne partition.
# Copy in a place where you will not lose the image (eg Wuala, Strong Space ofer whatever)
# A strong and secure password select
# Copy everything from ~ / Library / Application Support / Bitcoin / in the image
# Create symlink to the old place, so the app can benuutzen it
::: Ln-s / Volumes / Bitcoin ~ / Library / Application Support / Bitcoin

Do not forget to mount the image before using Bitcoin and unmount afterwards.

===== Backup file wallet.dat purses alone (40MB )=====
These steps only protect the file wallet.dat. This causes a small memory dump, but is more complicated.

# Disk Utility Open
# Click on "New Image", 40MB, 128-bit or 256-bit, single select partition.
# Store in a place where you will not lose the backup.
# A secure and strong password, select
# The file wallet.dat move in the image
# Create symlink to the old place, so the app can find and use the file
::: Ln-s / Volumes / Bitcoin / wallet.dat ~ / Library / Application Support / Bitcoin / wallet.dat

[[File: MountWalletAndLauchnBitcoin_OSX_Automator.png | thumbnail | 150px | Mount Wallet and launch Bitcoin]]
Do not forget to mount the image before using Bitcoin and unmount afterwards.

'''Note:''' If you start the application Bitcoin without the image is mounted, the program is the symlink (a kind of shortcut) wallet.dat with the new one. Do not panic! Rename the new order wallet.dat or delete it, mount the image, and just put a new symlink. The old wallet.dat may of course be canceled under any circumstances.

'''Automation:''' The program [http://en.wikipedia.org/wiki/Automator_% 29% 28software Automator] (included in OS X) can automatically mount your wallet and start Bitcoin App.

Alternatively, the following shell script can be used to decrypt wallet.dat which automatically starts the Bitcoin client, and they subsequently re-encrypted. The script works for sowoghl for OSX and Linux: [http://lorelei.kaverit.org/bitcoin.sh Bitcoin-launch-script]

=== General solution ===
wallet.dat is not usually encrypted, everyone who has access to the file, can freely dispose of the coins. You can encrypt your wallet.dat with one of these programs, should there be the slightest chance that someone else has access.

Note: Encryption does not protect the wallet against security risk ''after'' they have occured. Encryping a wallet after finding a computer virus or a trojan helps absolutely nothing. Also, encryption does not help against the complete loss of control which a system compromise means.

* [http://www.7-zip.org/ 7-Zip]
* [http://www.axantum.com/axcrypt/ AxCrypt]
* [http://www.truecrypt.org/ TrueCrypt]
* [http://www.rarlab.com/ WinRar]
* [http://de.wikipedia.org/wiki/EncFS EncFS] (Linux)

=== Encryption with Smart Card ===

Folders can be encrypted with GnuPG-compatible smart card. A very secure solution is to stick the Crypto Deutsch Privacy Foundation:

[http://www.privacyfoundation.de/crypto_stick/ Crypto Stick overview]

[https://www.privacyfoundation.de/wiki/CryptoStickSoftware Intallation and use]

=== Storing the Archives ===
A backup on Flash Media / Memory Sticks and storing them in secure locations is a reasonable solution.

== BOTG: Bitcoin Off The Grid==
* Another alternative that is suitable for high security requirements,is "BOTG - Bitcoin off-the-grid" [http://forum.bitcoin.org/index.php?topic=7374.msg108351 see info in the announcement to LinuxCoin]. It is a script that can create a key pair ''without'' Internet connection. As the private keys are created on a system that does not have Internet access, and are stored offline, they can not get lost via the Internet. The public key can be passed on and received as normal transactions that can be looked up in block Explorer. Only if you want to use the fund, you must import the private key into a Bitcoin client. From then on, the normal safety precautions apply.

Talk:Trade

2011-07-04T19:21:20Z

Joise: /* Vetting */

==Proposed Listing Standards==
I propose the following standards be required for listing on the [Trade]. The listed site must
# Be currently functional (downtime of less than 48 hours is acceptable)
# Be currently accepting bitcoins
# Have clear instructions for paying with bitcoins from the link given
# Prices must be sane within an order of magnitude (non-sane prices indicate that the website has not been updated to match bitcoin deflation)
The standards will help keep the list manageable and easy to use.

This is a talk page, so please sign your contributions. I mostly agree, but the "sane prices" criterion seems a bit subjective ; there is a risk that we exclude goodwilling merchants, who would otherwise be willing to update their prices when contacted. [[User:ThomasV|ThomasV]] 10:43, 12 February 2011 (GMT)

:Here is an example [http://bitcoin2cash.com/]. When I say "sane", I mean reasonable within an order of magnitude. I moved your other comment to a separate section for clarity [[User:Ptd|Ptd]] 12:59, 13 February 2011 (GMT)

Sounds reasonable. --[[User:Sirius|Sirius]] 07:09, 23 February 2011 (GMT)
Reasonable. What about defining a practice for ordering the list of sites? I've got one to add, so I'll just tack it at the bottom, but it's going to be an ugly list after awhile. Alphabetical? Chronologically ordered by add date?
[[User:JulianTosh|JulianTosh]] 00:19, 10 May 2011 (GMT)

I'd say somewhat unreasonable regarding the clear instructions. A lot of my customers are the types who would get confused if I listed my native currency and Bitcoin side by side. I want to offer Bitcoin for Bitcoin users, but not at the risk of confusing other potential customers and potentially losing sales as a result. As such, I make it possible for customers to switch to using Bitcoin during the checkout process. [[User:Orbixx|Orbixx]] 18:39, 02 June 2011 (GMT)

Every link that does not go to a page that CLEARLY states they are accepting bitcoins should be removed. Try to go to the website Orbixx has added again, there is simply no way to check they accept bitcoins, and I believe they don't actually. I couldn't figure it out. So I think the rules should be that if the link does NOT arrive at a page that says the site is accepting bitcoins, it should be removed. Orbixx, companies can just create a separate page for it, and you link to that page, not simply to your homepage if you think it would be too confusing on the home page.
[[User:Berend|Berend]] 21:21, 2 June 2011 (GMT)

On Exoware.net payment methods are not stated at all until the checkout process; this is incredibly common. It should be evident that we accept Bitcoin because we are listed on this page and there should be no need to plaster it all over some landing page or on the site. As for your belief that "they don't actually [accept bitcoins]", you're welcome to try us - we do. The mere fact that you nonchalantly removed our listing in the first place for apparently not accepting Bitcoin without even getting in contact with us in the first place is ridiculous. Then to come on here after I email you with screenshots showing the page where you can change your currency to BTC and say that somehow you still maintain that we do not accept Bitcoin is preposterous. Do not remove any listings without first solidly verifying your inadequate assumptions. [[User:Orbixx|Orbixx]] 04:01, 03 June 2011 (GMT)

It's not unreasonable to expect a merchant to have a bitcoin logo among the mastercard, visa, paypal, google checkout, etc. buttons that clutter a corner of nearly every website that takes money. If they accept bitcoin, they should add a bitcoin logo there. if they take money, they should have a section that fits the description. it's that simple. no reason not to be able to tell at a glance. [[User:aarcane|aarcane]] 04:54, 03 June 2011 (UTC)

==Should we put addresses on the wiki?==
We just had some bitcoin address spam. perhaps it would not have happened if we did not put bitcoin addresses on the wiki ? [[User:ThomasV|ThomasV]] 23:50, 12 February 2011 (GMT)
: Page is now semi-protected. [[User:MagicalTux|MagicalTux]] 08:28, 16 February 2011 (GMT)

Yea i suggest not to put the bitcoin addresses of donation-accepting orgs on the wiki. this opens it up to vandalism in hopes of getting misdirected bitcoins. just link to the relevant webpage of the donation-accepting organization, and that's all. that way also we don't have to worry about the addresses changing.--[[User:Nanotube|Nanotube]] 04:41, 24 February 2011 (GMT)

==Hide Contents of Adult?==
Should the contents of Adult be displayed by default, or might it be reasonable to expect that to be a hidden that requires an action for the contents of the category to be rendered? - [[User:sgornick]] 06:22, 23 February 2011 (GMT)

Should be hidden or moved to another page. --[[User:Sirius|Sirius]] 07:05, 23 February 2011 (GMT)

I'm all for censoring it as much as the community will tolerate. --[[User:Luke-jr|Luke-jr]] 13:27, 23 February 2011 (GMT)

Why hide adult section? They are just links to sites, and section is clearly labeled "Adult". What's the big idea on the censorship? --[[User:Nanotube|Nanotube]] 04:39, 24 February 2011 (GMT)

I suggest do not censor or hide. Consider for example genjix's calm reference to drugs in his presentation. Should he have been afraid and contemplative of censoring or preventing from communicating such things? Such is a kind of debate generally influenced by religi*** motivations. See [[Trade_R]] for adult content [[User:Mizerydearia|Mizerydearia]] 15:04, 27 April 2011 (GMT)

Against censorship of site links. They should simply be labeled as adult oriented and the vagues possible genre references.
[[User:JulianTosh|JulianTosh]] 00:21, 10 May 2011 (GMT)

The problem with listing every site together with adults sites is that automatic scanning software might label your business in the same group. You don't want that to happen, else your legitimate businesses will very quickly disappear from this page
[[User:Berend|Berend]] 21:18, 2 June 2011 (GMT)

== Drugs Section Empty ==

The "psychoactives" section appears to consist entirely of dead links. [[User:Ironwolf|Ironwolf]] 03:54, 28 March 2011 (GMT)

I deleted the Drugs section, since Bitcoin is still far too vulnerable to government actions against it -- there are many single points of failure. The most glaring to me is the DNS system -- the bitcoin.org domain could be taken down if the US government wishes to.

:This is a terrible decision. My company was removed because of this decision, and it disgusts me. Not all drugs are illegal. My company operates a physical storefront in the US. We ONLY sell drugs that you can buy at the supermarket down the road. Just because it is a "drug" or "psychoactive" doesn't mean that the government is trying to shut it down. Nicotine is a drug, aspirin is a drug, alcohol is a drug. Lotus petals are psychoactive, and so is chamomile and kava - but you can go into Walmart or Walgreens/CVS and buy them. These are the only drugs for sale. Stop freaking out about it. People have swept our business off this list twice because of this ridiculous mindset. We're a hippy art store - not a head shop or drug market. --[[User:Metagnosis|Metagnosis]] 17:59, 22 June 2011 (GMT)

I apologize to those merchants who may not get as many customers now, but really, it's probably better this way. Anyone who needs to can get a connection by asking around, I'm sure. My goal is only to reduce the "criminal" perception of Bitcoin. [[User:AaronM|AaronM]] 01:18, 27 April 2011 (GMT)

== What is a Notable Website ==

I started accepting bitcoin at http://la.indymedia.org and a couple other sites on the slaptech.net site. What's the standard for adding this to the list of sites? [[User:Johnk|Johnk]] 16:30, 17 April 2011 (GMT)

== New section for services that are not considered "Professional services"? ==

I'm wondering whether it might be advisable to add a section for services that are not really "professional services" as that term is ordinarily used in vernacular English.

For example, I just added a dump-truck haulage service to ''Professional services/Other''; but dump truck haulage is not generally considered a professional service. Ought we to consider adding a new section to the page? [[User:1ECVX6EAk53VER2NH5NKharUUGpfw8iUP6|1ECVX6EAk53VER2NH5NKharUUGpfw8iUP6]] 01:49, 4 May 2011 (GMT)

:i'm a massage therapist wanting to trade bitcoin for massage. what section do i put my services in?
:[[User:zenbunny|zenbunny]] 20:52, 25 May 2011 (GMT)

== donation accepting organizasions ==

perhaps a separate page should be created for them ?
I guess donations do not belong to "trade".
[[User:ThomasV|ThomasV]] 23:17, 5 May 2011 (GMT)

:Definitely. It's a bit sad that there is no place to list all Bitcoin-accepted organizations, particularly smaller non-profit ones since they don't sell anything and the organizations page has a notability requirement. I'll create one if no one objects and/or does it before me. [[User:Blues|Blues]] 20:36, 25 May 2011 (GMT)

== Alternative listings for bitcoin-related directory and merchant sites ==

Because this wiki is censored and not allowing of certain contents or sites, I have set up http://bitcoinsites.witcoin.com/ to allow for all bitcoin-related sites to be posted. Feel free to also use this medium for commenting and reviewing sites as well. [[User:Mizerydearia|Mizerydearia]] 05:28, 25 May 2011 (GMT)

* Since witcoin.com is subject to US and/or Canada law, I would expect it to be censored as well eventually. But perhaps not a bad idea to make an alternative site for the ratings/reviews idea anyway... I won't use it if it's based on witcoin though, since they require paying to comment/rate... --[[User:Luke-jr|Luke-jr]] 18:27, 25 May 2011 (GMT)

[http://bitcookies.com Bitcookies] - A community resource to list businesses, events, and classifieds that are related to Bitcoin. The server is privately owned and therefore not subject to any controlling interests. The site does not, nor will it ever have censorship in terms of the types of businesses/traders/websites listed. The site is free to all community members and was developed with funds from my mining operations. [[User:Miner249er|Miner24934]] 16:25, 27 May 2011 (GMT)

== Bloomberg Esque Data Suite: Compiling Transaction info from merchants to measure demand ==

I am included on the list of many who are very interested in seeing bitcoin succeed and want to be a part of that success, but there is one serious uncertainity that is keeping me from getting in: are people actually using their coins for more than just buying drugs and slim jims, and is all of the buying concentrated in one website or product and one consumer demographic? Demand for the coins is necessary for their success. This can be determined by consumption rates and habits. I have perused the website listing, but still feel that information is lacking.

It would be nice to see an economic indicator that acquires data from merchants (and compensates them in bitcoin for their effort) on the dollar value (and perhaps sector) of the bitcoin transactions. We could then weigh a derivative of total dollar amount and number of transactions against the number of bitcoins mined to get a better understanding of the economic health of the currency.

== Require description of changes ==

It's impossible to read this pages's history, because most people seem to forget to:
- use the "description" line when committing a change
- use the "preview" button, and do several changes in a row just because they forgot the label on a link

The first point is the most important, because of changes like [https://en.bitcoin.it/w/index.php?title=Trade&diff=prev&oldid=11246 that one], that suppresses and adds random links without even explaining why. Such changes should be immediately reverted, by policy. On the technical side, one small improvement could be to require the "description" field to be non-empty. People could still write random characters, but that would still be a different action. --[[User:Davux|Davux]] 23:15, 22 June 2011 (GMT)

== Huge chunk of deletions reverted ==

Hi,

I've tracked down a huge set of deletions wich was probably done in error, [https://en.bitcoin.it/w/index.php?title=Trade&diff=next&oldid=11252 see link]. I've reverted each deletion individually because otherwise, new entries would have been deleted.

It's probably necessary to watch out for that. --[[User:Joise|Joise]] 18:55, 29 June 2011 (GMT)

== Vetting ==

I realise this is probably a difficult issue — we don't realistically have the time or work to vet all listed sites — but should ones which are clearly scams be removed from the wiki page, or should each be discussed first before deletion (perhaps, by moderator staff)?

For example: <blockquote>[https://sites.google.com/site/wwjdtd/ Time Warp interactive], is a fiction/nonfiction mmorpg that is in alpha and is selling the game only through bitcoins</blockquote>This, to me, is clearly a scam. Going through their Google Sites website (which is the new GeoCities), it becomes clear very quickly that this is not a product that it pretends to be, and is instead just some fly by night website setup by a couple of teenagers in hopes of some free cash from unsuspecting visitors.

I doubt anybody would actually send any BTC their way anyway, but in my opinion having hoaxes like this damages the credibility and trustworthy of Bitcoin accepting merchants as a whole.

Could we come up with some way of pruning false merchants like this?

::I think that links which are very clearly scam should not be promoted. However I see two difficulties:
::# It might be hard to see whether something is simply a low budget project or not serious.
::# What is reputable and what not certainly will vary widely. If you want to promote a bank, I'd likely want another neighborhood than if you just try to sell psychodelically designed pizza containing extremely high concentrations of capsain.
::# The more profound issue is that the not-to-reputable looking enterprises might be exactly the ones which bring the stongest kicks to innovation. I am thinking in the term "garage firm". And obviously grandparents will tell the kids some day that the whole bitcoin economy started with alpaca socks, online poker and fancy glass beads.

::My proposal: Create a playground / dockland / bitcoinpunk section which can collect the fringe of the fringe. And let largely visitors decide what they are going to trust. --[[User:Joise|Joise]] 19:21, 4 July 2011 (GMT)

Bitcoin symbol

2011-06-30T20:22:42Z

Joise: /* Unicode symbol */

There is no official Bitcoin symbol as of December 2010, however the ''BTC'' abbreviation is the most universally accepted form.

== Unicode symbol ==

There is a discussion over [http://www.bitcoin.org/smf/index.php?topic=369.0 which Unicode symbol might be the best suited] for bitcoin.

To type Unicode characters, refer to:

* [[Microsoft Windows Unicode Input]]
* [[How to easily type the circled B symbol on a Mac]]

It has led to the following options:

{| class="wikitable sortable"
|-
! Proposed character !! Description & Pros & Cons !! Unicode name !! Unicode decimal input !! Unicode hex input
|-
| ฿ ||
* Pros: Gives a currency-like look (it is the symbol for an existing currency, the Thai Baht, but other currency symbols often get reused, like the $); displayed correctly on all known OSes
* Cons: It is already used for the Thai currency, and might confuse people
|| THAI CURRENCY SYMBOL BAHT || || Alt +0E3F
|-
| Ⓑ ||
*Pros: Similar to current bitcoin.org logo
|| CIRCLED LATIN CAPITAL LETTER B || || Alt +24B7
|-
| ⓑ ||
*Pros: Small b represent the unit bit in computer where capital B is Byte
* Cons: Small fonts are harder to read
|| CIRCLED LATIN SMALL LETTER B || ||Alt +24D1
|-
|ᴃ|| || LATIN LETTER SMALL CAPITAL BARRED B || ||Alt +1D03
|-
|Ƀ|| || LATIN CAPITAL LETTER B WITH STROKE || ||Alt +0243
|-
|B⃦|| || || ||
|-
|␢|| || (Unicode Block: Control Pictures) BLANK SYMBOL (graphic for space) || || Alt +2422
|-
|-
| 币 || pronounced "bi", combines "b", turned "c" and "T", many Chinese users, also 网民币 - Wangminbi, "The Netizen's Currency" (pun on Renminbi) || Chinese for "Currency" || || U+5E01
|-
| β ||
*Pros: Fluid look and easy to write; Lowercase
|| GREEK SMALL LETTER BETA || ||Alt +03B2
|-
|¤|| || CURRENCY SIGN ||Alt 0164 ||Alt +00A4
|-
|Ƅ|| || LATIN CAPITAL LETTER TONE SIX || ||Alt +0184
|-
|∄|| || (Unicode Block: Mathematical Operators) THERE DOES NOT EXIST || ||Alt +2204
|-
|ઘ|| || GUJARATI LETTER GHA (Indo-Aryan language) || ||Alt +0A98
|-
|ϭ|| || (Unicode Block: Greek and Coptic) COPTIC SMALL LETTER SHIMA || ||Alt +03ED
|-
| ɸ || contains 0 and I || Greek small Theta || || U+0278
|-
| ∆ || delta for "digital" || Greek capital Delta || || U+0394
|-
|[[Image:Bitcoin Symbol Suggestion circled struck-through B.png|20px]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|[[Image:Bitcoin Symbol Suggestion rotated power.png|20px]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|ⓢ|| Purposed as a smaller unit of bitcoin. E.g. A hundredth of a bitcoin || CIRCLED LATIN SMALL LETTER S || || Alt +24E2
|-
|≡ || three bars like three bits || || || Alt + 240
|-
|[[Image:Bat.png|32x32px|alt=The b'at]]
the b'at
||
* Pros: Is round like a coin. Contains the B for Bitcoin. Borrows a style widelly associated with the internet. Not used for other meanings.
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|A 'C' with '1' and '0' inside [[http://img829.imageshack.us/img829/8840/bitcoinlogodraft.png]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|A 'C' with a 'circle' and 'dot' inside [[http://img836.imageshack.us/img836/6006/bitcoinlogodraftii.png]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
| ◪|| || (Unicode Block: Geometric Shapes) SQUARE WITH LOWER RIGHT DIAGONAL HALF BLACK || || Alt +25EA
|-
|[[http://hosting11.imagecross.com/image-hosting-61/2381unicode1s.png]][[http://hosting11.imagecross.com/image-hosting-61/162bitcoin_uni_s.png]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|☺|| ||WHITE SMILING FACE|| || Alt +263A
|-
|☻|| ||BLACK SMILING FACE|| || Alt +263B
|-
|㋡|| ||CIRCLED KATAKANA TU' (Japanese)|| || Alt +32E1
|-
| || || || ||
|}

Bitcoin symbol

2011-06-30T20:15:58Z

Joise: /* Unicode symbol */

There is no official Bitcoin symbol as of December 2010, however the ''BTC'' abbreviation is the most universally accepted form.

== Unicode symbol ==

There is a discussion over [http://www.bitcoin.org/smf/index.php?topic=369.0 which Unicode symbol might be the best suited] for bitcoin.

To type Unicode characters, refer to:

* [[Microsoft Windows Unicode Input]]
* [[How to easily type the circled B symbol on a Mac]]

It has led to the following options:

{| class="wikitable sortable"
|-
! Proposed character !! Description & Pros & Cons !! Unicode name !! Unicode decimal input !! Unicode hex input
|-
| ฿ ||
* Pros: Gives a currency-like look (it is the symbol for an existing currency, the Thai Baht, but other currency symbols often get reused, like the $); displayed correctly on all known OSes
* Cons: It is already used for the Thai currency, and might confuse people
|| THAI CURRENCY SYMBOL BAHT || || Alt +0E3F
|-
| Ⓑ ||
*Pros: Similar to current bitcoin.org logo
|| CIRCLED LATIN CAPITAL LETTER B || || Alt +24B7
|-
| ⓑ ||
*Pros: Small b represent the unit bit in computer where capital B is Byte
* Cons: Small fonts are harder to read
|| CIRCLED LATIN SMALL LETTER B || ||Alt +24D1
|-
|ᴃ|| || LATIN LETTER SMALL CAPITAL BARRED B || ||Alt +1D03
|-
|Ƀ|| || LATIN CAPITAL LETTER B WITH STROKE || ||Alt +0243
|-
|B⃦|| || || ||
|-
|␢|| || (Unicode Block: Control Pictures) BLANK SYMBOL (graphic for space) || || Alt +2422
|-
|-
| 币 || pronounced "bi", combines "b", turned "c" and "T", many Chinese users, also 网民币 - Wangminbi, "The Netizen's Currency" (pun on Renminbi) || Chinese for "Currency" || || U+5E01
|-
| β ||
*Pros: Fluid look and easy to write; Lowercase
|| GREEK SMALL LETTER BETA || ||Alt +03B2
|-
|¤|| || CURRENCY SIGN ||Alt 0164 ||Alt +00A4
|-
|Ƅ|| || LATIN CAPITAL LETTER TONE SIX || ||Alt +0184
|-
|∄|| || (Unicode Block: Mathematical Operators) THERE DOES NOT EXIST || ||Alt +2204
|-
|ઘ|| || GUJARATI LETTER GHA (Indo-Aryan language) || ||Alt +0A98
|-
|ϭ|| || (Unicode Block: Greek and Coptic) COPTIC SMALL LETTER SHIMA || ||Alt +03ED
|-
| ɸ || contains 0 and I || Greek small Theta || || U+0278
|-
| ∆ || delta for "digital" || Greek capital Delta || || U+0394
|-
|[[Image:Bitcoin Symbol Suggestion circled struck-through B.png|20px]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|[[Image:Bitcoin Symbol Suggestion rotated power.png|20px]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|ⓢ|| Purposed as a smaller unit of bitcoin. E.g. A hundredth of a bitcoin || CIRCLED LATIN SMALL LETTER S || || Alt +24E2
|-
|[[Image:Bat.png|32x32px|alt=The b'at]]
the b'at
||
* Pros: Is round like a coin. Contains the B for Bitcoin. Borrows a style widelly associated with the internet. Not used for other meanings.
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|A 'C' with '1' and '0' inside [[http://img829.imageshack.us/img829/8840/bitcoinlogodraft.png]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|A 'C' with a 'circle' and 'dot' inside [[http://img836.imageshack.us/img836/6006/bitcoinlogodraftii.png]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
| ◪|| || (Unicode Block: Geometric Shapes) SQUARE WITH LOWER RIGHT DIAGONAL HALF BLACK || || Alt +25EA
|-
|[[http://hosting11.imagecross.com/image-hosting-61/2381unicode1s.png]][[http://hosting11.imagecross.com/image-hosting-61/162bitcoin_uni_s.png]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|☺|| ||WHITE SMILING FACE|| || Alt +263A
|-
|☻|| ||BLACK SMILING FACE|| || Alt +263B
|-
|㋡|| ||CIRCLED KATAKANA TU' (Japanese)|| || Alt +32E1
|-
| || || || ||
|}

Bitcoin symbol

2011-06-30T20:11:07Z

Joise: /* Unicode symbol */

There is no official Bitcoin symbol as of December 2010, however the ''BTC'' abbreviation is the most universally accepted form.

== Unicode symbol ==

There is a discussion over [http://www.bitcoin.org/smf/index.php?topic=369.0 which Unicode symbol might be the best suited] for bitcoin.

To type Unicode characters, refer to:

* [[Microsoft Windows Unicode Input]]
* [[How to easily type the circled B symbol on a Mac]]

It has led to the following options:

{| class="wikitable sortable"
|-
! Proposed character !! Description & Pros & Cons !! Unicode name !! Unicode decimal input !! Unicode hex input
|-
| ฿ ||
* Pros: Gives a currency-like look (it is the symbol for an existing currency, the Thai Baht, but other currency symbols often get reused, like the $); displayed correctly on all known OSes
* Cons: It is already used for the Thai currency, and might confuse people
|| THAI CURRENCY SYMBOL BAHT || || Alt +0E3F
|-
| Ⓑ ||
*Pros: Similar to current bitcoin.org logo
|| CIRCLED LATIN CAPITAL LETTER B || || Alt +24B7
|-
| ⓑ ||
*Pros: Small b represent the unit bit in computer where capital B is Byte
* Cons: Small fonts are harder to read
|| CIRCLED LATIN SMALL LETTER B || ||Alt +24D1
|-
|ᴃ|| || LATIN LETTER SMALL CAPITAL BARRED B || ||Alt +1D03
|-
|Ƀ|| || LATIN CAPITAL LETTER B WITH STROKE || ||Alt +0243
|-
|B⃦|| || || ||
|-
|␢|| || (Unicode Block: Control Pictures) BLANK SYMBOL (graphic for space) || || Alt +2422
|-
|-
| 币 || pronounced "bi", combines "b", turned "c" and "T", many Chinese users, also 网民币 - Wangminbi, "The Netizen's Currency" (pun on Renminbi) || Chinese for "Currency" || || U+5E01
|-
| β ||
*Pros: Fluid look and easy to write; Lowercase
|| GREEK SMALL LETTER BETA || ||Alt +03B2
|-
|¤|| || CURRENCY SIGN ||Alt 0164 ||Alt +00A4
|-
|Ƅ|| || LATIN CAPITAL LETTER TONE SIX || ||Alt +0184
|-
|∄|| || (Unicode Block: Mathematical Operators) THERE DOES NOT EXIST || ||Alt +2204
|-
|ઘ|| || GUJARATI LETTER GHA (Indo-Aryan language) || ||Alt +0A98
|-
|ϭ|| || (Unicode Block: Greek and Coptic) COPTIC SMALL LETTER SHIMA || ||Alt +03ED
|-
| ɸ || contains 0 and I || Greek small Theta || || U+0278
|-
|[[Image:Bitcoin Symbol Suggestion circled struck-through B.png|20px]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|[[Image:Bitcoin Symbol Suggestion rotated power.png|20px]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|ⓢ|| Purposed as a smaller unit of bitcoin. E.g. A hundredth of a bitcoin || CIRCLED LATIN SMALL LETTER S || || Alt +24E2
|-
|[[Image:Bat.png|32x32px|alt=The b'at]]
the b'at
||
* Pros: Is round like a coin. Contains the B for Bitcoin. Borrows a style widelly associated with the internet. Not used for other meanings.
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|A 'C' with '1' and '0' inside [[http://img829.imageshack.us/img829/8840/bitcoinlogodraft.png]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|A 'C' with a 'circle' and 'dot' inside [[http://img836.imageshack.us/img836/6006/bitcoinlogodraftii.png]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
| ◪|| || (Unicode Block: Geometric Shapes) SQUARE WITH LOWER RIGHT DIAGONAL HALF BLACK || || Alt +25EA
|-
|[[http://hosting11.imagecross.com/image-hosting-61/2381unicode1s.png]][[http://hosting11.imagecross.com/image-hosting-61/162bitcoin_uni_s.png]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|☺|| ||WHITE SMILING FACE|| || Alt +263A
|-
|☻|| ||BLACK SMILING FACE|| || Alt +263B
|-
|㋡|| ||CIRCLED KATAKANA TU' (Japanese)|| || Alt +32E1
|-
| || || || ||
|}

Bitcoin symbol

2011-06-30T20:03:33Z

Joise: /* Unicode symbol */ Chinese for "Currency"

There is no official Bitcoin symbol as of December 2010, however the ''BTC'' abbreviation is the most universally accepted form.

== Unicode symbol ==

There is a discussion over [http://www.bitcoin.org/smf/index.php?topic=369.0 which Unicode symbol might be the best suited] for bitcoin.

To type Unicode characters, refer to:

* [[Microsoft Windows Unicode Input]]
* [[How to easily type the circled B symbol on a Mac]]

It has led to the following options:

{| class="wikitable sortable"
|-
! Proposed character !! Description & Pros & Cons !! Unicode name !! Unicode decimal input !! Unicode hex input
|-
| ฿ ||
* Pros: Gives a currency-like look (it is the symbol for an existing currency, the Thai Baht, but other currency symbols often get reused, like the $); displayed correctly on all known OSes
* Cons: It is already used for the Thai currency, and might confuse people
|| THAI CURRENCY SYMBOL BAHT || || Alt +0E3F
|-
| Ⓑ ||
*Pros: Similar to current bitcoin.org logo
|| CIRCLED LATIN CAPITAL LETTER B || || Alt +24B7
|-
| ⓑ ||
*Pros: Small b represent the unit bit in computer where capital B is Byte
* Cons: Small fonts are harder to read
|| CIRCLED LATIN SMALL LETTER B || ||Alt +24D1
|-
|ᴃ|| || LATIN LETTER SMALL CAPITAL BARRED B || ||Alt +1D03
|-
|Ƀ|| || LATIN CAPITAL LETTER B WITH STROKE || ||Alt +0243
|-
|B⃦|| || || ||
|-
|␢|| || (Unicode Block: Control Pictures) BLANK SYMBOL (graphic for space) || || Alt +2422
|-
|-
| 币 || pronounced "bi", combines "b", turned "c" and "T", many Chinese users, also 网民币 - Wangminbi, "The Netizen's Currency" (pun on Renminbi) || Chinese for "Currency" || || U+5E01
|-
| β ||
*Pros: Fluid look and easy to write; Lowercase
|| GREEK SMALL LETTER BETA || ||Alt +03B2
|-
|¤|| || CURRENCY SIGN ||Alt 0164 ||Alt +00A4
|-
|Ƅ|| || LATIN CAPITAL LETTER TONE SIX || ||Alt +0184
|-
|∄|| || (Unicode Block: Mathematical Operators) THERE DOES NOT EXIST || ||Alt +2204
|-
|ઘ|| || GUJARATI LETTER GHA (Indo-Aryan language) || ||Alt +0A98
|-
|ϭ|| || (Unicode Block: Greek and Coptic) COPTIC SMALL LETTER SHIMA || ||Alt +03ED
|-
|[[Image:Bitcoin Symbol Suggestion circled struck-through B.png|20px]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|[[Image:Bitcoin Symbol Suggestion rotated power.png|20px]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|ⓢ|| Purposed as a smaller unit of bitcoin. E.g. A hundredth of a bitcoin || CIRCLED LATIN SMALL LETTER S || || Alt +24E2
|-
|[[Image:Bat.png|32x32px|alt=The b'at]]
the b'at
||
* Pros: Is round like a coin. Contains the B for Bitcoin. Borrows a style widelly associated with the internet. Not used for other meanings.
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|A 'C' with '1' and '0' inside [[http://img829.imageshack.us/img829/8840/bitcoinlogodraft.png]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|A 'C' with a 'circle' and 'dot' inside [[http://img836.imageshack.us/img836/6006/bitcoinlogodraftii.png]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
| ◪|| || (Unicode Block: Geometric Shapes) SQUARE WITH LOWER RIGHT DIAGONAL HALF BLACK || || Alt +25EA
|-
|[[http://hosting11.imagecross.com/image-hosting-61/2381unicode1s.png]][[http://hosting11.imagecross.com/image-hosting-61/162bitcoin_uni_s.png]]||
* Cons: Does not exist in the Unicode standard
|| || ||
|-
|☺|| ||WHITE SMILING FACE|| || Alt +263A
|-
|☻|| ||BLACK SMILING FACE|| || Alt +263B
|-
|㋡|| ||CIRCLED KATAKANA TU' (Japanese)|| || Alt +32E1
|-
| || || || ||
|}

Talk:Trade

2011-06-29T18:58:02Z

Joise: /* Huge chunk of deletions reverted */

Talk:Trade

2011-06-29T18:55:32Z

Joise: /* Huge chunk of deletions reverted */ new section

==Proposed Listing Standards==
I propose the following standards be required for listing on the [Trade]. The listed site must
# Be currently functional (downtime of less than 48 hours is acceptable)
# Be currently accepting bitcoins
# Have clear instructions for paying with bitcoins from the link given
# Prices must be sane within an order of magnitude (non-sane prices indicate that the website has not been updated to match bitcoin deflation)
The standards will help keep the list manageable and easy to use.

This is a talk page, so please sign your contributions. I mostly agree, but the "sane prices" criterion seems a bit subjective ; there is a risk that we exclude goodwilling merchants, who would otherwise be willing to update their prices when contacted. [[User:ThomasV|ThomasV]] 10:43, 12 February 2011 (GMT)

:Here is an example [http://bitcoin2cash.com/]. When I say "sane", I mean reasonable within an order of magnitude. I moved your other comment to a separate section for clarity [[User:Ptd|Ptd]] 12:59, 13 February 2011 (GMT)

Sounds reasonable. --[[User:Sirius|Sirius]] 07:09, 23 February 2011 (GMT)
Reasonable. What about defining a practice for ordering the list of sites? I've got one to add, so I'll just tack it at the bottom, but it's going to be an ugly list after awhile. Alphabetical? Chronologically ordered by add date?
[[User:JulianTosh|JulianTosh]] 00:19, 10 May 2011 (GMT)

I'd say somewhat unreasonable regarding the clear instructions. A lot of my customers are the types who would get confused if I listed my native currency and Bitcoin side by side. I want to offer Bitcoin for Bitcoin users, but not at the risk of confusing other potential customers and potentially losing sales as a result. As such, I make it possible for customers to switch to using Bitcoin during the checkout process. [[User:Orbixx|Orbixx]] 18:39, 02 June 2011 (GMT)

Every link that does not go to a page that CLEARLY states they are accepting bitcoins should be removed. Try to go to the website Orbixx has added again, there is simply no way to check they accept bitcoins, and I believe they don't actually. I couldn't figure it out. So I think the rules should be that if the link does NOT arrive at a page that says the site is accepting bitcoins, it should be removed. Orbixx, companies can just create a separate page for it, and you link to that page, not simply to your homepage if you think it would be too confusing on the home page.
[[User:Berend|Berend]] 21:21, 2 June 2011 (GMT)

On Exoware.net payment methods are not stated at all until the checkout process; this is incredibly common. It should be evident that we accept Bitcoin because we are listed on this page and there should be no need to plaster it all over some landing page or on the site. As for your belief that "they don't actually [accept bitcoins]", you're welcome to try us - we do. The mere fact that you nonchalantly removed our listing in the first place for apparently not accepting Bitcoin without even getting in contact with us in the first place is ridiculous. Then to come on here after I email you with screenshots showing the page where you can change your currency to BTC and say that somehow you still maintain that we do not accept Bitcoin is preposterous. Do not remove any listings without first solidly verifying your inadequate assumptions. [[User:Orbixx|Orbixx]] 04:01, 03 June 2011 (GMT)

It's not unreasonable to expect a merchant to have a bitcoin logo among the mastercard, visa, paypal, google checkout, etc. buttons that clutter a corner of nearly every website that takes money. If they accept bitcoin, they should add a bitcoin logo there. if they take money, they should have a section that fits the description. it's that simple. no reason not to be able to tell at a glance. [[User:aarcane|aarcane]] 04:54, 03 June 2011 (UTC)

==Should we put addresses on the wiki?==
We just had some bitcoin address spam. perhaps it would not have happened if we did not put bitcoin addresses on the wiki ? [[User:ThomasV|ThomasV]] 23:50, 12 February 2011 (GMT)
: Page is now semi-protected. [[User:MagicalTux|MagicalTux]] 08:28, 16 February 2011 (GMT)

Yea i suggest not to put the bitcoin addresses of donation-accepting orgs on the wiki. this opens it up to vandalism in hopes of getting misdirected bitcoins. just link to the relevant webpage of the donation-accepting organization, and that's all. that way also we don't have to worry about the addresses changing.--[[User:Nanotube|Nanotube]] 04:41, 24 February 2011 (GMT)

==Hide Contents of Adult?==
Should the contents of Adult be displayed by default, or might it be reasonable to expect that to be a hidden that requires an action for the contents of the category to be rendered? - [[User:sgornick]] 06:22, 23 February 2011 (GMT)

Should be hidden or moved to another page. --[[User:Sirius|Sirius]] 07:05, 23 February 2011 (GMT)

I'm all for censoring it as much as the community will tolerate. --[[User:Luke-jr|Luke-jr]] 13:27, 23 February 2011 (GMT)

Why hide adult section? They are just links to sites, and section is clearly labeled "Adult". What's the big idea on the censorship? --[[User:Nanotube|Nanotube]] 04:39, 24 February 2011 (GMT)

I suggest do not censor or hide. Consider for example genjix's calm reference to drugs in his presentation. Should he have been afraid and contemplative of censoring or preventing from communicating such things? Such is a kind of debate generally influenced by religi*** motivations. See [[Trade_R]] for adult content [[User:Mizerydearia|Mizerydearia]] 15:04, 27 April 2011 (GMT)

Against censorship of site links. They should simply be labeled as adult oriented and the vagues possible genre references.
[[User:JulianTosh|JulianTosh]] 00:21, 10 May 2011 (GMT)

The problem with listing every site together with adults sites is that automatic scanning software might label your business in the same group. You don't want that to happen, else your legitimate businesses will very quickly disappear from this page
[[User:Berend|Berend]] 21:18, 2 June 2011 (GMT)

== Drugs Section Empty ==

The "psychoactives" section appears to consist entirely of dead links. [[User:Ironwolf|Ironwolf]] 03:54, 28 March 2011 (GMT)

I deleted the Drugs section, since Bitcoin is still far too vulnerable to government actions against it -- there are many single points of failure. The most glaring to me is the DNS system -- the bitcoin.org domain could be taken down if the US government wishes to.

:This is a terrible decision. My company was removed because of this decision, and it disgusts me. Not all drugs are illegal. My company operates a physical storefront in the US. We ONLY sell drugs that you can buy at the supermarket down the road. Just because it is a "drug" or "psychoactive" doesn't mean that the government is trying to shut it down. Nicotine is a drug, aspirin is a drug, alcohol is a drug. Lotus petals are psychoactive, and so is chamomile and kava - but you can go into Walmart or Walgreens/CVS and buy them. These are the only drugs for sale. Stop freaking out about it. People have swept our business off this list twice because of this ridiculous mindset. We're a hippy art store - not a head shop or drug market. --[[User:Metagnosis|Metagnosis]] 17:59, 22 June 2011 (GMT)

I apologize to those merchants who may not get as many customers now, but really, it's probably better this way. Anyone who needs to can get a connection by asking around, I'm sure. My goal is only to reduce the "criminal" perception of Bitcoin. [[User:AaronM|AaronM]] 01:18, 27 April 2011 (GMT)

== What is a Notable Website ==

I started accepting bitcoin at http://la.indymedia.org and a couple other sites on the slaptech.net site. What's the standard for adding this to the list of sites? [[User:Johnk|Johnk]] 16:30, 17 April 2011 (GMT)

== New section for services that are not considered "Professional services"? ==

I'm wondering whether it might be advisable to add a section for services that are not really "professional services" as that term is ordinarily used in vernacular English.

For example, I just added a dump-truck haulage service to ''Professional services/Other''; but dump truck haulage is not generally considered a professional service. Ought we to consider adding a new section to the page? [[User:1ECVX6EAk53VER2NH5NKharUUGpfw8iUP6|1ECVX6EAk53VER2NH5NKharUUGpfw8iUP6]] 01:49, 4 May 2011 (GMT)

:i'm a massage therapist wanting to trade bitcoin for massage. what section do i put my services in?
:[[User:zenbunny|zenbunny]] 20:52, 25 May 2011 (GMT)

== donation accepting organizasions ==

perhaps a separate page should be created for them ?
I guess donations do not belong to "trade".
[[User:ThomasV|ThomasV]] 23:17, 5 May 2011 (GMT)

:Definitely. It's a bit sad that there is no place to list all Bitcoin-accepted organizations, particularly smaller non-profit ones since they don't sell anything and the organizations page has a notability requirement. I'll create one if no one objects and/or does it before me. [[User:Blues|Blues]] 20:36, 25 May 2011 (GMT)

== Alternative listings for bitcoin-related directory and merchant sites ==

Because this wiki is censored and not allowing of certain contents or sites, I have set up http://bitcoinsites.witcoin.com/ to allow for all bitcoin-related sites to be posted. Feel free to also use this medium for commenting and reviewing sites as well. [[User:Mizerydearia|Mizerydearia]] 05:28, 25 May 2011 (GMT)

* Since witcoin.com is subject to US and/or Canada law, I would expect it to be censored as well eventually. But perhaps not a bad idea to make an alternative site for the ratings/reviews idea anyway... I won't use it if it's based on witcoin though, since they require paying to comment/rate... --[[User:Luke-jr|Luke-jr]] 18:27, 25 May 2011 (GMT)

[http://bitcookies.com Bitcookies] - A community resource to list businesses, events, and classifieds that are related to Bitcoin. The server is privately owned and therefore not subject to any controlling interests. The site does not, nor will it ever have censorship in terms of the types of businesses/traders/websites listed. The site is free to all community members and was developed with funds from my mining operations. [[User:Miner249er|Miner24934]] 16:25, 27 May 2011 (GMT)

== Bloomberg Esque Data Suite: Compiling Transaction info from merchants to measure demand ==

I am included on the list of many who are very interested in seeing bitcoin succeed and want to be a part of that success, but there is one serious uncertainity that is keeping me from getting in: are people actually using their coins for more than just buying drugs and slim jims, and is all of the buying concentrated in one website or product and one consumer demographic? Demand for the coins is necessary for their success. This can be determined by consumption rates and habits. I have perused the website listing, but still feel that information is lacking.

It would be nice to see an economic indicator that acquires data from merchants (and compensates them in bitcoin for their effort) on the dollar value (and perhaps sector) of the bitcoin transactions. We could then weigh a derivative of total dollar amount and number of transactions against the number of bitcoins mined to get a better understanding of the economic health of the currency.

== Require description of changes ==

It's impossible to read this pages's history, because most people seem to forget to:
- use the "description" line when committing a change
- use the "preview" button, and do several changes in a row just because they forgot the label on a link

The first point is the most important, because of changes like [https://en.bitcoin.it/w/index.php?title=Trade&diff=prev&oldid=11246 that one], that suppresses and adds random links without even explaining why. Such changes should be immediately reverted, by policy. On the technical side, one small improvement could be to require the "description" field to be non-empty. People could still write random characters, but that would still be a different action. --[[User:Davux|Davux]] 23:15, 22 June 2011 (GMT)

== Huge chunk of deletions reverted ==

Hi,

I've tracked down a huge set of deletions wich was probably done in error, [https://en.bitcoin.it/w/index.php?title=Trade&diff=next&oldid=11252 see link]. I've reverted each deletion individually because otherwise, new entries would ave been deleted.

It's probably necessary to watch out for that. --[[User:Joise|Joise]] 18:55, 29 June 2011 (GMT)