Difference between revisions of "Talk:Securing your wallet"

From Bitcoin Wiki
Jump to: navigation, search
(how often do backups question added)
(Unsecure suggestion for passwords: new section)
Line 45: Line 45:
 
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
 
[[WalletPaperbackup]] Is a great way to get your wallet out of the digital world and onto paper
 
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)
 
--[[User:Jrwr|Jrwr]] 02:02, 24 June 2011 (GMT)
 +
 +
== Unsecure suggestion for passwords ==
 +
 +
Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must
 +
also be safe in the future when it comes to wallet storing.
 +
This is definitely not given with this system. It might be true, that
 +
with today's brute-force tools, the "d0g..........." pw is safer than
 +
hkjhHZ756s=&g%7 but in the very near future (maybe already exists)
 +
there will be new tools, that will find out, what kind of simplifiers
 +
are often used by humans and will combine brutforce with simplifiers
 +
and thus come to "d0g............" very quickly!

Revision as of 08:19, 27 June 2011

The five paragraphs in Technical Background all say the same thing. --Mcandre

Note: the backupwallet.sh script in the linux section doesn't actually work. I suspect it is caused by the wiki changing the formatting. I wrote my own version that uses much more standard shell syntax.

Wscott 11:28, 11 February 2011 (GMT)

I fixed the backupwallet.sh script. It just needed a nowiki tag around a conditional statement. -- Mweather 23:48, 20 May 2011 (GMT)

The approach for "Making a secure workspace" seems to differ greatly for linux and mac. Why? It seems like if you are going to make firefox secure, which is basically all the linux section recommends, you would want to do that on a mac too. And the recommendation in the mac section to keep the wallet in an encrypted volume with a symlink in the expected system location should be done on a linux box too, shouldn't it, like using truecrypt or something... Am I wrong??? Can someone with advanced knowledge please advise...? Also, if you want bitcoin to run all the time in the background on linux, but you have it set up in a separate user from your main user account, well, you are out of luck? Can justifications and explanations be added to the recommendations, and also I guess some alternatives with pros and cons be offered, for people with different needs and computing situations. Thanks! --GusGustavo 13:33, 26 May 2011 (GMT)

Time Sensitivity

Is it possible to still send money to my wallet, even if it's backed up and offline? Do bitcoins ever expire if they're not spent, or is there anything bad that can happen by not using my bitcoin client in a long time? Daniel.benoy 23:18, 8 June 2011 (GMT)

How often is it needed to backup the Wallet?

Is it necessary to make a backup after each transaction? This page is not clear about this. Please add this information to the page!

Creating a New Wallet

This section isn't helpful; it tells you when to create a new wallet, but not how. I'm a new user, and the wallet was created when I installed the BitCoin program. I will find out how to create a new wallet, and then edit this section so that it actually explains the task that it sets out to explain. :-) ErgoOne 15:19, 9 June 2011 (GMT)

Making a secure workspace

For me space needed in ~/Library/Application Support/Bitcoin (Mac) is more than 400MB (!) after having loaded all blocks from bitcoin app. So 100MB is much too small (may be sufficient for just wallet.dat, but then the steps to do had to be changed). Hartrock 18:48, 12 June 2011 (GMT)

I updated the wiki steps to just backup wallet.dat --ChocoboLee 19:18, 15 June 2011 (GMT)

Flaws with argument regarding encryption

Can someone please explain to me how encrypting your wallet will actually protect against a trojan stealing it. Because once you mount the encrypted file, and decrypt it not only can bitcoin see it but the trojan can as well. This strategy seems to work only in the following circumstances: 1. The wallet that has the majority of your cash you never decrypt when you have an open internet connection. 2. Assumes that a trojan only operates when an internet connection is present and it can transmit the wallet data file.

Even if you were paranoid and never were connected to the internet when the wallet file with the bulk of your funds was decrypted this still would not solve the problem. In the event that a trojan seeks to copy your wallet file to another location on your computer it could wait for an open internet connection to transmit this data. So even if you reencrypt the wallet file before connecting to the internet this type of trojan has already made a copy of the decrypted file and can transmit it as soon as an internet connection becomes available.

Also how in the world could you ever use this wallet to transfer cash to another user if you are offline? Maybe I don't understand how bitcoin works but don't you need to be online in order to transfer bitcoins? Basically the bottom line is that bitcoin cannot read an encrypted wallet file which means that in order to use the wallet you need to decrypt it which means its vulnerable to trojans who can steal it the moment you want to use it.

This seems to be a fundamental flaw in this discussion "securing your wallet" Why doesn't bitcoin just address this in the software allowing for the wallet to always be encrypted and require a password upon startup. If you want bitcoin to go mainstream I don't understand why you can't address this fundamental flaw that would be solved by an always encrypted wallet file that the software can read and write to.

Added a new entry to backup methods

WalletPaperbackup Is a great way to get your wallet out of the digital world and onto paper --Jrwr 02:02, 24 June 2011 (GMT)

Unsecure suggestion for passwords

Especially with Bitcoins the Password advice from Gibson Research is dangerous because passwords must also be safe in the future when it comes to wallet storing. This is definitely not given with this system. It might be true, that with today's brute-force tools, the "d0g..........." pw is safer than hkjhHZ756s=&g%7 but in the very near future (maybe already exists) there will be new tools, that will find out, what kind of simplifiers are often used by humans and will combine brutforce with simplifiers and thus come to "d0g............" very quickly!