Bitcoin 101 Security.

Discussion in 'Bitcoin Primer' started by VisuTrac, Jan 19, 2014.

  1. VisuTrac

    VisuTrac Ваша мать носит военные ботинки Site Supporter+++

    When it comes to Security of your BitCoin, you need to look at least 2 items.
    1. Protecting your BitCoins from loss.
    2. Protecting your BitCoins from theft.

    1. Protecting your BitCoins from loss, primarily means, keeping them (the wallet they are contained in) safe from accidental deletion, destruction, just plain forgetting where you put them.

    To protect them from loss, make sure you have secured wallets (see the BitCoin 101 wallet thread when written) in multiple locations, it could be on your hard drive, on the web, a usb flash drive and a paper wallet. What you are trying to prevent is a single point of failure that prevents you from being able to access your wallet.

    If your hard drive dies, you'll be glad you had it stored on a USB stick, paper wallet, etc.
    If your house burns down and takes everything with it. You'll be glad you had it on the web.

    If the earth gets hit by a dinosaur killing meteor, It won't matter.

    A BitCoin wallet is just like a regular wallet in so much as, if you lose it. It's pretty much gone, the money is no longer yours. Someone else might get it, or it may just sit in the wallet next to the log, remaining lost for time in memorial.

    Another way you could lose access to your Bitcoin Wallet is forgetting the password that you used to encrypt it. You did encrypt it didn't you? Oh you didn't? Uh-oh. You'll want to make your super secret password something that you can remember, like a phrase from you favorite bible verse, novel, inspirational quote, etc. And leave yourself a clue of some sort. I know my memory is going so I've left myself a hint in plain site. People can see the hint and it means nothing to them other than it's a great motivational phrase only I know that it's part of a key to remind me of something. With a caveat, don't use the phrase as is.

    Instead of using the phrase "Three things cannot be long hidden the sun the moon and the truth" use "3TcBlHtStM&Tt" making replacements where you can for numbers and special characters.

    Based on current hacking techniques, your password should NOT, I repeat not contain dictionary words or be all numeric. Those can be broken by some of the first brute force methods commonly used. If your password is less than say 8-9 characters, it's going to get broken by a determined hacker. If they have your wallet and you don't, they have all the time in the world. My suggestion based on current hacking tools and methodologies? Minimum of 13 characters, no word found in a dictionary, mix upper and lower case, include numbers and include special characters.

    2. Protecting your BitCoins from theft.
    Do you have a post it note on the side of your computer with your username/password for the sites you visit?
    have you used a sharpie and put your pin on your debit/credit card?
    Do you leave your wallet/purse on the table when you head off to the restroom?
    Do you flash big wads of cash at the ticket box at the ball game?

    BitCoins are real money. Say what you will, they have value to me, and to those I transact with. When they were worth maybe 20 cents each, meh, it was geek geld. Now, one BitCoin worth north of 800 USD each? Yeah, this is real money. And there are thieves that want your coin.
    Anytime there are large pools of money, with little security, can you say Bonanza!
    What is law about stealing someones bitcoin wallet that you 'Found' on the internet? There isn't one. There are laws against breaking into someones computer system but one needs to be caught. Exchanges, wallet providers, mining pools have tens of millions of dollars worth of BTC, just sitting there, taunting the hackers. It's like free money, Great reward, and risk is minimal.

    One word, ENCRYPTION.
    Multiple words, Encryption with strong passwords.
    Only leave on the internet / your computer what you can afford to lose.

    Trust me, your computer will die and the website that holds your wallet will be hacked eventually. What you want to do is prevent someone that obtains your wallet from being able to use it (spend/send you BitCoins) and you will do that through encryption.

    Hackers have and will continue to break into exchanges and pools, and make off with millions of dollars worth of BTC. If you leave BTC there, your call, your risk. And yes, I've lost some BTC at mining pools and exchanges in the past. Yep, it's painful as there is no recourse.

    This is the wild west. Heck, there are even some providers out there that set up services that you may think are legit for storing your wallet on line, and guess what? They disappear and take your coin with them.
    Only put at risk what you can afford to lose. There is one of you, and thousands of hackers trying to get your coin. Do you think you can win on the internet?

    @melbo has a great post regarding 2 Factor Authentication, this would be a great way to secure your usernames and passwords to BitCoin exchanges. You should check that out.

    Ok, so we talked about leaving what you can afford to lose on the internet in services hot wallets. Let's talk about storing your backup wallet, and your backup backup wallet.

    You need to encrypt it. I am only going to suggest you use TruCrypt if you've not heard of encryption software. There are others out there, it's your call on which to use. See the section above mentioning encryption.

    Any wallet or backup you have either on your computer, website, memory stick, etc. should be encrypted. That way, if it's stolen the individual that isn't you, will be unable to access it and use your coins. Your backup (that you have) to that stolen wallet is still viable. You can send your coins from that backup to a new wallet. And if the encryption on the old wallet is ever broken (you didn't use Pa55Word did you?), when the hacker mounts that stolen wallet, it will already have been emptied by you. ;)
    Motomom34, melbo and stg58 like this.
  2. VisuTrac

    VisuTrac Ваша мать носит военные ботинки Site Supporter+++

    I'll discuss encrypting in detail in the BitCoin 101 The wallet thread.
  3. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Am working on re-establishing my encryption regimes now.
  1. BTPost
  2. sec_monkey
  3. Asia-Off-Grid
  4. oil pan 4
  5. sec_monkey
  6. sec_monkey
survivalmonkey SSL seal warrant canary