Difference between revisions of "Securing your wallet"

From Bitcoin Wiki
Jump to: navigation, search
(Storage of Archive: Reword inclusion of SpiderOak.)
(Add risks for eWallet / external accounts.)
Line 135: Line 135:
  
 
For Windows, the built-in command ''cipher /w'' will shred all previously-deleted files. [http://www.cylog.org/utilities/cybershredder.jsp CyberShredder] can securely deleted individual files.
 
For Windows, the built-in command ''cipher /w'' will shred all previously-deleted files. [http://www.cylog.org/utilities/cybershredder.jsp CyberShredder] can securely deleted individual files.
 +
 +
==eWallet==
 +
 +
When bitcoins are stored online with [[http://www.bitcoin.org/trade#Currency_exchange Currency Exchanges]] and ecommerce transaction processors such as [[https://www.mybitcoin.com MyBitcoin.com]] the ewallet provider retains full control of those amounts.
 +
===Risks===
 +
* There is no guarantee that the amount of bitcoins showing for the account holder's balance are truly being held in reserve by the ewallet provider.
 +
* The ewallet provider's security may be vulnerable to theft as well.

Revision as of 18:05, 8 January 2011

Introduction

Wallet security can be broken down into two independent goals:

  1. Protecting your wallet against loss.
  2. Protecting your wallet against theft.

In the case that your current wallet hasn't been protected adequately (e.g. put online with a weaker password):

  1. Making a new secure wallet, using appropriate long-term protection.

Technical Background

Bitcoin transactions send bitcoins to a specific public key. A Bitcoin address is an encoded hash of a public key. In order to use received bitcoins, you need to have the private key matching the public key you received with. This is sort of like a super long password associated with an account (public key). Your Bitcoin wallet contains all of the private keys necessary for spending your received transactions. If you delete your wallet without a backup, then you no longer have the authorization information necessary to claim your coins, and the coins associated with those keys are lost forever.

Creating a new address generates a new pair of public and private keys, which are added to your wallet. Each keypair is mostly random numbers, so they cannot be known prior to generation. If you backup your wallet and then create a new address, the keypair associated with the new address will not be in the old wallet because the new keypair is only known after creating it. Any coins received at this address will be lost if you restore from the backup.

The situation is made somewhat more confusing because the receiving addresses shown in the UI are not the only keys in your wallet. Each Bitcoin generation is given a new public key, and, more importantly, each sent transaction also sends a random number of bitcoins back to yourself at a new key. When sending bitcoins to anyone, you generate a new keypair for yourself and simultaneously send bitcoins to your new public key and the actual recipient's public key. This is an anonymity feature – it makes tracking Bitcoin transactions much more difficult.

So if you create a backup, send some bitcoins, and then restore from the backup, some bitcoins will be lost. Bitcoin has not deleted any keys (keys are never deleted) – it has created a new key that is not in your old backup and then sent bitcoins to it.

To mitigate this problem, the wallet contains a pool of 100 queued keys. When you need an address for whatever reason (send, “new address”, generation, etc.), the key is not actually generated freshly, but taken from this pool. A brand new address is generated to fill the pool back to 100. So when a backup is first created, it has all of your old keys plus 100 unused keys. After sending a transaction, it has 99 unused keys. After a total of 100 new-key actions, you will start using keys that are not in your backup. Since the backup does not have the private keys necessary for authorizing spends of these coins, restoring from the old backup will cause you to lose bitcoins.

Making a new wallet

In the case that a wallet has been distributed, or stored, in a potential compromisable state, it is wise to create a new wallet and transfer the full balance of bitcoins to an address contained only in the newly created wallet.

For example, this will be necessary if one created a wallet with the suggested 12 charters password... However a few years have passed and the wallet is now more easily compromisable. Just re-encrypting isn't secure. One needs to make a new wallet and make the old wallet worthless (spending the funds to the new wallet).

Locating BitCoin's data directory

Windows

Go to Start -> Run (or press WinKey+R) and run this:

explorer %APPDATA%\BitCoin

BitCoin's data folder will open. For most users, this is the following locations:

C:\Documents and Settings\YourUserName\Application data\BitCoin (XP)

C:\Users\YourUserName\Appdata\Roaming\BitCoin (Vista and 7)

"AppData" and "Application data" are hidden by default.

Linux

By default BitCoin will put its data here:

~/.bitcoin/

You need to do a "ls -a" to see directories that start with a dot.

If that's not it, you can do a search like this:

find / -name wallet.dat -print 2>/dev/null

Mac

By default BitCoin will put its data here:

~/Library/Application Support/Bitcoin/

Backup

The only file you need to back up is "wallet.dat". Ensure that BitCoin is closed, copy this file somewhere else, encrypt it, and put it somewhere safe. Ideally, you would put this file in two places: one nearby, and one 100+ miles away.

You can use the backupwallet JSON-RPC command to back up without shutting down Bitcoin.

General Solutions

Your wallet.dat file is not encrypted by BitCoin. Anyone who can access it can easily steal all of your coins. Use one of these encryption programs if there is any chance someone might stumble upon your wallet.

  • 7-zip - Supports strongly-encrypted archives.
  • AxCrypt
  • TrueCrypt - Volume-based on-the-fly encryption (for advanced users)
  • WinRar - Commonly used archive software that supports verification records and encryption.

Password Strength

Brute-force password cracking has come a long distance, a previously thought secure password of random [a-Z] [0-9] [!-~] of 8 characters long can be trivially solved now (using appropriate hardware)... The recommended length is at least 12 characters long.

If you use keyfiles in addition to a password, it is unlikely that your encrypted file can ever be cracked using brute force methods, even 10 years from now when even a 12 character password might be too short.

Assume that any encrypted files you store online (eg. gmail, Dropbox) will be stored somewhere forever and can never be erased.

Storage of Archive

One of the most simple places to store a appropriately encrypted archive of your wallet.dat file is to email yourself the archive. Services like gmail.com use very comprehensive distributed networks that make the loss of data very unlikely. One can even encrypt the name of the files withing the archive, and name the archive something less inviting, such as: 'personal notes' or 'car insurance'.

Another solution is to use a file storage service like Dropbox and others, including the more secure SpiderOak.

Linux solution

Linux users can setup cron by running 'crontab -e' and adding this line:

 01 */1 * * * /usr/local/bin/backupwallet.sh

This cron line runs backupwallet.sh at the 01 minute of every hour. Remember to add a newline after the last line of the crontab file, or else the last line won't run.

backupwallet.sh:

 #!/bin/bash
 
 TS=$(date "+%Y%m%d-%H-%M")
 
 WALLET=/tmp/wallet${TS}
 WALLET_E=/tmp/wallet${TS}.crypt
 
 bitcoind backupwallet $WALLET
 gpg -r myusername --output $WALLET_E --encrypt $WALLET
 scp $WALLET_E user@myserver.org:~/wallets/
 rm $WALLET $WALLET_E

The shell script:

  • Calls bitcoind backupwallet to create a time/date-stamped wallet.
  • GPG encrypts the wallet with your public key.
  • Copies the result to a backup location.

Restore

Assuming your backup is recent enough that you haven't used up all of your keypool... restoring a wallet no a new (or old) location and rescanning the block chain should leave you with all your coins. Just follow these steps:

  • Quit bitcoin(d).
  • Copy your backed up wallet.dat into your bitcoin profile directory.
  • If copying into existing profile, delete file blkindex.dat, to make the client rescan the block chain.

And you'll be good as new.

Erasing Plain Text Wallets

A good practice is to keep at least two wallets, one as a "current account" for everyday transactions and one as a "savings account" where you store the majority of your Bitcoins.

The "savings account" wallet should be backed up in encrypted form only and all plaintext copies of this wallet should be erased. In case someone gains unauthorised access to your computer (either by physically stealing it or by exploiting a system vulnerability via the internet), they will only be able to spend the coins in your "current account" wallet.

In most operating systems, including Windows, Linux, and Mac OS X, simply deleting a wallet.dat file will not generally destroy it. It is likely that advanced tools can still be used to recover the wallet.dat file, even after it has been deleted.

The Linux shred command can be used to overwrite the wallet file with random data prior to deleting; this particular copy of the file will then be practically impossible to recover. Using shred (and similar tools on Windows) however does not guarantee that still other copies don't exist somewhere hidden on your HD. That will depend on your system configuration and what packages you have installed. Some system restore and backup tools, for instance, create periodic snapshots of your filesystem, duplicating your wallet.dat.

For Windows, the built-in command cipher /w will shred all previously-deleted files. CyberShredder can securely deleted individual files.

eWallet

When bitcoins are stored online with [Currency Exchanges] and ecommerce transaction processors such as [MyBitcoin.com] the ewallet provider retains full control of those amounts.

Risks

  • There is no guarantee that the amount of bitcoins showing for the account holder's balance are truly being held in reserve by the ewallet provider.
  • The ewallet provider's security may be vulnerable to theft as well.