Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Technical Support
Re: Can someone confirm my security is OK?
by
acoindr
on 06/06/2013, 17:48:13 UTC
Quote from: GiganticDays on June 06, 2013, 02:31:24 PM
I have recently installed Armory on my everyday PC, plus on another machine not connected to the outside world. I've created my wallet on the offline machine and a watching-only copy which I have imported into Armory on the onliner machine.
I have a paper backup of the wallet printed (immediately after installation) which I will keep safe in multiple locations.
I've transferred a quantity of BTC into the watching-only wallet.
Anything else I need to do?

That security is pretty good and you have a very low chance of losing coins that way. However, there are a couple weak points to be aware of. The first is your printed private keys. Remember, private keys unlock the bitcoins so if someone learns your private keys they can steal your coins regardless of your computer setup. Keep those maybe in a safe/safety deposit box, and guard against cameras/binoculars through windows etc.

Next, the one flaw I see in the Armory setup is shuttling data back and forth by USB which subjects even an offline computer to autorun viruses. Be sure to disable autorun.

Also, remember you must guard against someone using your offline computer. To guard against that be sure to encrypt the wallet with a strong password and protect the password. Then even if your offline computer is stolen your coins are safe.

Last, you may want to check this thread started by someone thinking of starting a Bitcoin Bank. In particular I agree this quote is the most secure and efficient method for storing coins:

Quote from: Jace on May 20, 2013, 11:08:39 PM
1. Dedicated offline Ubuntu Live on USB drive.
2. Create a bunch of private keys offline and put them in a truecrypt container.
3. Backup the truecrypt container on multiple locations (both local and online).

This pretty much reduces the risk of theft or losing the money to ZERO percent.

For extra paranoia, e.g. in case of kidnapping your family and demanding the private keys as ransom:

4. Use a time-lock, i.e. a remotely controlled server that sends the passphrase for the truecrypt container only X days after you request it. Obviously this implies the inconvenience of not *instantly* being able to access your money, but that's the whole idea.

I don't think it gets any more secure than this.