I thought of securing my wallet for a while and came up with the following


- Think of a strong password you can memorize. We call it PassA
- Generate a long random password. I call it PassB
- Create a small truecrypt container that holds the wallet(s) i want to backup/store. The password used on this volume would be made up of both PassA+PassB or PassB+PassA or just pick a place where to insert PassA into the string of PassB (do remember that position though!)

Now split up PassB using Shamir's sharing scheme. Hold a few shares yourself so you don't need many to recover PassB
Give some shares to your friends, family, colleagues, etc.

I thought of using gpg for the wallet but the issue of having the wallet file on disk temporary bugged me, recovery is easy.
I can just point a portable bitcoin version to the truecrypt volume to access the wallet file.
That's the reason i picked TC over GPG. I do agree that GPG is in general the better one though.

Anyone sees a better way to do this using GPG?

A few points.

I'm not convinced (nor are many people who know far more about these things) that recovery is easy, at least after overwriting the file using shred or a normal system utility like srm or rm -P. Also, you can have the exact same shared password scheme with any encryption tools, not just TrueCrypt. A GPG private key (which is required for full functionality) typically also requires a passphrase to unlock.

Seems to me like you are trying to avoid having a clear-text wallet.dat on the computer. Without getting too off-topic, we are talking about different goals. The use of GPG here is to encrypt data which is "at rest" -- like for backup or archival. Disk encryption (which grants access to a filesystem but makes data hard to get once the image is unmounted) tries to defend against a different threat -- someone stealing the computer. As mentioned above, these disk encryption schemes can also be defeated in various ways.

Many operating systems include mechanisms for disk encryption. This was TrueCrypt's claim to fame before bitlocker/filevault. Now, TrueCrypt's raison d'etre is the so-called "deniable" filesystem.

"Containers" are essentially disk images that you mount from within TrueCrypt. GPG-encrypted files are just... files. My point in creating this thread was to suggest that GnuPG would be a more suitable and trustworthy tool for the sorts of things use that most bitcoin users would be doing.

Heres the best way


1) create a truecrypt container
2) encrypt your wallet with gpg
3) move encrypted wallet in truecrypt container and unmount
4) now use 7z to add that truecrypt container to an encrypted archive and email to your self

He doesn't seem to provide a reason to not trust it. I would take the direct statement of fact over his gut feeling.


Truecrypt will do *both*, if you set your .bitcoin directory to inside the container. To backup you simply copy the container. The wallet never touches the drive unencrypted, and there's no need to trust your operating system to do it right (EFS in Windows is breakable).

You can even have a fake wallet with the real wallet in a hidden volume. If the directory structure is the same, no traces will be left on-disk if you use the hidden one or not.

I have a mobile Core 2 Duo with 2 GHz. It tests about 2000 passwords per second.

Fair enough. But cryptology is more of a black art than anything else, and I trust Schneier's gut feeling more than most.


I like your paraphrasing.

Sure, TrueCrypt can do that. However, there are other reasons why I think it is inferior to PGP -- portability, standardization, existence of a commercial implementation, license, and the fact that it has been looked at long and hard since the cypherpunks of the 90s. GnuPG also doesn't require kernel module and it already installed in most (all?) current Linux distributions. Plus, we should be using it anyways.


To be fair, these same issues exist with other disk-encryption schemes, like filevault. If someone has a keylogger on your computer, you're sunk no matter what.


Yes, I meant the local shred command. It depends of which UNIX or Linux you are using. Check your man pages to see which options apply.

One?

Gene, I think the problem with GPG can be found right about here:


Say what now?

Of course, I anticipate that your response will be a sarcastic version of how stupid I am not to understand your code world, and I don't--so I must be stupid. But bitcoin's adoption is very, very threatened by this wallet problem and the advice they will encounter for it.  I know you are addressing a software audience with your gpg advice, but there are a lot of newbies coming in here seriously wanting to understand how to protect their investment, and the advice they encounter here is dreadful so far.

My wallet management is meant to prevent that:
http://forum.bitcoin.org/index.php?topic=15068.0

Why my strategy is good?
1. As long as the special bitcoin user is not logged in, there are now key nor passwords in memory.
2. The bitcoin user only has to be logged in to make a transfer from the protected wallet. This is only a short time window.
3. As soon as the special bitcoin user is logged out, his protected data will be unmounted and everything is protected again.

The only way to get the keys out of that are the following:
1. You steal my computer physically while the special user is logged in.
2. You or the malware got root access while the special user is logged in.
3. You crack the special users password (12 characters of all types) or encryption keys (AES256).