• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Cryptocurrency security

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
J

JeremyCT

Member
Joined
Feb 26, 2009
Location
CT
I'm a little confused on this. I tried reading the stickies, but I couldn't find a direct answer to some questions. I would appreciate correction/clarification/confirmation on any of these points.

1. Bitcoins have an address, that's it. They don't have a name or anything else associated with the account. So a "wallet" is merely a way of polling the system and seeing how many Bitcoins are associated with that address, correct? Places talk about "cold storage" or "offline storage" for your wallet, but this makes little sense to me. If I use MultiBit for wallet management, my bitcoins aren't in my multicoin account/program. That program simply polls the system and sees how much currency is associated with a particular Bitcoin address. Correct?

2. When a company accepts BTC as payment, how do they know who the currency is associated with? You tell the merchant "I'm sending you X BTC from Y address" in some way?

3. Security. Again, MultiBit as an example because it happens to be what I use at the moment ... If I set a password for a wallet, since that wallet exists in "bitcoin space", that bitcoin address is then locked? So if someone else obtains the address of my wallet, they could send something to it, but not take anything out of it, correct? If they knew the address of the wallet though, could they poll and see how was in there, or would that require the password?

Essentially, I'm considering accepting Bitcoin donations towards a website that I run. I want to make sure I firmly grasp the concepts here as I consider it.

Thanks for any help, clarification, or resources you might be able to point me to that would help me understand all this.
 
JeremyCT said:
I'm a little confused on this. I tried reading the stickies, but I couldn't find a direct answer to some questions. I would appreciate correction/clarification/confirmation on any of these points.

1. Bitcoins have an address, that's it. They don't have a name or anything else associated with the account. So a "wallet" is merely a way of polling the system and seeing how many Bitcoins are associated with that address, correct? Places talk about "cold storage" or "offline storage" for your wallet, but this makes little sense to me. If I use MultiBit for wallet management, my bitcoins aren't in my multicoin account/program. That program simply polls the system and sees how much currency is associated with a particular Bitcoin address. Correct?

2. When a company accepts BTC as payment, how do they know who the currency is associated with? You tell the merchant "I'm sending you X BTC from Y address" in some way?

3. Security. Again, MultiBit as an example because it happens to be what I use at the moment ... If I set a password for a wallet, since that wallet exists in "bitcoin space", that bitcoin address is then locked? So if someone else obtains the address of my wallet, they could send something to it, but not take anything out of it, correct? If they knew the address of the wallet though, could they poll and see how was in there, or would that require the password?

Essentially, I'm considering accepting Bitcoin donations towards a website that I run. I want to make sure I firmly grasp the concepts here as I consider it.

Thanks for any help, clarification, or resources you might be able to point me to that would help me understand all this.
Click to expand...

#2: They usually make a new address for you, then when you send bitcoins to the new address, they know you sent them.

#3: No body can use your Bitcoin address unless the know your private key.
The password ensures that if anyone hacks your computer, they can't send bitcoins from your wallet (since they now control your computer)

But yes, if you take my Bitcoin address and put it into blockchain.info, you can see how much Bitcoins I have associated with that address.
 
JeremyCT said:
I'm a little confused on this. I tried reading the stickies, but I couldn't find a direct answer to some questions. I would appreciate correction/clarification/confirmation on any of these points.

1. Bitcoins have an address, that's it. They don't have a name or anything else associated with the account. So a "wallet" is merely a way of polling the system and seeing how many Bitcoins are associated with that address, correct? Places talk about "cold storage" or "offline storage" for your wallet, but this makes little sense to me. If I use MultiBit for wallet management, my bitcoins aren't in my multicoin account/program. That program simply polls the system and sees how much currency is associated with a particular Bitcoin address. Correct?
Click to expand...

What they are talking about with cold storage, or offline storage is that the private keys to the wallet software aren't kept online with the wallet. So transactions can't be done automatically, and a hacker can't break in and send coins to another address. Hot storage can be set up to automatically do transactions without human intervention.

Does that make sense?
 
JeremyCT said:
I'm a little confused on this. I tried reading the stickies, but I couldn't find a direct answer to some questions. I would appreciate correction/clarification/confirmation on any of these points.

1. Bitcoins have an address, that's it. They don't have a name or anything else associated with the account. So a "wallet" is merely a way of polling the system and seeing how many Bitcoins are associated with that address, correct? Places talk about "cold storage" or "offline storage" for your wallet, but this makes little sense to me. If I use MultiBit for wallet management, my bitcoins aren't in my multicoin account/program. That program simply polls the system and sees how much currency is associated with a particular Bitcoin address. Correct?
Click to expand...
That is part of what a wallet does, yes. It looks what addresses it has and it looks at the blockchain to figure out how many bitcoins it has been sent. But a bitcoin address is more than just a set of numbers. It is a hash of of the public key for that address. Thats all you need to know how much you have. To spend it is an entirely different question. In order to spend it you have to sign the transaction with the private key associated with that address. That private key controls your wallet. Lose that and you lose your money. If somebody else knows it they can steal your money. So you do everything in your power in order to protect it. Offline storage is the idea of keeping only one copy of that address and that copy on something not connected to the internet. If it ain't connected it can't be hacked. Cold storage is the same idea different name. Wallets are encrypted for the same reason.


JeremyCT said:
2. When a company accepts BTC as payment, how do they know who the currency is associated with? You tell the merchant "I'm sending you X BTC from Y address" in some way?
Click to expand...

There are several ways I can think of to do that. None of which requires special information from the buyer. 1) Create a bitcoin address for every transaction and when the specified amount is in that address consider payment completed. 2) same as above but instead of unique addresses you use a pool of addresses and simply reuse addresses after each payment is processed.

JeremyCT said:
3. Security. Again, MultiBit as an example because it happens to be what I use at the moment ... If I set a password for a wallet, since that wallet exists in "bitcoin space", that bitcoin address is then locked? So if someone else obtains the address of my wallet, they could send something to it, but not take anything out of it, correct? If they knew the address of the wallet though, could they poll and see how was in there, or would that require the password?

Essentially, I'm considering accepting Bitcoin donations towards a website that I run. I want to make sure I firmly grasp the concepts here as I consider it.

Thanks for any help, clarification, or resources you might be able to point me to that would help me understand all this.
Click to expand...
I think I've covered most of this in my answer to question one. To recap: if you know the address you know all transactions and the current balance. To spend money you need access to the private key for a given address and this is what is protected.

Other info:
blockchain.info is a search engine for the bitcoin blockchain that lets you look at address transaction etc.
 
Alright, so in MultiBit, when I "password protect" a wallet, what I am in fact actually doing is password protecting access to the private key associated with that wallet?

In order to do offline storage I would use the "Export Private Keys" function in MultiBit and then I'd need to re-import those keys, plus know the password, in order to spend coins in that wallet?
 
Part one is correct. Part 2 I do not believe so, I've exported my keys onto a flash drive and I can still send (although it prompts me for my wallet encryption password before it will send).
 
As far as I know, there is only one real way to have legitimate "Cold, offline" storage. That requires making what's known as a watch-only wallet. It consists of two computers: One connected to the internet, and the other (hopefully) never connected to the internet.

The first computer you use is the one with internet access. You initiate a transfer. This creates what is called an "unsigned transaction." These transactions aren't published to the blockchain yet (and thus aren't sent).

The next step is to take the unsigned transaction (via flashdrive, or raw number copying), to the computer disconnected from the internet. This computer knows all the private keys to your bitcoin addresses (and the first computer does not). You use this computer to "sign" the transaction (which really says that you have that many BTC, and that you authorize the transaction).

The signed transaction is then put on the flash drive and brought back to the original computer and uploaded to the network as a legitimate, signed transaction.

This is the only real way that I know of to keep your private keys completely separate from your public keys, and to keep the coins in a completely un-send-able form. Also, as far as I know, Bitcoin Armory is the only wallet program which lets you create watch-only wallets. I use Armory myself, and I absolutely love it. I have paper backups of my wallet already made and safely stored away.


Edit: That's not to say that using a hot wallet with good encryption isn't safe. I keep my coins on a hot wallet with pretty strong encrpytion. I have the paper backups made just in case I get a virus and need to just wipe everything.
 
Question for you Chance (or anyone else) do you have to backup your wallet.DAT file and make a new paper wallet every time your btc value changes? Or is making a backup of the wallet.DAT and the private keys a one time thing?
 
Janus67 said:
Question for you Chance (or anyone else) do you have to backup your wallet.DAT file and make a new paper wallet every time your btc value changes? Or is making a backup of the wallet.DAT and the private keys a one time thing?
Click to expand...

AFAIK a one time thing, becasue when the wallet syncs, (after you import the your addresses) your true balance will show up.
 
though youve got quite a few very good answers by now, i will throw my 2 cents in simple words :)

1. bitcoin address is like an account to a cloud peer to peer global network. you never have bitcoin on your home pc really, but you have the access key to your account via your wallet
- cold storage most often refers to hard copies of the access key and deleting any software of the access key/wallet

2. transaction id, every sent bitcoin creates a transaction id on the cloud and that is proof of money sent/received etc, its lovely, this way if a gov operated in btc, it would be the most transaprent govt ever

3. sorta related to the first, you password protect your access key, the access key is not the btc addy, the btc addy can only be used to send a payment/check history, not to actually access that account
 
Janus67 said:
Question for you Chance (or anyone else) do you have to backup your wallet.DAT file and make a new paper wallet every time your btc value changes? Or is making a backup of the wallet.DAT and the private keys a one time thing?
Click to expand...

You do not have to. And I actually don't even have a backup of my wallet.dat file (partially because Armory uses a different file type, but) primarily because owning the privates keys to your public addresses is the ONLY thing you need to be the owner of your BTC.

With my paper backups, I could log onto any computer with an internet connection, DL and install Armory (and once the blockchain sync'ed), I could reclaim my coins. Essentially, the paper backup is the wallet.dat file, but more permanent and it can't be accidentally deleted.
 
ChanceCoats123 said:
You do not have to. And I actually don't even have a backup of my wallet.dat file (partially because Armory uses a different file type, but) primarily because owning the privates keys to your public addresses is the ONLY thing you need to be the owner of your BTC.

With my paper backups, I could log onto any computer with an internet connection, DL and install Armory (and once the blockchain sync'ed), I could reclaim my coins. Essentially, the paper backup is the wallet.dat file, but more permanent and it can't be accidentally deleted.
Click to expand...

That's a genius idea. :)
 
You must log in or register to reply here.

Similar threads

Niku-Sama
Binance.US Halts Trading in Dollars
Replies
1
Views
363
stompah
stompah
magellan
IBM AT 80286: stacked memory chips?
Replies
0
Views
201
magellan
magellan
V
Malewarebytes- Still worth it- or another vendor?
Replies
6
Views
658
Viper69
V
O
Uses of FPGA vs GPU?
Replies
1
Views
801
grapland
G
NiHaoMike
NVMe SSD vs SATA SSDs in RAID
Replies
4
Views
297
NiHaoMike
NiHaoMike
Back