Something that must be giving those who hold large quantities of Bitcoin nightmares is the fear of losing them (although I wish I had enough to warrant such nightmares!). Unlike a standard bank account, if you lose your Bitcoins then they tend to be gone. Transferring them to the wrong address, losing your private key, or having your machine hacked and the coins transferred out by a thief to their own address are things that have all happened to some Bitcoin holders out there at some point. So what can you do?
1. For the least paranoid, and those with not much to lose, or without much technical knowledge - sign up to a third party wallet service such as blockinfo.com, or keep your coins in an exchange such as mtgox.com or intersango.com. If you pick a good login password, and the site remains reliable, you'll be fine. And if you forget your password the last two of these sites will send a new one to your registration address.
2. If you're slightly more paranoid, or don't want to give control to a third-party service, install the Open Source Bitcoin Client - see bitcoin.org for details. Then you're trusting the developers of the client that they're reliable and thorough. In the past they didn't encrypt the wallet.dat file with their program, so it just sat on your machine in plain sight, and as a result anyone with physical access to your computer or anyone who managed to get a trojan program onto it could steal them, and the latter did indeed happen. The developers expected people using their code to have enough technical knowledge to encrypt the key file themselves, which turned out not to be the case. Who knows what the next loophole that thieves will exploit might be?
3. Going up a notch - use a site like bitaddress.org or the vanitygen program (google it) to generate your public bitcoin address and associated private key, print it out, and store it somewhere safe. Move any coins you mine or buy to that address as a relatively secure holding place. Hope that there isn't a back door that posts your private key back to the original developers.
4. One step further - as for suggestion 3, but disconnect your computer from the internet after downloading the code. And hope that the developers of the site or program haven't done something like ensure that it generates a limited subset of private keys which can be tried out simply by a brute force attack - this leads to ...
5. As for 4, but then learn to program and review the code yourself to feel truly secure.
Of course, you could buy a laptop, never connect it to the internet, write your own key generating software, and use that to create your keys. And lock the computer in a safe when you're finished, after copying the public address out by hand and loading your coins onto it. But then you'll always have to worry that you made a mistake in your code, and the wrong public address was generated.
Oh what a problem it must be to hold thousands of Bitcoins!
No comments:
Post a Comment