Author Topic: A Guide to Wallet Security using TrueCrypt and KeePass  (Read 3874 times)

0 Members and 1 Guest are viewing this topic.

Offline Chartist

  • Jr. Member
  • **
  • Posts: 28
    • View Profile
Some things that I should have added to the guide (probably obvious to most people though):

1. Don't forget your password to KeyPass. LOL
2. Don't forget to cut/paste your wallet.dat file from the appdata folder to your corresponding folder on your TrueCrypt drive after you're done using your wallet. Then un-mount the drive.

Also:

I tested the password strength of a password that I created using the method in my guide on Steve Gibson’s GRC website (https://www.grc.com/haystack.htm), and according to that, it will take 12.06 million trillion trillion trillion trillion trillion trillion trillion trillion centuries to crack it, assuming a brute force attack that has one hundred trillion guesses per second. LOL
@BTC_Analyst
PTS - PfBmz147Mt6aU3tZ38PyFLMT8P1oxy8NVz
MMC - MRxPyEDRbQFcEpeTdv2B6oXUKWTxeFqWsq

Offline Chartist

  • Jr. Member
  • **
  • Posts: 28
    • View Profile
Here is the download link for the pdf:

http://www.mediafire.com/view/7omvafw2zluva8r/Wallet_Security.pdf



Feedback is welcome. If anyone has anything to add then by all means, share it.  :)
@BTC_Analyst
PTS - PfBmz147Mt6aU3tZ38PyFLMT8P1oxy8NVz
MMC - MRxPyEDRbQFcEpeTdv2B6oXUKWTxeFqWsq

Offline Chartist

  • Jr. Member
  • **
  • Posts: 28
    • View Profile
Hidden Volumes

You can create a hidden volume within your TrueCrypt volume. I suggest reading about it in the TrueCrypt documentation first. There are some key points to remember. Firstly, if you have a hidden volume, saving new information to the host volume may damage your hidden volume. There is an option to mitigate this when mounting your standard volume (refer to documentation). Secondly, since the volume is hidden, you will not be able to find a file to mount. To mount your hidden volume, simply go through the motions to mount your standard (host) volume, and then enter the password for your hidden volume. It's that easy.

Tin Foil and lulz

Whether you're a high net worth individual (which comes with a higher risk for being targeted by thieves) or just paranoid (nothing wrong with that when safeguarding your assets), you can create decoy TrueCrypt volumes and keep them in places where thieves would be likely to look. You can keep empty wallets in them in hopes that whoever is targeting you sees that they're empty (assuming they can even crack your encryption), gets discouraged and disappointed that you apparently have no coins, and gives up, or you can just keep really stupid things in them (like a shopping list, a scanned Bob Evans receipt, funny cat picture) just to fuck with them. You can keep these decoys in any number of places. Just use your imagination and have some fun with it. LOL


Other Security Precautions

1. Use a VPN. I recommend using Private Internet Access. You can buy an entire year's subscription for about $30 or $40, and the monthly plan is only $6.95/month. They also accept bitcoin if you want your account to be even more private. Their technical support is very responsive, and they have an active forum with many valuable how-to posts. You can even use their desktop client AND set up open vpn using your log on credentials so that you have two layers of encryption enveloping your internet traffic. Long story short, you get a lot of bang for your buck with these guys.

https://www.privateinternetaccess.com/

2. Install CryptoPrevent. CryptoPrevent is tool developed to keep your computer safe from Crypto Locker and other forms of ransomware (even the latest incarnations of Crypto Locker), and any malware really, that uses the same method of embedding itself into your system. CryptoPrevent is free, but there is a paid version that auto-updates for under $20 (one time fee for lifetime use).

http://www.foolishit.com/vb6-projects/cryptoprevent/

3. Use secure file shredding instead of just emptying your recycle bin. AVG Free has a file shredding feature, as does the paid version of Spybot S&D. Alternatively, there is a free and open source program called Eraser that you can use.

http://eraser.heidi.ie/

4. Use privacy enhancing add-ons for Firefox. There are a lot of them. Some that I recommend are Adblock, Adblock plus, Adblock Plus Pop-up Addon, Disconnect, Ghostery, Google Disconnect, HTTPS Finder, and HTTPS Everywhere. NoScript is good too, but it does cause issues with websites not loading the way they're meant to (not always a bad thing). Do some research on Firefox add-ons and install the ones that will work for you.

5. Install Windows Firewall Control. This is a lightweight program that simply allows you to manually tighten up your firewall rules. I heard about it on the Security Now podcast with Steve Gibson and Leo Laporte recently, and installed it.

http://www.binisoft.org/

6. Lastly, be sure you do regular maintenance on your computer. Keep your antivirus software updated and run scans regularly. Use CCleaner regularly. Run Defraggler every so often. If you can afford to buy it, I recommend purchasing SpinRite, a product created by Steve Gibson. It will keep your hard drives working many many years longer than expected. Hard drives are generally thought of to only be good for a few years, but if you use SpinRite you will add years to their life. Think of it like changing your car's oil or flushing the coolant periodically. If you don't do those things, then OF COURSE your car will go to shit quickly. Hard drives (and most things, however cheaply made they might be) are no different. It's just common sense: If you take care of something it will last much, much longer. It will save you money, and, it's good for the environment because it is exponentially less wasteful.

https://www.grc.com/sr/spinrite.htm



That is all! If you find this guide helpful and enlightening, feel free to send me some appreciation at one of my tipping addresses. Thank you, and good luck out there.

BTC - 1Ne9Kh5kXzgh3qAmkDLAmojUjHtP7oUi8s
PTS - PfBmz147Mt6aU3tZ38PyFLMT8P1oxy8NVz
VTC - ViGuKuHqqfjECGHbXK6FNn98Pn39FX5hJo
PPC - PQ1extAAcLNLrf1awp4ZZpQvz9Qvr9YxmP
XPM - ALGhtnRdRmVQRXJX1KmWXgvvR8nHXr7Ls6
@BTC_Analyst
PTS - PfBmz147Mt6aU3tZ38PyFLMT8P1oxy8NVz
MMC - MRxPyEDRbQFcEpeTdv2B6oXUKWTxeFqWsq

Offline Chartist

  • Jr. Member
  • **
  • Posts: 28
    • View Profile
Next you will select the size for the volume. I think 2 GB is sufficient for a collection of wallets. Also, you might want to create a second volume within this volume (for two layers of encryption) so that you have a 1 or 1.5 GB sized container for your wallets. You can also make the inner volume hidden, but we'll get to that later on (this is what I do, and it's simple).





Next you will enter the password for your TrueCrypt volume. Go to KeePass and copy the password you created earlier to your clipboard, and paste it. (KeePass only keeps your passwords in the clipboard for about 12 seconds or so for security reasons, so 1- rest assured, and 2- don't dilly dally!)



Paste and click Next!



Now it's time to format your volume. The default settings are fine. Now, you need to randomly move your mouse pointer within the window. The longer the better. I do this for about 2 minutes. When you're done, click Format.



Congratulations! You now have an encrypted TrueCrypt volume that you can store stuff on. When that time comes, simply open TrueCrypt, select a drive letter to use, click “Select File”, find your volume and click “Open”. Next, click on the “Mount” button. You will be prompted for your password. Once your volume is mounted, double-click on it in the TrueCrypt window. You can now cut/copy/paste whatever you want to keep secure into your volume like any other drive.

Pretty simple, eh?



Continued Below...
@BTC_Analyst
PTS - PfBmz147Mt6aU3tZ38PyFLMT8P1oxy8NVz
MMC - MRxPyEDRbQFcEpeTdv2B6oXUKWTxeFqWsq

Offline Chartist

  • Jr. Member
  • **
  • Posts: 28
    • View Profile
Then, make sure the option “Standard TrueCrypt volume” is selected. Click Next.





Next, you need to decide on a location for your TrueCrypt volume. This can be anywhere, on your computer, an external hard drive, a thumb drive, whatever. Select the location and enter a name for your volume.



Click Next.



You will now come to the “Encryption Options” window. Here you will select the encryption algorithm and hash algorithm. I use AES-Twofish-Serpent for encryption and SHA-512 for the hash algorithm.





Continued Below...
@BTC_Analyst
PTS - PfBmz147Mt6aU3tZ38PyFLMT8P1oxy8NVz
MMC - MRxPyEDRbQFcEpeTdv2B6oXUKWTxeFqWsq

Offline Chartist

  • Jr. Member
  • **
  • Posts: 28
    • View Profile
Congrats! You now have a very strong password to protect your TrueCrypt volume. Don't forget to save the changes you just made! File->Save



*Important*
Remember to keep a backup of your KeyPass database in a secure location in case something happens. Back it up whenever you make changes and save them.



Now that you have created a strong password for your TrueCrypt volume, go ahead and open TrueCrypt. Select “Create Volume”.





Next, make sure the option “Create an encrypted file container” is selected. Click Next.





Continued Below...
@BTC_Analyst
PTS - PfBmz147Mt6aU3tZ38PyFLMT8P1oxy8NVz
MMC - MRxPyEDRbQFcEpeTdv2B6oXUKWTxeFqWsq

Offline Chartist

  • Jr. Member
  • **
  • Posts: 28
    • View Profile
I recently wrote a pdf about wallet security, and added some items to it this week. Below is a copy/paste from the original document, and I will post a download link at the end so you can download the pdf.
-------------------------------------------------------------------------------------------------------

Protect Your Wallets!

A Guide to Creating a Fortress of Encryption to Safely Secure Your Coins
(and other stuff too)

Encrypting your data these days is of the utmost importance. Considering the day and age we live in, not having your data encrypted is like walking around in public wearing a T-shirt that has your social security number, date of birth, bank account numbers, credit card numbers, and your mother's maiden name on it. Not smart!

Now, it is important to remember that nothing is ever 100% safe. For all we know, DARPA might know how to crack RSA-4096 or SHA-512. However, I think that is unlikely, and besides, I'm sure DARPA doesn't care about our silly little coin wallets. They have bigger fish to fry. 

So, assuming the government isn't after you personally, our main focus is to protect ourselves from common thieves and cyber criminals. Like I said before, nothing is 100% safe, but there's no point in making things easier on anyone who is trying to steal your crypto currency. All it takes is about 30 minutes on your part to take some very basic precautions.

Firstly, you will need to obtain two free and open source programs, KeePass, and TrueCrypt (if you use Last Pass then you do not need KeePass).

http://keepass.info/
http://www.truecrypt.org/

Take some time to familiarize yourself with them. There is documentation available as well as tutorials. For TrueCrypt, visit http://www.truecrypt.org/docs/ and read through everything so that you have a good idea what TrueCrypt does, how it does it, and how to use it. If you have never used a password manager before, I recommend using KeyPass to create one password for one of your email accounts (because password recovery/resetting is simple and painless in the event that you manage to fuck something up). Use KeyPass to access your email account for as long as you need to until you feel comfortable using it. Once you feel comfortable with it, then start using it for everything else. I know it seems a little silly and elementary, but I really want to emphasize how important it is to be 100% comfortable using KeyPass. Remember, if you safeguard your wallets with TrueCrypt and KeyPass and you somehow screw everything up and lose access to your passwords, you will probably lose your coins forever. Don't let this scare you though, just let it remind you to take this seriously, even if it seems a little silly taking baby steps until you're ready to jump in with both feet.



When it comes time to create a password for your TrueCrypt volume, go to KeyPass and create a new entry.





Click the button above and select “Open Password Generator”. Make it look like this and press OK.





This will bring you back to the previous window. Press OK.





Continued Below...
@BTC_Analyst
PTS - PfBmz147Mt6aU3tZ38PyFLMT8P1oxy8NVz
MMC - MRxPyEDRbQFcEpeTdv2B6oXUKWTxeFqWsq