added security/safety to multiple wallets


If I want to store a substantial number of Bitcoins, would there be any add security or safety to doing this in multiple hybrid ewallets, in stead of all in one?

Bastiaan Quast

Posted 2013-05-07T05:53:38.020

Reputation: 371



For large numbers of coins, software wallets (online or desktop), no matter how well designed, are not safe. Online clients aren't safe because the ones that are encrypted your side (like blockchain) might somewhat be susceptible to man-in-the-middle attacks. As Lohoris mentioned, Blockchain uses js verification with Github, requiring both websites to be compromised - of which there is a slim chance. Standard desktop clients are inherently not safe either, not when you're storing thousands of $/£ in coins. Even with all the safeguards in place, the absolute safest storage method is to keep the keys offline.

You would be much better off generating a large number of keys using an offline computer and storing them on encrypted flash drives in safe locations. This is what the biggest known BTC hoarders (Winklevoss) do.

You can then add the addresses without the keys to Blockchain for easy monitoring and zero risk.

George Pearce

Posted 2013-05-07T05:53:38.020

Reputation: 384

Totally a FUD. Online wallets aren't safer than standard clients, they only have different security concerns. – o0'. – 2013-05-07T08:31:11.560

I didn't recommend a standard client. I recommended generating keys that never touch the network - this IS safer. Every single bit of advice for large volumes of coins states that they are best kept offline where they cannot be accessed without the physical pen drive or bit of paper (depending on method). No FUD, just good practice. – George Pearce – 2013-05-07T08:59:47.513

"online wallets, no matter how well designed, are not safe" this is misleading, then. A reword could make this post much better. – o0'. – 2013-05-07T09:58:02.420

1I qualified my statement in a previous edit. They aren't safe because even the really good ones with browser side encryption ( et al) are subject to man-in-the-middle attacks. For someone storing a substantial value in Bitcoins (as per the question), this would present an unacceptable security risk. Edit: I see how it could be edited to say that any "wallet software" online or desktop, is unsafe. I will reword to this effect. – George Pearce – 2013-05-07T10:01:12.503

2Good edit. I've modified it just a bit since they aren't really always susceptible to MITM attacks, since for instance has a JS verifier against github, hence you'd need to crack both and github to make the attack work. – o0'. – 2013-05-07T10:09:01.083

2I didn't know that. Thanks for your help with clarification :) – George Pearce – 2013-05-07T10:11:15.903

1Revised to include @Lohoris info on MITM attacks. – George Pearce – 2013-05-07T13:31:46.507