added security/safety to multiple blockchain.info wallets

3

If I want to store a substantial number of Bitcoins, would there be any add security or safety to doing this in multiple blockchain.info hybrid ewallets, in stead of all in one?

Bastiaan Quast

Posted 2013-05-07T05:53:38.020

Reputation: 371

Answers

4

For large numbers of coins, software wallets (online or desktop), no matter how well designed, are not safe. Online clients aren't safe because the ones that are encrypted your side (like blockchain) might somewhat be susceptible to man-in-the-middle attacks. As Lohoris mentioned, Blockchain uses js verification with Github, requiring both websites to be compromised - of which there is a slim chance. Standard desktop clients are inherently not safe either, not when you're storing thousands of $/£ in coins. Even with all the safeguards in place, the absolute safest storage method is to keep the keys offline.

You would be much better off generating a large number of keys using an offline computer and storing them on encrypted flash drives in safe locations. This is what the biggest known BTC hoarders (Winklevoss) do.

You can then add the addresses without the keys to Blockchain for easy monitoring and zero risk.

George Pearce

Posted 2013-05-07T05:53:38.020

Reputation: 384

Totally a FUD. Online wallets aren't safer than standard clients, they only have different security concerns. – o0'. – 2013-05-07T08:31:11.560

I didn't recommend a standard client. I recommended generating keys that never touch the network - this IS safer. Every single bit of advice for large volumes of coins states that they are best kept offline where they cannot be accessed without the physical pen drive or bit of paper (depending on method). No FUD, just good practice. – George Pearce – 2013-05-07T08:59:47.513

"online wallets, no matter how well designed, are not safe" this is misleading, then. A reword could make this post much better. – o0'. – 2013-05-07T09:58:02.420

1I qualified my statement in a previous edit. They aren't safe because even the really good ones with browser side encryption (Blockchain.info et al) are subject to man-in-the-middle attacks. For someone storing a substantial value in Bitcoins (as per the question), this would present an unacceptable security risk. Edit: I see how it could be edited to say that any "wallet software" online or desktop, is unsafe. I will reword to this effect. – George Pearce – 2013-05-07T10:01:12.503

2Good edit. I've modified it just a bit since they aren't really always susceptible to MITM attacks, since blockchain.info for instance has a JS verifier against github, hence you'd need to crack both blockchain.info and github to make the attack work. – o0'. – 2013-05-07T10:09:01.083

2I didn't know that. Thanks for your help with clarification :) – George Pearce – 2013-05-07T10:11:15.903

1Revised to include @Lohoris info on MITM attacks. – George Pearce – 2013-05-07T13:31:46.507