11

I'd like to setup an automated process to email my encrypted wallet to myself, so that if, for instance, my house burns down, I've got easy access to a recent copy of my wallet stored off-site.

I've seen this mentioned in a couple places as a method for backing up a wallet, but none of the more thorough security guides I've read mention this as either a good or bad thing to do.

So, is this a stupidly insecure thing to do, or a reasonable means of keeping a regular automated off-site backup of a wallet?

Jon Garvin
  • 342
  • 2
  • 13

4 Answers4

9

You can trust encryption

If you encrypt anything using a strong key and a strong algorithm (e.g. GPG) then you can be sure that it will be beyond economical reach for anyone for a long time.

So, the general procedure would be

  1. Encrypt wallet.dat with your long and complex passphrase (which you keep safe)
  2. Attach the ciphertext output to your email
  3. Enjoy the free offline backup service

Do not just attach wallet.dat to the email since it will reveal your transaction history and bind your public addresses directly to you thereby removing your anonymity.

Gary
  • 7,543
  • 3
  • 33
  • 59
7

The wallet.dat contains not just encryption keys but addresses as well. If you are using the encrypt feature from the Bitcoin client to encrypted the keys then mailed to yourself those keys in the wallet would be secure assuming you used a strong passphrase and that passphrase is not used elsewhere.

But the transactions in that wallet can be viewed by anyone with access to the backup file.

Stephen Gornick
  • 26,990
  • 12
  • 67
  • 141
  • Thanks. So, adding an additional layer of encryption, such as like this [ http://snippets.dzone.com/posts/show/341 ], would be beneficial before emailing the (now extra encrypted) file. Except, to make it automated, the script would need to contain the plain text salt that was used for the extra encryption, so if someone got a hold of THAT. I guess there is no perfect solution. All options have their pro's and cons, both in terms of security and convenience. – Jon Garvin Jan 20 '12 at 16:34
  • 1
    Create a public/private RSA key pair. Encrypt with the RSA public key before emailing. (You can use `gpg` to do this.) – David Schwartz Jan 21 '12 at 00:47
  • @DavidSchwartz But then where would I securely store the private key to address the original scenario - "so that if, for instance, my house burns down?" Email it to myself? ;-) – Jon Garvin Jan 24 '12 at 02:14
  • 1
    @JonGarvin You would memorize the pass phrase it was generated from, using a deterministic process so that you could regenerate the key given the passphrase. Alternatively, you would write it on a piece of paper (or print it in barcode) and lock it in a bank vault. – David Schwartz Jan 24 '12 at 02:29
  • @DavidSchwartz I was unaware that it is possible to generate keypairs deterministically. – Jon Garvin Jan 24 '12 at 05:06
  • The SHA256 hash of any passphrase can be used as a private key with a corresponding public key and Bitcoin address. Note that security requires that an attacker need at least 2^104 guesses to get it and, ideally, 2^128. – David Schwartz Jan 24 '12 at 05:21
5

You can also use hushmail.com for emailing an encrypted wallet file to yourself for backup. It is an added layer of protection and when utilized in this way, it acts as an online wallet accessible anywhere.

matonis
  • 221
  • 2
  • 23
0

Instead of e-mailing it to yourself, why not send it through a cloud service such as Dropbox or Google Drive which connects through SSL by default?

superuser
  • 387
  • 3
  • 15