Topic: A Secure and Redundant Savings Wallet Concept, Hopefully - page 3. (Read 5081 times)

No, that's not an issue. Of course, everything can be broken some day. But AES-encrypted wallets will not be broken before the very methods of bitcoin blocks are.

Yes I had read both of those, thanks.

The problem with that "high security" approach is that the wallet exists in it's entirety in one single place.  Put it in a safety deposit box in a bank and that bank gets robbed, the thieves have your complete wallet - doesn't matter if it's encrypted, that can be hacked with enough time and resources, now the thieves have your wallet.

With my approach, even if they get at the contents of my safe deposit box, even if I've included my password along with the 1 removable media in that box, they do NOT have my wallet (I am of course using the safe deposit box just as an example, it could just as easily be under my bed, in a fire safe, etc..).

I apologize if creating a new thread to discuss my concept was inappropriate.

I did a less effort setup with Ubuntu user accounds, you find it here:
http://forum.bitcoin.org/index.php?topic=15068

A high security idea more similar to yours has been made here:
http://forum.bitcoin.org/index.php?topic=17292

I haven't noticed any other threads that discuss a concept that provides this level of security and redundancy (although I did develope this concept after reading as many other threads as I could.

Perhaps you could point me to the other threads that provide a similar end result?

You should better look at existiting advice on how to manage wallets, and if you find flaws there you can add ideas.

Your idea is complicated, which is very bad for security. You have to be able to think about the whole thing clearly and analyze it for possible flaws. You put so much obscurity in it that it's hard to check for flaws.

Does this general concept make sense?

Any feedback welcome and appreciated.  But please at least read the OP first.

Step 1 doesn't cover that (well the at least part)?

I agree it's complicated, no apology necessary - but I don't know of an easier way to accomplish the same.  Most wallets won't need this treatment but all I can say is if BTC hits $100 each or more, I will want as much security and redundancy as possible for my few coins.

With news of recent lost or stolen Bitcoin, like many, I have been thinking about what steps I should be taking to protect my bitcoin savings (however small that may be).

Here's what I have currently swirling around in my head - please consider this just an initial brainstorm of sorts.  I am very interested in feedback, thoughts and other brainstorms

My experience lies mostly with Windows so that is what I'd use to do this but the concept could be implement in Linux and probably even on a MAC just as easy for those experienced in those platforms.

My general goals here are security and backup/redundancy for an offline savings wallet.

1) Start with a clean OS install on a non-networked PC.

2) Put clean copies, from trusted sources, signed, sealed, etc of the Bitcoin client, TrueCrypt, and some file splitting utility (such as hjsplit) onto a freshly formatted USB drive (or similar) and transfer to the sterile PC.

3) Using TrueCrypt, create 6 key files and then create an encrypted standard volume (in a file) using the 6 key files and also some strong password.  Mount the volume.

4) Run the Bitcoin client with the -datadir option to create a wallet.dat in the encrypted volume.  Make a note of the wallet address so you can send some Bitcoin to it once you're done.

5) Dismount the volume and then split the volume file into 6 parts using hjsplit or the like.  Delete the original volume file.

6) Grab 6 new media of your choice (USB thumb drive, SD card, CD-R, etc.. or any combination of).  I'll assume we're using USB drives...

7) Onto each USB drive, copy 5 of the 6 key files and 5 of the 6 TrueCrypt volume parts.  On each USB, exclude a different numbered pair of files.
   For example:
   Copy all key files except # 1 onto USB1 and all volume parts except part 1
   Copy all key files except # 2 onto USB2 and all volume parts except part 2
   Copy all key files except # 3 onto USB3 and all volume parts except part 3
   etc...

8 ) Delete all original files so all that remains is what's on the 6 USB drives.

9) Store each USB drive in a different location, put one in a safe deposit box, mail one to a friend or family member, put one under your pillow, etc..  Just keep them all separate.

10) Once all USB's are stored somewhere send some Bitcoin to the wallet address.

11) Sometime in the future when you want to retrieve the Bitcoin from your savings wallet, you only need any 2 of the USB drives and your password.  Combine the files from any 2 USB's, re-join the 6 encrypted volume parts, mount the volume with the 6 key files and your password, and access your wallet.dat file, send all the BTC somewhere and then dispose of the wallet (or better yet, keep it but don't use it again).   

This provides security in that only someone who has at least 2 of the USB drives AND your password can access the wallet, and redundancy in the fact that there are 6 USB drives out there and all you need are any 2 of them to get at your coin.  I will give one USB to my next of kin (just in case), and with the one in my safe deposit box I will include a note with my password.  Even if a thief gets the contents of the safe deposit box, they still will only have 1 USB and the password, not enough to access the wallet, but my next of kin will have access to everything in case I get hit by "the bus".

So that's it, what do you think?  Does this seem like a good idea, or am I nuts, or both?