Author

Topic: Any problems with this plan for a cold storage savings wallet? (Read 792 times)

legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF

The problem I'm running into with this plan, and my original plan, is that there are dependencies required to install bitcoin-qt in Linux. I don't want to connect my computer to the internet during this process, so how do I solve the dependencies issue and install bitcoin-qt on Linux liveCD without connecting to the internet?


Use a distro that still uses the Synaptic Package Manager (i.e. Lubuntu). This lets you generate a script on the offline computer that you can take (USB stick) to an online computer (where you also use SPM) and download the respective packages. Then take (USB stick) the packages to the offline computer and install them there.

In general I think you would have a lot less hassle if you just used an offline paperwallet generator (i.e. bitaddress.org), generate a high entropy private key and print the results as .pdfs (since you seem to prefer to deal with files). There's some additional options: you can encrypt your paper wallet (BIP38), split it in 2 out of 3 parts...

Spending from a paperwallet is easy, i.e. using the Mycelium app.
sr. member
Activity: 294
Merit: 250
Set up a Wuala account, or other cloud backup service of your choice.

Create a strong and unique password offline (manually). This password should be at least 20 characters long; it should contain numbers, upper and lower case letters, and symbols. It should be as random as possible, ie it should look something like this: Zr%8qL03&cvwS9@05AatdP71. Never use this password elsewhere.

Do not forget this password. Recite it several times a day. It is easy to overestimate your ability to remember a password several months in the future. To be on the safe side, write it down and store the piece of paper in a safety deposit box.

Download Bitcoin Linux binary and save it on a USB drive.

Shut down your computer, and boot Ubuntu (or Linux distribution of you choice) from a liveCD. This will not affect your current operating system.

Disconnect machine from the internet. Unplug any network cables and disable wireless. Verify that wireless is disabled in the icon on the upper right corner (Ubuntu). Double check that machine is disconnected by opening the web browser.

Run bitcoin while disconnected to the internet. The client will show 0 connections and 0 blocks, but it will still generate a wallet.dat file and a bitcoin address.

Encrypt your wallet using the strong and unique password from step 2 above. (Bitcoin Client > Settings > Encrypt wallet)

Copy wallet.dat (found in hidden folder .bitcoin in your home directory) to USB drive.

Save bitcoin address to a text file and copy it to USB drive.

Shut down system and turn off computer. Before switching your computer on again, remove all power sources for about 1 minute. Physically remove battery from laptop.

Backup encrypted wallet.dat file in several places:
Send it to your 5 best friends by email attachment and ask them to save it for you.
Save it on your Wuala account created in step 1.
Save it on several USB drives and CDs and store them in different geographic locations.

Send bitcoins to the address saved on the USB drive. Double check in the block explorer that they have been sent.


The problem I'm running into with this plan, and my original plan, is that there are dependencies required to install bitcoin-qt in Linux. I don't want to connect my computer to the internet during this process, so how do I solve the dependencies issue and install bitcoin-qt on Linux liveCD without connecting to the internet?


legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
Can you make a youtube video for this, cause I been searching how for a newbie like me.

Since I dont know the technicals. I`m more of a visual person.

For people who use Mac and bitcoin qt.
I will make one within the next few weeks, not using bitcoin at but a bitcoin cold storage paper wallet generator.
sr. member
Activity: 294
Merit: 250
Can you make a youtube video for this, cause I been searching how for a newbie like me.

Since I dont know the technicals. I`m more of a visual person.

For people who use Mac and bitcoin qt.

I don't know if you're talking to the OP (me), but I'm still a newbie like yourself and wouldn't want to create a video tutorial until I know what I'm advising is, well, advisable.

If I get to the point where I feel like my method using OSX is a sound one, I'll make a video and PM you.
member
Activity: 68
Merit: 10
Can you make a youtube video for this, cause I been searching how for a newbie like me.

Since I dont know the technicals. I`m more of a visual person.

For people who use Mac and bitcoin qt.
full member
Activity: 196
Merit: 101
Set up a Wuala account, or other cloud backup service of your choice.

Create a strong and unique password offline (manually). This password should be at least 20 characters long; it should contain numbers, upper and lower case letters, and symbols. It should be as random as possible, ie it should look something like this: Zr%8qL03&cvwS9@05AatdP71. Never use this password elsewhere.

Do not forget this password. Recite it several times a day. It is easy to overestimate your ability to remember a password several months in the future. To be on the safe side, write it down and store the piece of paper in a safety deposit box.

Download Bitcoin Linux binary and save it on a USB drive.

Shut down your computer, and boot Ubuntu (or Linux distribution of you choice) from a liveCD. This will not affect your current operating system.

Disconnect machine from the internet. Unplug any network cables and disable wireless. Verify that wireless is disabled in the icon on the upper right corner (Ubuntu). Double check that machine is disconnected by opening the web browser.

Run bitcoin while disconnected to the internet. The client will show 0 connections and 0 blocks, but it will still generate a wallet.dat file and a bitcoin address.

Encrypt your wallet using the strong and unique password from step 2 above. (Bitcoin Client > Settings > Encrypt wallet)

Copy wallet.dat (found in hidden folder .bitcoin in your home directory) to USB drive.

Save bitcoin address to a text file and copy it to USB drive.

Shut down system and turn off computer. Before switching your computer on again, remove all power sources for about 1 minute. Physically remove battery from laptop.

Backup encrypted wallet.dat file in several places:
Send it to your 5 best friends by email attachment and ask them to save it for you.
Save it on your Wuala account created in step 1.
Save it on several USB drives and CDs and store them in different geographic locations.

Send bitcoins to the address saved on the USB drive. Double check in the block explorer that they have been sent.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
I'm a brand newbie but have been reading up as much as possible across the past week. I plan on having two btc wallets, one for day-to-day use with a low balance that I will send and receive with, and then one savings wallet that I will only use to receive. I would appreciate it if anyone can tell me if there are any problems with my plan below for securing my savings wallet. I run OSX Mavericks.

BTC savings wallet plan:

1. Download the bitcoin-qt package.
2. Disconnect from the internet.
3. Create fresh installation of linux as a VM (still offline).
4. Install bitcoin package in linux VM.
5. Run bitcoin to create my new wallet.
6. Copy receiving address to removable media.
7. Backup wallet.dat to two other removable media.
8. Delete linux VM file with shredding.
9. Secure media with wallet.dat file in two different locations (personal safe and bank deposit box).
10. Use new address to deposit btc from time to time.

Questions:

1. Is there a security risk I'm not seeing with using a new linux VM versus a liveCD on USB?
2. Are there any risks associated with using the same address repeatedly send to my savings wallet from a different wallet of mine?
3. Even though the bitcoin-qt client hasn't ever been connected to the network in this scenario, the blockchain will still accept the transaction as valid when I send to my new savings address, and I will be able to check the balance through something like blockchain.info?
4. Any other problems you see?

Thanks for any advice.


If your removable media ever touches an computer that have or had internet access, your wallet.dat is at risk. Viruses can get information from your removable disk. If you leave them for a long time without checking them regularly, both of your removable disk may get damaged. Paper wallets will never be damaged so its a better idea to try to generate wallets using them
sr. member
Activity: 294
Merit: 250
1. Is there a security risk I'm not seeing with using a new linux VM versus a liveCD on USB?
In the event that your host OS is infected with malware that is specifically designed to intercept what goes on inside a Linux VM and broadcast that information to the attacker later. Technically, this is a risk factor. In reality, you have to be either extremely high profile or extremely paranoid for you to care about this technicality.

Quote
2. Are there any risks associated with using the same address repeatedly send to my savings wallet from a different wallet of mine?
There are no security risks. Only when you send Bitcoins from an address do you reveal its public key to the network, removing one of the 2 steps that exist between private key and public address. Right now, both steps are considered very secure. But when receiving, this issue is irrelevant.

There is however a potential loss of anonymity in reusing the same address as people may be able to connect different transactions you make due to them being sent to the same address. Whether this is a problem or not is up to you to decide.

Quote
3. Any other problems you see?

If you're only generating a single address, consider using Bitaddress.org. You save the website and disconnect from the internet and then go through the same process. Instead of a wallet.dat file, you'll end up with a private key, which is a string of characters. You can save this to your removable media in a text file, but you can also print it out, which provides some advantages of digital media (you can easily verify data integrity, printed paper won't become incompatible in 10 years, etc...). Importing a private key generated in this way can be done with most popular wallet software.

Using this method, you can also choose to use BIP38 to encrypt the key with a passphrase. You'll still get a string of characters to save / print, but you'll also need the passphrase to make a useful private key out of it later when you want to spend the coins.

Finally, before sending a large amount of coins to this new address, try the entire procedure with a very small amount of BTC to see if it works. If it does, start from scratch to generate the real thing.

Thank you for the quick response, and the simple suggestion of bitaddress.org, I knew there had to be a simpler solution.

If anyone reading this has concerns with using bitaddress.org script offline to generate an address/private key combo, I'd like to hear about it.
hero member
Activity: 728
Merit: 500
1. Is there a security risk I'm not seeing with using a new linux VM versus a liveCD on USB?
In the event that your host OS is infected with malware that is specifically designed to intercept what goes on inside a Linux VM and broadcast that information to the attacker later. Technically, this is a risk factor. In reality, you have to be either extremely high profile or extremely paranoid for you to care about this technicality.

Quote
2. Are there any risks associated with using the same address repeatedly send to my savings wallet from a different wallet of mine?
There are no security risks. Only when you send Bitcoins from an address do you reveal its public key to the network, removing one of the 2 steps that exist between private key and public address. Right now, both steps are considered very secure. But when receiving, this issue is irrelevant.

There is however a potential loss of anonymity in reusing the same address as people may be able to connect different transactions you make due to them being sent to the same address. Whether this is a problem or not is up to you to decide.

Quote
3. Any other problems you see?

If you're only generating a single address, consider using Bitaddress.org. You save the website and disconnect from the internet and then go through the same process. Instead of a wallet.dat file, you'll end up with a private key, which is a string of characters. You can save this to your removable media in a text file, but you can also print it out, which provides some advantages of digital media (you can easily verify data integrity, printed paper won't become incompatible in 10 years, etc...). Importing a private key generated in this way can be done with most popular wallet software.

Using this method, you can also choose to use BIP38 to encrypt the key with a passphrase. You'll still get a string of characters to save / print, but you'll also need the passphrase to make a useful private key out of it later when you want to spend the coins.

Finally, before sending a large amount of coins to this new address, try the entire procedure with a very small amount of BTC to see if it works. If it does, start from scratch to generate the real thing.
sr. member
Activity: 294
Merit: 250
I'm a brand newbie but have been reading up as much as possible across the past week. I plan on having two btc wallets, one for day-to-day use with a low balance that I will send and receive with, and then one savings wallet that I will only use to receive. I would appreciate it if anyone can tell me if there are any problems with my plan below for securing my savings wallet. I run OSX Mavericks.

BTC savings wallet plan:

1. Download the bitcoin-qt package.
2. Disconnect from the internet.
3. Create fresh installation of linux as a VM (still offline).
4. Install bitcoin package in linux VM.
5. Run bitcoin to create my new wallet.
6. Copy receiving address to removable media.
7. Backup wallet.dat to two other removable media.
8. Delete linux VM file with shredding.
9. Secure media with wallet.dat file in two different locations (personal safe and bank deposit box).
10. Use new address to deposit btc from time to time.

Questions:

1. Is there a security risk I'm not seeing with using a new linux VM versus a liveCD on USB?
2. Are there any risks associated with using the same address repeatedly send to my savings wallet from a different wallet of mine?
3. Even though the bitcoin-qt client hasn't ever been connected to the network in this scenario, the blockchain will still accept the transaction as valid when I send to my new savings address, and I will be able to check the balance through something like blockchain.info?
4. Any other problems you see?

Thanks for any advice.

Jump to: