Author

Topic: Best-practice for savings account (non-hardware wallet) (Read 1006 times)

member
Activity: 104
Merit: 10
Do we have any best-practices handling savings accounts (without hardware wallets) with detailed instructions on how to use each required piece of software?

In the past, I saw projects for bootable .iso-images that contain some client(s) capable of deterministic wallets. Have these projects died? I wouldn't be surprised if they did because who would want to sign those iso-images anyway?

This is roughly what I have in mind and would be glad to hear some comments. I would like to see detailed instructions on the following process (or a different process that achieves the same goal), that we can hand out to people who were already introduced to bitcoin and who now start thinking about securing their bitcoins long term.

- obtain a standard iso for some live distribution (I like grml for this) and boot into it
- install various bitcoin client software and related tools (like a shamir secret sharing tool)
- include some personal (non-critical) data, like pubkeys, address book, etc
- create you own new live iso from it (e.g. grml-live command)
- burn it on a CD (not USB drive)
- boot into it with load-to-ram option
- create a master secret with a certain number of shamir-type shares
- encrypt the master secret with a passphrase
- print out the shares and the encrypted master secret
- some guidelines here on how to print this safely (no network printer, etc)
- some guidelines on how to distribute the shares (like distribute one share to each group of people where groups are: non-family friends, work colleagues, family, safety deposit box, ...) and on how many shares to use
- explanation: the shares form a backup, the encrypted master secret stays with you for easy/frequent handling
- mark/sign CD so it cannot be swapped out easily
- boot from CD again
- enter encrypted master secret plus passphrase to decrypt master secret
- test shamir secret sharing algorithm with actual shares, check if master secret is obtained correctly
- run client to create deterministic wallet from master secret
- print out some hundred pubkeys for manual verification
- save some hundred pubkeys to USB drive
- print out master public key of deterministic wallet
- save master public key of deterministic wallet to USB drive
- ...

extension:
- what to write in your last will (instructions for your family how to deal with your wallet)
- design the sharing scheme so that your heirs already hold the secret to their heritage up to a unique missing share, which is the same for all heirs and which is part of your last will

Feel free to extend or modify this list. It would be great if someone can give detailed instructions on any part(s) of this. So maybe we can produce such best-practices by the end of this thread.
Jump to: