Author

Topic: Bulletproof strategies for securing your Wallets (Read 1160 times)

full member
Activity: 170
Merit: 100
I've used this ultimate tinfoil strategy ever since I got hacked a couple of years ago and it works beautifully. It's a little bit of trouble but it's money so I'd rather be as sure as possible than dick around. I also use hardware wallets for convenience and try not to store too much in one place.
newbie
Activity: 14
Merit: 0
Quote
The Electrum wallet installer gives a warning message when uploading that file to Virustotal.com, it comes up with a Palo Alto Networks generic.ml warning. Does anyone else have this happen too with the latest download from the Electrum wallet site? Is this of concern?

Electrum is legit. It's a false positive. You can always google stuff like that.

Quote
Also, how do you check the checksums with that onlinemd5.com site or with GPG4Win? I've never done that before.

You upload the file to the site and see if its checksum is equal to the provided string of the alleged checksum. This is usually not that strong since if a hacker compromised the download he will also most likely have changed the checksum. As to GPG4Win, there should be tutorials. Essentially you create your own key pair in Kleopatra. Then you download the keys from the entity whose file you are trying to verify (e.g. VeraCrypt). You should sign their identity with your private key in Kleopatra to make them show up as trusted. You can then download the GPG-signed .asc file from them and check by using GPG4Win's tools to see if the file is still from VeraCrypt. It's a bit hard to explain but there are plenty of tutorials on the web. You will not be alone.

Quote
I have to say that your post is a fantastic post for securing your wallet in a bulletproof manner. I've just got to get my head around it all lol

Thank you. I highly appreciate it. There are many articles on crypto security, but most just end up recommending hardware wallets. While I agree that it is the most convenient way for most people to go with, it doesn't have plausible deniability. My methods are definitely overkill for most people, however if I were to store any significant amount of cryptocurrency, I'd do it this way.

I have also opened a separate thread for people to view the strategy. I have refined some explanations. Here it is if you want to follow it:

https://bitcointalksearch.org/topic/m.20917116
member
Activity: 112
Merit: 10
1. Download the wallet software from a malware-free and up-to-date computing device and verify its checksums using http://onlinemd5.com/ (or check the GPG signature inside GPG4Win) and upload it to https://www.virustotal.com/en/ to check for any viruses. Sometimes there are false positives, but it's generally better to be safe than sorry (like you already said).
The Electrum wallet installer gives a warning message when uploading that file to Virustotal.com, it comes up with a Palo Alto Networks generic.ml warning. Does anyone else have this happen too with the latest download from the Electrum wallet site? Is this of concern?

Also, how do you check the checksums with that onlinemd5.com site or with GPG4Win? I've never done that before.

I have to say that your post is a fantastic post for securing your wallet in a bulletproof manner. I've just got to get my head around it all lol
newbie
Activity: 14
Merit: 0
I have compiled instructions for you on how to setup an actual bulletproof strategy for securing your coins that outperforms any kind of hardware wallet in high-threat scenarios.

1. Download the wallet software from a malware-free and up-to-date computing device and verify its checksums using http://onlinemd5.com/ (or check the GPG signature inside GPG4Win) and upload it to https://www.virustotal.com/en/ to check for any viruses. Sometimes there are false positives, but it's generally better to be safe than sorry (like you already said).

2. Put that software onto a cleanly formatted(!) flash drive and plug it into an airgapped (airgapped = this computer is not and has not been connected to the internet), malware-free computing device. If you have an old laptop lying around; wipe its harddrive and install a fresh new instance of your preferred operating system (most wallet software uses Windows). You can also use an Raspberry PI or any computing device that can be used as an independent and dedicated computing device that is able to host the software you are trying to use. It's important that you do not EVER connect that dedicated computing device to the internet after you have installed any of your wallet software (even in fact you should not be using it beforehand because malware could accumulate). I'm saying this, because the wallet software you downloaded could have been compromised at some point where the attackers have added in code that sends your private keys to their command-and-control (C&C) servers. Plain malware or even ransomware is known to search through the wallet file directories and sending any file found to their C&C servers. It's even more likely though that the attackers have compromised the pseudo-randomness of the key generation algorithm giving them the ability to regenerate your key pairs deterministically. This could especially be the case with lesser known wallet software. Make sure that this is not the case by performing your due diligence on the wallet providers and the software.

3. Install the wallet software on your dedicated machine. Now you have two options: a) Generate some wallets inside the software by letting it create a new seed. b) Create the seed yourself by using dice in order to wipe out any chance of someone having compromised the pseudo-randomness of the wallet's software's algorithms. This is the mega tinfoil hat case, however this can be a serious threat to anyone. If you want to do this for Bitcoin, you can go to https://www.bitaddress.org , download the HTML page file and transfer it via a flash drive safely and securely to your airgapped machine. Open it there and in the "Wallet Details" section, you will be able to find instructions on how to use an actual dice (use a high-quality casino dice that has sharp edges) to generate a private key. You can also find instructions online on how to generate entire seeds using high-quality dices to guarantee real randomness for the safety of your crypto assets. For the average user, this seems like a stretch, however this is an unnecessary risk that can be eliminated easily.

5. Now write down the seeds into a text file on your airgapped machine and back them up on a couple of freshly formatted and clean flash drives distinct from the one that you transferred your files with (also delete the seed text files from your airgapped machine). You can also backup the encrypted wallet files and their passwords alongside the text file/s containing the seeds for even more redundancy.

6. You can now also encrypt these backup drives with a disk encryption tool of your choice (this would be your double encryption). I can highly recommend VeraCrypt. You can create a standard volume on any partition of a flash drive that will host and encrypt any files that are subsequently put into it. Once you mount the volume (only ever mount it on the airgapped machine which you make sure is at all times and costs malware-free), the files are only ever decrypted in RAM and stay on your flash drive at all times which means that your files remain encrypted even in the event of a sudden power outage. You should use a relatively long high-entropy password or a very long and mnemonic passphrase (with lots of cleverly put characters, symbols and numbers) for the disk encryption (in VeraCrypt you can also use PIMs and keyfiles (although I would suggest only using PIMs) for EVEN MORE security). I would recommend the latter so that you have it memorized incase something unexpected happens. Nevertheless you should still write down that password onto a small (hardly noticeable) sheet of paper in its full length. Store that somewhere CLOSE to you (somewhere people wouldn't bother to search incase of high-risk scenarios) and don't store it alongside your backups. You shouldn't ever need it because you should be able to remember your passphrase at all times. Distribute your encrypted backups in your house, at a safety deposit box at your bank, at houses of your relatives etc. Once again, hide them somewhere people don't expect them and make sure that not all the backups are exposed to similar environmental risks (e.g. a flood or fire inside one of the buildings). Incase you are still not paranoid enough, you can also write down the seeds on two distinct sheets of paper where you write down the first half on one sheet and the second on the other. You could then also distribute them in two distinct places and place them somewhere people wouldn't search for them. This method involves more risk because if someone found one half of the seed they could potentially be able to bruteforce the entire seed in some cases.

As far as the backups are concerned, this is the best practice I can come up with. If you are a high-profile and high-threat individual (someone could use extortion to get the passphrase and PIM to your backups) I would also recommend looking into VeraCrypt's hidden volumes. They allow you to create a standard volume on one of your drives that has an inner pointer to an outer hidden volume that requires a different password in order to be mounted. At all times, it cannot be proven from an attacker that the drive actually contains a hidden volume, if certain conditions are met. This means if someone is pointing a gun to your head demanding your passphrase (expecting to find the backups on there), you could give them the password for your standard volume. Into that standard volume, you should place some sensitive-looking files (if a potential attacker is likely to search for Bitcoin then you could place some wallet file in there with a minor part of your Bitcoin stash) in there, however the actual files that you are desperately trying to hide will be placed inside the hidden volume. So for instance, a wealthy individual could place 1000 BTC into the hidden volume and 10 BTC into the standard volume in order to preserve their life in high-threat situations. If they ask for more or for the password to the hidden volume, you have a good excuse that it does not exist. This is called plausible deniability and it's a very important concept.

The concept of hidden volumes can even be expanded onto operating systems which VeraCrypt has already done. In this case, you do a full disk system encryption and setup a hidden volume on a separate partition on your harddrive. Then you install a new fresh instance of your preferred operating system on the hidden partition. Whenever your computer boots, it asks for the encryption passphrase and PIM. If you enter the combination for the standard volume, you will access your decoy operating system. This is the OS you should give the attacker access to in case of extortion. Place some sensitive-looking files in there or even a minority of your coin stash depending on your risk profile. If you enter the combination for the hidden volume, you will be entering your hidden operating system. This is like the hidden volume; for the actual sensitive files that you are trying to preserve at all costs. So this allows for plausible deniability and encryption on the full system level. For more important information and crucial security and behavioral practices in case of high-threat scenarios, check out VeraCrypt's documentation (https://veracrypt.codeplex.com/wikipage?title=VeraCrypt%20Hidden%20Operating%20System).

Installing a hidden operating system on your machines seems like a practical idea. This also directly solves the question: "How do I protect the wallet files on my airgapped machine incase I am not near it?" because the system is now fully encrypted and the only thing an attacker can do is destroy it at this point. In this case, you can also leave the passwords to your encrypted wallet files inside the hidden operating system. You might ask now: "Why do I still need to encrypt the wallet with the wallet software's inbuilt encryption algorithm at this point? The hidden OS takes care of all of this now, right?" Leaving your wallet exposed like that still exposes you to the risk of installing a malicious software that constantly sends out queries to send out your private keys or wallet files to its C&C server just in case that you should ever connect to the internet. That's why you should NEVER connect to the internet on that DEDICATED machine.

Now that you have set up your bulletproof cold storage, you can monitor your wallets on an internet-connected machine (e.g. for BTC on Electrum you would transfer the master public key) that is in sync with the specific blockchain and send transactions via a dedicated malware-free transfer flash drive to the airgapped machine. Then you sign off the transaction on the dedicated machine, transfer it back via a flash drive and broadcast it on the online machine onto the specific P2P network.

This is the ultimate tinfoil hat strategy. This is as bulletproof as crypto security can get. It surpasses the security of every hardware wallet, because this allows you to have plausible deniability in case the attackers manage to find your devices. It is not as convenient, however it is designed to potentially preserve the life of high-profile and high-threat individuals in high-pressure situations.

Please let me know if there are any kind of errors.
member
Activity: 112
Merit: 10
What strategies do peeps here employ to secure their wallets with the best security?

I've been thinking about some strategies. What do you think about these:

1. Encrypting the private key & the Wallet.dat file with GPG4Win.
2. What about if you were to keep your private key and your Wallet.dat file saved onto an encrypted partition/volume using Veracrypt.

Those are overkill. Most wallets already give you the ability to encrypt the data
I don't really think it's overkill as I think it's better be safe than sorry. Even if you encrypt the wallet.dat with a trusted encryption program after the Wallet program encrypts the data, it would be safer having it encrypted twice. Also you don't know who good is the encryption provided by the wallet program and if it can easily be hacked. Hasn't there been a few issues with some of the popular wallet programs in the past?
legendary
Activity: 4466
Merit: 3391
What strategies do peeps here employ to secure their wallets with the best security?

I've been thinking about some strategies. What do you think about these:

1. Encrypting the private key & the Wallet.dat file with GPG4Win.
2. What about if you were to keep your private key and your Wallet.dat file saved onto an encrypted partition/volume using Veracrypt.

Those are overkill. Most wallets already give you the ability to encrypt the data
hero member
Activity: 1106
Merit: 638
If you want a simpler way to have incredible security look at Trezor and KeepKey.

Both offer the best security without the need to manage wallet.dat files. The more files you have with your private keys the better chances you won't lose it...to a point. "Files" on a computer are dangerous. It doesn't take much for someone to hack in if they know what you have. Private keys on paper or better yet, protected by a PIN, pass phrase, and additional secret password provides incredible security.

Both Trezor and KeepKey (if I'm not mistaken) have time delayed releases from incorrect password attempts, which build upon each other. So every time you enter a wrong password the time you have to wait to enter your next try doubles.

There's plenty of info out there on both, they're as bullet proof as it gets.
member
Activity: 112
Merit: 10
What strategies do peeps here employ to secure their wallets with the best security?

I've been thinking about some strategies. What do you think about these:

1. Encrypting the private key & the Wallet.dat file with GPG4Win. Secure wipe the original private key & the Wallet.dat file so there's no traces left on your computer. When you want to use your wallet program you just decrypt the Wallet.dat file. Open your wallet, do what you need to do, close it. Use GPG4Win and encrypt the new Wallet.dat file. Secure wipe the new unencrypted Wallet.dat file. Also secure wipe the old original encrypted Wallet.dat file as you now have a new encrypted Wallet.dat file.

2. What about if you were to keep your private key and your Wallet.dat file saved onto an encrypted partition/volume using Veracrypt. When you need to use your wallet you copy the Wallet.dat file off the encrypted volume once mounted to your C:/coinfolder/. Open your wallet, do what you need to do, close it. Copy the new Wallet.dat file to the encrypted volume then dismount that volume so it's fully encrypted again. Secure wipe the new unencrypted Wallet.dat file sitting in your C:/coinfolder/
Jump to: