Pages:
Author

Topic: Cold Storage Question before I jump in! (Read 1705 times)

full member
Activity: 154
Merit: 1000
Fica Tranquilo
May 01, 2014, 11:49:24 AM
#30
I agree, for cold storage learn to use paper wallets, make multiple copies and hide at different locations.


For instance under your mattress. Maybe in the freezer cause it's called cold storage, right?

Well preferably in different buildings, e.g. in case of fire you want a separate copy somewhere else.
And as already mentioned it is best to split your bitcoin over several wallets for convenience as well as added security.
Furthermore; inform someone you can trust about your bitcoin, so your bitcoin isn't lost in case something happens to you.
legendary
Activity: 3682
Merit: 1580
Right, well I guess that is one way to be "hardcore"  but I think the point here i just to provide an initial random seed to an otherwise and deterministic procedure.  It seeems to me that if you are taking hashes of random media (or, IMHO, just sampling from /dev/urandom) you should be fine.  Am I missing anything crucial?

Well, you want as many different sources as possible since any amount of good or decent randomness gets mixed in to the final private key. Your camera, your picture, your file, is about as good as it gets.

It's actually overkill, as you can use any of the apps or scripts I have mentioned above, as well as bitaddress.org

I suggest taking a picture of your turds and using those. Turds tend to be very random.
legendary
Activity: 3682
Merit: 1580
I agree, for cold storage learn to use paper wallets, make multiple copies and hide at different locations.


For instance under your mattress. Maybe in the freezer cause it's called cold storage, right?
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Right, well I guess that is one way to be "hardcore"  but I think the point here i just to provide an initial random seed to an otherwise and deterministic procedure.  It seeems to me that if you are taking hashes of random media (or, IMHO, just sampling from /dev/urandom) you should be fine.  Am I missing anything crucial?

Well, you want as many different sources as possible since any amount of good or decent randomness gets mixed in to the final private key. Your camera, your picture, your file, is about as good as it gets.

It's actually overkill, as you can use any of the apps or scripts I have mentioned above, as well as bitaddress.org
legendary
Activity: 1918
Merit: 1018
Why not use a paper wallet?

https://www.bitaddress.org is supposed to be safe

I agree, for cold storage learn to use paper wallets, make multiple copies and hide at different locations.


You can make paper wallets with blockchain has well or with electrum

I like the idea of having my bitcoins on 2 or 3 different addresses, it is easier if you want to spend/sell some
legendary
Activity: 1456
Merit: 1081
I may write code in exchange for bitcoins.
I suppose that any sort of media file hashed would be a relatively good source of random bits, but I'm not an expert in this topic.  If it were me, I'd be sure to either use a whole file or some portion of it which is definitely not a header (first bytes of many filetypes are going to be the same for every file of that type).

Don't use a picture that is already posted on the internet, and don't use a song from the top charts. (actually, don't use any song unless you are sure you are the only person who recorded it.)

Definitely don't use a recent movie even if it never won a grammy award.

But just in case you do, make sure your equipment goes through an analog portion. So there is some noise introduced.

I tell you what I will do when I get my new DSLR, is I'm going to go around town and take pictures until the memory card is full. Copy those files to an offline computer. Then hash each one of them.

To be hard core, use the RAW format of your camera, if it is available, or the highest resolution.

Good luck with anyone figuring out 24 megapixels of data.

Right, well I guess that is one way to be "hardcore"  but I think the point here i just to provide an initial random seed to an otherwise and deterministic procedure.  It seeems to me that if you are taking hashes of random media (or, IMHO, just sampling from /dev/urandom) you should be fine.  Am I missing anything crucial?
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I suppose that any sort of media file hashed would be a relatively good source of random bits, but I'm not an expert in this topic.  If it were me, I'd be sure to either use a whole file or some portion of it which is definitely not a header (first bytes of many filetypes are going to be the same for every file of that type).

Don't use a picture that is already posted on the internet, and don't use a song from the top charts. (actually, don't use any song unless you are sure you are the only person who recorded it.)

Definitely don't use a recent movie even if it never won a grammy award.

But just in case you do, make sure your equipment goes through an analog portion. So there is some noise introduced.

I tell you what I will do when I get my new DSLR, is I'm going to go around town and take pictures until the memory card is full. Copy those files to an offline computer. Then hash each one of them.

To be hard core, use the RAW format of your camera, if it is available, or the highest resolution.

Good luck with anyone figuring out 24 megapixels of data.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Someone made a dice2key app, (with source code) and also a paperwallet app (I think it was Deep Celeron)

Here are a few I found after some quick googling:

https://raw2.github.com/swansontec/dice2key/master/dice2key.sh

https://bitcointalk.org/index.php?topic=297077.25

https://bitcointalksearch.org/topic/m.3197393 (This is my post in the same thread.)

https://bitcointalksearch.org/topic/ann-python-paper-wallet-generator-with-strong-randomness-361092 (Paper wallet app)

Or you could always use vanitygen (make sure to use compressed keys) so you have your custom cold storage that begins with 1COLDSTORAGExyxyzxyxyxyzxy or whatever you prefer.

The camera thing and files, and sound recording .... just for fun I guess.
legendary
Activity: 3682
Merit: 1580
April 30, 2014, 11:35:14 PM
#21
There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

I know how to calculate the sha256 hash of my files, but how am I going to get my private key and bitcoin address from it?

bitaddress.org -> wallet details tab -> paste in sha256 hex.
legendary
Activity: 1456
Merit: 1081
I may write code in exchange for bitcoins.
April 30, 2014, 11:30:37 PM
#20
There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

I know how to calculate the sha256 hash of my files, but how am I going to get my private key and bitcoin address from it?

The idea is that you use the random number as a seed for generating a bitcoin address. There are some other threads about how to generate a bitcoin address by hand.
legendary
Activity: 910
Merit: 1000
April 30, 2014, 05:05:16 AM
#19
There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

I know how to calculate the sha256 hash of my files, but how am I going to get my private key and bitcoin address from it?
hero member
Activity: 518
Merit: 500
April 30, 2014, 01:20:11 AM
#18
It should stay safe As long as the wallet stays offline. And the private keys are safe
legendary
Activity: 1456
Merit: 1081
I may write code in exchange for bitcoins.
April 29, 2014, 12:19:21 PM
#17
There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

There's also another one, which is quite a good idea, which involves recording random sounds in the street and then hashing it.

I suppose that any sort of media file hashed would be a relatively good source of random bits, but I'm not an expert in this topic.  If it were me, I'd be sure to either use a whole file or some portion of it which is definitely not a header (first bytes of many filetypes are going to be the same for every file of that type).
hero member
Activity: 798
Merit: 1000
April 29, 2014, 11:03:33 AM
#16
There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

There's also another one, which is quite a good idea, which involves recording random sounds in the street and then hashing it.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
April 24, 2014, 07:52:54 PM
#15
There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.
legendary
Activity: 1456
Merit: 1081
I may write code in exchange for bitcoins.
April 24, 2014, 07:02:23 PM
#14
As long as someone is not accidentally generating your private key, u r safe Smiley

Are there reports of this sort of thing happening?  If so, I wonder where I can read an overview of the issue.  I'd like to reconsider now my own cold wallet.  I know which program and version of the program that I generated it with.  Now I want to make sure there was an appropriate randomness.  Any suggestions?

Well this mainly is a problem with brain wallets and the fact that humans are a bad source of randomness.

https://bitcointalksearch.org/topic/stop-the-correct-horse-battery-staple-debacle-299156

With the revelations by Snowden it was also shown that RNG are a good way for the NSA (and other organisations) to weaken the strength of an encryption. I learned this morning that Windows is also able to take further input when generating a random number. Dont know if this is common knowledge.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942%28v=vs.85%29.aspx

All in all. If you want to check that, research the programm and version you used and see where they take their randomness from. Usually this will be a libary or an OS source. You can then research these sources.
Usually randomness is taken from mouse/keyboard input, from network traffic (which might be a bad idea, because this might be manipulated) and from the HDD (not SSD though).

Edit oh and also randomness from allready random data, e.g. Private keys. I am not sure yet whether thats a good idea or not

Yes, thanks for this writeup.  Very informative.  I see what you mean about this being an issue mainly with brainwallets.

In my case, I don't use Windoze so I'm not really worried about that aspect of it.  I only use GNU/Linux so I'm familiar with /dev/random and /dev/urandom.  In my case, however, I generated an address with a java program which most likely used the java rng lib.  Because the particular program is open-source, I can check on that, which is nice.

I like the suggestion earlier in the thread about pointing a camera at a lavalamp---funny, if impractical.
member
Activity: 94
Merit: 10
April 24, 2014, 06:36:54 PM
#13
shorena thanks so much for that reply, it really helped a lot!

I wanted to split my cold storage into different addresses, figured for security in case one were to get compromised.  But, if I make a single address as a main cold storage address, can I use it to make future deposits as well or do I have to worry about anything?
hero member
Activity: 672
Merit: 500
April 24, 2014, 04:08:19 PM
#12
I am planning on using Electrum for cold storage. I will take a note of the word seeds and the 5 addresses, then uninstall electrum completely. I will then add those 5 addresses as 'view only' in blockchain wallet, and send funds to them for long term storage.

It would be much better to just run Electrum on an airgapped computer and use your Master Public Key to create a view only on an Electrum connected to the internet (then sign your txs offline). Otherwise if you ever need to send funds you'll have to install Electrum again add the seed and broadcast the transaction by connecting to the net (which isn't really cold storage anymore) and then uninstalling again. Are you committing the 12 words to memory - or are you keeping paper copies as well (possibly at least one in a fireproof safe/bank safe deposit box)?

Your suggestion seems too complicated for me.  Cheesy
I will keep 2 copies of the word seeds in envelopes, one at home and the other in my brother's
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
April 24, 2014, 01:18:19 AM
#11
As long as someone is not accidentally generating your private key, u r safe Smiley

Are there reports of this sort of thing happening?  If so, I wonder where I can read an overview of the issue.  I'd like to reconsider now my own cold wallet.  I know which program and version of the program that I generated it with.  Now I want to make sure there was an appropriate randomness.  Any suggestions?

Well this mainly is a problem with brain wallets and the fact that humans are a bad source of randomness.

https://bitcointalksearch.org/topic/stop-the-correct-horse-battery-staple-debacle-299156

With the revelations by Snowden it was also shown that RNG are a good way for the NSA (and other organisations) to weaken the strength of an encryption. I learned this morning that Windows is also able to take further input when generating a random number. Dont know if this is common knowledge.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942%28v=vs.85%29.aspx

All in all. If you want to check that, research the programm and version you used and see where they take their randomness from. Usually this will be a libary or an OS source. You can then research these sources.
Usually randomness is taken from mouse/keyboard input, from network traffic (which might be a bad idea, because this might be manipulated) and from the HDD (not SSD though).

Edit oh and also randomness from allready random data, e.g. Private keys. I am not sure yet whether thats a good idea or not
hero member
Activity: 742
Merit: 502
Circa 2010
April 23, 2014, 09:32:20 PM
#10
I am planning on using Electrum for cold storage. I will take a note of the word seeds and the 5 addresses, then uninstall electrum completely. I will then add those 5 addresses as 'view only' in blockchain wallet, and send funds to them for long term storage.

It would be much better to just run Electrum on an airgapped computer and use your Master Public Key to create a view only on an Electrum connected to the internet (then sign your txs offline). Otherwise if you ever need to send funds you'll have to install Electrum again add the seed and broadcast the transaction by connecting to the net (which isn't really cold storage anymore) and then uninstalling again. Are you committing the 12 words to memory - or are you keeping paper copies as well (possibly at least one in a fireproof safe/bank safe deposit box)?
Pages:
Jump to: