Cold Storage Question before I jump in!

souspeed

full member

Activity: 154

Merit: 1000

Fica Tranquilo

Quote from: Abdussamad on May 01, 2014, 10:19:44 AM

Quote from: ?? on ??

I agree, for cold storage learn to use paper wallets, make multiple copies and hide at different locations.

For instance under your mattress. Maybe in the freezer cause it's called cold storage, right?

Well preferably in different buildings, e.g. in case of fire you want a separate copy somewhere else.
And as already mentioned it is best to split your bitcoin over several wallets for convenience as well as added security.
Furthermore; inform someone you can trust about your bitcoin, so your bitcoin isn't lost in case something happens to you.

Abdussamad

legendary

Activity: 3682

Merit: 1580

Quote from: Dabs on May 01, 2014, 08:57:52 AM

Quote from: tspacepilot on May 01, 2014, 02:09:40 AM

Right, well I guess that is one way to be "hardcore" but I think the point here i just to provide an initial random seed to an otherwise and deterministic procedure. It seeems to me that if you are taking hashes of random media (or, IMHO, just sampling from /dev/urandom) you should be fine. Am I missing anything crucial?

Well, you want as many different sources as possible since any amount of good or decent randomness gets mixed in to the final private key. Your camera, your picture, your file, is about as good as it gets.

It's actually overkill, as you can use any of the apps or scripts I have mentioned above, as well as bitaddress.org

I suggest taking a picture of your turds and using those. Turds tend to be very random.

Abdussamad

legendary

Activity: 3682

Merit: 1580

Quote from: ?? on ??

I agree, for cold storage learn to use paper wallets, make multiple copies and hide at different locations.

For instance under your mattress. Maybe in the freezer cause it's called cold storage, right?

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: tspacepilot on May 01, 2014, 02:09:40 AM

Right, well I guess that is one way to be "hardcore" but I think the point here i just to provide an initial random seed to an otherwise and deterministic procedure. It seeems to me that if you are taking hashes of random media (or, IMHO, just sampling from /dev/urandom) you should be fine. Am I missing anything crucial?

Well, you want as many different sources as possible since any amount of good or decent randomness gets mixed in to the final private key. Your camera, your picture, your file, is about as good as it gets.

It's actually overkill, as you can use any of the apps or scripts I have mentioned above, as well as bitaddress.org

boumalo

legendary

Activity: 1918

Merit: 1018

Quote from: ?? on ??

Quote from: boumalo on April 23, 2014, 12:32:01 PM

Why not use a paper wallet?

https://www.bitaddress.org is supposed to be safe

I agree, for cold storage learn to use paper wallets, make multiple copies and hide at different locations.

You can make paper wallets with blockchain has well or with electrum

I like the idea of having my bitcoins on 2 or 3 different addresses, it is easier if you want to spend/sell some

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

Quote from: Dabs on May 01, 2014, 01:38:52 AM

Quote from: tspacepilot on April 29, 2014, 12:19:21 PM

I suppose that any sort of media file hashed would be a relatively good source of random bits, but I'm not an expert in this topic. If it were me, I'd be sure to either use a whole file or some portion of it which is definitely not a header (first bytes of many filetypes are going to be the same for every file of that type).

Don't use a picture that is already posted on the internet, and don't use a song from the top charts. (actually, don't use any song unless you are sure you are the only person who recorded it.)

Definitely don't use a recent movie even if it never won a grammy award.

But just in case you do, make sure your equipment goes through an analog portion. So there is some noise introduced.

I tell you what I will do when I get my new DSLR, is I'm going to go around town and take pictures until the memory card is full. Copy those files to an offline computer. Then hash each one of them.

To be hard core, use the RAW format of your camera, if it is available, or the highest resolution.

Good luck with anyone figuring out 24 megapixels of data.

Right, well I guess that is one way to be "hardcore" but I think the point here i just to provide an initial random seed to an otherwise and deterministic procedure. It seeems to me that if you are taking hashes of random media (or, IMHO, just sampling from /dev/urandom) you should be fine. Am I missing anything crucial?

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: tspacepilot on April 29, 2014, 12:19:21 PM

I suppose that any sort of media file hashed would be a relatively good source of random bits, but I'm not an expert in this topic. If it were me, I'd be sure to either use a whole file or some portion of it which is definitely not a header (first bytes of many filetypes are going to be the same for every file of that type).

Don't use a picture that is already posted on the internet, and don't use a song from the top charts. (actually, don't use any song unless you are sure you are the only person who recorded it.)

Definitely don't use a recent movie even if it never won a grammy award.

But just in case you do, make sure your equipment goes through an analog portion. So there is some noise introduced.

I tell you what I will do when I get my new DSLR, is I'm going to go around town and take pictures until the memory card is full. Copy those files to an offline computer. Then hash each one of them.

To be hard core, use the RAW format of your camera, if it is available, or the highest resolution.

Good luck with anyone figuring out 24 megapixels of data.

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Someone made a dice2key app, (with source code) and also a paperwallet app (I think it was Deep Celeron)

Here are a few I found after some quick googling:

https://raw2.github.com/swansontec/dice2key/master/dice2key.sh

https://bitcointalk.org/index.php?topic=297077.25

https://bitcointalksearch.org/topic/m.3197393 (This is my post in the same thread.)

https://bitcointalksearch.org/topic/ann-python-paper-wallet-generator-with-strong-randomness-361092 (Paper wallet app)

Or you could always use vanitygen (make sure to use compressed keys) so you have your custom cold storage that begins with 1COLDSTORAGExyxyzxyxyxyzxy or whatever you prefer.

The camera thing and files, and sound recording .... just for fun I guess.

Abdussamad

legendary

Activity: 3682

Merit: 1580

Quote from: Dannie on April 30, 2014, 05:05:16 AM

Quote from: Dabs on April 24, 2014, 07:52:54 PM

There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

I know how to calculate the sha256 hash of my files, but how am I going to get my private key and bitcoin address from it?

bitaddress.org -> wallet details tab -> paste in sha256 hex.

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

Quote from: Dannie on April 30, 2014, 05:05:16 AM

Quote from: Dabs on April 24, 2014, 07:52:54 PM

There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

I know how to calculate the sha256 hash of my files, but how am I going to get my private key and bitcoin address from it?

The idea is that you use the random number as a seed for generating a bitcoin address. There are some other threads about how to generate a bitcoin address by hand.

Dannie

legendary

Activity: 910

Merit: 1000

Quote from: Dabs on April 24, 2014, 07:52:54 PM

There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

I know how to calculate the sha256 hash of my files, but how am I going to get my private key and bitcoin address from it?

activebiz

hero member

Activity: 518

Merit: 500

It should stay safe As long as the wallet stays offline. And the private keys are safe

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

Quote from: byt411 on April 29, 2014, 11:03:33 AM

Quote from: Dabs on April 24, 2014, 07:52:54 PM

There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

There's also another one, which is quite a good idea, which involves recording random sounds in the street and then hashing it.

I suppose that any sort of media file hashed would be a relatively good source of random bits, but I'm not an expert in this topic. If it were me, I'd be sure to either use a whole file or some portion of it which is definitely not a header (first bytes of many filetypes are going to be the same for every file of that type).

byt411

hero member

Activity: 798

Merit: 1000

Quote from: Dabs on April 24, 2014, 07:52:54 PM

There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

There's also another one, which is quite a good idea, which involves recording random sounds in the street and then hashing it.

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

Quote from: shorena on April 24, 2014, 01:18:19 AM

Quote from: tspacepilot on April 23, 2014, 04:53:53 PM

Quote from: BitCoinDream on April 23, 2014, 02:44:29 PM

As long as someone is not accidentally generating your private key, u r safe

Are there reports of this sort of thing happening? If so, I wonder where I can read an overview of the issue. I'd like to reconsider now my own cold wallet. I know which program and version of the program that I generated it with. Now I want to make sure there was an appropriate randomness. Any suggestions?

Well this mainly is a problem with brain wallets and the fact that humans are a bad source of randomness.

https://bitcointalksearch.org/topic/stop-the-correct-horse-battery-staple-debacle-299156

With the revelations by Snowden it was also shown that RNG are a good way for the NSA (and other organisations) to weaken the strength of an encryption. I learned this morning that Windows is also able to take further input when generating a random number. Dont know if this is common knowledge.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942%28v=vs.85%29.aspx

All in all. If you want to check that, research the programm and version you used and see where they take their randomness from. Usually this will be a libary or an OS source. You can then research these sources.
Usually randomness is taken from mouse/keyboard input, from network traffic (which might be a bad idea, because this might be manipulated) and from the HDD (not SSD though).

Edit oh and also randomness from allready random data, e.g. Private keys. I am not sure yet whether thats a good idea or not

Yes, thanks for this writeup. Very informative. I see what you mean about this being an issue mainly with brainwallets.

In my case, I don't use Windoze so I'm not really worried about that aspect of it. I only use GNU/Linux so I'm familiar with /dev/random and /dev/urandom. In my case, however, I generated an address with a java program which most likely used the java rng lib. Because the particular program is open-source, I can check on that, which is nice.

I like the suggestion earlier in the thread about pointing a camera at a lavalamp---funny, if impractical.

martinw79

member

Activity: 94

Merit: 10

shorena thanks so much for that reply, it really helped a lot!

I wanted to split my cold storage into different addresses, figured for security in case one were to get compromised. But, if I make a single address as a main cold storage address, can I use it to make future deposits as well or do I have to worry about anything?

PolarPoint

hero member

Activity: 672

Merit: 500

Quote from: Light on April 23, 2014, 09:32:20 PM

Quote from: PolarPoint on April 23, 2014, 05:40:19 PM

I am planning on using Electrum for cold storage. I will take a note of the word seeds and the 5 addresses, then uninstall electrum completely. I will then add those 5 addresses as 'view only' in blockchain wallet, and send funds to them for long term storage.

It would be much better to just run Electrum on an airgapped computer and use your Master Public Key to create a view only on an Electrum connected to the internet (then sign your txs offline). Otherwise if you ever need to send funds you'll have to install Electrum again add the seed and broadcast the transaction by connecting to the net (which isn't really cold storage anymore) and then uninstalling again. Are you committing the 12 words to memory - or are you keeping paper copies as well (possibly at least one in a fireproof safe/bank safe deposit box)?

Your suggestion seems too complicated for me. Cheesy

I will keep 2 copies of the word seeds in envelopes, one at home and the other in my brother's

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: tspacepilot on April 23, 2014, 04:53:53 PM

Quote from: BitCoinDream on April 23, 2014, 02:44:29 PM

As long as someone is not accidentally generating your private key, u r safe

Are there reports of this sort of thing happening? If so, I wonder where I can read an overview of the issue. I'd like to reconsider now my own cold wallet. I know which program and version of the program that I generated it with. Now I want to make sure there was an appropriate randomness. Any suggestions?

Well this mainly is a problem with brain wallets and the fact that humans are a bad source of randomness.

https://bitcointalksearch.org/topic/stop-the-correct-horse-battery-staple-debacle-299156

With the revelations by Snowden it was also shown that RNG are a good way for the NSA (and other organisations) to weaken the strength of an encryption. I learned this morning that Windows is also able to take further input when generating a random number. Dont know if this is common knowledge.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942%28v=vs.85%29.aspx

All in all. If you want to check that, research the programm and version you used and see where they take their randomness from. Usually this will be a libary or an OS source. You can then research these sources.
Usually randomness is taken from mouse/keyboard input, from network traffic (which might be a bad idea, because this might be manipulated) and from the HDD (not SSD though).

Edit oh and also randomness from allready random data, e.g. Private keys. I am not sure yet whether thats a good idea or not

Light

hero member

Activity: 742

Merit: 502

Circa 2010

Quote from: PolarPoint on April 23, 2014, 05:40:19 PM

I am planning on using Electrum for cold storage. I will take a note of the word seeds and the 5 addresses, then uninstall electrum completely. I will then add those 5 addresses as 'view only' in blockchain wallet, and send funds to them for long term storage.

It would be much better to just run Electrum on an airgapped computer and use your Master Public Key to create a view only on an Electrum connected to the internet (then sign your txs offline). Otherwise if you ever need to send funds you'll have to install Electrum again add the seed and broadcast the transaction by connecting to the net (which isn't really cold storage anymore) and then uninstalling again. Are you committing the 12 words to memory - or are you keeping paper copies as well (possibly at least one in a fireproof safe/bank safe deposit box)?

PolarPoint

hero member

Activity: 672

Merit: 500

I am planning on using Electrum for cold storage. I will take a note of the word seeds and the 5 addresses, then uninstall electrum completely. I will then add those 5 addresses as 'view only' in blockchain wallet, and send funds to them for long term storage.

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

Quote from: BitCoinDream on April 23, 2014, 02:44:29 PM

Quote from: martinw79 on April 23, 2014, 10:15:31 AM

I am ready to put some of my BTC holdings into a couple different cold storage wallets. I went through the process already moving around a few mBits as tests, created the keys on an offline PC, sent real funds, then ran an import in bitcoin-qt, all good there!

My concern is this, If I move a few BTC into individual 1BTC wallets, do I have to worry about any Change Address issues if I simply ignore them completely for a long time? Assuming my private keys are kept safe over time, is there any way I can lose funds this way? I do not plan on making further deposits into any of these wallets, if my funds grow I will keep another hot wallet or setup more cold storage. I also do not plan on withdrawing funds at any time, when I do it will be a full sweep per wallet.

Before I proceed with sending my hard earned mining BTC to each address, I want to make sure I take all the proper precautions, any help from you BTC pros is greatly appreciated.

Huh

As long as someone is not accidentally generating your private key, u r safe

Are there reports of this sort of thing happening? If so, I wonder where I can read an overview of the issue. I'd like to reconsider now my own cold wallet. I know which program and version of the program that I generated it with. Now I want to make sure there was an appropriate randomness. Any suggestions?

Hash72

sr. member

Activity: 294

Merit: 250

★YoBit.Net★ 350+ Coins Exchange & Dice

Quote from: boumalo on April 23, 2014, 12:32:01 PM

Why not use a paper wallet?

https://www.bitaddress.org is supposed to be safe

I totally Agree with you , paper wallet and the cold storage are the same except you use printed paper for the #1 and a Flash for #2
the blow links may help you a little
https://www.youtube.com/watch?v=I1uefzJJ6nM
https://blockchain.info/wallet/paper-wallet-tutorial-web
http://www.reddit.com/r/Bitcoin/comments/22cwdx/noob_questions_about_cold_storage_dont_upvote/

Thanks

BitCoinDream

legendary

Activity: 2394

Merit: 1216

The revolution will be digital

Quote from: martinw79 on April 23, 2014, 10:15:31 AM

I am ready to put some of my BTC holdings into a couple different cold storage wallets. I went through the process already moving around a few mBits as tests, created the keys on an offline PC, sent real funds, then ran an import in bitcoin-qt, all good there!

My concern is this, If I move a few BTC into individual 1BTC wallets, do I have to worry about any Change Address issues if I simply ignore them completely for a long time? Assuming my private keys are kept safe over time, is there any way I can lose funds this way? I do not plan on making further deposits into any of these wallets, if my funds grow I will keep another hot wallet or setup more cold storage. I also do not plan on withdrawing funds at any time, when I do it will be a full sweep per wallet.

Before I proceed with sending my hard earned mining BTC to each address, I want to make sure I take all the proper precautions, any help from you BTC pros is greatly appreciated.

Huh

As long as someone is not accidentally generating your private key, u r safe

tspacepilot

legendary

Activity: 1456

Merit: 1081

I may write code in exchange for bitcoins.

As long as your private keys are safe there shouldn't be any problem. As I understand it you'll only need to move funds out of these wallets if you ever want to spend them. At that time, simply import your private keys to a wallet program and generate the transaction you desire. Seems like you've done your due dilligence, I think you'll be fine.

shorena

copper member

Activity: 1498

Merit: 1528

No I dont escrow anymore.

Quote from: martinw79 on April 23, 2014, 10:15:31 AM

I am ready to put some of my BTC holdings into a couple different cold storage wallets. I went through the process already moving around a few mBits as tests, created the keys on an offline PC, sent real funds, then ran an import in bitcoin-qt, all good there!

Good, testing is important.

Quote from: martinw79 on April 23, 2014, 10:15:31 AM

My concern is this, If I move a few BTC into individual 1BTC wallets, do I have to worry about any Change Address issues if I simply ignore them completely for a long time?

Change only occures if you send coins, not if you receive them. So youd only have to worry about the wallet you send to coins from and not about the cold wallet you send the coins to.

Quote from: martinw79 on April 23, 2014, 10:15:31 AM

Assuming my private keys are kept safe over time, is there any way I can lose funds this way?

Yes, if your private keys are the result of a bad random generation. E.g. you choose a brainwallet with "correct horse battery staple" as seed. What I liked best is the idea to point your camera at a lava lamp to take that as a source of randomness. I dont know how good a source of randomness it is, but it sounds good. If you generate a new wallet with bitcoin core it uses the random number generator (RNG) of your OS. So you might want to look into that. For other wallets they might take different RNG. Probably worth checking that out. Just in case.

Quote from: martinw79 on April 23, 2014, 10:15:31 AM

I do not plan on making further deposits into any of these wallets, if my funds grow I will keep another hot wallet or setup more cold storage. I also do not plan on withdrawing funds at any time, when I do it will be a full sweep per wallet.

Full sweep = no problems with change

Quote from: martinw79 on April 23, 2014, 10:15:31 AM

Before I proceed with sending my hard earned mining BTC to each address, I want to make sure I take all the proper precautions, any help from you BTC pros is greatly appreciated.
Huh

boumalo

legendary

Activity: 1918

Merit: 1018

Why not use a paper wallet?

https://www.bitaddress.org is supposed to be safe

byt411

hero member

Activity: 798

Merit: 1000

There shouldn't be a problem, change addresses are used if you partially retrieve the funds from your cold wallet.

martinw79

member

Activity: 94

Merit: 10

I am ready to put some of my BTC holdings into a couple different cold storage wallets. I went through the process already moving around a few mBits as tests, created the keys on an offline PC, sent real funds, then ran an import in bitcoin-qt, all good there!

My concern is this, If I move a few BTC into individual 1BTC wallets, do I have to worry about any Change Address issues if I simply ignore them completely for a long time? Assuming my private keys are kept safe over time, is there any way I can lose funds this way? I do not plan on making further deposits into any of these wallets, if my funds grow I will keep another hot wallet or setup more cold storage. I also do not plan on withdrawing funds at any time, when I do it will be a full sweep per wallet.

Before I proceed with sending my hard earned mining BTC to each address, I want to make sure I take all the proper precautions, any help from you BTC pros is greatly appreciated.

Huh

Topic: Cold Storage Question before I jump in! (Read 1705 times)