Easiest and most secure way to cold store bitcoins

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: unknowncustomer on April 07, 2022, 03:25:46 AM

- Install Linux TailsOS through an USB key

Tails isn't meant to be installed, but rather ran directly from the USB drive. When you remove the USB drive, all activity from that session is wiped unless you have set up persistent storage.

Quote from: unknowncustomer on April 07, 2022, 03:25:46 AM

Question: should Electrum program be on the HDD (or SSD) of the computer or on the USB storage ? Does it change something ?

Tails has Electrum bundled in to it already. You will not have to download Electrum separately. It will run directly from the USB drive.

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: unknowncustomer on April 07, 2022, 03:25:46 AM

Question: should Electrum program be on the HDD (or SSD) of the computer or on the USB storage ? Does it change something ?

What I want is that when I plug the USB to the offline computer with the OS on it I can find Electrum on it like the last time.

With that, your initial concern persists because in events of a theft, if the USB flash Drive/PC is stolen, then your wallet files will be stolen as well.

If you still want that, Tails has the option to create a "persistent storage" where you can store the wallet file.
It's basically an encrypted storage in the USB flash drive which is exempted from Tail's "amnesia". It's protected by your admin password.
My suggestion is at least set a different password (strong ones) for the persistent storage and your Electrum.

unknowncustomer

jr. member

Activity: 48

Merit: 27

Exactly.

I expect to:
- Find an airgapped PC
- Install Linux TailsOS through an USB key
- Install Electrum and create the seed.

Question: should Electrum program be on the HDD (or SSD) of the computer or on the USB storage ? Does it change something ?

What I want is that when I plug the USB to the offline computer with the OS on it I can find Electrum on it like the last time.

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

If you're going for a live-OS as suggested by NeuroticFish, I'd recommend my personal favorite: TailsOS (tails.boum.org).

Booting it up and restoring the seed every time you need to sign takes a few minutes but your bitcoins will be safe even if the flash drive or cold-storage PC got stolen.
The only factor that you can be hacked is through the seed phrase so do your best to remember it so you wont have to keep the paper backup in an accessible storage.

dkbit98

legendary

Activity: 2212

Merit: 7064

Cashback 15%

Quote from: unknowncustomer on April 06, 2022, 03:17:05 AM

I want to keep things simple but as unbreakable as possible.

You can't really have both simple easiest and most secure option all in one for storing bitcoin.
Easiest cold storage would be some open source air-gapped hardware wallet or signing device, with seed phrase backup stored on paper or metal.
I like the idea of having mini-computers like this used only for this purpose, and this is easiest option for you, but I won't say it's most secure.
Most secure option is more complex and you need to know what you are doing, one mistake could mean losing of your coins.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: unknowncustomer on April 06, 2022, 05:41:47 AM

But If I get robbed, someone steals the offline computer and discover my electrum password I am dead right ?

Most good Linux OSs come with the option of enabling full disk encryption when you install them. Pick a long and complex encryption key, and anyone who steals your airgapped computer won't even be able to see that you have Electrum installed on it, let alone try to steal your coins. The other option is as NeuroticFish has said, where you only use a live OS with no persistence on the airgapped device, use that to create your wallet and write down your seed phrase, and then import your wallet from a paper copy of your seed phrase every time you want to access it.

Alternatively, if you have access to multiple airgapped devices, you can set up a multi-sig wallet, meaning an attacker would need to steal and compromise two or more devices to access your wallet.

NeuroticFish

legendary

Activity: 3500

Merit: 6205

Looking for campaign manager? Contact icopress!

Quote from: unknowncustomer on April 06, 2022, 05:41:47 AM

I am technologically knowledged to set up both an offline wallet and an watch-only wallet.
But If I get robbed, someone steals the offline computer and discover my electrum password I am dead right ?

If you plan to HODL, i.e. won't actually spend the coins, you can write down and save safely in multiple places the recovery seed, keep the watch only wallet and wipe the offline computer (or use a live OS from start for the cold storage).
If you indeed want to spend and use the cold storage then you have options like:
* use an OS with strongly encrypted HDD
* use live OS with no persistence (just then you'll have to access often the seed, hence sub-optimal)
* use a strong password for your wallet and make sure you can move the coins to safety in a timely manner after the cold storage theft is noticed (using the seed backup)

So if you use a hard-to-discover long password (or phrase) you're not "dead", even in case of theft.

LE:
Also keep in mind that the "offline computer" can actually be an-OS-on-an-USB stick, which can be hidden easier and doesn't look that valuable as a laptop.

unknowncustomer

jr. member

Activity: 48

Merit: 27

I am technologically knowledged to set up both an offline wallet and an watch-only wallet.
But If I get robbed, someone steals the offline computer and discover my electrum password I am dead right ?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: unknowncustomer on April 06, 2022, 03:17:05 AM

I currently use Electrum and I am very satisfied with the software.

I want to keep things simple but as unbreakable as possible.

Do you have an old computer or laptop you no longer use? How technical minded are you? Could you open up an old device and remove the WiFi card? Could you format the hard drive and install a new operating system? If you could do these things, then I would set up this old computer as an encrypted airgapped device and install Electrum on it, with a watch only wallet on your main computer. This takes a bit of time to set up, but is easy to use and very secure once set up.

If you don't think you could achieve the above, then the next best option would be a reputable open source hardware wallet.

NeuroticFish

legendary

Activity: 3500

Merit: 6205

Looking for campaign manager? Contact icopress!

Quote from: unknowncustomer on April 06, 2022, 03:17:05 AM

I want to keep things simple but as unbreakable as possible.

The correct method for not getting your funds stolen is keeping the actual keys/seed offline.
As said, one method at hand is Electrum as cold storage, and keep in mind that the cold storage must remain offline forever (if you must go online, that wallet/system must be wiped out first).
If setting up a cold storage is a difficult task for you, next best option is acquiring hardware wallet (but please do some reading on the topic before spending money)

nc50lc

legendary

Activity: 2394

Merit: 5531

Self-proclaimed Genius

Quote from: unknowncustomer on April 06, 2022, 03:17:05 AM

I currently use Electrum and I am very satisfied with the software.

If it's good enough for you then why switch?
Or are you using it only as a "hot wallet"?

Because it can be set-up as a cold-storage: electrum.readthedocs.io/en/latest/coldstorage

unknowncustomer

jr. member

Activity: 48

Merit: 27

Hello all,

I am looking for the most secure but also easy way to cold store my bitcoins.

Actually I don't want to use a custody as they would own my private key.

I currently use Electrum and I am very satisfied with the software.

I want to keep things simple but as unbreakable as possible.

Topic: Easiest and most secure way to cold store bitcoins (Read 204 times)