I've been lurking here for a while and after reading about wallets, and all the recent thefts, and a bit about cold storage. I haven't taken the plunge into cold storage yet, so feel free to destroy my points here. Also I have a ton of questions too, so would appreciate some answers.
Basically, my goal is to understand what proper bitcoin storage would mean, and what solid ways there are for the general public. No I don't mean the few enthusiasts out there. It's the same thing how if your uncle asks you what new computer he should get, you don't tell him to build his own and get a GTX 790 or whatever. We're talking general public.
From what I know about cold storage, it seems a bit difficult to deal with.
- Not everyone has an offline computer. I have 4 computers in the house, 2 laptops (both online), 2 desktops, both online. I suppose I could use my NAS to create a VM and make a live CD. So here's where you think I'm a tech guy right? But no, I'm not that smart either. I'm a Linux noob and it'd probably take me forever to figure out how to install Electrum or Armory.
- Then what? Do a bunch of USB transfers? Sounds complicated, and a LOT of work.
- Lack of liquidity too. My fiat assets might not all be that liquidable, but selling stock is pretty straightforward, and even transferring emergency funds from a 3 months high interest savings account is pretty easy too.
Well what about a paper wallet you say? This is definitely easier. I can go to Bitaddress and print something quickly, but wait! I don't even have a printer at home. So what if I use the one at work? Uhh, that's like leaving a giant fingerprint left on the printer. And once again you ask what about getting a cheap printer to print at home? Once again I'm tasked with the issue of offline computers. The maybe so-so method would be to use a BIP38 address through Bitaddress as that's secure as hell (or so we think right?). I mean technically it's supposed to be secure enough where I can flaunt my Private Key, in which case, I'm probably somewhat OK printing at work.
So here's my take if I were to use paper wallets:
- Print a few Bitaddresses w/ BIP38 encryption and a STRONG password
- Store a PDF version encrypted with TrueCrypt on my Dropbox which has 2FA
- Hide the paper copy somewhere at home. I don't have a safe, nor do I think it makes sense unless people are putting their life savings away in BTC.
- I would avoid paper wallets unless I had BIP38, because I don't see a reasonable way to print stuff for me. Plus, without encryption protecting my private key, I feel like I would have to minimize the number of copies circulating around and therefore I think I'd be prone to misplacing copies
So I come back to Blockchain or Coinbase. Both have 2FA capabilities and Blockchain even has a 2nd password function. As much as enthusiasts say Blockchain is no good, isn't it technically pretty solid? No passwords stored on their servers, encryption done locally, blah blah blah. If one uses Blockchain with a STRONG password and 2FA, and even a second password, is there much to worry about? I guess there's a few weaknesses
- Emailed copies float around and if you have old copies with weaker passwords, this will be a weak link
- Wallet could be potentially taken offline to brute force attack
- Website or extension could be potentially compromised for MIM attacks. I find it disturbing Chrome auto updates extensions like that, but I suppose not all extensions are mission critical anyway, so I guess that's why they do it.
There's also the issue of a keylogger. Maybe it's a good habit at this point to use LastPass or something where you copy and paste the password in instead of typing it. I guess there's also the issue of whether or not you trust Blockchain, but it seems if you trust them, that if one doesn't have the password, then they're truly screwed. As for Coinbase, I didn't even touch on them, but given how they're in the US and the NSA is all over that stuff... eh I don't even know.
Anyway, at this point I just don't see a reasonable secure wallet storage method for most average people. Electrum and Armory are great, but you need vast resources. Paper wallets for the general public will be the equivalent of keeping a password written on a sticky note--easily misplaced, and likely not stored properly. Blockchain can be compromised with crappy passwords, but there are the right tools out there to effectively secure your Blockchain.
Anyway I'll stop ranting.