Topic: Electrum Cold Storage - page 2. (Read 2507 times)

Yes, but to be completely safe you should format your laptop and install clean OS after you've done these steps. So that there are no traces of your wallet/password on your laptop and no malware can mess with it. If you don't want to format machine, you can use live Ubuntu USB drive as someone suggested above.



No need. 12 word is much more secure than you would think.

Uh, this is getting more and more confusing. Wish there was an easier way.

I'm actually just thinking of completely wiping my laptop and using disk recovery to restore it to the fabric settings (like a brand new laptop/data).
Then installing offline wallet on it, setting up a watch-only on main PC, sending money to it and wiping the laptop again to fabric settings.
This way i have wallet set up on a brand new PC with no malware, and just for a maximum of 1 hour. Then i wipe the laptop and can recover the wallet at any time with 12 word key.

So technically i do not even need to save the bitcoin wallet files because i can always recover the funds using the 12 words key.

This sounds the most easy to me and wouldn't take more than 30 minutes honestly. Especially that i won't be moving funds on this wallet for 6 months and at that time i plan to swap to paper wallet too.

I suspect this is why you need two pendrives to install Tails... as you can only install "actual" Tails from another Tails install... If you have windows, you first have to download and install an intermediary Tails on one pendrive, then boot from that and then install your actual Tails on the 2nd pendrive... a bit convoluted, but you're trading security for convenience.

After you have it setup... Tails should be safe from your Main OS as it it designed so that it doesn't attempt to mount and/or use other drives on your system unless you configure it to do so. Likewise with the networking side of it... You can disable all networking during boot.

The only other vector for attack that I can think of is some sort of BIOS based malware... I'm not aware of anything that advanced, but I'm sure someone is working on it.

Thanks a lot for your replies mate, really appreciate it!
Last question if you're still around, can Tails get infected by main OS in any way? I always keep my PC clean and have antivirus enabled all the time. I'm almost certain that my PC is not infected, but it's better to assume otherwise.

Therefore i'm not sure if i can just run it on pendrive and boot it on my PC that already has Windows 10 installed, then just choose for it to boot from pendrive.

Yup,, just boot tails as a LiveCD. The 12 words seed is all you need to get into your wallet.

You're not the only one that thinks that way so I'll break it down for you, its quite simple. For a 12 word seed, there are 2049 possible english words. With the English words, there are 2049^12 possible combination of seeds. Assuming I can bruteforce seeds at 1 million seeds per second, I can run through 3.1536x10^13 seeds per year. I'll be able to run through the possible seeds in 1.7365884x10^26 years. In comparison, we have  7.5 x 10^18 grains of sand on earth.

So just download Tails and do exactly the same thing just with cold wallet(no internet) on Tails and watch-only on a PC that's online.
Then store the wallet file on pen drives and remember + save the 12 word seed on a piece of paper in case of emergency.

That's gonna work and will be safe, right? Also, just wondering if the 12 word seed is the only thing that is required to get into a wallet, then isn't that not so safe?
There has to be at least 50-100 milion of people using etherum so it shouldn't be so hard to get into at least 1 wallet with random 10-20 combinations you write, no?

It is possible for the host machine to infect the virtual machine, its harder the other way round. Anyways, it is possible for the malware to record the screen and get your 12 word seed. Use one of your pendrives to run a live copy of Tails and you will be fine.

You can do whatever you want with the VM and the pendrive, just remember the 12 word seed. It is the most important thing in the Electrum cold storage. Pen drives can be prone to failure so I don't really recommend using them.

Okay, that is definitely a problem because i do not own a printer.

Back to the Electrum idea then, technically i could just:

1. Create a virtual machine that is disconnected from internet, this way i have a fresh installed Windows with no malware on it and separated from original system (no malware from original one can infect the VM).
2. Create a wallet on it and use the master public key to create a watch-only wallet on my online PC.
3. Then copy the address and send all btc i want to invest to that address.
4. Then copy the offline wallet file onto lets say 3 different pen drives and store them for a few years.

That would work fine, i guess? Or at least for a few months until i decide to switch to paper wallet.
This way i should not be infected/exposed to any kind of malware, i would be doing it offline as well and i would have it safely stored on 3 different pen drives that would work just as a BTC Storage, like the paper wallet.

Sorry for jumping from Electrum to Paper and then Electrum again but seems like paper is unavailable to me at the moment, though i definitely will change to it sooner or later as it seems best fit for me.
Just wondering if i'm missing anything with Electrum, do not want to wake up one day with my BTC wallet emptied out  

Also, am i allowed to just delete this virtual machine completely afterwards along with the wallet program, and then in future (lets say a year) restore the wallet with just the wallet file i stored on my pendrive?

This website has some great resources and templates for paper wallets: https://bitcoinpaperwallet.com/

They have an offline version to download and run on an offline computer to prevent security issues. Additionally they have warnings if you're not offline... a good FAQ about security of paper wallets... a tutorial video... basically, everything you need to know about paper wallets!

If you don't have your own printer... then paper wallets become a bit more difficult... you'd be able to use the software to generate the appropriate keys/addresses etc... but you'd need to transcribe it all onto paper by hand to be safe...

As you have already recognised, using an online service and/or print shop is a massive security risk!

The only issue with BIP38 is that it isn't well supported by any of the mainstream bitcoin wallets... you'd need to make sure that you saved copies of the software used to generate the BIP38 wallets, so that you can then decrypt them as and when required.

Yes. Just remember to send the coins to a new paper wallet for the best security.
Yup. It is impossible to hack a paper wallet if its generated in an air-gapped environment with sufficient entropy. You don't have to worry that much about printing a paper wallet on a printer that you don't own. It isn't that secure to do so but it would be sufficient to just encrypt your paper wallet with a password that you can remember using BIP38. You should store backups of your paper wallet and password in various places.

Thanks for both of your replies guys, really appreciate because it gave me good insight on how everything works.
I think i almost committed a grave mistake of playing around with cold Electrum instead of doing a paper wallet, as it seems it fits me best.
I plan on investing so i won't be using the funds on that wallet for a long time, i will only add more funds to it.

If something happens to bitcoin market in future (crash or something else) i can always just import then the paper wallet into a cold storage and send money safely, right?
I'm looking through the forum now to find a decent description on how paper wallets exactly work and how to create one/how to store it properly.

I found a few good answers about how safe it is and some people even say that if the wallet was generated in no-internet environment then there's 0 chance of btc being stolen/hacked after years.
I just can't seem to find a good tutorial on how to do create a paper wallet and how to print it as well, as i understand in order to print i'd have to connect to internet and i also can't imagine myself walking to a printing shop asking to print a btc wallet for me that contains 5 bitcoins.

Yeah, you'd be better off creating a small live Linux bootable distro on the pendrive... install Electrum on it (do NOT create the wallet yet) and then configure it so that all the networking features are disabled at boot time.

Once you've got it configured to be offline... boot off the pendrive, and setup your wallet in Electrum... noting the public address(es) as required. Backup the generated seed to paper and put it somewhere safe and secure. Shut down, remove the pendrive.

Then on an online computer, install Electrum, create a "watching only" wallet using the public addresses that you noted down.

This should effectively create a system that is effectively "air gapped".

If you want to send coins, create an unsigned transaction from the watching only wallet, put it on a 2nd usb stick. Then boot your distro from the bootable pendrive, sign the transaction on the 2nd usb stick. Shutdown, reboot into your online OS and broadcast the transaction.

A little convoluted and time consuming, but the increase in security is quite significant. Your private keys effectively never go near an online machine.

It's a concept but it may be possible for malwares to store your private keys while its offline and broadcast it online. You can use a live distribution of Linux[1] and install Electrum on it.

Your procedure will work but it isn't the best of the best way. If you don't spend your cold storage frequently, I would recommend you to just create a paper wallet. Unlike pen drives, it is harder to destroy paper when stored properly. Of course, the 12 seed word would suffice as a backup and it isn't really necessary to have the wallet file.

Paper wallets have QR codes and it's arguably much easier to send Bitcoins to it. I would recommend you to get an offline copy of bitaddress.org[2] and create and print the paper wallet.

Setting your client to include more word to the seed can reduce the chances of a collision but 12 words is enough and it won't really help.

[1] https://tails.boum.org/
[2] https://github.com/pointbiz/bitaddress.org

Hey,

I'm using online wallets for small daily/weekly transactions but i want to safely store some bitcoins on cold storage, fairly new to it though and not sure if my assumptions are correct.
I decided to go with Electrum and in another thread someone linked a step by step guide on there: http://docs.electrum.org/en/latest/coldstorage.html

I do own a laptop but i don't want to turn him into a bitcoin storage, and i don't want to get another one just for that. I don't want to buy devices of any sort, just store the wallet offline/cold.
I have 2 pen drives, and i do plan to use this wallet just to store bitcoins, not gonna withdraw or do any transactions on it for at least 3 years.

So i was thinking to disconnect myself completely from the network, install electrum wallet, create an address to receive bitcoins and send bitcoins from my online wallet to the electrum one that's still not connected to internet. Then ignore updating and just save the wallet file on pen drives along with 12 word password, also noting the 12 word password on some paper.

Would that do the trick? Would i still have the money on the wallet in a few years even though i did not update it before backing it up?
Is it smart to add more words to the 12 word password?