Topic: How to design a perfect cold storage? - page 2. (Read 6260 times)
even I haven't found out how the right design for perfect cold storage.do you have a solution?
suppose you have the following tools available;
1. Two trezor hardware wallets
2.offline bootable pc with ubuntu
3.bitaddress.org siteburned to a CD
1. Two trezor hardware wallets
2.offline bootable pc with ubuntu
3.bitaddress.org siteburned to a CD
There are laser engraving machines that are selling on Ebay for $71 now. They look like a little 3d printer and you can hold one in one hand.
This type of machine would allow putting keys and squarecodes on anodized aluminum plates or painted steel plates. They would burn through the paint or anodized layer.
I suggest this as a way to avoid all the issues of paper getting wet, mildewing, rotting, catching on fire, etc.
Although it's possible that an engraved steel or aluminum plate would not survive a fire with the engraving legible. Still a gigantic improvement.
Yes, this is the math that I followed previously. If it takes only up to 50 characters (I am personally not familiar with Trezors, so I do not know their limits) then somewhere around n^50 would be the maximum number of possible combinations where n is the number of accepted symbols. You can still use words and assuming that each word is around 6-7 characters in length you may be able to fit still 8-9 words in there which mathematically speaking still makes up a very strong password of up to 170K^9 possible combinations. Using just characters could be even more secure in this case, though.
Yeah, my bad. passphrase with 50 characters will be stronger because it has more combinations. 60 ^5 > 170 000
Passphrase is limited to 50 charachters on Trezor, so there could be a bit less words, is it still secure then? Also should you choose words with dice or just pick some sentence that makes sense just to you?
Maybe you mean "50 words" If that right, 170 000 ^ 50 combinations are possible.
If you mean "charachters" then we have (numbers of English letters + number of numbers + number of keyboard symbols) . It's very strong password as you could see) ^ 50
Also you may notice that mnemonic phrase is stronger than passphrase. mnemonic phrase has 170 000 ^ 10 possible combination while passphrase has 60 ^ 50 .
Yes, this is the math that I followed previously. If it takes only up to 50 characters (I am personally not familiar with Trezors, so I do not know their limits) then somewhere around n^50 would be the maximum number of possible combinations where n is the number of accepted symbols. You can still use words and assuming that each word is around 6-7 characters in length you may be able to fit still 8-9 words in there which mathematically speaking still makes up a very strong password of up to 170K^9 possible combinations. Using just characters could be even more secure in this case, though.
bleah...technological singularity along with the quantum computer make any arrangement pathetically
Passphrase is limited to 50 charachters on Trezor, so there could be a bit less words, is it still secure then? Also should you choose words with dice or just pick some sentence that makes sense just to you?
Maybe you mean "50 words" If that right, 170 000 ^ 50 combinations are possible.
If you mean "charachters" then we have (numbers of English letters + number of numbers + number of keyboard symbols) . It's very strong password as you could see) ^ 50
Also you may notice that mnemonic phrase is stronger than passphrase. mnemonic phrase has 170 000 ^ 10 possible combination while passphrase has 60 ^ 50 .
give your family an empty wallet. make a signed transaction, unbroadcasted in your safe deposit box. if you die, they can broadcast it to their wallet.
Nice idea. Never thought of that. How do I do it?give your family an empty wallet. make a signed transaction, unbroadcasted in your safe deposit box. if you die, they can broadcast it to their wallet.
The bank staff and family member can work together to steal your funds.For example, even a vault needs some usability in order to be a viable solution for storing your paper wallet.
When using a vault for cryptocurrencies, you can use OP's #7: "metalstamps" to just hammer the passphrase into the vault itself. Hammer it at the back, don't even lock it, no thief is going to steal a heavy wall-mounted empty metal box.I would start with creating the private key for the cold wallet with a coin or dice instead of a computer rng.
It may be worse way than using rng. Especially with coin 
What about cold storage on some services? I mean exchanges, web wallets etc.
Hot to protect funds there? Because there should be preset private keys to withdraw funds. Exactly it should be a hot wallet, but it's risky to store big funds there.
Hot to protect funds there? Because there should be preset private keys to withdraw funds. Exactly it should be a hot wallet, but it's risky to store big funds there.
Is leaving seed in unlocked place at friends house a risk if there is also strong passphrase on it or is there risk somebody could see seed and brute force it? Even keeping in bank safe seems a bit risky.
It would depend on what the passphrase to your seed is. If it is long and complex, say at least 12 characters including special characters and numbers, then you should have nothing to fear. The amount of time it would take for such a passphrase to be brute-forced is not within what you could call reasonably or efficient. You could also just use a set of words to end up with an even stronger passphrase. Given a strong passphrase, you should also feel fine about having multiple copies of it stored in different places. Just make sure that your passphrase and seed never meet, since anyone who has access to both of them at once can (and probably will) open your wallet and potentially steal your bitcoins. A physical copy of the seed and a brain copy of the passphrase is a good combination. Make sure not to forget about other possible attack vectors such as malware, however.
So if you find seed couldn't you rent out computer cluster and crack passphrase?
Not at all. You could get all the computing power in the world and it would still not be possible to crack it in any reasonable amount of time. And note that my definition of reasonably is very wide in this context. We're talking about being unable to crack a passphrase within a million years. Now, I have also heard from some that quantum computing may change things around in regards to cryptography, but I personally don't think in this situation it would matter. Of course, in the end it depends on how long and secure a passphrase you use. However, if you use 10 random words as your passphrase, you can rest assured that your seed will be safely protected and you have nothing to fear, as the difficulty in that is n^10 where n is the number of different possible words. Using any possible words in the English dictionary, currently around 170K, would result in 170,000^10, which results in 20159939004490000000000000000000000000000000000000000 or 2x10^52 possible combinations. In other words, don't worry about it.
Since it wasn't mentioned yet:
https://glacierprotocol.org/
I don't use the glacier protocol itself, but I have used something similar.
https://glacierprotocol.org/
I don't use the glacier protocol itself, but I have used something similar.
Is leaving seed in unlocked place at friends house a risk if there is also strong passphrase on it or is there risk somebody could see seed and brute force it? Even keeping in bank safe seems a bit risky.
It would depend on what the passphrase to your seed is. If it is long and complex, say at least 12 characters including special characters and numbers, then you should have nothing to fear. The amount of time it would take for such a passphrase to be brute-forced is not within what you could call reasonably or efficient. You could also just use a set of words to end up with an even stronger passphrase. Given a strong passphrase, you should also feel fine about having multiple copies of it stored in different places. Just make sure that your passphrase and seed never meet, since anyone who has access to both of them at once can (and probably will) open your wallet and potentially steal your bitcoins. A physical copy of the seed and a brain copy of the passphrase is a good combination. Make sure not to forget about other possible attack vectors such as malware, however.
What seems to be used for centuries to store value in a secure way when it comes to precious metals seems to come in handy here is well: vaults. When it comes to "perfect cold storage", I think that the term "perfect" is overrated. Any security policy is as weak as its usability requirements restrict it to be.
For example, even a vault needs some usability in order to be a viable solution for storing your paper wallet.
Ultimately, it all boils down to the actual amount of stored value. Certainly different volumes require different security approaches.
For example, even a vault needs some usability in order to be a viable solution for storing your paper wallet.
Ultimately, it all boils down to the actual amount of stored value. Certainly different volumes require different security approaches.
I was thinking about this earlier today. How to setup a perfect method of storing Bitcoin without any security flaws. I actually think it is a lot more complicated and maybe impossible. As long as you deal with physical external objects, they are bound to be able to get hacked. Therefore realistically memorizing your keys is the only way... and this is the most risky option as it relies 100% on your own self to remember them or not give them up if you were being tortured or something. What happens if you get dementia/Alzheimer's/Amnesia? For now I am sticking with offline-generated, laminated paper wallets. 
suppose you have the following tools available;
1. Two trezor hardware wallets
2.offline bootable pc with ubuntu
3.bitaddress.org siteburned to a CD
1. Two trezor hardware wallets
2.offline bootable pc with ubuntu
3.bitaddress.org siteburned to a CD
I would start with creating the private key for the cold wallet with a coin or dice instead of a computer rng.
It may be worse way than using rng. Especially with coin
Perhaps its better not to smoke for some time. Weed makes you paranoid sometime. Just kidding.
I think wiser idea will be not to store data physically in one place.
Implement some smart contract that will store keys to your wallets end send them to dedicated address if not accessed for some time.
The whole beauty of blockchain is that its distributed, never in some dedicated location under single jurisdiction, can store whatever you want. So why make it physical again?
I think wiser idea will be not to store data physically in one place.
Implement some smart contract that will store keys to your wallets end send them to dedicated address if not accessed for some time.
The whole beauty of blockchain is that its distributed, never in some dedicated location under single jurisdiction, can store whatever you want. So why make it physical again?
I am paranoid by design and by professional deformation.
Suppose you have the following tools available:
1. two Trezor hardware wallets
2. offline bootable PC with Ubuntu
3. bitaddress.org site burned to a CD
4. BIP39 passphrase and mnenomic code generator burned to CD
5. passguardian.org Shamirs secret sharing page burned to CD
6. offline printer to print and laminate paper wallets
7. metalstamps to stamp seeds/keys to metal plates if need be
8. two rented safe deposit boxes in two banks in two different European jurisdictions
How would you go about designing a "perfect" cold storage that should fulfill the following criteria:
1. be resistant to my death hence inheritable
2. be reistant to my amnesia
3. be resistant to being denied physical access to both safe deposit boxes
4. be resistant to malevolent staff opening the contents of the safe deposit boxes
5. be resistant to goverment confiscation/access denial to your safe deposit boxes
So basically I want no other entity (spouse, underage children, bank staff, evil government officials) to be able to spend my bitcoins as long as I am alive and with a functioning brain.
I also want to be able to comitt to memory a seed or an encryption method that would grant me access to bitcoins if I am not able to access the cold storage in safe deposit boxes.
Ultimately I would need to leave clear instructions in case of my death so that the family would be able to reconstruct access to those bitcoins.
I have some ideas but would like to hear flaws in my design.
1. PAPER WALLET ROUTE
One way to go about it would be to create paper wallets, print them offline, encrypt them with a strong passphrase (for example Diceware generated) using BIP38 and store them in two separate safe deposit boxes.
The secret passphrase would be easy to memorise for me and could be split using sharding into 3 pieces (2 safe deposit boxes and my home for example) so that you would need access to all of those in order to decrypt the paper wallets.
It prevents goverment or the bank staff from spending your bitcoins but if you find yourself unable to access the physical location of your paper wallets you are doomed.
2. TREZOR MNEMONIC SEED
You load your Trezor hardware wallet and stamp the seed on metal plates in a randomly generated order that you put in one safe. In another safe you put an encrypted message that is simply the order in which you have to put the mnemonic seed to be able to access bitcoins. You distribute the passphrase to unlock the order in the same way as in design No. 1.
You carry your Trezor with you (your home) hoping that even if it gets stolen nobody will be able to break the PIN.
This method has the advantage that with some memory technique you should be able to remember the seed yourself and reuse it should you be locked out of access to your safe deposit boxes.
Is all of this an overkill? Are there simpler ways?
Suppose you have the following tools available:
1. two Trezor hardware wallets
2. offline bootable PC with Ubuntu
3. bitaddress.org site burned to a CD
4. BIP39 passphrase and mnenomic code generator burned to CD
5. passguardian.org Shamirs secret sharing page burned to CD
6. offline printer to print and laminate paper wallets
7. metalstamps to stamp seeds/keys to metal plates if need be
8. two rented safe deposit boxes in two banks in two different European jurisdictions
How would you go about designing a "perfect" cold storage that should fulfill the following criteria:
1. be resistant to my death hence inheritable
2. be reistant to my amnesia
3. be resistant to being denied physical access to both safe deposit boxes
4. be resistant to malevolent staff opening the contents of the safe deposit boxes
5. be resistant to goverment confiscation/access denial to your safe deposit boxes
So basically I want no other entity (spouse, underage children, bank staff, evil government officials) to be able to spend my bitcoins as long as I am alive and with a functioning brain.
I also want to be able to comitt to memory a seed or an encryption method that would grant me access to bitcoins if I am not able to access the cold storage in safe deposit boxes.
Ultimately I would need to leave clear instructions in case of my death so that the family would be able to reconstruct access to those bitcoins.
I have some ideas but would like to hear flaws in my design.
1. PAPER WALLET ROUTE
One way to go about it would be to create paper wallets, print them offline, encrypt them with a strong passphrase (for example Diceware generated) using BIP38 and store them in two separate safe deposit boxes.
The secret passphrase would be easy to memorise for me and could be split using sharding into 3 pieces (2 safe deposit boxes and my home for example) so that you would need access to all of those in order to decrypt the paper wallets.
It prevents goverment or the bank staff from spending your bitcoins but if you find yourself unable to access the physical location of your paper wallets you are doomed.
2. TREZOR MNEMONIC SEED
You load your Trezor hardware wallet and stamp the seed on metal plates in a randomly generated order that you put in one safe. In another safe you put an encrypted message that is simply the order in which you have to put the mnemonic seed to be able to access bitcoins. You distribute the passphrase to unlock the order in the same way as in design No. 1.
You carry your Trezor with you (your home) hoping that even if it gets stolen nobody will be able to break the PIN.
This method has the advantage that with some memory technique you should be able to remember the seed yourself and reuse it should you be locked out of access to your safe deposit boxes.
Is all of this an overkill? Are there simpler ways?
This is definitely not an overkill you are just taking precautions in case somebody who knows about bitcoin could get a hold of some of the information that you openly provide.
8. two rented safe deposit boxes in two banks
You will never "design" anything "safe". Your brain is flawed.
I think I made it clear that I realise how fallable the brain is, i.e. susceptible to death and a myriad of diseases.
So I do not understand how your comment contributes.
8. two rented safe deposit boxes in two banks
You will never "design" anything "safe". Your brain is flawed.
I thank the people putting their ideas here, it is good for us (newbies). i have to admit that right now. I do not feel safe with the wallet that i have. however, the amount of bitcoin that i have is not of a substantial so i am not paranoid about it. Still i wanted to ask or clarify something regarding this paper wallet. I have read on the newbie section of somewhere that you can create a duplicate of the same wallet on this paper thing but my question is if you get to withdraw the bitcoin from that wallet say a duplicate it will still reflect on the original right? as it is just the same, i mean like you just have one wallet address it is just that it was duplicated for safe keeping. i apologize if this may be a newbie question but i am no IT expert, i am a medical professional who just so happened got interested with bitcoin.
One caveat regarding this (if I understood correctly what you mean) would be that once you import the private keys from a paper wallet and spend part of it most wallets would send the "unspent" output to a new address and you would be fooled into believing that your original paper wallet still holds some amount of BTC.
Say you have 0.5 BTC in a paper wallet, you import the Key into Electrum, you send 0.05 somewhere and you wipe Electrum or harddrive so no one gets your private key.
Your other copy of paper wallet no longer holds 0.45 because Electrum sent it to another "change" address (I FIND THIS FEATURE EXTREMLY UNDERADVERTISED and not TRUMPETED ENOUGH).
Read
http://bitzuma.com/posts/five-ways-to-lose-money-with-bitcoin-change-addresses/
Jump to: