Topic: How to design a perfect cold storage? - page 3. (Read 6294 times)

Yes. A wallet is just a list of private keys which are just numbers that can be used to unlock the funds of the corresponding Bitcoin addresses and send the coins where you wish. Making a paper wallet is just writing that number on paper (but most often with QR codes so it machine readable). It is kinda like a password to your account, it doesn't matter where you store it, it will still be just a password.

It is nice to see people from different professions be interested in Bitcoin. It makes a whole ecosystem possible.

I thank the people putting their ideas here, it is good for us (newbies). i have to admit that right now. I do not feel safe with the wallet that i have. however, the amount of bitcoin that i have is not of a substantial so i am not paranoid about it. Still i wanted to ask or clarify something regarding this paper wallet. I have read on the newbie section of somewhere that you can create a duplicate of the same wallet on this paper thing but my question is if you get to withdraw the bitcoin from that wallet say a duplicate it will still reflect on the original right? as it is just the same, i mean like you just have one wallet address it is just that it was duplicated for safe keeping. i apologize if this may be a newbie question but i am no IT expert, i am a medical professional who just so happened got interested with bitcoin.

Why do you want to be sure you are interacting with the same device you put in the safety deposit box? You would want to use an entirely offline computer to sign any transaction and once someone has physical possession of the USB stick they can potentially steal any money contained in the USB drive.

In the end is all a compromise between security and accessibility/ease of use. The more secure you contain your bitcoins, the harder it will be for you to access them yourself. If you are looking for purely cold storage where security is king, you would have to compile Bitcoin Core or download an open source wallet with offline functionality, copy it over to an offline device with no access to the outside at all (think a laptop with a broken wifi card) and then never actually connect it back online. All you need to do is to keep those private keys secure and then somehow (perhaps by hand) copy over the public keys and send the Bitcoin you want to store to them. I can't see a more barebones, flawless method to keep Bitcoins secure. I do a variant of this method myself and all has been good, while keeping my hot wallet quite accessible for everyday expenses.

store USB and such wrapped in several layers of aluminum foil.

Imprint stamped designs on the foil.

= "tamper resistant" while also being "tamper evident."

"Something" is in a bank safe deposit box.

You need a way to know, when you retrieve that item, that it is the same item, in the same condition, touched by nobody, since you put it there.

Otherwise, how do you even know it's the same USB?

I would start with creating the private key for the cold wallet with a coin or dice instead of a computer rng.

I personally use an ironkey USB thats password protected with electrum wallet. You can get the electrum wallet at electrum.org. It is very secure and reliable. I have never had any issues with this cold storage for my bitcoins. One thing for sure is write down your 10 keyword phrase and password incase something happens to the USB you can still recover your bitcoins.

More specifically Active Management Technology is the problem there, as it allows for a remote access to your CPU. As privacy issues are always security issues, this became clear like in many other cases when vulnerability was found in AMT and allowed for a hacker to fully take over Intel servers remotely on such a low level that no security software would be able to do anything about it. https://thehackernews.com/2017/05/intel-amt-vulnerability.html

Read about Intel Management Engine. In fact it can read your RAM (hello to all your unprotected passwords which stored in RAM while session continue), your internet traffic, your screen.  

Could you expand on that (Intel backdoors)?

You can't do anything "perfect" in fact.
I would recommend use PC without Intel accessories (it has some interesting backdoors on the lowest hardware level)

I read that idea but also the dangers it poses. Namely the biggest danger being that Bitcoin forks in such a manner that "old signed" transactions are no longer valid which would leave my "heirs" with bitcoins neither them nor anybody else can spend.

Some great ideas guys. It's weird how some ppl are happy just keeping coins on an exchange or in an online wallet. With all the goings on these days, don't discount EPM attacks. Possibly locking usb's and trezors etc in a metal safe would suffice. Although I guess if there were any EMP attacks most crypto would be wiped out and crypto would be the least of our worries.

The government is a very powerful entity, they are likely to be able to use sufficient force to compel you to provide sufficient information for them to access your private keys. Also, if the government denies you access to your safety deposit boxes, they are likely to arrest you when (or before) you learn you are being denied access to your safety deposit box.

I think your best bet would most likely be to purchase a pack of three trezors directly from trezor.io, and create a new seed with your trezor. When you setup your trezors you will want to use an encryption passphraise in addition to the seed that is created (you may want to actually create two encryption passphraises on top of the same seed -- more on this later). When you are creating the new seed, you will be directed to write down each of the words on the wallet card, you should write down half of the words on one card, and the other half of the words on the other card. You will also want to set a PIN on the trezor itself.

I will assume that in the event of your amnesia, the same person who will handle your finances will be the person who will inherit your bitcoin held in cold storage. You will want to put your trezor along with the wallet card, and a "hint" as to what half of the encryption key, either written on the wallet card, or handwritten on a separate pice of paper. Ideally, this person will be your spouse as there will be many things you can give as hints that *only* your spouse will know -- for example, you could give the hint 'place where we met(first word only)' and although you may tell other people you met your spouse at disney world, you actually tell eachother that you met sitting in the third row of the space mountain ride, so while others would think this hint means "disney" your spouse would know it means "third". In each safety deposit box, there should be instructions advising how many safety deposit boxes need to be visited, and detailed instructions on how to put all the information together to redeem the bitcoin.

You will not want to have major banking relationships with either bank, however I would suggest you have sufficient money in a checking account for the bank with withdraw many years worth of rent to avoid the boxes being closed for non-payment of rent. Ideally you will want your safety deposit boxes to be located in specific branches that are frequently busy, which will reduce the risk the branch will close in the future.

You will want to maintain physical possession of a third trezor that uses the same seed as above. You will maintain two wallets with this trezor, one with the encryption passphraise noted above, and one with a different passphraise, that you will spend bitcoin out of (this is necessary if you plan on spending money in your cold storage on any regular basis. When you run low on bitcoin in your "spending" passphraise, you sign a transaction out of the passphraise in your safety deposit boxes transferring bitcoin into your "spending" passphraise.

For extra security, you can rent out a third safety deposit box containing instructions listing the banks/branches the portions of the seed are located. If you are worried about losing access to the safety deposit boxes, you can open two additional boxes at different banks, each containing one additional trezor and copy of one half of the seed/passphraise instructions.

It's called an nLocktime transaction.

You can do it on greenaddress.it or you can do it manually(complicated as hell, i have never done it myself). Basically when a certain block height is reached your family member is able to get the transaction and broadcast it to the network, before that block height is reached they can't do anything with the raw transaction.

See here for an example and a tutorial: https://www.reddit.com/r/Bitcoin/comments/397xv3/howto_nlocktime_transaction_as_a_dead_mans_switch/

Just make sure that the private key that your family member holds is secure and completely offline as well, otherwise this setup is useless.

Nice idea. Never thought of that. How do I do it?

give your family an empty wallet. make a signed transaction, unbroadcasted in your safe deposit box. if you die, they can broadcast it to their wallet.

Well the requirements for amnesia are the following:
1. someone you think you love and care about (spouse, children, parents whatever) should receive clear and unambiguous instructions on how to gain access to your bitcoins should you become incapacitated
2. they should have no ability to gain that information as long as you are sane in the head

So my idea went something like this:

1. Create PGP keys for instructions that you want to share with your family. Give them private keys.
2. Encrypt clear instructions how to access bitcoin with aforementioned PGP combination
3. Use that message on some software equivalent of dead man's switch or delayed mail.
3. Store part of the puzzle in a safe (like Trezor with PIN that is mentioned in instructions or encrypted 24-word seed)

So if you end up in a coma or dead then:
1. Your "heirs" will receive an email from dead man's switch or delayed Gmail (that you are no longer able to postpone) which is encrypted and readable only for holders of the private PGP key.
2. They now have the instructions (like Trezor PIN, location of the safe, passphrase to metal-stamped encrypted seed or whatever) but need physical access to the secret. Presumably in case of amnesia someone would be named a guardian or in case of your death your family can be named as beneficiaries of your safe deposit box.

nice idea, i think this one's relevant but in case to case basis i believe. it just make me wonder what will be the solution for your second scenario which is the amnesia think. i am no expert to this but it really makes me wonder how. i think there will be resolve for that in the near future, who knows?

As it happened to me since I wasn't able anymore to remember the password I was assigning my cold storage a couple of months ago.