I didn't see this question asked.
Would it be safe to store all your coins on a Trezor hardware wallet long term?
Topic: Keeping your butts safe - page 2. (Read 4165 times)
Serious question:
How about a fair amount of bitcoins, on Bitcoin Core, on a computer that:
1. is behind 2 routers, uPNP turned off (internet > router1 > router2 > computer)
2. is not port forwarded, therefore does not accept incoming connections (so connections are always at 8 out)
3. good password
4. is not used for anything else, only Bitcoin Core (was fresh installed OS, regardless of OS)
For added info, the routers are a service provided branded ZyXel router and a Cisco E1000 router, in that order. (Does it really matter ...)
It's essentially an "online" wallet that almost no hacker can get to (because it's behind two NATs).
Physical security is a different topic, but I've got that covered on my end.
Then I have another computer that is air-gapped for cold storage.
How about a fair amount of bitcoins, on Bitcoin Core, on a computer that:
1. is behind 2 routers, uPNP turned off (internet > router1 > router2 > computer)
2. is not port forwarded, therefore does not accept incoming connections (so connections are always at 8 out)
3. good password
4. is not used for anything else, only Bitcoin Core (was fresh installed OS, regardless of OS)
For added info, the routers are a service provided branded ZyXel router and a Cisco E1000 router, in that order. (Does it really matter ...)
It's essentially an "online" wallet that almost no hacker can get to (because it's behind two NATs).
Physical security is a different topic, but I've got that covered on my end.
Then I have another computer that is air-gapped for cold storage.
If you have a fair amount of bitcoins is it stupid to keep them all on Bitcoin Core on a computer that's just about always online?
Even with a good password?
Do you think cold storage is essential?
Even with a good password?
Do you think cold storage is essential?
I think Electrum is your best choice. Make sure your client is on a fairly secure (*nix) machine and don't worry about it.
The real problem with "cold" storage is that it removes many of the benefits BTC confers - like being able to access your stash anytime you like, anywhere you like. It's nice to have some spending money on blockchain.info or in Coinbase too for mobile purchases.
it could infect the windows installation on your hard drive and save your keys.
No it cannot. No drives are mounted on startup, all is done in ram. Best is go to their site and read what it does and how its put together. I think that will give you a better understanding of how it actually works. And by the way, its is based on Debian.
Forgot to add... You do not have to run the CD on your main PC. You can run it on a second offline PC if what you mention is a big concern. In that way there is no sub system to infect.
nothing stops a malicious live cd from mounting your drives and doing what ever it wants with them including infecting the OS installed on it and leaking the keys to the drive.
indeed having a separate laptop is the way to go and even then you still have to trust that those guys didn't change the electrum they are shipping to always sign a transaction that sends all your money to them.
it could infect the windows installation on your hard drive and save your keys.
No it cannot. No drives are mounted on startup, all is done in ram. Best is go to their site and read what it does and how its put together. I think that will give you a better understanding of how it actually works. And by the way, its is based on Debian.
Forgot to add... You do not have to run the CD on your main PC. You can run it on a second offline PC if what you mention is a big concern. In that way there is no sub system to infect.
I have two offline wallets that split my BTC between the two. If something happens to one, I don't lose them all.
I have my public addresses as 'watch only' so I can monitor the balances.
I have my private keys stamped into metal that won't melt if the house burned down.
AND I have paper copies in another location, split up so you need both parts to complete the key.
I'm HODLing long term, so I wanted to be safe.
I have my public addresses as 'watch only' so I can monitor the balances.
I have my private keys stamped into metal that won't melt if the house burned down.
AND I have paper copies in another location, split up so you need both parts to complete the key.
I'm HODLing long term, so I wanted to be safe.
Wow, I must say this is very secure. Did you stamped it into silver yourself or had someone else do it?
Did it myself. You can buy a stamping kit for $15 and just practice on some metal until you get the hang of it. It was pretty fun, actually.
http://www.harborfreight.com/36-piece-14-in-steel-letternumber-stamping-set-60671.html
buy an old laptop.
format it.
install linux on it.
download, install and run electrum.
write on paper the 12 word seed electrum gives you.
memorize it and repeat it every day for a week.
destroy the paper.
keep the laptop powered down, never use it for anything except sending money with electrum.
format it.
install linux on it.
download, install and run electrum.
write on paper the 12 word seed electrum gives you.
memorize it and repeat it every day for a week.
destroy the paper.
keep the laptop powered down, never use it for anything except sending money with electrum.
It seems like to me that this really is the only way to be 99.99% safe.
That being said, I think that this is a huuuuuuge flaw with bitcoin.
Who really is going to go through all those steps?
In fact, not only would people not want too, I am pretty sure most people don't know how to format a computer and definitely don't know how to install Linux.
For Bitcoin to advance, we need a rock solid way to protect bitcoins that is soooooo safe and sooooo easy
Go look at BitKey http://bitkey.io/
Very simple process:
* Download the BitKey linux iso image,
* Burn it to a CD,
* Disconnect network and boot PC with the CD,
* Create your Electrum wallet, all software is already pre-installed and configured in that iso,
* Save Master Key to USB drive,
* Reboot PC (without CD),
* Startup Electrum and create watch only wallet with mater key.
If you need to send funds then create an unsigned transaction, boot up again with the CD, sign the transaction, boot again (without CD) and broadcast the transaction.
Does not really get simpler and more secure than that.
I have no idea who made that bitkey or if it can be trusted.
i'd rather use a trusted linux distro like debian and install electrum myself.
That is the beauty of it, you do not need to trust it as its only booted when you are disconnected. The moment you reboot the memory is wiped and you are back to normal. So even if there were malicious code in that it would not be able to do anything. All the code is also open source and availabel to anybody so you can go look at how its setup.
Also, for the noobs who has never worked with linux this is the ideal, you need not know anything. Just burn the CD, boot it and that's it.
it could infect the windows installation on your hard drive and save your keys.
If you have 100 bitcoins then you must need an offline storage.
Yup paper wallet and split them up in smaller amounts.
I'm not sure if the general population is tech savvy enough to handle bitcoin wallets. Security proofing their machines, backups, and linux can be challenging for the non-nerd.
I think the cloud is the best solution. Blockchain and Coinbase and pretty good now but still need to improve. Professionals are better equipped to safeguard bitcoin than the mainstream computer user.
Eventually, these big players will have gold plated insurance and pay interest on deposits.
There we go; back to traditional banks. Maybe my local bank will handle my bitcoin like they do my fiat in the future. I can see them jumping on the bandwagon if they cannot squash it entirely.
I think the cloud is the best solution. Blockchain and Coinbase and pretty good now but still need to improve. Professionals are better equipped to safeguard bitcoin than the mainstream computer user.
Eventually, these big players will have gold plated insurance and pay interest on deposits.
There we go; back to traditional banks. Maybe my local bank will handle my bitcoin like they do my fiat in the future. I can see them jumping on the bandwagon if they cannot squash it entirely.
I wonder if and how badUSB affects devices like trezor... The only thing i could find on their "security threats" page that is somehow related to badUSB attack vectors is this :
"Reflashing the TREZOR with evil firmware
"Reflashing the TREZOR with evil firmware
Flashing new firmware requires the user to physically respond and confirm the update on the trezor unit.
buy an old laptop.
format it.
install linux on it.
download, install and run electrum.
write on paper the 12 word seed electrum gives you.
memorize it and repeat it every day for a week.
destroy the paper.
keep the laptop powered down, never use it for anything except sending money with electrum.
format it.
install linux on it.
download, install and run electrum.
write on paper the 12 word seed electrum gives you.
memorize it and repeat it every day for a week.
destroy the paper.
keep the laptop powered down, never use it for anything except sending money with electrum.
It seems like to me that this really is the only way to be 99.99% safe.
That being said, I think that this is a huuuuuuge flaw with bitcoin.
Who really is going to go through all those steps?
In fact, not only would people not want too, I am pretty sure most people don't know how to format a computer and definitely don't know how to install Linux.
For Bitcoin to advance, we need a rock solid way to protect bitcoins that is soooooo safe and sooooo easy
Go look at BitKey http://bitkey.io/
Very simple process:
* Download the BitKey linux iso image,
* Burn it to a CD,
* Disconnect network and boot PC with the CD,
* Create your Electrum wallet, all software is already pre-installed and configured in that iso,
* Save Master Key to USB drive,
* Reboot PC (without CD),
* Startup Electrum and create watch only wallet with mater key.
If you need to send funds then create an unsigned transaction, boot up again with the CD, sign the transaction, boot again (without CD) and broadcast the transaction.
Does not really get simpler and more secure than that.
I have no idea who made that bitkey or if it can be trusted.
i'd rather use a trusted linux distro like debian and install electrum myself.
That is the beauty of it, you do not need to trust it as its only booted when you are disconnected. The moment you reboot the memory is wiped and you are back to normal. So even if there were malicious code in that it would not be able to do anything. All the code is also open source and availabel to anybody so you can go look at how its setup.
Also, for the noobs who has never worked with linux this is the ideal, you need not know anything. Just burn the CD, boot it and that's it.
buy an old laptop.
format it.
install linux on it.
download, install and run electrum.
write on paper the 12 word seed electrum gives you.
memorize it and repeat it every day for a week.
destroy the paper.
keep the laptop powered down, never use it for anything except sending money with electrum.
format it.
install linux on it.
download, install and run electrum.
write on paper the 12 word seed electrum gives you.
memorize it and repeat it every day for a week.
destroy the paper.
keep the laptop powered down, never use it for anything except sending money with electrum.
It seems like to me that this really is the only way to be 99.99% safe.
That being said, I think that this is a huuuuuuge flaw with bitcoin.
Who really is going to go through all those steps?
In fact, not only would people not want too, I am pretty sure most people don't know how to format a computer and definitely don't know how to install Linux.
For Bitcoin to advance, we need a rock solid way to protect bitcoins that is soooooo safe and sooooo easy
Go look at BitKey http://bitkey.io/
Very simple process:
* Download the BitKey linux iso image,
* Burn it to a CD,
* Disconnect network and boot PC with the CD,
* Create your Electrum wallet, all software is already pre-installed and configured in that iso,
* Save Master Key to USB drive,
* Reboot PC (without CD),
* Startup Electrum and create watch only wallet with mater key.
If you need to send funds then create an unsigned transaction, boot up again with the CD, sign the transaction, boot again (without CD) and broadcast the transaction.
Does not really get simpler and more secure than that.
I have no idea who made that bitkey or if it can be trusted.
i'd rather use a trusted linux distro like debian and install electrum myself.
If you have 100 bitcoins then you must need an offline storage.
Quote
AND I have paper copies in another location, split up so you need both parts to complete the key.
There's an idea I haven't heard before. I might just try that. Even though I assume your private keys are BIP encrypted .... splitting them in half and putting them in two different locations is a pretty sick idea.
-B-
BittBurger, you mean you have never heard of Armory's fragmented backup solution?
Fragmented backup halfway down
Nope! But i'll check it out, thanks. I've intentionally stayed away from Armory because it is not friendly to the less technically-inclined like myself. I am sure its a robust and exhaustively secure system, but being robust and exhausting (for someone like me) is why I didn't bother. I couldn't see any reason why a simple bitaddress.org Bip38 paper wallet printed offline and stored in a bank safety deposit box, is any less secure than Armory.
In fact, leaving anything reliant upon *any* software seems like a bad idea to me in general.
I was backing up my wallet.dat files for awhile there, and then one day bitcoin core wouldn't let me import my largest wallet file, which I had put on a USB drive. I almost lost everything I had. Fortunately I'd deleted a wallet.dat copy in the past, and it was still sitting in my recycle bin. That one worked. Any wallet.dat file that I had pulled off my hard drive and put back onto it wouldn't work anymore. Scariest day of my Bitcoin life. That's when I said "f*ck anything electronic, this is going on paper".
There is no way im going to trust my life savings to a windows application.
-B-
I use an old laptop which i format clean and install only armory to keep the coins. I leave it offline and update once a while to check the balance. All the backups are stored separately. Another part of the stash , i transfer it to my phone for online purchases
I would suggest that you rather install armory on your normal PC and place the same wallet on there but in 'watch only' mode. You can then check your balance as and when you want without putting your other installation at risk by going online. That 1 minute online can be enough to infect the PC and when next you go on to broadcast anything the malware managed to obtain.
I use an old laptop which i format clean and install only armory to keep the coins. I leave it offline and update once a while to check the balance. All the backups are stored separately. Another part of the stash , i transfer it to my phone for online purchases
I personally don't leave btc on an offline computer or a flash drive. My reasoning is that they're technology, and it tends to fail. What if that computer doesn't boot up one day, or what if it's somehow broken? What if you lose your flash drive that has your private keys, or what if it gets too close to a magnet?
What if the house burns down?
What if the house burns down?
That's life, but if you're seriously that worried then split the Bitcoin up onto several USB drives or something to make sure it's safe, you'd have to have some seriously bad luck for all of them to break down or go missing.
buy an old laptop.
format it.
install linux on it.
download, install and run electrum.
write on paper the 12 word seed electrum gives you.
memorize it and repeat it every day for a week.
destroy the paper.
keep the laptop powered down, never use it for anything except sending money with electrum.
format it.
install linux on it.
download, install and run electrum.
write on paper the 12 word seed electrum gives you.
memorize it and repeat it every day for a week.
destroy the paper.
keep the laptop powered down, never use it for anything except sending money with electrum.
It seems like to me that this really is the only way to be 99.99% safe.
That being said, I think that this is a huuuuuuge flaw with bitcoin.
Who really is going to go through all those steps?
In fact, not only would people not want too, I am pretty sure most people don't know how to format a computer and definitely don't know how to install Linux.
For Bitcoin to advance, we need a rock solid way to protect bitcoins that is soooooo safe and sooooo easy
Go look at BitKey http://bitkey.io/
Very simple process:
* Download the BitKey linux iso image,
* Burn it to a CD,
* Disconnect network and boot PC with the CD,
* Create your Electrum wallet, all software is already pre-installed and configured in that iso,
* Save Master Key to USB drive,
* Reboot PC (without CD),
* Startup Electrum and create watch only wallet with mater key.
If you need to send funds then create an unsigned transaction, boot up again with the CD, sign the transaction, boot again (without CD) and broadcast the transaction.
Does not really get simpler and more secure than that.
I keep 90% in BIP38 encrypted paper wallets and the hot BTC are split across Armory and Bitcoin-Qt (Linux only).
If you're running Windows, the need for cold storage is more important than ever.
If you're running Windows, the need for cold storage is more important than ever.
If you have a fair amount of bitcoins is it stupid to keep them all on Bitcoin Core on a computer that's just about always online?
Even with a good password?
Do you think cold storage is essential?
Even with a good password?
Do you think cold storage is essential?
Bitcoin Core itself is safe to use and nothing will happen if you use it when you have a good chunk of coins.
What I do is spreading my coins in at least four or five different wallets, and each wallet file has five backups stored on usb sticks and hdd's.
Bitcoins that I will spend are stored in my "fun" wallet, which is constantly online.
Jump to: