Topic: Realistically, how safe is a dedicated HD or SSD as cold storage? - page 2. (Read 3447 times)

Paper backup I think is one of the better ideal methods.

A single sheet of paper can be printed with at least 50 private keys. Less if you stuff it with QR codes. More if you make the font smaller (but risk not being able to read it back in the future.)

You can put a handful of them in a large envelope, seal that envelope ... keep it safe just like your other important documents.

You can also store an encrypted version of the list of private keys or the wallet.dat file in the cloud, even in multiple cloud storage services and just keep several copies of the 64 character random password.

Then send a bunch of USB flash drives and SD / microSD cards to several places (relatives / offices / friends / banks / in your treasure chest buried under the sea which requires scuba diving equipment to access) ...

Engrave it on a tungsten block, wrap it in aluminum foil and plastic, mark it "MEAT" and put it in the freezer = literally cold storage. Carving on wood or plastic works just as well but is not as durable.

this

good strategy.
have multiple forms everywhere

yes you sure wouldn't want to have only one copy on any electronic device...flash drive, HDD, SSD, etc...just too great of a chance of "technical difficulties" and then you lose your coins.

But having a backup obviously limits the risk as both would have to fail.

Paper wallet seems much better choice. If you make few copies on different secure places, your safe.

The HDD might not work after you plugg it after few years.

SSD drives typically have a 2-3 year max cold storage (no boot) limit before data loss will/can happen.  Just be careful to fire it up once a month and keep an encrypted backup on hand if you go that route.

http://www.mdisc.com/ + truecrypt = the best

safe as long as you know how to protect it correcty

It couldn't be accessed by outside parties. You're essentially doing cold storage in another way. It's interesting, something I hadn't thought of, but yes it would work. The biggest risk would be if it's the only copy you have. Remember even brand new drives can fail unexpectedly.

Securing coins from external threats basically involves separating the private keys from any online (therefore potentially vulnerable) system.

Armory does this by using an offline computer (as one method) so the private keys are kept offline there and can never be accessed externally. Users shuttle authorization back and forth with a USB stick. Your method does away with the second computer, by simply using a second operating system and second drive.

The Trezor also separates private keys from online systems by holding them on a separate dedicated USB device, which has no OS and is therefore immune even from viruses on the computer it's plugged into.

Any of these methods can successfully separate private keys from online threats. Each is a bit different and may work better for different people. However, Trezor I feel is the most complete solution because it handles backups and any other minor security concerns (like disabling autorun for the Armory USB stick) more elegantly.

Also note the method suggested by Icon above only keeps the private keys safe when not in use. If the file is loaded onto a compromised system that could be a problem.

blah cheap and secure method..

1.) truecrypt with a long pass phrase.   http://www.truecrypt.org/
2.) cheap usb stick create a secure container and drop the wallet.dat file in there and keep in a secure place in your house offline.
3.) create a gmail account with 2 factor id and upload the secure container file to the cloud (in case something happens to the usb stick) .
4.) be happy

when you need to transfer coins download or use the usb stick unencrypte the container and copy /paste the wallet.dat into bitcoin.qt (or what ever you use) do the transaction and then delete the wallet.dat when done.

Are you talking about putting this on a laptop of some sort?  Your asking a broad question and will likely get a lot of suggestions so it would be helpful to have some clarification.  That said, if your putting this on an old desktop or laptop (for instance) which you power on once in a while to either update or retrieve the coins, that should work fine (I'm doing something just like this with a virtual machine).  If your talking about backing up to a hard drive or ssd and keeping an offline BACKUP, that's something different and should work fine but a USB stick would be a more logical option.

If your going to install windows - do you have a "protected" connection (at least one that you know is safe) to update the OS from??  Meaning you'd at least want to apply the service pack updates and ensure the firewall is enabled.  A fresh install is susceptible (albeit unlikely) to attacks.  If you only run through the updates and your not browsing the net, you will probably be OK.

If your computer savy, a fresh Ubuntu installation with armory is a great option!

Armory also offers a PAPER backup option (highly recommended) which you can use to recover your wallet in the case of hardware failure.

good luck!

Physical access is the only way it could be accessed via outside parties.

Drives in cold storage generally don't go bad, but if I was going this route I would want to make sure I had the cold storage drive backed up as well (as an image or otherwise). If your house burns down and that's the only copy, too, you're screwed. There's a lot of DR methods that businesses go through to mitigate data loss and the best way to tackle it is to have more than one method in play. If you're doing physical (tape or drive) backups, the general convention is to bring them off-site when the backup is completed. If you can backup to a NAS (or SAN if you're a business, or just a super tech guy who can warrant dropping 10k+ [10k is on the cheap side of SANs] for one in your home) and do a physical disk, that is the best method as you'll have a hot backup and a cold spare (keeping the cold spare up to date is another issue, generally a personal one).

I was just wondering realistically how safe would it be to do a fresh windows and wallet install on an SSD and then unplug it ?I would just keep my SSD unplugged with my bitcoins until I wanted to access it. What ways could this be penetrated/accessible to outside parties? Thanks in advance!