Pages:
Author

Topic: Safest cold storage options currently (Read 434 times)

hero member
Activity: 3066
Merit: 605
August 15, 2019, 04:42:46 AM
#25
i believe that at the moment the safest is a paper wallet if created well with an offline computer and an unpredictable private key...
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
August 15, 2019, 12:24:13 AM
#21
The solution to a $5 wrench attack, and other similar attacks involving physical force to you as a person is to keep a small number of coin associated with a BIP 39 seed with the passphrase/last seed word being something different than the passphrase that secures the majority of your coin. This will allow you to give something to the attacker while both preserving a portion of your coin and maintaining your safety.

Well, but this is only possible if either 1) the person attacking you doesn't know the magnitude of BTC's you own or 2) you have an amount large enough accessible without the passphrase.

If an attacker knows (e.g. because you are telling everyone, or because you are some known person in the community) that you own about X - Y bitcoins, he won't be happy with seeing 1/10 X or even less of that in your non-password protected wallet.
I mean.. you might be able to deceive attacker which aren't familiar with BTC and wallets, but in any other case it will be pretty obvious that the full amount is protected with an additional password.

This might be useful for plausible deniability regarding a person which doesn't know how much you own, but it won't protect you if he knows how much approximately own.
It is a good security practice to not go around bragging how much coin you have. Even if you disregard this best practice, there is always a the chance you are embellishing how much coin you have, cannot remember how to access a portion of the coin for one of many reasons, including due to the stress related to the '$5 wrench' attack.

If an attacker believes you to have 5,000 btc, but is only able to obtain 5 or 10 btc from you, this is still a lot of money, although much less than the millions that would be had from stealing 5,000, and receiving 10 btc might be one reason to deescalate the situation in order to avoid very harsh punishment such as jail time for the attack.   


If someone is willing to torture you for your bitcoin, then it is pretty irrelevant if you have a hardware wallet, airgapped device, paper wallet, or whatever.
The solution to a $5 wrench attack, and other similar attacks involving physical force to you as a person is to keep a small number of coin associated with a BIP 39 seed with the passphrase/last seed word being something different than the passphrase that secures the majority of your coin. This will allow you to give something to the attacker while both preserving a portion of your coin and maintaining your safety.

To answer the OP's question, I would not over complicate my cold storage setup. I would choose a HW wallet manufacturer I am comfortable is making a product that cannot easily be compromised, keep my coin secured by that HW wallet, and use the paper card as a backup with the seed hand written on it stored in a safety deposit box.


The problem of this solution to $5 wrench attack is that it is public, any robber could have read and known that.

IMO, hardware wallet could act as baits. One can simply put two or three shares of coins in a hardware wallet both in dummy wallet and hidden vault(or even plus dummy hidden vault for third share) while put the majority of his coins the rest part elsewhere.
Major HW wallet implementations allow for users to use a passphraise as the last word in their seed, and can potentially have multiple passphraises that create multiple seeds.
sr. member
Activity: 1190
Merit: 306
August 14, 2019, 08:50:09 PM
#20
How Ledger can scam you even if they say that they will stop support all products? You should have backup in safe place, and with that backup you can get access to your coins with help of some other wallet.
Well said, my friend.  As long as you have the words written down in a safe place you don't even need the physical wallet, and whether Ledger puts out any more updates is irrelevant to your coins.

The only cold storage option I'm 100% comfortable with is having the seed phrase from Electrum written down in a safe place.  There is always the possibility of it getting stolen or destroyed, but at least it cannot be hacked.  No doubt there are other methods which are safer, but a lot of those are just personal preference.  Everything entails some risk.

member
Activity: 166
Merit: 16
August 14, 2019, 08:10:39 PM
#19

If someone is willing to torture you for your bitcoin, then it is pretty irrelevant if you have a hardware wallet, airgapped device, paper wallet, or whatever.
The solution to a $5 wrench attack, and other similar attacks involving physical force to you as a person is to keep a small number of coin associated with a BIP 39 seed with the passphrase/last seed word being something different than the passphrase that secures the majority of your coin. This will allow you to give something to the attacker while both preserving a portion of your coin and maintaining your safety.

To answer the OP's question, I would not over complicate my cold storage setup. I would choose a HW wallet manufacturer I am comfortable is making a product that cannot easily be compromised, keep my coin secured by that HW wallet, and use the paper card as a backup with the seed hand written on it stored in a safety deposit box.


The problem of this solution to $5 wrench attack is that it is public, any robber could have read and known that.

IMO, hardware wallet could act as baits. One can simply put two or three shares of coins in a hardware wallet both in dummy wallet and hidden vault(or even plus dummy hidden vault for third share) while put the majority of his coins the rest part elsewhere.
legendary
Activity: 1624
Merit: 2481
August 07, 2019, 02:22:02 AM
#18
The solution to a $5 wrench attack, and other similar attacks involving physical force to you as a person is to keep a small number of coin associated with a BIP 39 seed with the passphrase/last seed word being something different than the passphrase that secures the majority of your coin. This will allow you to give something to the attacker while both preserving a portion of your coin and maintaining your safety.

Well, but this is only possible if either 1) the person attacking you doesn't know the magnitude of BTC's you own or 2) you have an amount large enough accessible without the passphrase.

If an attacker knows (e.g. because you are telling everyone, or because you are some known person in the community) that you own about X - Y bitcoins, he won't be happy with seeing 1/10 X or even less of that in your non-password protected wallet.
I mean.. you might be able to deceive attacker which aren't familiar with BTC and wallets, but in any other case it will be pretty obvious that the full amount is protected with an additional password.

This might be useful for plausible deniability regarding a person which doesn't know how much you own, but it won't protect you if he knows how much approximately own.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
August 07, 2019, 12:13:21 AM
#17

If someone is willing to torture you for your bitcoin, then it is pretty irrelevant if you have a hardware wallet, airgapped device, paper wallet, or whatever.
The solution to a $5 wrench attack, and other similar attacks involving physical force to you as a person is to keep a small number of coin associated with a BIP 39 seed with the passphrase/last seed word being something different than the passphrase that secures the majority of your coin. This will allow you to give something to the attacker while both preserving a portion of your coin and maintaining your safety.

To answer the OP's question, I would not over complicate my cold storage setup. I would choose a HW wallet manufacturer I am comfortable is making a product that cannot easily be compromised, keep my coin secured by that HW wallet, and use the paper card as a backup with the seed hand written on it stored in a safety deposit box.
legendary
Activity: 3472
Merit: 10611
August 06, 2019, 10:48:34 PM
#16
~
For this you need to have 2 PCs and fiddle around with them, not practical at all if you need to use it, only for deep freeze usage, not even cold storage. Grin

not really. when you burn a Linux OS on a DVD and boot using it, you are in a new system that is fresh without needing to have another PC. it can be run 100% live from your RAM without needing HDD and no need for internet access. a 100% clean and offline environment.

this can be used 2 different ways:
1. boot from DVD, import seed, sign tx, shut down, transfer to online and broadcast
this means each time you want to spend you have to both install the wallet and import your key or seed

2. install it on a removable media like a USB disk or a portable hard disk.
this way you can add additional things such as encryption and save the settings such as disabling network completely. and you won't have to import your key every time.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
August 06, 2019, 05:44:07 AM
#15
Does anyone have any ideas?

In my head hardware wallet is not identical with cold storage. Maybe I'm wrong with the terms, however, I am also concerned that maybe someday, for one reason or another I cannot sign anymore with my hardware wallet.
(edit: yes, I know, I do have the seed and I can probably import it into Electrum or another Ledger wallet, still, I have my fears that things can go wrong)

So my suggestion is: use the hardware wallet for amounts you spend over a certain period of time (that depends on how much you spend, really) and for collecting/storing a 100% offline option is preferred.
The offline option will be either one or more paper wallets (private keys + addresses), either one or more seeds (BIP39 or Electrum) with some addresses at hand.
And for transferring from the offline sources to the hardware wallet (maybe 1-3 times a year) you make on your computer a watch only wallet for creating (step1) and broadcasting (step3) the transaction and a Tails OS USB stick for signing it offline(!) (step2).
full member
Activity: 728
Merit: 115
August 06, 2019, 05:35:09 AM
#14
you can do this using Electrum or using https://www.bitaddress.org/

 - Download an open-source (Linux) system using the official URL.
 - Download Electrum using the official URL & verify the signature.
 - Boot your OS from an offline PC (It is better to remove internet Hardware parts) and install Electrum wallet (that contain the private key).
 - Create a watch-only wallet.
 - use online PC to access to that wallet (watch only).
 - Create a new transaction ----> click Preview ----> check everything is correct ----> click save or generating a QR code.
 - open your offline OS -----> open Electrum ----> Load Transaction or use a QR code  ----> check it is correct -----> click Sign ----> enter your password.
 - back to your online PC ---> Load Transaction ----> Broadcast it.



For this you need to have 2 PCs and fiddle around with them, not practical at all if you need to use it, only for deep freeze usage, not even cold storage. Grin

For the amount of money you can buy Trezor One or Ledger nano it's just isn't worth the fuss and you get the same thing, 2 points of security that mitigate attack if one point gets infected.


legendary
Activity: 2268
Merit: 18771
August 06, 2019, 04:03:39 AM
#13
Ledger nano allows you to keep 2 pins registered in the same device.
Trezor devices also have the passphrase functionality. Using a passphrase is akin to the scenario I described above with using a hidden encrypted volume; you can give away the PIN or encryption key to the "dummy" wallet, while keeping you real wallet hidden. This all relies on the hidden wallet not being known about by the attacker, which in addition to keeping it a secret, also means not having it obviously linked to your "dummy" wallet via the blockchain.

Using a passphrase is a good additional security measure, and everyone with a hardware wallet should be using a passphrase. In addition to the plausible deniability as described above, it also helps to mitigate against physical attacks on the device itself.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
August 05, 2019, 08:50:34 PM
#12
If someone is willing to torture you for your bitcoin, then it is pretty irrelevant if you have a hardware wallet, airgapped device, paper wallet, or whatever.

Lol

But there is something you could try to do in this situation

Ledger nano allows you to keep 2 pins registered in the same device. The second one has the same seed, but with a passphrase. You could a small quantity in one of them, and then the torturer could be cheated. If he is satisfied with quantity
legendary
Activity: 2268
Merit: 18771
August 05, 2019, 01:45:09 PM
#11
However those attacks  can't be mitigated by an airgapped computer, unless you format it after creating the paper wallet.
I wonder how many people using this set up fully encrypt their airgapped machine, and how many have no protection on it at all, assuming that no one else will gain physical access. If your airgapped computer (or at least the wallet file) isn't encrypted with a strong password, then it is far more vulnerable to a physical attack than a hardware wallet is.

Encryption with strong password to your storage drive and bitcoin wallet could help, unless you specifically meant $5 wrench attack rather than physically steal HW wallet, recovery sheet or your computer.
If someone is attacking you this thoroughly, knows you own bitcoin, and finds an encrypted drive or an encrypted file, it won't take them long to put 2 and 2 together. I suppose you could use a hidden volume to increase your plausible deniability; hide a wallet with a small volume of bitcoin on the outer volume, and hide your money wallet on the hidden volume, much like you would do with a passphrase on a hardware wallet.

If someone is willing to torture you for your bitcoin, then it is pretty irrelevant if you have a hardware wallet, airgapped device, paper wallet, or whatever.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
August 05, 2019, 05:44:51 AM
#10
But you know.. there might be an exploit in the QR code scanner. So effectively, you are never 100% secure.
However, using a dedicated computer just for storing the private keys is definitely one of the most secure options.

I think the main reason for people to avoid hardware wallets are the physical attacks.

However those attacks  can't be mitigated by an airgapped computer, unless you format it after creating the paper wallet.

But you could also do it in a ledger, just reset it always after use. (Pretty annoying and I don't think that's useful)
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
August 05, 2019, 05:11:36 AM
#9
Why not use a paper wallet and save it in a secure place?

Paper wallets shouldn't be suggested to the masses in my opinion. It simply is not easy enough(for your typical non-techie folk) to make a secure paper wallet, and widely suggesting it just puts them at risk. It won't be farfetched to think that they would simply just create one using their personal computer and print it without having any additional safety precautions.
legendary
Activity: 1624
Merit: 2481
August 05, 2019, 02:57:35 AM
#8
Do you want to elaborate your exact issues with the risk of ledger exit scamming ?
Like, what scenario are you afraid of exactly ?

One of the most secure options would probably be to buy a new laptop, remove each wireless interface (wifi, bluetooth, ... ) and install a linux distro on it.
Then use any preferred desktop wallet (e.g. electrum) to store your private keys.

You just need to make sure that this computer never goes online and that you never plug in any device/storage which has been connected to an online computer once.

You'll need to move unsigned and signed transactions between your online and your cold storage computer.
Using webcams would be an option.

But you know.. there might be an exploit in the QR code scanner. So effectively, you are never 100% secure.
However, using a dedicated computer just for storing the private keys is definitely one of the most secure options.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
August 03, 2019, 08:31:36 AM
#7
Hardware Wallet can be considered a cold storage.
Easy to use, safe and cheap.

As discussed many times already here, making a paper wallet may be complicated and risky, as there are many problems regular users do not consider when creating one, and they may even lose funds due to those mistakes.
legendary
Activity: 2702
Merit: 4002
August 03, 2019, 08:22:15 AM
#6
Does anyone have any ideas?

you can do this using Electrum or using https://www.bitaddress.org/

 - Download an open-source (Linux) system using the official URL.
 - Download Electrum using the official URL & verify the signature.
 - Boot your OS from an offline PC (It is better to remove internet Hardware parts) and install Electrum wallet (that contain the private key).
 - Create a watch-only wallet.
 - use online PC to access to that wallet (watch only).
 - Create a new transaction ----> click Preview ----> check everything is correct ----> click save or generating a QR code.
 - open your offline OS -----> open Electrum ----> Load Transaction or use a QR code  ----> check it is correct -----> click Sign ----> enter your password.
 - back to your online PC ---> Load Transaction ----> Broadcast it.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
August 03, 2019, 08:17:20 AM
#5
I currently have some bitcoin on a ledger nano S, but I find myself increasingly worried about the company just exit scamming (not for any particular reason besides central point of failure).

How Ledger can scam you even if they say that they will stop support all products? You should have backup in safe place, and with that backup you can get access to your coins with help of some other wallet.

Maybe you think on some thing as backdoor exploit or something like that, that can allow Ledger to get all or some % of our seeds, but I don't think that's a very realistic option, although there is no such thing as 100% security.

Using some other hardware wallets is probably good way to reduce the risk, but if you just need to protect your coins for long-term, maybe form of paper wallet would be best option. But if you go in that direction be sure that you make such wallet in a safe environment (100% clean PC&printer, top quality ink and paper), and to wipe out all possible data after. After that you need to protect such backup, and this is not easy task - you may ask yourself what is less certain, that Ledger will somehow scam you, or that you will somehow scam yourself.

We recently have one user who is lost coins from paper wallet by using bad online service, and I also remember one user who is ask help because ink on his paper wallet is faded and he miss few characters in private key. People are losing coins every day from exchanges, hardware/desktop/mobile wallets - and in most cases due to their own fault.
copper member
Activity: 2940
Merit: 1280
https://linktr.ee/crwthopia
August 03, 2019, 12:40:07 AM
#4
I'm just curious about your claim. What makes you think that the company, Ledger, is exit scamming? Do you mean that you would not get your funds anymore? Or you are worried that your Ledger won't get updates anymore?

Before I had a hardware wallet, I used an old laptop that is particularly slow now and I just reformatted it completely. After that, I just didn't connect it on to the internet, whatsoever. Preventing connections from the internet. Just like pooya said, you could do something like that.
legendary
Activity: 3472
Merit: 10611
August 02, 2019, 10:56:33 PM
#3
cold storage is a storage that is created on an air-gap computer that has never had any communication with the outside world and never will. things such as multi-signature are the extra layer of security you are adding to that design. using hardware wallets is also a semi-cold option in my opinion since the device is still communicating with the "outside world" even if it is in a secure manner not leaking (or rather trying to) any secret information.

so with your design you could use your hardware wallet with an "offline" Electrum as the secondary signature provider if you want to be able to call it "cold storage". i'd say the third one is an overkill though. a 2 of 2 is enough.
Pages:
Jump to: