Setting up a cold storage for bitcoins

achow101

staff

Activity: 3374

Merit: 6530

Just writing some code

Quote from: bitcoinisbest on September 04, 2016, 07:02:08 AM

Quote from: achow101 on August 22, 2016, 10:08:53 AM

Quote from: YIz on August 22, 2016, 09:55:50 AM

So how can I possibly eliminate the risk of a malware copying the private key and waiting for it to go online?

Use a completely new device that has never been online and never will be online. You could use something cheap like a Raspberry Pi.

What are the features of Raspberry pi and how does it help us?

It's cheap, fairly easy to setup, and runs linux. Since it has no wireless networking capabilities built in, it is difficult to remotely hack.

bitcoinisbest

hero member

Activity: 1218

Merit: 557

Quote from: achow101 on August 22, 2016, 10:08:53 AM

Quote from: YIz on August 22, 2016, 09:55:50 AM

So how can I possibly eliminate the risk of a malware copying the private key and waiting for it to go online?

Use a completely new device that has never been online and never will be online. You could use something cheap like a Raspberry Pi.

What are the features of Raspberry pi and how does it help us?

X7

legendary

Activity: 1162

Merit: 1009

Let he who is without sin cast the first stone

Quote from: YIz on August 22, 2016, 05:22:13 AM

I was thinking of setting up a single cold storage instead of all my wallets, and I wanted to ask for some technical advice:

This is the plan I have:

1) Disconnecting my laptop entirely from the internet, then installing Bitcoin Core from a USB drive.
2) Running Bitcoin Core and backing up the wallet.dat file on a few external hard drives.
3) Disconnecting all the drivers and formatting the computer when the process is done

I was wondering if there are any flaws in my method? Any way my private key touches the internet?

And is there a safer way of generating a wallet than Bitcoin Core? I was thinking about running a third party up when the computer is offline. and how do I extract the plaintext privkey from the wallet.dat file?
There are gonna be thousands in there before I even think about withdrawing, so it's gonna be deposit-only for a couple of months, maybe years.

And I can't really get hold of a hardware wallet locally, I'd love to, but they're not available anywhere.

Thanks in advance.

Why go through this process? The USB could be infected, even if you are online it does not guarantee that the PC has malware which will compromise you once you're back online.

Just get a hardware wallet if you have any decent amount of holdings - even .5 BTC is worth $300 USD which justifies the hardware in the first place

YIz

hero member

Activity: 686

Merit: 502

Quote from: BeginnerCoin on September 01, 2016, 11:48:20 PM

We don't want to have anything to add other than the fact that we have been doing research on cold wallets and this thread has been very useful.

We've documented a few of the ideas for our own use. Thanks kindly everyone.

You're welcome, I wasn't able to find much technical information before I started this one. and I have another question: I was thinking about adding an encryption layer to my backups. what program would you guys recommend me to use? VeraCrypt is one of the more popular programs but I'm not sure if it's the best for this use. I just wanna encrypt the folder I store the private key and a few more files in.

bitdumper

sr. member

Activity: 266

Merit: 250

One world One currency, Bitcoin.

I have seen many of the bitcoin core wallet users complaining about their wallets that they are getting hard times with their laptop. They need to acess the wallet like a bank account but it is more capable of it

BeginnerCoin

member

Activity: 70

Merit: 10

We don't want to have anything to add other than the fact that we have been doing research on cold wallets and this thread has been very useful.

We've documented a few of the ideas for our own use. Thanks kindly everyone.

Shockaftermoon

full member

Activity: 224

Merit: 100

beatcoin team leader

Quote from: BitcoinNewsMagazine on August 22, 2016, 10:40:32 AM

Why not just buy a Ledger Nano S for $65 do you dislike hardware wallets for some reason?

seems like easy/cheap opion.my choice at fact

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Quote from: YIz on August 22, 2016, 09:55:50 AM

I don't really trust paper to keep the private key readable for years.

You do know, well taken cared of books are hundreds of years old. Take care of your "declaration of independence" from banks, and it too, will last hundreds of years.

mjor200

newbie

Activity: 9

Merit: 0

Another safe way to track if you have a malware is to have a lot of sloppy wallets with few cents in them.Add these wallets to your blockchain.info wallet as watch only.Keep monitoring them and if the balance changes in any of them you will know that someone is snoppy around your system looking for bitcoins.

ranochigo

legendary

Activity: 2954

Merit: 4158

Quote from: YIz on August 24, 2016, 03:48:07 PM

Quote from: achow101 on August 24, 2016, 03:07:42 PM

Quote from: YIz on August 24, 2016, 02:20:08 PM

Okay so I have installed Windows 10 from a USB drive and then Bitcoin Core 0.13.0 from bitcoin.org after verifying the digital signature. Backed up the wallet.dat and the private key I extracted using dumpprivkey on several external USB hard drives. I think this setup should be relatively safe, because the private key has never touched the internet.

One of the issues I'm experiencing is the WiFi driver getting automatically installed after I uninstall it using the device manager, so I just disabled it for now. I hope it's good enough.

Do you guys have any additional advice? and how should I spend the bitcoins when the time comes? import them to an online wallet such as blockchain.info or simply sync the blockchain with bitcoin core?

Thanks for all the answers.

I recommend that you don't use any online wallets, regardless. If you don't want to wait for the blockchain to download, then use an SPV wallet like Electrum.

Okay I will not use blockchain for spending the bitcoins then. is Electrum really that much more secure than it?

Electrum, as with most or all SPV wallets can compromise privacy since it leaks the addresses to the nodes the client connects to. Electrum is safer than Blockchain.info simply because Blockchain.info transfers the private key to their server and Electrum does not. You can use Electrum/Bitcoin Core offline by crafting an unsigned transaction, transfer it to the wallet to sign and broadcast it to the network

As a mentioned above, you can sign the transaction on the offline computer before broadcasting it. For Bitcoin Core, the steps are of below:

Quote

1. Go to coinb.in and go to New>Transaction, input all the relevant information. Make sure you include an additional address/your origin address in your wallet to send the change to. Otherwise, the rest of the coins that are unspent will be used as fees.
2. An unsigned hex transaction will be generated, go to Help>Debug Window> Console and use "decoderawtransaction [insert unsigned TX here] to inspect if everything checks out.
3. Next, use "signrawtransaction [unsigned TX here]" to sign it. You can then copy the signed TX and go to coinb.in/#broadcast to broadcast it.

Isn't the most perfect way but I found this the most userfriendly.
For Electrum, look at this: http://docs.electrum.org/en/latest/coldstorage.html.

YIz

hero member

Activity: 686

Merit: 502

Quote from: achow101 on August 24, 2016, 03:07:42 PM

Quote from: YIz on August 24, 2016, 02:20:08 PM

Okay so I have installed Windows 10 from a USB drive and then Bitcoin Core 0.13.0 from bitcoin.org after verifying the digital signature. Backed up the wallet.dat and the private key I extracted using dumpprivkey on several external USB hard drives. I think this setup should be relatively safe, because the private key has never touched the internet.

One of the issues I'm experiencing is the WiFi driver getting automatically installed after I uninstall it using the device manager, so I just disabled it for now. I hope it's good enough.

Do you guys have any additional advice? and how should I spend the bitcoins when the time comes? import them to an online wallet such as blockchain.info or simply sync the blockchain with bitcoin core?

Thanks for all the answers.

I recommend that you don't use any online wallets, regardless. If you don't want to wait for the blockchain to download, then use an SPV wallet like Electrum.

Okay I will not use blockchain for spending the bitcoins then. is Electrum really that much more secure than it?

achow101

staff

Activity: 3374

Merit: 6530

Just writing some code

Quote from: YIz on August 24, 2016, 02:20:08 PM

Okay so I have installed Windows 10 from a USB drive and then Bitcoin Core 0.13.0 from bitcoin.org after verifying the digital signature. Backed up the wallet.dat and the private key I extracted using dumpprivkey on several external USB hard drives. I think this setup should be relatively safe, because the private key has never touched the internet.

One of the issues I'm experiencing is the WiFi driver getting automatically installed after I uninstall it using the device manager, so I just disabled it for now. I hope it's good enough.

Do you guys have any additional advice? and how should I spend the bitcoins when the time comes? import them to an online wallet such as blockchain.info or simply sync the blockchain with bitcoin core?

Thanks for all the answers.

I recommend that you don't use any online wallets, regardless. If you don't want to wait for the blockchain to download, then use an SPV wallet like Electrum.

YIz

hero member

Activity: 686

Merit: 502

Okay so I have installed Windows 10 from a USB drive and then Bitcoin Core 0.13.0 from bitcoin.org after verifying the digital signature. Backed up the wallet.dat and the private key I extracted using dumpprivkey on several external USB hard drives. I think this setup should be relatively safe, because the private key has never touched the internet.

One of the issues I'm experiencing is the WiFi driver getting automatically installed after I uninstall it using the device manager, so I just disabled it for now. I hope it's good enough.

Do you guys have any additional advice? and how should I spend the bitcoins when the time comes? import them to an online wallet such as blockchain.info or simply sync the blockchain with bitcoin core?

Thanks for all the answers.

DuddlyDoRight

sr. member

Activity: 318

Merit: 260

Quote from: reb0rn21 on August 23, 2016, 01:07:47 PM

Don`t go why go so far in speculating, just get the original Microsoft ISO you can check with hash is it valid and not home cooked
Before you install do a fast zero mbr wipe if you think something could be hidden on HDD mbr sector, install it boot some valid wallet, I like electum because I get seed wards at creation which are easy to backup at the papers and no way anyone can sniff it

It's not just MBR it can be VBR or wininit.exe or another early PID or even driver or kernel patch after registry entry-points..

Use something like DeepFreeze that restores volume on boot and cryptographic checks the shadow copy before loading it. Or just use Tails live like I do and only use public key on that potentially hostile Windows box or volume.

Ubuntu or Fedora or another live distro would work too. Tails isn't any more protected from remote attacks.

ranochigo

legendary

Activity: 2954

Merit: 4158

Quote from: pebwindkraft on August 23, 2016, 10:33:16 AM

I meant to understand from the forum, that using multisig helps to increase security.
It adds a layer of complexity, but reduces the risk, if your private keys are partially compromised, that bitcoins can be stolen easily.
So one could even think of having one set of keys in an online wallet, the others offline, and both must sign a trx (or 2 out of 3; and so on...).
Huh

Multisig itself does not guarantee security. The addresses that is used to generate the multisig address must be kept separate from each other, preferably in separate offline computers. The signing of the transaction must not be done on one system and must be done on separate offline systems. It is quite a hassle however and I feel that using a paper wallet would suffice.

reb0rn21

legendary

Activity: 1898

Merit: 1024

Don`t go why go so far in speculating, just get the original Microsoft ISO you can check with hash is it valid and not home cooked
Before you install do a fast zero mbr wipe if you think something could be hidden on HDD mbr sector, install it boot some valid wallet, I like electum because I get seed wards at creation which are easy to backup at the papers and no way anyone can sniff it

DuddlyDoRight

sr. member

Activity: 318

Merit: 260

I keep my PK on an encrypted thumb drive and run Electrum on an air-gapped computer with lots of security and no NIC or audio.

Cold storage isn't hard to do for any type of person it's just isolating the private-key. It'd take a firmware or EMR level attack on my USB drive to compromise my policy and malware developers are too lazy and government don't care about my relative chump-change..

If you want to not have the hassle in a mobile environment watch out for a solution that uses Android or IOS hardware-isolated key services for multi-sig or even PK storage. With this you can use a system almost as secure the same way you do with standard key-storage.

pebwindkraft

sr. member

Activity: 257

Merit: 343

I meant to understand from the forum, that using multisig helps to increase security.
It adds a layer of complexity, but reduces the risk, if your private keys are partially compromised, that bitcoins can be stolen easily.
So one could even think of having one set of keys in an online wallet, the others offline, and both must sign a trx (or 2 out of 3; and so on...).
Huh

CIYAM

legendary

Activity: 1890

Merit: 1072

Ian Knowles - CIYAM Lead Developer

Quote from: YIz on August 22, 2016, 10:43:13 AM

...maybe someone else may be able to continue this using your github contribution.

For sure - it wouldn't be a huge amount of work to do some GUI (Linux has some easy stuff for doing forms that actually works in the console).

You need to understand that I didn't create this project in order to make any money (so it had zero publicity and backing).

I created what I did in order to securely store a lot of Bitcoin back in 2013 and for that purpose it has worked flawlessly.

Of course after Segwit is released then maybe it will need to be revised to use the new forms of raw transactions required for that.

YIz

hero member

Activity: 686

Merit: 502

Quote from: CIYAM on August 22, 2016, 10:28:14 AM

Quote from: YIz on August 22, 2016, 10:24:47 AM

Quote from: CIYAM on August 22, 2016, 10:13:25 AM

It uses a custom SUSE distro and although it does come with documentation it is "console stuff" (I never had the time nor the interest from others to bother with creating a nicer UI sorry).

I would really like to see something like that with a new UI for newbies. I am pretty sure the community will be able to support you and create an alternative for bitcoin hardware wallets that can be installed on any machine.

The "community" has not been interested in doing this since I created it (years ago) but in any case the software is there and is open source (the scripts and other software used are on github).

https://github.com/ciyam/safe

I guess most people prefer to use exchanges as a wallet (yeah, that's ridiculous) and the "safe" way for keeping the bitcoins in their eyes would be blockchain.info.
For the more paranoid, careful, and people who hold large amounts, I am sure an OS like this one will be helpful. Trezors are not widely available worldwide, and cost an extra while you might have an old laptop capable of doing the same. I'll start a topic in the bitcoin discussion and ask if there is any demand of something like this. will you be able to add a UI? if you don't have the time maybe someone else may be able to continue this using your github contribution.

Topic: Setting up a cold storage for bitcoins (Read 3702 times)