Pages:
Author

Topic: Setting up a cold storage for bitcoins (Read 3723 times)

staff
Activity: 3458
Merit: 6793
Just writing some code
September 04, 2016, 08:17:22 AM
#31
So how can I possibly eliminate the risk of a malware copying the private key and waiting for it to go online?
Use a completely new device that has never been online and never will be online. You could use something cheap like a Raspberry Pi.

What are the  features of Raspberry pi and how does it help us?
It's cheap, fairly easy to setup, and runs linux. Since it has no wireless networking capabilities built in, it is difficult to remotely hack.
hero member
Activity: 1218
Merit: 557
September 04, 2016, 06:02:08 AM
#30
So how can I possibly eliminate the risk of a malware copying the private key and waiting for it to go online?
Use a completely new device that has never been online and never will be online. You could use something cheap like a Raspberry Pi.

What are the  features of Raspberry pi and how does it help us?
X7
legendary
Activity: 1162
Merit: 1009
Let he who is without sin cast the first stone
September 03, 2016, 08:57:00 PM
#29
I was thinking of setting up a single cold storage instead of all my wallets, and I wanted to ask for some technical advice:

This is the plan I have:

1) Disconnecting my laptop entirely from the internet, then installing Bitcoin Core from a USB drive.
2) Running Bitcoin Core and backing up the wallet.dat file on a few external hard drives.
3) Disconnecting all the drivers and formatting the computer when the process is done

I was wondering if there are any flaws in my method? Any way my private key touches the internet?

And is there a safer way of generating a wallet than Bitcoin Core? I was thinking about running a third party up when the computer is offline. and how do I extract the plaintext privkey from the wallet.dat file?
There are gonna be thousands in there before I even think about withdrawing, so it's gonna be deposit-only for a couple of months, maybe years.

And I can't really get hold of a hardware wallet locally, I'd love to, but they're not available anywhere.

Thanks in advance.

Why go through this process? The USB could be infected, even if you are online it does not guarantee that the PC has malware which will compromise you once you're back online.

Just get a hardware wallet if you have any decent amount of holdings - even .5 BTC is worth $300 USD which justifies the hardware in the first place
YIz
hero member
Activity: 686
Merit: 502
September 03, 2016, 07:46:38 AM
#28
We don't want to have anything to add other than the fact that we have been doing research on cold wallets and this thread has been very useful.

We've documented a few of the ideas for our own use. Thanks kindly everyone.

You're welcome, I wasn't able to find much technical information before I started this one. and I have another question: I was thinking about adding an encryption layer to my backups. what program would you guys recommend me to use? VeraCrypt is one of the more popular programs but I'm not sure if it's the best for this use. I just wanna encrypt the folder I store the private key and a few more files in.
sr. member
Activity: 266
Merit: 250
One world One currency, Bitcoin.
September 02, 2016, 01:32:45 PM
#27
I have seen many of the bitcoin core wallet users complaining about their wallets that they are getting hard times with their laptop. They need to acess the wallet like a bank account but it is more capable of it
member
Activity: 70
Merit: 10
September 01, 2016, 10:48:20 PM
#26
We don't want to have anything to add other than the fact that we have been doing research on cold wallets and this thread has been very useful.

We've documented a few of the ideas for our own use. Thanks kindly everyone.
full member
Activity: 224
Merit: 100
beatcoin team leader
August 28, 2016, 07:23:42 AM
#25
Why not just buy a Ledger Nano S for $65 do you dislike hardware wallets for some reason?
seems like easy/cheap opion.my choice at fact
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
August 27, 2016, 02:35:32 PM
#24
I don't really trust paper to keep the private key readable for years.

You do know, well taken cared of books are hundreds of years old. Take care of your "declaration of independence" from banks, and it too, will last hundreds of years.
newbie
Activity: 9
Merit: 0
August 27, 2016, 01:58:17 AM
#23
Another safe way to track if you have a malware is to have a lot of sloppy wallets with few cents in them.Add these wallets to your blockchain.info wallet as watch only.Keep monitoring them and if the balance changes in any of them you will know that someone is snoppy around your system looking for bitcoins.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
August 25, 2016, 08:42:14 AM
#22
Okay so I have installed Windows 10 from a USB drive and then Bitcoin Core 0.13.0 from bitcoin.org after verifying the digital signature. Backed up the wallet.dat and the private key I extracted using dumpprivkey on several external USB hard drives. I think this setup should be relatively safe, because the private key has never touched the internet.

One of the issues I'm experiencing is the WiFi driver getting automatically installed after I uninstall it using the device manager, so I just disabled it for now. I hope it's good enough.

Do you guys have any additional advice? and how should I spend the bitcoins when the time comes? import them to an online wallet such as blockchain.info or simply sync the blockchain with bitcoin core?

Thanks for all the answers.
I recommend that you don't use any online wallets, regardless. If you don't want to wait for the blockchain to download, then use an SPV wallet like Electrum.

Okay I will not use blockchain for spending the bitcoins then. is Electrum really that much more secure than it?
Electrum, as with most or all SPV wallets can compromise privacy since it leaks the addresses to the nodes the client connects to. Electrum is safer than Blockchain.info simply because Blockchain.info transfers the private key to their server and Electrum does not. You can use Electrum/Bitcoin Core offline by crafting an unsigned transaction, transfer it to the wallet to sign and broadcast it to the network


As a mentioned above, you can sign the transaction on the offline computer before broadcasting it. For Bitcoin Core, the steps are of below:
Quote
1. Go to coinb.in and go to New>Transaction, input all the relevant information. Make sure you include an additional address/your origin address in your wallet to send the change to. Otherwise, the rest of the coins that are unspent will be used as fees.
2. An unsigned hex transaction will be generated, go to Help>Debug Window> Console and use "decoderawtransaction [insert unsigned TX here] to inspect if everything checks out.
3. Next, use "signrawtransaction [unsigned TX here]" to sign it. You can then copy the signed TX and go to coinb.in/#broadcast to broadcast it.
Isn't the most perfect way but I found this the most userfriendly.
For Electrum, look at this: http://docs.electrum.org/en/latest/coldstorage.html.
YIz
hero member
Activity: 686
Merit: 502
August 24, 2016, 02:48:07 PM
#21
Okay so I have installed Windows 10 from a USB drive and then Bitcoin Core 0.13.0 from bitcoin.org after verifying the digital signature. Backed up the wallet.dat and the private key I extracted using dumpprivkey on several external USB hard drives. I think this setup should be relatively safe, because the private key has never touched the internet.

One of the issues I'm experiencing is the WiFi driver getting automatically installed after I uninstall it using the device manager, so I just disabled it for now. I hope it's good enough.

Do you guys have any additional advice? and how should I spend the bitcoins when the time comes? import them to an online wallet such as blockchain.info or simply sync the blockchain with bitcoin core?

Thanks for all the answers.
I recommend that you don't use any online wallets, regardless. If you don't want to wait for the blockchain to download, then use an SPV wallet like Electrum.

Okay I will not use blockchain for spending the bitcoins then. is Electrum really that much more secure than it?
staff
Activity: 3458
Merit: 6793
Just writing some code
August 24, 2016, 02:07:42 PM
#20
Okay so I have installed Windows 10 from a USB drive and then Bitcoin Core 0.13.0 from bitcoin.org after verifying the digital signature. Backed up the wallet.dat and the private key I extracted using dumpprivkey on several external USB hard drives. I think this setup should be relatively safe, because the private key has never touched the internet.

One of the issues I'm experiencing is the WiFi driver getting automatically installed after I uninstall it using the device manager, so I just disabled it for now. I hope it's good enough.

Do you guys have any additional advice? and how should I spend the bitcoins when the time comes? import them to an online wallet such as blockchain.info or simply sync the blockchain with bitcoin core?

Thanks for all the answers.
I recommend that you don't use any online wallets, regardless. If you don't want to wait for the blockchain to download, then use an SPV wallet like Electrum.
YIz
hero member
Activity: 686
Merit: 502
August 24, 2016, 01:20:08 PM
#19
Okay so I have installed Windows 10 from a USB drive and then Bitcoin Core 0.13.0 from bitcoin.org after verifying the digital signature. Backed up the wallet.dat and the private key I extracted using dumpprivkey on several external USB hard drives. I think this setup should be relatively safe, because the private key has never touched the internet.

One of the issues I'm experiencing is the WiFi driver getting automatically installed after I uninstall it using the device manager, so I just disabled it for now. I hope it's good enough.

Do you guys have any additional advice? and how should I spend the bitcoins when the time comes? import them to an online wallet such as blockchain.info or simply sync the blockchain with bitcoin core?

Thanks for all the answers.
sr. member
Activity: 318
Merit: 260
August 24, 2016, 10:52:41 AM
#18
Don`t go why go so far in speculating, just get the original Microsoft ISO you can check with hash is it valid and not home cooked
Before you install do a fast zero mbr wipe if you think something could be hidden on HDD mbr sector, install it boot some valid wallet, I like electum because I get seed wards at creation which are easy to backup at the papers and no way anyone can sniff it

It's not just MBR it can be VBR or wininit.exe or another early PID or even driver or kernel patch after registry entry-points..

Use something like DeepFreeze that restores volume on boot and cryptographic checks the shadow copy before loading it. Or just use Tails live like I do and only use public key on that potentially hostile Windows box or volume.

Ubuntu or Fedora or another live distro would work too. Tails isn't any more protected from remote attacks.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
August 24, 2016, 09:58:46 AM
#17
I meant to understand from the forum, that using multisig helps to increase security.
It adds a layer of complexity, but reduces the risk, if your private keys are partially compromised, that bitcoins can be stolen easily.
So one could even think of having one set of keys in an online wallet, the others offline, and both must sign a trx (or 2 out of 3; and so on...).
 Huh
Multisig itself does not guarantee security. The addresses that is used to generate the multisig address must be kept separate from each other, preferably in separate offline computers. The signing of the transaction must not be done on one system and must be done on separate offline systems. It is quite a hassle however and I feel that using a paper wallet would suffice.
legendary
Activity: 1901
Merit: 1024
August 23, 2016, 12:07:47 PM
#16
Don`t go why go so far in speculating, just get the original Microsoft ISO you can check with hash is it valid and not home cooked
Before you install do a fast zero mbr wipe if you think something could be hidden on HDD mbr sector, install it boot some valid wallet, I like electum because I get seed wards at creation which are easy to backup at the papers and no way anyone can sniff it
sr. member
Activity: 318
Merit: 260
August 23, 2016, 11:52:10 AM
#15
I keep my PK on an encrypted thumb drive and run Electrum on an air-gapped computer with lots of security and no NIC or audio.

Cold storage isn't hard to do for any type of person it's just isolating the private-key. It'd take a firmware or EMR level attack on my USB drive to compromise my policy and malware developers are too lazy and government don't care about my relative chump-change..

If you want to not have the hassle in a mobile environment watch out for a solution that uses Android or IOS hardware-isolated key services for multi-sig or even PK storage. With this you can use a system almost as secure the same way you do with standard key-storage.
sr. member
Activity: 257
Merit: 343
August 23, 2016, 09:33:16 AM
#14
I meant to understand from the forum, that using multisig helps to increase security.
It adds a layer of complexity, but reduces the risk, if your private keys are partially compromised, that bitcoins can be stolen easily.
So one could even think of having one set of keys in an online wallet, the others offline, and both must sign a trx (or 2 out of 3; and so on...).
 Huh
legendary
Activity: 1890
Merit: 1086
Ian Knowles - CIYAM Lead Developer
August 22, 2016, 09:54:56 AM
#13
...maybe someone else may be able to continue this using your github contribution.

For sure - it wouldn't be a huge amount of work to do some GUI (Linux has some easy stuff for doing forms that actually works in the console).

You need to understand that I didn't create this project in order to make any money (so it had zero publicity and backing).

I created what I did in order to securely store a lot of Bitcoin back in 2013 and for that purpose it has worked flawlessly.

Of course after Segwit is released then maybe it will need to be revised to use the new forms of raw transactions required for that.
YIz
hero member
Activity: 686
Merit: 502
August 22, 2016, 09:43:13 AM
#12
It uses a custom SUSE distro and although it does come with documentation it is "console stuff" (I never had the time nor the interest from others to bother with creating a nicer UI sorry).

I would really like to see something like that with a new UI for newbies. I am pretty sure the community will be able to support you and create an alternative for bitcoin hardware wallets that can be installed on any machine.

The "community" has not been interested in doing this since I created it (years ago) but in any case the software is there and is open source (the scripts and other software used are on github).

https://github.com/ciyam/safe


I guess most people prefer to use exchanges as a wallet (yeah, that's ridiculous) and the "safe" way for keeping the bitcoins in their eyes would be blockchain.info.
For the more paranoid, careful, and people who hold large amounts, I am sure an OS like this one will be helpful. Trezors are not widely available worldwide, and cost an extra while you might have an old laptop capable of doing the same. I'll start a topic in the bitcoin discussion and ask if there is any demand of something like this. will you be able to add a UI? if you don't have the time maybe someone else may be able to continue this using your github contribution.
Pages:
Jump to: