Topic: Setting up a cold storage for bitcoins - page 2. (Read 3723 times)

Why not just buy a Ledger Nano S for $65 do you dislike hardware wallets for some reason?

The "community" has not been interested in doing this since I created it (years ago) but in any case the software is there and is open source (the scripts and other software used are on github).

https://github.com/ciyam/safe

Thank you for reviewing my method, can you please add some steps to my method to ensure safe generation and storage of the private key? I am thinking about never letting the computer connect to the internet again, and uninstalling the WiFi and ethernet drivers completely. but that still doesn't eliminate the risk of the malware in the hard drive, and the key could be stolen once I use it to withdraw the bitcoins.


I would really like to see something like that with a new UI for newbies. I am pretty sure the community will be able to support you and create an alternative for bitcoin hardware wallets that can be installed on any machine.

It uses a custom SUSE distro and although it does come with documentation it is "console stuff" (I never had the time nor the interest from others to bother with creating a nicer UI sorry).

This really comes down to just how paranoid you are and how sure you want to be that the addresses generated are completely secure.

More importantly, it would be possible that some undiscovered malware got onto your laptop while it was connected to the internet that can influence the choices that Bitcoin Core makes when generating private keys and addresses.  In other words, the malware wouldn't need to transmit the data while offline, it would just need to trick your Bitcoin Core into choosing private keys with an algorithm that the attacker can reproduce on their own system.  Your keys would look completely random to you, and until the attacker empties your wallet, you'd never know.

Are you likely to have such hidden malware running on your computer?  No. But if you really, really want to be safe, then this is an attack vector to be aware of.

No.  It isn't necessary to connect to the internet to run Bitcoin Core.

Correct, it is possible that these external hard drives have malware on them (perhaps even installed in their firmware).  Again, this is unlikely (especially if you purchase brand new hard drives and never connect them to any other computer), but it is an attack vector to be aware of.

There are a variety of different forms of formatting of hard drives.  Some of them leave all the data on the drive and simply remove the indexes that indicate where that data is stored.  Even if the original data is all overwritten with new values, it can sometimes be possible to retrieve data from the slight weak data signals that may remain.

US Department of Defense in the clearing and sanitizing standard DoD 5220.22-M recommends the approach "Overwrite all addressable locations with a character, its complement, then a random character and verify"

It's relatively safe. There are additional steps you can take to increase the security, but doing as you've stated isn't a horrible method.

I really like the idea of rolling dice or shuffling cards.  Then I don't need to rely on a computer program generating a random enough private key.  There are a variety of tools that will convert a private key to a bitcoin address, and most of them are simple enough for an amateur programmer to confirm that they aren't doing anything malicious.

If you know how (or are willing to learn how) to convert a private key to Wallet Import Format (WIF), then you can even use Bitcoin Core to calculate the address from the value acquired from the dice or cards.

In the "Console" found under the "Debug Window" in the "Help" menu, you can run:

Replacing 1YourBitcoinAddressHere with the actual bitcoin address for which you want the private key.

What software are you recommending for creating the paper wallet?
Have you considered the fact that a networked printer can be hacked and the data sent to it to be printed can be captured?
How well reviewed is the software you are recommending?
Wouldn't you need a computer to run the paper wallet generating software?
If so, wouldn't that software and computer be subject to all the same risks as running Bitcoin Core?

Much like the OP proposed method, a paper wallet created with bitaddress.org running on an offline computer is probably pretty secure, but there are attack vectors to be aware of, and steps can be taken to increase the security.

Use a completely new device that has never been online and never will be online. You could use something cheap like a Raspberry Pi.

Thank you very much for replying.
I have little to no experience with linux systems but centOS, would it be difficult for me to use this OS? and I really liked the idea of using QR codes.

I put together this years ago: https://susestudio.com/a/kp8B3G/ciyam-safe

It is an OS image that doesn't even have internet capabilities (your keys are safely kept on the offline computer and txs are done using QR codes so that you don't even need to have any "wire" attached to your offline computer apart from its power).

You can backup your encrypted private keys via QR codes also (it uses GPG to do the encryption of those).

The system has been used to safely look after well over 500 BTC since 2011.

Thanks for responding.

I don't really trust paper to keep the private key readable for years. that's why I prefer backing the file up on multiple drives.
So how can I possibly eliminate the risk of a malware copying the private key and waiting for it to go online?

The laptop would have been connected to the internet at some point. It is possible that you could have received a malware on to your laptop which can transmit data even when offline (yes such malware exists, it does some crazy stuff).

So you would still have to run Bitcoin Core and connect to the internet?

It is possible that, since your computer was online, malware could be on your computer and then that malware writes itself onto your hard drives waiting for them to be plugged into a computer.

When you format, make sure you overwrite with 0's.

It would be safer to use a paper wallet.

I was thinking of setting up a single cold storage instead of all my wallets, and I wanted to ask for some technical advice:

This is the plan I have:

1) Disconnecting my laptop entirely from the internet, then installing Bitcoin Core from a USB drive.
2) Running Bitcoin Core and backing up the wallet.dat file on a few external hard drives.
3) Disconnecting all the drivers and formatting the computer when the process is done

I was wondering if there are any flaws in my method? Any way my private key touches the internet?

And is there a safer way of generating a wallet than Bitcoin Core? I was thinking about running a third party up when the computer is offline. and how do I extract the plaintext privkey from the wallet.dat file?
There are gonna be thousands in there before I even think about withdrawing, so it's gonna be deposit-only for a couple of months, maybe years.

And I can't really get hold of a hardware wallet locally, I'd love to, but they're not available anywhere.

Thanks in advance.