Pages:
Author

Topic: Storing BTC/LTC long term in safe deposit box (Read 3649 times)

hero member
Activity: 675
Merit: 507
Freedom to choose
I have a question regarding creating a public address offline, using bitcoin qt and or vanitygen.

How does bitcoin qt and or vanitygen know the public address you created isnt already in use if created offline? And if it is by transferring coins to that in use address you would basically be giving your coins to someone else by mistake.. or cause an anomaly of two of the same addresses in the blockchain.

Math.

This math is above my head, can you please explain?

People have a hard time with big numbers.  Bitcoin addresses are 160 bit hashes, meaning that there are 2160 or 1461501637330902918203684832716283019655932542976 possible addresses.  Your chance of finding a private key that generates a public key that hashes to the address in my signature is about 1 in 1461501637330902918203684832716283019655932542976.

If you don't care about matching an exact key, but just any other key, the birthday problem says that you need a lot fewer attempts.  The approximate number is sqrt(2*H*ln(1/(1-p))) where H is the number of possible addresses and p is the probability you are willing to live with.

If you are willing to take a 1% probability, then you need to try roughly 171464281994822466873809 different keys.  That number is 24 digits long, or a bit over 277.  For comparison, at block # 227663, the amount of work embedded in the hash chain was 899359750187287492752, which is a bit less than 270.

So, if you had the enough computing power to do in one year what the entire global bitcoin network did in 4+ years, it would take you about 27=128 years to have a 1% chance to find a single address collision.  And the odds are really good that you'd find one of your own addresses a second time, not one with money in it.

I'm not checking my numbers very carefully, so I might be somewhat off along the way, but even if I'm off by a lot, you still don't need to worry about it.

thank you for taking the time to type all that out kjj. for anyone else reference i found a good reddit page that explains it well.

http://www.reddit.com/r/Bitcoin/comments/15t8xx/explain_offline_paper_wallets_like_im_five/
kjj
legendary
Activity: 1302
Merit: 1026
I have a question regarding creating a public address offline, using bitcoin qt and or vanitygen.

How does bitcoin qt and or vanitygen know the public address you created isnt already in use if created offline? And if it is by transferring coins to that in use address you would basically be giving your coins to someone else by mistake.. or cause an anomaly of two of the same addresses in the blockchain.

Math.

This math is above my head, can you please explain?

People have a hard time with big numbers.  Bitcoin addresses are 160 bit hashes, meaning that there are 2160 or 1461501637330902918203684832716283019655932542976 possible addresses.  Your chance of finding a private key that generates a public key that hashes to the address in my signature is about 1 in 1461501637330902918203684832716283019655932542976.

If you don't care about matching an exact key, but just any other key, the birthday problem says that you need a lot fewer attempts.  The approximate number is sqrt(2*H*ln(1/(1-p))) where H is the number of possible addresses and p is the probability you are willing to live with.

If you are willing to take a 1% probability, then you need to try roughly 171464281994822466873809 different keys.  That number is 24 digits long, or a bit over 277.  For comparison, at block # 227663, the amount of work embedded in the hash chain was 899359750187287492752, which is a bit less than 270.

So, if you had the enough computing power to do in one year what the entire global bitcoin network did in 4+ years, it would take you about 27=128 years to have a 1% chance to find a single address collision.  And the odds are really good that you'd find one of your own addresses a second time, not one with money in it.

I'm not checking my numbers very carefully, so I might be somewhat off along the way, but even if I'm off by a lot, you still don't need to worry about it.
hero member
Activity: 675
Merit: 507
Freedom to choose
I have a question regarding creating a public address offline, using bitcoin qt and or vanitygen.

How does bitcoin qt and or vanitygen know the public address you created isnt already in use if created offline? And if it is by transferring coins to that in use address you would basically be giving your coins to someone else by mistake.. or cause an anomaly of two of the same addresses in the blockchain.

Math.

This math is above my head, can you please explain?
legendary
Activity: 4760
Merit: 1283

I'm curious why you think its no longer likely that BTC values will continue to explode, and where you think they might stabilize?
It seems to me that unless a competitor emerges it will likely continue to gain massive amounts of market share, as it is still relatively tiny and even tinier when you consider that most bitcoins never get traded, they are just held, like gold. Also we've only scratched the surface with the first few dozen(?ish?) businesses accepting bitcoin. If its viable its acceptance as currency will almost certainly go up by a factor of 100x or more. I'd think that would cause its value to continue to increase dramatically until it begins to approach market saturation, which I would conservatively guess would be around 30-50% of all online businesses.


I never did think it likely that BTC would explode.  Even as I pumped in 5 figures of USD I always expected it most likely that I would realize a total loss.  To me it was always a long-shot speculation, but one with a potentially massive pay-out.  Because of my mindset it has been easy to not sell even when I'm up 10x.  I actually recently cashed out a fraction because a counterparty was interested and I had confidence that he thoroughly understood the risks and could absorb the loss.  Now I'm even more relaxed about it Smiley

That said, I have more confidence in the potential for Bitcoin to 'explode' now than I ever have in the past.  It's a bit of an odd thing for me because I have 'enthusiast' and 'political' interests in Bitcoin as well as purely speculative ones, and Bitcoin will make me more rich if it evolves in the opposite direction than I would like to see for philosophical reasons.

There are, in my opinion, a fair number of potential failure modes.  Including:

 - We saw in the recent fork episode that the solution remains quite untested on the margins that we are approaching.  I expect we'll see more of this sort of thing.

 - I believe that a concerted effort by corp/gov to limit the solution could be more effective than a lot of people think.

 - Unlike gold which has few plausible and zero realistic replacements, one guy tweaking the code for an evening can produce something which is in some ways superior.  I don't rule out the possibility that one such solution could 'take', or that there would be a bifurcation which would sap value from Bitcoin proper.

On the plus side, the Bitcoin system is actually pretty simple and (therefor) pretty robust at this point.  The block chain even more so.  Many potential fixes or replacements could make use of the block chain making ownership of secret keys which control value within the chain potentially valuable even under a collapse scenario of Bitcoin itself.

Max Kieser's assertion that even just a 1% FOREX market share would lead to $100,000 per bitcoin seems pretty incredible. However, 1% of the global currency market actually seems kind of low for a viable online anonymous currency. 

I hope he is right, and believe it very possible that he is.  I don't believe he is anyone's fool, and I do believe that he has a pretty good grasp of economics, markets, power politics, and of the technical aspects of virtual-foo.

My guess is that in 5-10 years bitcoin will be worth well over $1,000 per bitcoin and continue to go up from there. I'd be very interested to hear what others here think will happen.

I've always felt that if Bitcoin does much of anything it will do a lot.  Probably more and faster than you are stating.  The value it has is somewhat proportional to sum of the global economic activity (which is gigantic), and it is very powerful in terms of the straight-up capabilities that it has.

Along these lines, I've also theorized that the success of Bitcoin will probably end up being associated with the failure of other alternatives as much as anything.

legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
I think human readable text is the only safe and secure long-term storage method.  Whether carved onto stone tables and stored in a pyramid, written with pencil on non-acidic paper, embossed on good old-fashioned Dymo label-maker tape, or etched on corrosion-resistant metal.

This.

You can add, etched on plastic, sequenced on letter beads, embroidered on cloth.
newbie
Activity: 53
Merit: 0
First, I would recommend you avoid any computer media.  Even the US Census Bureau lost a significant portion of the 1960 census before it was 20 years old due to magnetic tape bitrot.  How many 5.25" floppy disk drives do you see these days?  How about 3.5"/5.25" magneto-optical cartridge drives, which were claimed to have an immense shelf-life?  Any TRS-80 cassette tape drives, anyone?

I think human readable text is the only safe and secure long-term storage method.  Whether carved onto stone tables and stored in a pyramid, written with pencil on non-acidic paper, embossed on good old-fashioned Dymo label-maker tape, or etched on corrosion-resistant metal.

DId anybody mention secret-sharing?  (See http://en.wikipedia.org/wiki/Secret_sharing)  This is a method by which you need k of n shares to extract the secret.  Knowing k-1 shares of the secret tells you nothing about the secret.  Knowing any k shares discloses the entire secret.  The mathematics is relatively simple, and the math will still exist in 100 years.  Sample programs exist now (and should be easy to reconstruct in the future) that accept a text secret string (a BTC private key, for example), and output n text strings containing the secrets.

So, split a private key into (say) 15 of 40 shares.  Give 1 share to each of your best friends.  Give a couple shares to each of your close family members.  Give a few to your lawyer.  Keep at least 15 for yourself.  Put a few in the safe deposit box.  Put a few under your mattress.  Ask everybody to keep them safe for you (or your heirs, if you die).  You also want to generate more secrets than you actually use.  [Burn the excess.  Nobody but you should know how many secrets are out there to be found.]

You want to always have at least 15 shares available to you, even if your house burns down or your bank safety deposit boxes are robbed.  If you have more than one circle of friends, spread the secrets around.  You might want to avoid a conspiracy where 15 shares held by former "friends" can rob you.  If you think your government may serve a search warrant and take every last piece of paper from your office, your home, your car, and the vaults of all of your banks, we hope they will only get 14 shares.  Now is the time you hope some of your friends can find those secrets you gave them 10 years ago and you hope you can remember where are those secrets you buried in the wilderness in 7 different states.  [Are you paranoid?]

If you think Bitcoin will continue to rise in value long into the future, there's other fun stuff you can do with a virtual currency.  Ever hear of the bottle of scotch shared by a group of close friends.  When the next-to-last person dies, the sole remaining survivor gathers his new friends and makes a toast to his old buddies.  For Bitcoin, let all five (or whatever) friends deposit some bitcoin into a "treasure chest".  Split the private key into 5 of 5 shares.  Each person bequeaths a copy of their secret share to their other four buddies.  Only when the last surviving buddy gets all four preceding bequests and combines it with his own secret can he open the treasure chest to retrieve the bitcoins that have been there for the last 60 years.  Or maybe the last two buddies want to get together to share the contents of the treasure chest while they are still young, so to speak.
kjj
legendary
Activity: 1302
Merit: 1026
I have a question regarding creating a public address offline, using bitcoin qt and or vanitygen.

How does bitcoin qt and or vanitygen know the public address you created isnt already in use if created offline? And if it is by transferring coins to that in use address you would basically be giving your coins to someone else by mistake.. or cause an anomaly of two of the same addresses in the blockchain.

Math.
newbie
Activity: 56
Merit: 0

Thank you very much for that reply. That makes a lot more sense now. I think I'm starting to get a better understanding but I'm still not sure I trust myself enough to take my bitcoins off the exchange and hold them on my own. We'll see if I can work myself up to that in the future though...


I'm glad you found it slightly helpful.  Various techniques are being developed and my own hands-on experience was developed several years ago.  None-the-less, I think there is no substitute for understanding the critical importance of 'keys' and what a 'bitcoin' is (and is not) when trying to understand your options.

It is fairly safe (and a damn good idea) to experiment with smaller sums to get a security regime worked out and tested.  It might not even hurt to jot down your plan and take notes on things as you test the operations you've chosen.

As a lot of people will tell you, having someone else store your coins like at least an 'old school' on-line wallet or exchange has led to a lot of tears in times past.  And probably will again.  It is (imho) antithetical to the concept of Bitcoin to trust someone else with your BTC value no matter who it is.  There are many failure modes besides simple theft, and Bitcoin is one of the few assets that you _can_ control almost completely yourself with almost no reliance on anyone else.  Close to zero 'counterparty risk' which was one of the things that attracted me to the solution in the first place.

Even if you have only what is a trivial amount today, there is enough of a chance that they will be worth a good bit at some point that developing a good understanding of how to keep them safe under your own control is a worthwhile thing to do.  I still don't even consider it 'likely' that BTC values will continue to explode, but it is increasingly likely that they _may_ do so.



Ok, you've convinced me to maybe do some experimenting on my own with small values and probably flash drives and/or paper wallets. I also really like the decentralized aspect of bitcoin, so I like your point about not putting them all in one place. 

I'm curious why you think its no longer likely that BTC values will continue to explode, and where you think they might stabilize?
It seems to me that unless a competitor emerges it will likely continue to gain massive amounts of market share, as it is still relatively tiny and even tinier when you consider that most bitcoins never get traded, they are just held, like gold. Also we've only scratched the surface with the first few dozen(?ish?) businesses accepting bitcoin. If its viable its acceptance as currency will almost certainly go up by a factor of 100x or more. I'd think that would cause its value to continue to increase dramatically until it begins to approach market saturation, which I would conservatively guess would be around 30-50% of all online businesses.

Max Kieser's assertion that even just a 1% FOREX market share would lead to $100,000 per bitcoin seems pretty incredible. However, 1% of the global currency market actually seems kind of low for a viable online anonymous currency. 

My guess is that in 5-10 years bitcoin will be worth well over $1,000 per bitcoin and continue to go up from there. I'd be very interested to hear what others here think will happen.

legendary
Activity: 4760
Merit: 1283

Thank you very much for that reply. That makes a lot more sense now. I think I'm starting to get a better understanding but I'm still not sure I trust myself enough to take my bitcoins off the exchange and hold them on my own. We'll see if I can work myself up to that in the future though...


I'm glad you found it slightly helpful.  Various techniques are being developed and my own hands-on experience was developed several years ago.  None-the-less, I think there is no substitute for understanding the critical importance of 'keys' and what a 'bitcoin' is (and is not) when trying to understand your options.

It is fairly safe (and a damn good idea) to experiment with smaller sums to get a security regime worked out and tested.  It might not even hurt to jot down your plan and take notes on things as you test the operations you've chosen.

As a lot of people will tell you, having someone else store your coins like at least an 'old school' on-line wallet or exchange has led to a lot of tears in times past.  And probably will again.  It is (imho) antithetical to the concept of Bitcoin to trust someone else with your BTC value no matter who it is.  There are many failure modes besides simple theft, and Bitcoin is one of the few assets that you _can_ control almost completely yourself with almost no reliance on anyone else.  Close to zero 'counterparty risk' which was one of the things that attracted me to the solution in the first place.

Even if you have only what is a trivial amount today, there is enough of a chance that they will be worth a good bit at some point that developing a good understanding of how to keep them safe under your own control is a worthwhile thing to do.  I still don't even consider it 'likely' that BTC values will continue to explode, but it is increasingly likely that they _may_ do so.

legendary
Activity: 1400
Merit: 1005
I am pretty bullish on paper wallets not fading much over time. My relatives handed down a newspaper from when Lincoln was assassinated. No special storage. Still can read every word. The worst thing is a coffee stain from 1910.
Yeah, they'll last a good long while in the dark.  The only paper you really do not want to print on for long-term storage is thermal paper.  Everything I've seen that has been printed by an inkjet or laser printer and not left in the light has been completely legible, and I would suspect will stay that way for at least an additional 20 years.
newbie
Activity: 41
Merit: 0
I am pretty bullish on paper wallets not fading much over time. My relatives handed down a newspaper from when Lincoln was assassinated. No special storage. Still can read every word. The worst thing is a coffee stain from 1910.
hero member
Activity: 675
Merit: 507
Freedom to choose
I have a question regarding creating a public address offline, using bitcoin qt and or vanitygen.

How does bitcoin qt and or vanitygen know the public address you created isnt already in use if created offline? And if it is by transferring coins to that in use address you would basically be giving your coins to someone else by mistake.. or cause an anomaly of two of the same addresses in the blockchain.
newbie
Activity: 56
Merit: 0
How does the public and private keys work? If I leave my bitcoins on an exchange can I write down the key so that others can't steal them?

If I write the private key on a piece of paper ("paper wallet"?) but then leave the bitcoins on a flash drive and get the drive stolen, then does that mean that i could use the private key to retrieve them or just that the theif wouldn't be able to use them?


If you have bitcoins at an exchange, you don't have them.  The exchange does.  Hopefully they won't lose them and they will give them back to you when you ask them to.

There is actually no such thing as 'having bitcoins on a flash drive'.  There is actually no such thing as a bitcoin.  It is just the summation of value assigned to and removed from a particular address through the entire history of the Bitcoin system.

The only way to assign value away from an address is to use the private key for that address to 'sign' a desired transaction.  Anyone who has the private key for an address can do this (and nobody who does not have the private key can do it!)  Staying secure means:

 - not losing the private key to an address with value assigned (e.g., deleting your wallet file or losing your laptop.)

 - not having the private key known to anyone you don't wish to know it (e.g., like a hacker.)

 - not accidentally transferring value away from an address (e.g., brain-fart of being tricked.)

A 'wallet file' is just a collection of private keys for one or more addresses.




Thank you very much for that reply. That makes a lot more sense now. I think I'm starting to get a better understanding but I'm still not sure I trust myself enough to take my bitcoins off the exchange and hold them on my own. We'll see if I can work myself up to that in the future though...
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
Even if you're in a coma, people can see that you had access to your bitcoin funds, because it's all in the blockchain, especially if you've made known your public keys.

The hospital or doctor can be assured that you can access those funds with balances, but only on the condition that you wake up. If you don't, they don't get paid.

I think re-doing the backup every now and then, even every other year, or even more often is not a bad idea, just to make sure the current wallet.dat file works.

Paper backups certainly will work, and you can see with just a quick glance if your backup is still good. Just look at it. When it looks like it's starting to fade or be unreadable, it's time to print a new paper backup.

Online wallets = you have no control over them. Nothing like cold storage.
full member
Activity: 164
Merit: 100
What about online wallets like blockchain.info? Not good enough?
sr. member
Activity: 250
Merit: 250
Things to consider:

1) If you only have the wallet.dat file and not the client, will the future client support your old wallet file? Consider making a backup of the software as well (and the environment maybe?)
2) Suppose you make a CD/DVD/FLash Drive backup, store them and forget them. Will you be able to use those media/hardware after 20 years? (its like having valuable data on a 5 1/4 floppy today)
3) Consider things like checking and renewing every couple of years or so. Checking that your wallet file is still compatible with newer software, you media/flash drive can be used with modern computer and so on. Might also be good to transfer to new wallets every no and then.
4) I think an UNencrypted wallet is not a good idea. Suppose you buy a new computer some day and dump the old one, but some guy manages to recover your deleted wallet file.
5) The private key thing already mentioned sounds good. Give it a shot and mix it up with other methods.

Have a plan for some else to be able to recover the coins when you're dead/injured/not capable of recovering them yourself. It would be terrible if you find yourself in a situation where you're in a comma in a hospital and need money for an operation that will save you, but others can't have access to your funds.
legendary
Activity: 3416
Merit: 1912
The Concierge of Crypto
You can program a Yubikey to store 32 characters. Memorize another 32 characters. You have a 64 character password. Any attempt at rubber hosing you, it wouldn't be that difficult to lose or destroy the Yubikey.

And it has a backup somewhere that no one else knows. (That might be rubber hosed out of you.)
sr. member
Activity: 354
Merit: 250
tvbcof are you using your subconscious for part of your private keys? http://www.extremetech.com/extreme/133067-unbreakable-crypto-store-a-30-character-password-in-your-brains-subconscious-memory

It seems theoretically rubber hose resistant though kind of scary to rely on too.
legendary
Activity: 4760
Merit: 1283
I create new unencrypted wallet.dat files and load them with the BTC value I want.

Next I encrypt them using openssl (which should be available on Windows with cygwin but I've not tried it).

I do this systematically and carefully keeping track of both encrypted and unencrypted checksums then wipe any trace from my hard drive.

Next I upload the encrypted files to cloud storage and various other places.  These are not secret since the only way to steal them is to break the encryption.  Indeed, in extreme cases it could be beneficial if a lot of people downloaded them Wink

Next I put the passwords for each encrypted wallet (all different and all random and strong) in my safe deposit box.  Also instructions for how to decrypt the wallet in case I meet the underside of a bus.  Since I don't expect to need most of my BTC for years, and since I don't currently believe that my box will be confiscated, this is the only place were the passwords live.

I keep some spending money in an on-line wallet, but no more than I can afford to lose.

As I mentioned, it is better to keep one's mouth shut about their techniques, but I have a particularly good understanding of the technology I am using and believe that the risk of someone exploiting my solution is minimal.  Indeed, I would happy if people knew that even a rubber hose would not be sufficient to extract most of the BTC value I hold.

kjj
legendary
Activity: 1302
Merit: 1026
I generate keys offline and batch them into files.  Then I make multisig P2SH addresses from groups of them.  The output is printable HTML with embedded images for barcodes and QR codes.  The HTML files also include everything as straight ASCII, and can be written to M*Disc DVDs.

M*Disc with ASCII should hold up for a LONG time.  I could burn many copies of it to the disc too, or use redundant coding like on USENET, just in case they don't hold up as well for me as they did in testing.  But really, laser print on any modern paper that isn't absolutely terrible should be good for as long as it isn't exposed to water or direct flame, decades or centuries after my death.  And thanks to multisig, I can design the address to survive losing one or more keys, if I want to.  For huge amounts, I could even check and/or replace them on a schedule.
Pages:
Jump to: