Topic: Wallet protection ideas for the super paranoid... - page 2. (Read 5481 times)

exactly opposite - hdd data can be shredded easily, you never can be sure if wear levelling mechanisms allowed to actually delete some content on ssd

[...]

just use truecrypt with long password that you will remember


that time is about data in mlc chip itself, there is no way to be sure that usb stick will live longer than 5 years, especially if you have cold winter tin soldering can be gone after first year

there is no way to know if usb stick will survive more than year, there will be a problem with decrypting stenography and encrypted data unless you use exactly same software, burring things into the ground is no good until you put them like 2-3 meters under - as cold, floods and or construction can destroy them easily

instead i would have combination of mediums like pendrive, micro sd card, cd, dvd, blueray, printed copy, and sata disk

three - four sets in different location, perhaps at least one abroad

plus heavily encrypted failsafe backup stored online

most dangerous scenario is data loss and data leak, and i doubt that my backup needs to be interrogation safe

Actually I've now realized that this makes Bitcoin run extremely slowly, so I don't recommend this.  Instead, it's better to use a data directory on your main hard drive, but have wallet.dat be a symbolic link to a wallet file on an encrypted thumb drive.

Good point.  Perhaps I could burn it to a CD-R and write my signature on the outside.

Cool ideas. 

Thumb drive encryption is cool, but my first line of defense is to make the data look as if it is not encrypted.  That way, if someone finds the thumb drive, it will look like semi-important information, but not something worth stealing or initiating violence over.

I missed the thumb drive life span.  CD's and DVD's (the green and blue ones) only last a few years before having potential problems.  Thumb drives have a shelf life of about 10 years.  Paper is a very good idea, as it has a much longer shelf life.  But putting it on paper has the disadvantage of looking like something encrypted.

One more point.  With the approach you've outlined above, you need to protect buckets.txt from tampering.  You could store it on an encrypted drive and/or digitally sign it.  If someone can overwrite buckets.txt with a set of addresses they own, then you'd start sending money to them rather than to you without your even realizing it.

One thing you've have to watch with that is the FLASH write endurance. I know they have internal wear-levelling but I've noticed under Windows the Bitcoin client seems to pretty much continually write small amounts to a couple of database files.

Here's one more tip.  Every time I run Bitcoin, I use the -datadir option so that the data directory is on an encrypted thumb drive which I have mounted.  That way, my wallet is never ever written to my main hard drive.  If you do this when you create your initial wallet, you shouldn't have to worry that any trace of it will remain on your main drive.

Thanks for posting your long backup regimen - there are some good ideas here.

I would definitely encrypt each thumb drive at the drive level.  That's super easy to do in Ubuntu: right click the drive and choose Format, then choose the type "Encrypted, compatible with Linux".  If you do that and choose a reasonably long passphrase, nobody is going to be able to read the drive without your passphrase.  If you're confident that nobody else knows the passphrase, you could even skip the stenography, I think (but it sounds like you want to be supremely cautious).

How sure are you that the information in the thumb drives will last indefinitely?  I haven't been able to find much online about how long they will retain information - there is some speculation that it's about 10 years, but if a drive fails you could lose a lot of money  I would definitely copy each wallet onto at least 2 and possibly 3 drives.  Alternatively, you could back up your wallet to paper.  I've considered doing the following:

1. Create a file F1 with random data.  This will be a one-time pad.
2. Create a file F2 by XOR-ing your wallet with F1.
3. Generate a QR image from F1 and print it out.
4. Generate a QR image from F2 and print it out.
5. Store the two paper images in separate secure locations.

Either paper image is useless by itself.  If you scan in both images into files and then XOR them together, you'll have your wallet back.

I am sure some one has looked into using USB tokens like goldkey or some spyrus hardware token.

Does any one know any problems using existing hardware tokens for wallet key storetage?

Thanks

Hi all,

I've been thinking about how I can protect my BitCoins long term.  Here is what I have so far.

1. Find an old offline computer and install an SSD and the latest Ubuntu and don't connect it to the internet.  Use an SSD because it will quickly erase free space once it is turned on and any type of forensics becomes near impossible.  This makes it difficult for 3rd parties to recover deleted wallet files.  If you use a conventional HD, the data will hang around for a lot longer and make it easier for forensics to recover any wallet files on your computer.
2. When creating the user account, be sure to check the option to encrypt the user's home directory.
3. Use CD or DVD to move the BitCoin application to the users directory.  Don't use a memory stick, as they have known vulnerabilities with driver hacks.  Use md5sum to verify the BitCoin application matches the known BitCoin check sum.
4. Unpack BitCoin into the user's home directory.
5. Start BitCoin.  This will create a wallet file and a receiving address.  Copy the receiving address and pate it into a new file called "buckets.txt".  Label the first receiving address in this file as "bucket1".  Stop BitCoin and rename the wallet file to bucket1.
6. Repeat step 5 until you have around 5 to 20 bucket files and addresses.
7. Use a CD or DVD to move 5 to 20 image files to the Ubuntu computer.  The images can be anything, just keep in mind that family photos or other identifying images could be a problem.  The idea will be to hide the wallet file among files that look important, but are not.
8. Encrypt each individual bucket file with a secure password.  (Use something with 20 or more characters.  You can use the same password, as we are going to separate each bucket to limit our exposure.  Use different passwords, if your memory can handle it.)
9. Use stenography to combine each wallet/bucket file with an image.
10. Delete the bucket files and copy a large number of files around to make sure the blocks are over written.
11. Buy 5 to 20 NEW thumb drives (less if you want to double up on your wallet files).  Copy one stenography image to a thumb drive along with a few other random files that look important (but are not).  Repeat for all the thumb drives.  You may want to put more than one per thumb drive for redundancy, in case one thumb drive gets lost.... but this increases your exposure to someone who may know what the images contain.
12. Buy enough PVC piping and end caps to hold the thumb drives and reward notes, along with PVC piping glue and sand paper.
13. Create 5 to 20 notes with your name and address and a $30 reward for the return of the thumb drive if it is found.
13. What you are going to do is to encase and a thumb drive along with the reward notice in a small PVC pipe with end caps.  The container MUST be water proof or the contents will be destroyed.  Eventually you will need to access the PVC contents, so make sure there is enough space to cut the PVC pipe with a hack saw without damaging the thumb drive.
14. Now grab a GPS, a shovel and go bury the thumb drives around your city or county.  Make note of each location so you can come back later to recover the data.
15. Once you are sure everything is set, delete everything from the SSD and reformat it.
16. Each PVC container will now be a BitCoin bucket, and you will be able to send BitCoins to these buckets, even if they are just thumb drives buried in the dirt.  Using your buckets.txt file, send BTC to the various buckets as you see fit.
17. If anyone uses violence to extract BTC from you, take them to one of your buckets and insist that this is your only stash.  Also, since your buckets are distributed, you don't have to risk all your BTC at once when you go to "make a withdrawal".

Suggestions, comments?


EDIT: Thumb drives are used instead of CD or DVD because CD and DVD storage start to degrade in 5 to 10 years.  Thumb drive data storage has a much longer data storage time.