Pages:
Author

Topic: What kind of cold storage do you use? - page 2. (Read 2970 times)

sr. member
Activity: 266
Merit: 250
June 04, 2014, 09:09:29 PM
#44
Paper wallets are the only way to go.
legendary
Activity: 1302
Merit: 1007
June 04, 2014, 09:03:09 PM
#43
Doesn't saving a paper wallet in a computer defeat its purpose, though?
newbie
Activity: 48
Merit: 0
June 03, 2014, 01:37:25 PM
#42
definitely paper wallets
hero member
Activity: 812
Merit: 587
Space Lord
June 03, 2014, 11:23:59 AM
#41
I like to keep mine backed up to a few USBs. I dont really trust paper wallets.

Why? A USB drive will break down far faster than a piece of paper.

EDIT: If you have backups, then don't mind this Cheesy
full member
Activity: 176
Merit: 100
June 03, 2014, 11:22:49 AM
#40
I like to keep mine backed up to a few USBs. I dont really trust paper wallets.
hero member
Activity: 812
Merit: 587
Space Lord
June 03, 2014, 10:03:37 AM
#39
i gave mine to satoshi, if he cant be trusted, who can?

I can be trusted.
Or maybe pirate Grin
vip
Activity: 840
Merit: 1000
June 03, 2014, 10:01:44 AM
#38
i gave mine to satoshi, if he cant be trusted, who can?
hero member
Activity: 812
Merit: 587
Space Lord
June 03, 2014, 10:01:07 AM
#37
Ordered a few crypto-cards yesterday. They seem cool!

http://crypto-cards.com/
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
June 03, 2014, 09:57:22 AM
#36

The problem with a dice-generated hex private key is that you need to convert it to WIF format to be imported into wallet, and that involves some kind of calculation which is not straightforward and can not be done by a simple bash script without calling other external functions like SHA256.

So you call an external function.  Why is that a problem?

An external function might be planted with some back door, so that the WIF format key generated only have limited numbers, like millions of keys maximum, so even if you don't generate the same key twice, the hacker can easily scan those millions of keys and see if someone has put bitcoins in them

It's not that easy to hide a backdoor in something as a simple as a cryptographic hash function script.  There are already public implementations of this and should be peer reviewed.  But more importantly, you can easily verify it using a few random inputs and compare against a separate implementation!  If the code looks normal and verifies successfully the hash outputs against other SHA-256 implementations, then it would be extremely unlikely a backdoor would be possible.

If you are familiar with the avalanche effect where changing one character in the input changes the entire output completely, the same thing would happen if you tried to manipulate the output so your verification tests would fail. That's the beauty of the hash function.


Thanks, that is a very good point! If I can verify it gives a correct output for a defined input like other conversion tools, I can even rely on an offline webpage to do the conversion

Adding this verification step will complete the whole process: Dice generate the key and script convert to WIF format, then import into any wallet to get address to send coin to



legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
June 03, 2014, 07:31:52 AM
#35

The problem with a dice-generated hex private key is that you need to convert it to WIF format to be imported into wallet, and that involves some kind of calculation which is not straightforward and can not be done by a simple bash script without calling other external functions like SHA256.

So you call an external function.  Why is that a problem?

An external function might be planted with some back door, so that the WIF format key generated only have limited numbers, like millions of keys maximum, so even if you don't generate the same key twice, the hacker can easily scan those millions of keys and see if someone has put bitcoins in them

It's not that easy to hide a backdoor in something as a simple as a cryptographic hash function script.  There are already public implementations of this and should be peer reviewed.  But more importantly, you can easily verify it using a few random inputs and compare against a separate implementation!  If the code looks normal and verifies successfully the hash outputs against other SHA-256 implementations, then it would be extremely unlikely a backdoor would be possible.

If you are familiar with the avalanche effect where changing one character in the input changes the entire output completely, the same thing would happen if you tried to manipulate the output so your verification tests would fail. That's the beauty of the hash function.

legendary
Activity: 3766
Merit: 1217
June 03, 2014, 06:51:32 AM
#34
You told me you didn't have any bitcoins.

Lol.. that is the best thing to do here. Once I posted here that I was having some 4-5 coins with me. My inbox was flooded with emails from beggers very soon. So better keep silent about your stash.  Grin
sr. member
Activity: 434
Merit: 250
June 03, 2014, 05:56:34 AM
#33
I use a USB key with a fresh Linux install + electrum, used online only to setup.
legendary
Activity: 1988
Merit: 1012
Beyond Imagination
June 03, 2014, 05:50:52 AM
#32

The problem with a dice-generated hex private key is that you need to convert it to WIF format to be imported into wallet, and that involves some kind of calculation which is not straightforward and can not be done by a simple bash script without calling other external functions like SHA256.

So you call an external function.  Why is that a problem?

An external function might be planted with some back door, so that the WIF format key generated only have limited numbers, like millions of keys maximum, so even if you don't generate the same key twice, the hacker can easily scan those millions of keys and see if someone has put bitcoins in them
hero member
Activity: 658
Merit: 500
June 02, 2014, 11:54:03 AM
#31
I do not need a cold storage address yet. I do not own enough to worry about that. If I do, I think I will use electrum. I like the predetermined addresses and the ease of recovery.
newbie
Activity: 5
Merit: 0
June 02, 2014, 11:46:54 AM
#30
http://i.imgur.com/enP4jbnl.jpghttp://i.imgur.com/MP15o2Al.jpg

Fire-proof, Flood-proof, Scratch-proof, BIP0038 protected stainless steel cold storage wallets from CryoBit. Generate new on our site (through bitaddress.org) or supply your own encrypted key/public address pair.

https://bitcointalksearch.org/topic/the-ultimate-cold-storage-solution-cryobits-cryo-card-610540

https://www.cryobit.co

legendary
Activity: 1456
Merit: 1001
This is the land of wolves now & you're not a wolf
June 02, 2014, 11:13:39 AM
#29
Blockchain.info and Coinbase.com don't really qualify as cold storage options, no?
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
June 02, 2014, 10:26:15 AM
#28

The problem with a dice-generated hex private key is that you need to convert it to WIF format to be imported into wallet, and that involves some kind of calculation which is not straightforward and can not be done by a simple bash script without calling other external functions like SHA256.

So you call an external function.  Why is that a problem?
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
June 02, 2014, 10:24:19 AM
#27
7 paper wallets, encrypted in a 14 Alphanumeric password stored inside a safe at 7 different locations.

You told me you didn't have any bitcoins.
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
June 02, 2014, 09:41:20 AM
#26
7 paper wallets, encrypted in a 14 Alphanumeric password stored inside a safe at 7 different locations.
legendary
Activity: 3766
Merit: 1217
June 02, 2014, 05:43:34 AM
#25
I would advise against that unless those paper wallets are BIP38 encrypted that you do not give them to someone else to print out. Unless it's your family/most trusted friend that your willing to trust your money with I would just be content with a USB stored version. If you have a pen and paper you could also just write it down the old fashioned way - sure it doesn't look so fancy but it really comes to the same thing.

Well... thought about it for a bit... and I have decided to hold on to my USB wallets. Everything is fine as of now, and I don't want to change the equilibrium. So, for now, it is going to be 100% USB wallets for me.
Pages:
Jump to: