Hey everyone,
What security measures do you recommend for your cold storage keys. I was thinking more about measures to prevent hacking/theft of the keys. Should i be paranoid to the point of creating the wallet in an air gap and never look into it until I need it? (Lets not go into the "Ruiu says badBIOS leaps air gaps" territory).
Regarding backup I'm doing the _strongly encrypt your files and stored them in offline and online sources and don't forget the deterministic seed_ routine. If anyone as further thoughts on backup that would be appreciated also.
Remember, rockets are old school. We are going to the moon in a space elevator. Keep calm and get some moar.
Peace!
My suggestion is as follows:
1. Take any machine you have lying around, even your normal workstation. You may find it easier to use an older computer that has no wifi or bluetooth if you're particularly paranoid.
2. Create a Linux or Windows bootable disk, and make sure you have the Monero binaries on the same disk or on a second disk (for Linux make sure you have also downloaded copies of the dependencies you will need, libboost1.55 and miniupnpc for instance).
3. Disconnect the network and/or Internet cables from your machine, physically remove the wifi card or switch the wifi/bluetooth off on a laptop if possible.
4. Boot into your bootable OS, install the dependencies if necessary.
5. Copy the Monero binaries to to a RAM disk (/dev/shm in Linux, Windows bootable ISOs normally have a Z: drive or something)
6. Don't run the Monero daemon. Instead, using the command line, use simplewallet to create a new wallet.
7. When prompted for a name, give it any name, it doesn't really matter.
8. When prompted for a password, type in like 50 - 100 random characters. Don't worry that you don't know the password, just make it LONG.
9. Write down (on paper) your 24 word mnemonic seed.
10. Write down (on your phone, on paper, on another computer, wherever you want) your address and view key.
11. Switch off the computer, remove the battery if there is one, and leave it physically off for a few hours.
There you go - the wallet you've created was created in RAM, and the digital files are now lost forever. If some magical hacker manages to somehow get the data, they will lack the long password to open it. If you need to receive payments, you have the address, and you have the view key if needed. If you need access to it, you have your 24 word seed, and you can now write out several copies of it so that you have an offsite copy (eg. a bank deposit box). Due to the nature of the key you can write it as part of something else - eg. write a fake love letter to your wife so that the 24 words on the left hand side are your key or whatever. Then write a bunch of extra love letters. That way, if your deposit box is ever discovered, it'll be disregarded as unimportant love letters.
Hi, asked someone to dredge this up from the mountain of posts in this thread, and as someone looking to do exactly the above, I have just a few (hopefully simple) questions.
1. Where/how do i retrieve my 24 word seed from after the wallet has been created exactly?
2. What is a viewkey, how do i get it, and how is it used/what is it used for? (sorry new term to me, not sure why)?
3. Assuming i send XMR to my cold storage address, how can i ever verify the xmr made it, without sweeping the wallet?
4. How would one go about sweeping the wallet, ie, the procedure to get your wallet back using the 24 words (sorry for the ELI5 request here, but i've had trouble with btc offline wallets, so i don't care to mess anything up.. especially if it's a fairly good chunk of xmr if you get my drift.
Thanks for any/all help. I love this coin, and the people here. good times. its like btc 2.0 IMO...
