Bitcoin Forum

I am paranoid by design and by professional deformation.

Suppose you have the following tools available:

1. two Trezor hardware wallets
2. offline bootable PC with Ubuntu
3. bitaddress.org site burned to a CD
4. BIP39 passphrase and mnenomic code generator burned to CD
5. passguardian.org Shamirs secret sharing page burned to CD
6. offline printer to print and laminate paper wallets
7. metalstamps to stamp seeds/keys to metal plates if need be
8. two rented safe deposit boxes in two banks in two different European jurisdictions

How would you go about designing a "perfect" cold storage that should fulfill the following criteria:

1. be resistant to my death hence inheritable
2. be reistant to my amnesia
3. be resistant to being denied physical access to both safe deposit boxes
4. be resistant to malevolent staff opening the contents of the safe deposit boxes
5. be resistant to goverment confiscation/access denial to your safe deposit boxes

So basically I want no other entity (spouse, underage children, bank staff, evil government officials) to be able to spend my bitcoins as long as I am alive and with a functioning brain.
I also want to be able to comitt to memory a seed or an encryption method that would grant me access to bitcoins if I am not able to access the cold storage in safe deposit boxes.
Ultimately I would need to leave clear instructions in case of my death so that the family would be able to reconstruct access to those bitcoins.

I have some ideas but would like to hear flaws in my design.

1. PAPER WALLET ROUTE

One way to go about it would be to create paper wallets, print them offline, encrypt them with a strong passphrase (for example Diceware generated) using BIP38 and store them in two separate safe deposit boxes.
The secret passphrase would be easy to memorise for me and could be split using sharding into 3 pieces (2 safe deposit boxes and my home for example) so that you would need access to all of those in order to decrypt the paper wallets.

It prevents goverment or the bank staff from spending your bitcoins but if you find yourself unable to access the physical location of your paper wallets you are doomed.

2. TREZOR MNEMONIC SEED

You load your Trezor hardware wallet and stamp the seed on metal plates in a randomly generated order that you put in one safe. In another safe you put an encrypted message that is simply the order in which you have to put the mnemonic seed to be able to access bitcoins. You distribute the passphrase to unlock the order in the same way as in design No. 1.

You carry your Trezor with you (your home) hoping that even if it gets stolen nobody will be able to break the PIN.

This method has the advantage that with some memory technique you should be able to remember the seed yourself and reuse it should you be locked out of access to your safe deposit boxes.



Is all of this an overkill? Are there simpler ways?

Only thing that is truly only accessible by you is your memory, so if you forget everything then there is no way to do it without trusting someone else.
Not to mention that you wouldn't even remember you had a wallet in the first place.
You can't not trust yourself and others at the same time, there is no one with any access to the wallet then.
If one part of the wallet is lost, all is lost. If a group of people have all the parts of the wallet, then they and only them can use it. If you are part of the group, you can't forget your part, if you are not, then you have to trust the group.

I lost many accounts due to forgetting my passwords, but there is no other way except giving someone else access or have another way of access.

You need to trust yourself and if you have a backup, for yourself or others, then figure out a place that you can always protect while you are alive. When you are dead, they can take it from you. If you are afraid that someone will kill you for it, then you need to only be able to get it by your memory.

You can't have both perfect security and perfect availability. If you care more about security, then carry full responsibility. If you care more about it not getting lost, then you have to trust someone in one way or the other.

This would really be only the flaw on which your memory would be the issue here no matter what good precautions or measure of security you do made on your wallet if your memory wont able to remember that as the time goes by then that would really be a problem. Perfect cold storage is already in the market and theres no need to search or create even more, the important thing is that you wont able to forget about it as the time goes by.

I am a medical professional and I have seen perfectly sane people lose their memory "instantenously" due to sepsis, meningitis, brain haemorrhage etc.

So it is a concern.

Live boot usb stick with TailsOS. Encrypted persistent volume.
Electrum is preinstalled and can be activated.

Nobody can do anything with your usb if confiscated and you can recover with electrum seed too.

Could you expand on that?

What is enrypted persistent volume?
Where is Electrum preinstalled?

When you make a usb with a live boot OS on it, you can make a different partition on it on which you can keep files that you want to carry on when you boot up that OS next time. It is called persistent, as it survives the reboots, unlike the other changes you make to the live boot OS. The whole partition should be encrypted for security and privacy.
Electrum is apparently preinstalled on TailOS, as you can see here https://tails.boum.org/doc/anonymous_internet/electrum/index.en.html

There are some things in your requirements that are not exactly clear, but depending on the exact details of the requirements, I'd consider using locktime and multisig to handle most of your concerns.

The biggest issue you'd run into with such a solution is that there could be a significant gap in time between when you die and when your heirs can access the bitcoins.

Ask yourself this question : How are your other assets and wealth being handled at the moment? You use a Will, right? I would suggest that you make it a riddle that only your family would be able to understand and put it in your Will.

The Passphrase could be the answer to a question that only your family would be able to answer. Example :

~ Where was our first family holiday.
~ What was the name of our first dog.

You also hide the paper wallet < Metalstamped seeds/keys > in a location only they will know about.

~ Lemon tree at the orchard.

Do not use safe deposit boxes, because they are raided regularly by banks and thieves.

I always found these security questions funny. I know first names of many pets from multiple families. And by now, a family holiday would probably be documented with pictures on Facebook :D
You can also more often then not, ask people those security questions and they would very gladly tell you, even if you are a stranger to them.
You need to use something that is considered atleast kind of secret in the first place, something that you won't just show to anyone or tell anyone.
However the most useful thing is to just make a password with your family, that would be the most reliable and quite simple way. Or as with the will, use the multisig with the person you are leaving the funds to and your lawyer, if your lawyer is hip to that.

That was my concern also. That is why I would leave only encrypted paperwallets/stamped seeds in 2 different safes which would require from a bank thieve to know about both and rob both.


I thought about that but I do not know of any easy tool to put multisig or timelock into practice. Any suggestions?

I feel that by using something I am not comfortable with I would be my own worst enemy and essentially lock myself out of funds.

As it happened to me since I wasn't able anymore to remember the password I was assigning my cold storage a couple of months ago.  :-\

nice idea, i think this one's relevant but in case to case basis i believe. it just make me wonder what will be the solution for your second scenario which is the amnesia think. i am no expert to this but it really makes me wonder how. i think there will be resolve for that in the near future, who knows?

Well the requirements for amnesia are the following:
1. someone you think you love and care about (spouse, children, parents whatever) should receive clear and unambiguous instructions on how to gain access to your bitcoins should you become incapacitated
2. they should have no ability to gain that information as long as you are sane in the head

So my idea went something like this:

1. Create PGP keys for instructions that you want to share with your family. Give them private keys.
2. Encrypt clear instructions how to access bitcoin with aforementioned PGP combination
3. Use that message on some software equivalent of dead man's switch or delayed mail.
3. Store part of the puzzle in a safe (like Trezor with PIN that is mentioned in instructions or encrypted 24-word seed)

So if you end up in a coma or dead then:
1. Your "heirs" will receive an email from dead man's switch or delayed Gmail (that you are no longer able to postpone) which is encrypted and readable only for holders of the private PGP key.
2. They now have the instructions (like Trezor PIN, location of the safe, passphrase to metal-stamped encrypted seed or whatever) but need physical access to the secret. Presumably in case of amnesia someone would be named a guardian or in case of your death your family can be named as beneficiaries of your safe deposit box.

give your family an empty wallet. make a signed transaction, unbroadcasted in your safe deposit box. if you die, they can broadcast it to their wallet.

Nice idea. Never thought of that. How do I do it?

It's called an nLocktime transaction.

You can do it on greenaddress.it or you can do it manually(complicated as hell, i have never done it myself). Basically when a certain block height is reached your family member is able to get the transaction and broadcast it to the network, before that block height is reached they can't do anything with the raw transaction.

See here for an example and a tutorial: https://www.reddit.com/r/Bitcoin/comments/397xv3/howto_nlocktime_transaction_as_a_dead_mans_switch/

Just make sure that the private key that your family member holds is secure and completely offline as well, otherwise this setup is useless.

The government is a very powerful entity, they are likely to be able to use sufficient force to compel you to provide sufficient information for them to access your private keys. Also, if the government denies you access to your safety deposit boxes, they are likely to arrest you when (or before) you learn you are being denied access to your safety deposit box.

I think your best bet would most likely be to purchase a pack of three trezors directly from trezor.io, and create a new seed with your trezor. When you setup your trezors you will want to use an encryption passphraise in addition to the seed that is created (you may want to actually create two encryption passphraises on top of the same seed -- more on this later). When you are creating the new seed, you will be directed to write down each of the words on the wallet card, you should write down half of the words on one card, and the other half of the words on the other card. You will also want to set a PIN on the trezor itself.

I will assume that in the event of your amnesia, the same person who will handle your finances will be the person who will inherit your bitcoin held in cold storage. You will want to put your trezor along with the wallet card, and a "hint" as to what half of the encryption key, either written on the wallet card, or handwritten on a separate pice of paper. Ideally, this person will be your spouse as there will be many things you can give as hints that *only* your spouse will know -- for example, you could give the hint 'place where we met(first word only)' and although you may tell other people you met your spouse at disney world, you actually tell eachother that you met sitting in the third row of the space mountain ride, so while others would think this hint means "disney" your spouse would know it means "third". In each safety deposit box, there should be instructions advising how many safety deposit boxes need to be visited, and detailed instructions on how to put all the information together to redeem the bitcoin.

You will not want to have major banking relationships with either bank, however I would suggest you have sufficient money in a checking account for the bank with withdraw many years worth of rent to avoid the boxes being closed for non-payment of rent. Ideally you will want your safety deposit boxes to be located in specific branches that are frequently busy, which will reduce the risk the branch will close in the future.

You will want to maintain physical possession of a third trezor that uses the same seed as above. You will maintain two wallets with this trezor, one with the encryption passphraise noted above, and one with a different passphraise, that you will spend bitcoin out of (this is necessary if you plan on spending money in your cold storage on any regular basis. When you run low on bitcoin in your "spending" passphraise, you sign a transaction out of the passphraise in your safety deposit boxes transferring bitcoin into your "spending" passphraise.

For extra security, you can rent out a third safety deposit box containing instructions listing the banks/branches the portions of the seed are located. If you are worried about losing access to the safety deposit boxes, you can open two additional boxes at different banks, each containing one additional trezor and copy of one half of the seed/passphraise instructions.

Some great ideas guys. It's weird how some ppl are happy just keeping coins on an exchange or in an online wallet. With all the goings on these days, don't discount EPM attacks. Possibly locking usb's and trezors etc in a metal safe would suffice. Although I guess if there were any EMP attacks most crypto would be wiped out and crypto would be the least of our worries.

I read that idea but also the dangers it poses. Namely the biggest danger being that Bitcoin forks in such a manner that "old signed" transactions are no longer valid which would leave my "heirs" with bitcoins neither them nor anybody else can spend.

You can't do anything "perfect" in fact.
I would recommend use PC without Intel accessories (it has some interesting backdoors on the lowest hardware level)

Could you expand on that (Intel backdoors)?

Read about Intel Management Engine. In fact it can read your RAM (hello to all your unprotected passwords which stored in RAM while session continue), your internet traffic, your screen.  

More specifically Active Management Technology is the problem there, as it allows for a remote access to your CPU. As privacy issues are always security issues, this became clear like in many other cases when vulnerability was found in AMT and allowed for a hacker to fully take over Intel servers remotely on such a low level that no security software would be able to do anything about it. https://thehackernews.com/2017/05/intel-amt-vulnerability.html

I personally use an ironkey USB thats password protected with electrum wallet. You can get the electrum wallet at electrum.org. It is very secure and reliable. I have never had any issues with this cold storage for my bitcoins. One thing for sure is write down your 10 keyword phrase and password incase something happens to the USB you can still recover your bitcoins.

I would start with creating the private key for the cold wallet with a coin or dice instead of a computer rng.

store USB and such wrapped in several layers of aluminum foil.

Imprint stamped designs on the foil.

= "tamper resistant" while also being "tamper evident."

"Something" is in a bank safe deposit box.

You need a way to know, when you retrieve that item, that it is the same item, in the same condition, touched by nobody, since you put it there.

Otherwise, how do you even know it's the same USB?

In the end is all a compromise between security and accessibility/ease of use. The more secure you contain your bitcoins, the harder it will be for you to access them yourself. If you are looking for purely cold storage where security is king, you would have to compile Bitcoin Core or download an open source wallet with offline functionality, copy it over to an offline device with no access to the outside at all (think a laptop with a broken wifi card) and then never actually connect it back online. All you need to do is to keep those private keys secure and then somehow (perhaps by hand) copy over the public keys and send the Bitcoin you want to store to them. I can't see a more barebones, flawless method to keep Bitcoins secure. I do a variant of this method myself and all has been good, while keeping my hot wallet quite accessible for everyday expenses.

Why do you want to be sure you are interacting with the same device you put in the safety deposit box? You would want to use an entirely offline computer to sign any transaction and once someone has physical possession of the USB stick they can potentially steal any money contained in the USB drive.

I thank the people putting their ideas here, it is good for us (newbies). i have to admit that right now. I do not feel safe with the wallet that i have. however, the amount of bitcoin that i have is not of a substantial so i am not paranoid about it. Still i wanted to ask or clarify something regarding this paper wallet. I have read on the newbie section of somewhere that you can create a duplicate of the same wallet on this paper thing but my question is if you get to withdraw the bitcoin from that wallet say a duplicate it will still reflect on the original right? as it is just the same, i mean like you just have one wallet address it is just that it was duplicated for safe keeping. i apologize if this may be a newbie question but i am no IT expert, i am a medical professional who just so happened got interested with bitcoin.

Yes. A wallet is just a list of private keys which are just numbers that can be used to unlock the funds of the corresponding Bitcoin addresses and send the coins where you wish. Making a paper wallet is just writing that number on paper (but most often with QR codes so it machine readable). It is kinda like a password to your account, it doesn't matter where you store it, it will still be just a password.

It is nice to see people from different professions be interested in Bitcoin. It makes a whole ecosystem possible.

One caveat regarding this (if I understood correctly what you mean) would be that once you import the private keys from a paper wallet and spend part of it most wallets would send the "unspent" output to a new address and you would be fooled into believing that your original paper wallet still holds some amount of BTC.

Say you have 0.5 BTC in a paper wallet, you import the Key into Electrum, you send 0.05 somewhere and you wipe Electrum or harddrive so no one gets your private key.
Your other copy of paper wallet no longer holds 0.45 because Electrum sent it to another "change" address (I FIND THIS FEATURE EXTREMLY UNDERADVERTISED and not TRUMPETED ENOUGH).

Read
http://bitzuma.com/posts/five-ways-to-lose-money-with-bitcoin-change-addresses/

You will never "design" anything "safe".  Your brain is flawed. 

I think I made it clear that I realise how fallable the brain is, i.e. susceptible to death and a myriad of diseases.
So I do not understand how your comment contributes.

This is definitely not an overkill you are just taking precautions in case somebody who knows about bitcoin could get a hold of some of the information that you openly provide.

Perhaps its better not to smoke for some time. Weed makes you paranoid sometime. Just kidding.
I think wiser idea will be not to store data physically in one place.
Implement some smart contract that will store keys to your wallets end send them to dedicated address if not accessed for some time.
The whole beauty of blockchain is that its distributed, never in some dedicated location under single jurisdiction, can store whatever you want. So why make it physical again?

It may be worse way than using rng. Especially with coin  :)

suppose you have the following tools available;

1. Two trezor hardware wallets
2.offline bootable pc with ubuntu
3.bitaddress.org siteburned to a CD

I was thinking about this earlier today. How to setup a perfect method of storing Bitcoin without any security flaws. I actually think it is a lot more complicated and maybe impossible. As long as you deal with physical external objects, they are bound to be able to get hacked. Therefore realistically memorizing your keys is the only way... and this is the most risky option as it relies 100% on your own self to remember them or not give them up if you were being tortured or something. What happens if you get dementia/Alzheimer's/Amnesia? For now I am sticking with offline-generated, laminated paper wallets. :P

What seems to be used for centuries to store value in a secure way when it comes to precious metals seems to come in handy here is well: vaults. When it comes to "perfect cold storage", I think that the term "perfect" is overrated. Any security policy is as weak as its usability requirements restrict it to be.

For example, even a vault needs some usability in order to be a viable solution for storing your paper wallet.

Ultimately, it all boils down to the actual amount of stored value. Certainly different volumes require different security approaches.

It would depend on what the passphrase to your seed is. If it is long and complex, say at least 12 characters including special characters and numbers, then you should have nothing to fear. The amount of time it would take for such a passphrase to be brute-forced is not within what you could call reasonably or efficient. You could also just use a set of words to end up with an even stronger passphrase. Given a strong passphrase, you should also feel fine about having multiple copies of it stored in different places. Just make sure that your passphrase and seed never meet, since anyone who has access to both of them at once can (and probably will) open your wallet and potentially steal your bitcoins. A physical copy of the seed and a brain copy of the passphrase is a good combination. Make sure not to forget about other possible attack vectors such as malware, however.

Since it wasn't mentioned yet:
https://glacierprotocol.org/

I don't use the glacier protocol itself, but I have used something similar.

Not at all. You could get all the computing power in the world and it would still not be possible to crack it in any reasonable amount of time. And note that my definition of reasonably is very wide in this context. We're talking about being unable to crack a passphrase within a million years. Now, I have also heard from some that quantum computing may change things around in regards to cryptography, but I personally don't think in this situation it would matter. Of course, in the end it depends on how long and secure a passphrase you use. However, if you use 10 random words as your passphrase, you can rest assured that your seed will be safely protected and you have nothing to fear, as the difficulty in that is n^10 where n is the number of different possible words. Using any possible words in the English dictionary, currently around 170K, would result in 170,000^10, which results in 20159939004490000000000000000000000000000000000000000 or 2x10^52 possible combinations. In other words, don't worry about it.

What about cold storage on some services? I mean exchanges, web wallets etc.

Hot to protect funds there? Because there should be preset private keys to withdraw funds. Exactly it should be a hot wallet, but it's risky to store big funds there.

You can reduce this risk by using a smaller time frame: move your coins to a new wallet every year, and create a new signed transaction. The lower you want this risk, the more work it is for you.

The bank staff and family member can work together to steal your funds.

When using a vault for cryptocurrencies, you can use OP's #7: "metalstamps" to just hammer the passphrase into the vault itself. Hammer it at the back, don't even lock it, no thief is going to steal a heavy wall-mounted empty metal box.

Throwing a dice is quite random. Just throw hard enough and make it bounce through your room if you're totally paranoid. Among others this video (https://www.youtube.com/watch?v=kNAOun22AWw) explains how to use it. But, creation of private key is not really the scope of this thread.

Maybe you mean "50 words" If that right, 170 000 ^ 50 combinations are possible.

If you mean "charachters" then we have  (numbers of English letters + number of numbers + number of keyboard symbols) . It's very strong password as you could see) ^ 50
Also you may notice that mnemonic phrase is stronger than passphrase. mnemonic phrase has 170 000 ^ 10 possible combination while passphrase has  60 ^ 50 .

bleah...technological singularity along with the quantum computer make any arrangement pathetically

Yes, this is the math that I followed previously. If it takes only up to 50 characters (I am personally not familiar with Trezors, so I do not know their limits) then somewhere around n^50 would be the maximum number of possible combinations where n is the number of accepted symbols. You can still use words and assuming that each word is around 6-7 characters in length you may be able to fit still 8-9 words in there which mathematically speaking still makes up a very strong password of up to 170K^9 possible combinations. Using just characters could be even more secure in this case, though.

Yeah, my bad. passphrase with 50 characters will be stronger because it has more combinations. 60 ^5 > 170 000

There are laser engraving machines that are selling on Ebay for $71 now. They look like a little 3d printer and you can hold one in one hand.

This type of machine would allow putting keys and squarecodes on anodized aluminum plates or painted steel plates. They would burn through the paint or anodized layer.

I suggest this as a way to avoid all the issues of paper getting wet, mildewing, rotting, catching on fire, etc.

Although it's possible that an engraved steel or aluminum plate would not survive a fire with the engraving legible. Still a gigantic improvement.

even I haven't found out how the right design for perfect cold storage.do you have a solution?

I would not consider Trezor safe after it was revealed that trezord.exe phoned home

https://www.reddit.com/r/TREZOR/comments/6yti7p/trezor_bridge_trezordexe_calling_home/

Why would you trust anything with electronics on it when you can get a paper wallet, wrap it in plastic of special material that will survive fire and water and in general the pass of time, and put it somewhere at home in a safe? even if they stole it, they couldn't open it because BIP38 allows encryption in paper wallets. You can also deposit copies on other places if you have a couple of properties.

So how can it get any better than this?

 
Didn't now that was so cheap.
http://www.ebay.com/itm/1000mW-Usb-Gravacao-A-Laser-Maquina-de-imprimir-calcografo-Carver-Automatico-Escultura-faca-voce-/362006949144?_trksid=p2349526.m2548.l4275

The problem with that is that the cost for doing it is too high, and it might not be worth it if it made up any significant portion of your worth im bitcoins. On the other hand, we could simply keep separate and several backups in safe places and the store a brain secret to decode the seed or private key. This way, it is very unlikely that the coins could be obtained by anyone else or lost by the owner.

Why do we need such thing? Sorry I am new to the concept of cold store. I just want to know why would one need such thing

Although very cool, this also seems like a very dangerous thing! It's an industrial laser in a box with open sides.
A much safer solution is a Letter & Number Punch Marking Stamping Tool Kit (http://www.ebay.com/itm/Letter-Number-Punch-Marking-Stamping-Tool-Kit-Set-Hardened-Steel-Metal-Craft-/122535077231), although you need to find a set that has both upper and lower case punches.
Ideal for using a mini private key (https://en.bitcoin.it/wiki/Mini_private_key_format):
https://en.bitcoin.it/w/images/en/thumb/e/e0/Miniprivkeys.jpg/800px-Miniprivkeys.jpg

I have to be honest with you this is an extremely interesting thought puzzle and I want to be one of those people who sits here and plans it out elaborately and gives you some kind of solution that may or may not be foolproof... the truth of the matter is though short of setting up some kind of National Treasure level system that can withstand the test of eons, and without knowing for certain that Bitcoin will absolutely be in existence when or if this extremely elaborate system is utilized... I can't see any such thing as a perfect system for Cold Storage but that being said I'm sure there's many that are close enough to being perfect two at the very least allow you to access your cold storage in the event that most disasters happen short of the internet dieing, all power on the planet going out or your ability to retrieve any information from your life is not possible.

I have a very simple solution for you. Which i think is kind of genius because its simple and bulletproof. Best if you have a will or if you have access to a safe deposit box.

What you will need:
A paper with multiple words.
A paper with a series of numbers.
A safe deposit box OR a Will.

Procedure:
Make a multiple word password from the words you wrote on the Multiple words paper.
1. Bob
2. Hello
3. School
4. Bike
etc.. etc...
I propose more than 16 words.

There is no need for you to USE all words or every word only once. For the sake of it you can only use 2 words 5 times each in series or consecutive order. OR you can use 10/16 words some of them double. What ever you think is better for you.

Then after you created your password, write on your (paper with a series of numbers) the correct series of each word by its number. e.g.
Lets say i used the words mentioned above to create this password (SchoolBikeSchoolHelloBobBobBobBike)
On my paper with a series of number i must have (34321114).

JUST DON'T MAKE THE PASSWORD 123456789, 987654321, 13579, or any other combination, keep it random just write a random number on your PC and follow it.

Now,
The paper with multiple words you have to give it to your family. ( I propose through email which they will not lose after years)
And the paper with a series of numbers you have to save it in a safe deposit box OR include it to your will. This goes without saying that you will never mention to anyone what these numbers mean. Only your family should know that these words come with a password which they will get after a bad think happened to you.

This way your family can never use these words to find the password because it will take them many years of trial and error, or even if you have extra words in that list that you don't use in your password they will never find it. And the other individual or safe box that you keep the paper with a series of numbers cannot be used for anything IF THEY DON'T KNOW ABOUT IT.

It's all really great. But a better solution is to simply just use a warpwallet. With a password of only 5-6 characters it will be impossible to crack. Check out https://keybase.io/warp/warp_1.0.9_SHA256_a2067491ab582bde779f4505055807c2479354633a2216b22cf1e92d1a6e4a87.html

The amount of possible combination in your example is less then 16^10 which is about a billion. Billion is really not that big of a number when you consider that modern average CPUs do billions of operations a second. This operation would be more complex of course, but still, this is just per second. I doubt it would take years.

One huge drawback is you can not carry it around in your head. If you lose physical access to the places where you put your encrypted wallets it's game over.
Whereas carrying a 24 word mnemonic is much easier than most people think with a widely available and thought memory practices.

It's pretty nice explained here, but you've gone too far.
There are many simpler ways.
No need for that much of security.
Imagine you lose a key and you cannot access to it. What then?
Keep your backup on simple USB, that's all you need.

With electronics, people with hacking skills can uncover encrypted passes to your "storage". How about a time capsule in your garden?

Time Capsule in the Garden of Eden +/-, many steps in offline nTIMELOCK process & only a few have the right knowledge of hardware & software around BTC IT to complete a perfect cold storage. IT be said that you can acquire almost any knowledge of any process online via search engines, just have to read & follow good /directions   :o

Yeah my example was simple. The thing is with that way you can include as many words as you like. and make a very strong password. it depends on you and what you think your family can do to crack your password.

What about using Crypto Steel?  I tried to order it once, but to no avail.

Well, consider that the base 58 used by Satoshi can be held in 6 bits.

Here's three characters in a row

 010101 011111 010111

1/8" holes spaced 1/4" apart, that is 5 inches wide.

Three characters in a row, eighteen rows of drill holes.

Anybody with a hand drill, a 1/8" bit, cutting oil, and a 6x6 piece of stainless steel can do this.

I saw that but in my opinion it offers no advantage, it's costly and not available.

Engraving machines for 60$, metal stamps for 30$, waterproof pens and paper with combination of paper laminator are all widely available and cheaper alternatives.

Metal stamps for 30$, upper case only so you do the hex codes.

Use a steel or copper plate and that's fireproof.

Use a passcode for the private key decryption, then there is not even a reason to hide it from view.

On Ebay there are stamping machines from China for stamping serial number plates will work and output nice neat little rows.

Metal beats paper.

I'd do it the simplest possible way that people have been using for centuries. You pick a member of your family (a wife?) that knows you well and that you want to be responsible for the money when you die or lose your memory. You write a letter that will give that person a hint of your passphrase. It has to be a chain of things you both know well. Then you write down the location of the wallet files and live it at the notary along with your last will and the instructions. The only way for this to go south would be if the wife would find herself a lover and it would happen to be the notary :D

You may not be able to satisfy all design criteria simultaneously.

Large-cap cold storage would have to have some of the following.

- Address limit. Each address must have no more than X amount of bitcoins. This is basic risk management and limits the losses from a single stolen/lost address.

- Timelock. This makes it impossible for someone to steal your bitcoins even when you are tortured and tell them every detail, at least until the timelock expires.

- Multisig. Generate two separate keys, A and B. Each key has an associated seed. Store your bitcoins in a 2-of-2 multisig address and store the seed phrases in physically separate, secure locations. Note that you lose control of your coins if you lose *either* key, so you need to make sure that your backup situation is set up appropriately

- I would avoid hardware wallets. What happens if the device just goes fritz on you? Now you have a brick and no bitcoins.

- Cryptosteel (or a Dremel tool ... I just saved you a bunch of money, you're welcome... ;-) If we're talking a lot of money, you need to eliminate electronic devices completely not so much for security as reliability. A RAID disk in mirror mode might work or burning multiple copies to CD, USB, etc. but, at some point, this is all way more hassle than just physically writing out the seed on a durable surface.

Let's say you have 40 BTC (almost $800k). You could divide these into 8 addresses each holding 5 BTC ($75-$100k each) and timelock all but one for the longest time that you're sure you would be OK not having access to them (say, 1 year). Generate 10 keys - the non-timelocked address has two keys, and the 7 timelocked addresses each have their own key, plus another key that is shared across all 7 addresses (you need both to unlock the address). Each of these keys (that is, the seed) should be written down and labeled, with a duplicate copy. Now, securely store the physical seeds appropriately making sure to store the second key required for each multisig address separately. Suppose you have two bank deposit boxes in two separate banks, X and Y. Store one key for the non-timelocked address and one key for each of the 7 timelocked addresses in a deposit box at bank X. Deposite the other key for the non-timelocked address and the other shared key for the 7 timelocked addresses in a deposit box at bank Y. Bonus points if the banks are located in different, non-cooperating jurisdictions.

There are other, more advanced ideas that operate on active security principles. If you're in the $1M range or less, these probably don't make sense. At $10M and above, you should definitely start thinking about these kinds of things.