Bitcoin Forum

I was just wondering realistically how safe would it be to do a fresh windows and wallet install on an SSD and then unplug it ?I would just keep my SSD unplugged with my bitcoins until I wanted to access it. What ways could this be penetrated/accessible to outside parties? Thanks in advance!

Physical access is the only way it could be accessed via outside parties.

Drives in cold storage generally don't go bad, but if I was going this route I would want to make sure I had the cold storage drive backed up as well (as an image or otherwise). If your house burns down and that's the only copy, too, you're screwed. There's a lot of DR methods that businesses go through to mitigate data loss and the best way to tackle it is to have more than one method in play. If you're doing physical (tape or drive) backups, the general convention is to bring them off-site when the backup is completed. If you can backup to a NAS (or SAN if you're a business, or just a super tech guy who can warrant dropping 10k+ [10k is on the cheap side of SANs] for one in your home) and do a physical disk, that is the best method as you'll have a hot backup and a cold spare (keeping the cold spare up to date is another issue, generally a personal one).

Are you talking about putting this on a laptop of some sort?  Your asking a broad question and will likely get a lot of suggestions so it would be helpful to have some clarification.  That said, if your putting this on an old desktop or laptop (for instance) which you power on once in a while to either update or retrieve the coins, that should work fine (I'm doing something just like this with a virtual machine).  If your talking about backing up to a hard drive or ssd and keeping an offline BACKUP, that's something different and should work fine but a USB stick would be a more logical option.

If your going to install windows - do you have a "protected" connection (at least one that you know is safe) to update the OS from??  Meaning you'd at least want to apply the service pack updates and ensure the firewall is enabled.  A fresh install is susceptible (albeit unlikely) to attacks.  If you only run through the updates and your not browsing the net, you will probably be OK.

If your computer savy, a fresh Ubuntu installation with armory is a great option!

Armory also offers a PAPER backup option (highly recommended) which you can use to recover your wallet in the case of hardware failure.

good luck!

blah cheap and secure method..

1.) truecrypt with a long pass phrase.   http://www.truecrypt.org/
2.) cheap usb stick create a secure container and drop the wallet.dat file in there and keep in a secure place in your house offline.
3.) create a gmail account with 2 factor id and upload the secure container file to the cloud (in case something happens to the usb stick) .
4.) be happy :)

when you need to transfer coins download or use the usb stick unencrypte the container and copy /paste the wallet.dat into bitcoin.qt (or what ever you use) do the transaction and then delete the wallet.dat when done.

It couldn't be accessed by outside parties. You're essentially doing cold storage in another way. It's interesting, something I hadn't thought of, but yes it would work. The biggest risk would be if it's the only copy you have. Remember even brand new drives can fail unexpectedly.

Securing coins from external threats basically involves separating the private keys from any online (therefore potentially vulnerable) system.

Armory does this by using an offline computer (as one method) so the private keys are kept offline there and can never be accessed externally. Users shuttle authorization back and forth with a USB stick. Your method does away with the second computer, by simply using a second operating system and second drive.

The Trezor also separates private keys from online systems by holding them on a separate dedicated USB device, which has no OS and is therefore immune even from viruses on the computer it's plugged into.

Any of these methods can successfully separate private keys from online threats. Each is a bit different and may work better for different people. However, Trezor I feel is the most complete solution because it handles backups and any other minor security concerns (like disabling autorun for the Armory USB stick) more elegantly.

Also note the method suggested by Icon above only keeps the private keys safe when not in use. If the file is loaded onto a compromised system that could be a problem.

safe as long as you know how to protect it correcty

http://www.mdisc.com/ (http://www.mdisc.com/) + truecrypt = the best

SSD drives typically have a 2-3 year max cold storage (no boot) limit before data loss will/can happen.  Just be careful to fire it up once a month and keep an encrypted backup on hand if you go that route.

Paper wallet seems much better choice. If you make few copies on different secure places, your safe.

The HDD might not work after you plugg it after few years.

yes you sure wouldn't want to have only one copy on any electronic device...flash drive, HDD, SSD, etc...just too great of a chance of "technical difficulties" and then you lose your coins.

But having a backup obviously limits the risk as both would have to fail.

this

good strategy.
have multiple forms everywhere

Paper backup I think is one of the better ideal methods.

A single sheet of paper can be printed with at least 50 private keys. Less if you stuff it with QR codes. More if you make the font smaller (but risk not being able to read it back in the future.)

You can put a handful of them in a large envelope, seal that envelope ... keep it safe just like your other important documents.

You can also store an encrypted version of the list of private keys or the wallet.dat file in the cloud, even in multiple cloud storage services and just keep several copies of the 64 character random password.

Then send a bunch of USB flash drives and SD / microSD cards to several places (relatives / offices / friends / banks / in your treasure chest buried under the sea which requires scuba diving equipment to access) ...

Engrave it on a tungsten block, wrap it in aluminum foil and plastic, mark it "MEAT" and put it in the freezer = literally cold storage. Carving on wood or plastic works just as well but is not as durable.

This is not the same as "unplugged drives don't go bad at all".  Spinning disks are subject to age, as well as wear.  SSDs leak.  A disconnected drive is an unknown drive.  It may be fine when you reconnect it, it might not be.  The only way to find out is to connect it.

In my opinion, the bigger problem is that drives carry executable code, as well as data.  Sadly, Windows isn't the only operating system that tries to execute programs on newly found disks.

I personally use boring old paper.  Cheap, light, easy to store.  Your paper will outlive you, even with mediocre archival practices.  If you are also careful about choosing your encoding system, the paper will not be capable of storing anything but what you can see and verify visually.  You can encrypt the keys stored on it, and you can use multisig too.

I understand backing up etc, what I do not understand is, if your computer is hacked and coins disappear how do you, or, can you retrieve them. 

Are they not now in somebody else's anonymous wallet?

Yes if someone transfers bitcoins out of your account, it is almost always not possible to get them back, realistically speaking.

Not as safe as scribbling the private keys on the back side of the edges of the wallpaper that have come off the wall in your restroom like a true cryptoanarchist!  ;D

Regardless a SSD is NOT safe for any sort of cold storage. They go bad more frequently then HDD's and with no notice (you don't get clicking noises first for example as a warning- enough time to copy off your keys?) and there is no way (that I know of) to get salvage data from a dead SSD. At least with a dead HDD you can pay a few thousand dollars to special facility to take it apart in a clean room and recover data bit by bit.

Do not rely on SSD's for data storage.

Acid free paper is still the best way to store data for long periods of time.

CDs develop errors after a decade. Magnetic media is subject to demagnitizing. Mechanical drives break.
Think about how long books have lasted. It is ironic that in the digital age, paper still have value and function.

Cold wallets are meant for long term storage of large amounts so a paper wallet stored in your safe deposit box makes sense.

or you can tattoo a QR code on your chihuahua's ass and hope he doesn't run away or that the girl at the groomer doesn't shave his ass and find the tattoo, scan it with her iPhone and run off with your fortune from mining USB erupters for 10 months.


;)

1 word "Spinrite..."

https://www.grc.com/sr/spinrite.htm

Simply put nothing comes nowhere near what this puppy can do, and yes it can recover data off SSD's too :)

if i would have a large amount of btc to save safe, i would take a offline pc connected via rs232 port
to a online pc.
a little tool to control the wallet from the online pc and a auto backup function to a 2nd hdd.

a hacker how got access to your network (vpn) and to your online pc, can not directly communicate with
your offfline pc unless he knows how your rs232 connection works and for this he would
need minimum a username and a password which is only stored on the offline pc.

so with that system i think nobody can steal your wallet unless you reveal your username and password
to control the offline pc (and in this case he still needs the commands to control the offline pc).


with that system you still have control of your wallet from everyware of the world via internet and
you have a backup if one hdd fail.

this offline pc could be a simple raspberry pi...

I prefer the idea of copying the wallet.dat file to another hard drive and keeping it safe and disconnected.

I'm amused by the way some have gone into details about years of storage.  Does anyone here really plan to hold BTC or other coins for years?

I'm mining and selling and converting to good old CASH.  That seems like the best wallet idea to me.

I don't plan to hold any of my coins for more than a few months.

And for those who suggest some sort of fire box but it still gets too hot and paper discolors, here's an idea:

Get some cement blocks.  Build a wall of blocks under, around, and over the fire safe.  That way, even if the house burns down, the blocks will keep the hottest heat from getting to the fire box, therefore keeping its contents cooler.

Or if you are using some sort of drive to store the wallet file, seal it up in an antistatic bag, put it inside a piece of 4" PVC pipe, cap the ends, and bury it in the back yard.  Lots of ways to do it.

I think SSDs corrupt over time if unused...

Im doing paper. Ill buy a safe and house alarm one day and stick the paper and gold in there.

I would avoid backing up encrypted bitcoins to cloud storage considering it has been revealed that if the NSA finds you have encrypted files they can keep them as long as they want because they assume you are hiding something from them.

Etching into stone would certainly be the best idea.

http://www.mdisc.com/  This promises 1000 years of stable storage.

I wonder when it fails after 999 years if there's still a company around to make a warranty claim. :-)

They will crack your 30+ character password in, maybe 300 years. Probably a lot more. Or let's be optimistic and they get to crack it 10 times faster. 30 years. Or even 100 times faster. 3 years.

Let them keep encrypted files as long as they want. They will not have access to it in the time frame they need.

More than enough time for you to make a new wallet and transfer your coins to the new wallet.

That entirely depends on what passphrase is used.
A 30 character password composed of dictionary words with a few numbers can be quite weak.

I always use randomly generated passwords, of the type that alternates letters and numbers. Sometimes symbols.

Here are a dozen examples which I just generated now, which I will never use:

Probably safe enough if you encrypt it with a STRONG password and back it up (multiple copies!)

Ya, I use keepassx to generate strong passwords for me.

The crappy thing is every website has different requirements on which symbols and length can be used.

1 word LastPass FTW!