Bitcoin Forum

If you have a fair amount of bitcoins is it stupid to keep them all on Bitcoin Core on a computer that's just about always online?

Even with a good password?

Do you think cold storage is essential?

That depends on what you consider a fair amount of bitcoin. You could store them on multiple wallets or offline.

Offline armory, that's the way to go.

Offline core.  Export keys as needed.

I have two offline wallets that split my BTC between the two. If something happens to one, I don't lose them all.

I have my public addresses as 'watch only' so I can monitor the balances.

I have my private keys stamped into metal that won't melt if the house burned down.

AND I have paper copies in another location, split up so you need both parts to complete the key.

I'm HODLing long term, so I wanted to be safe.

winner

I wouldn't call this stupid. I would say this is very insecure especially considering that you are using QT, as QT will broadcast the fact that you are someone that uses bitcoin (or at least is someone involved in Bitcoin) so potential attackers will know that you are someone they should target.

By saying that you have a 'fair amount' you are implying that you have enough so that you would be negatively affected in a significant way in the event that your money were to be stolen.
A strong password is only one line of defense. You however must utilize other lines of defense as well. A strong password will not protect yourself against a keylogger of malware that can 'see' your private key when you temporarily decrypt it when you go to sign and push a TX. 
Not necessarily however at the very least you should have your bitcoin stored on a computer that is not on a network that can be associated with Bitcoin use. As long as you are disassociated with bitcoin you will be somewhat safe as attackers will not know to attempt to attack, so if your money is stolen it would likely be the result of a more random attack. Most people however do believe that cold storage is essential as it eliminates the majority of risks of getting your bitcoin stolen

Any large amount of Bitcoins it is absolutely essential to keep it in cold storage and more importantly offline, a disconnected computer off the internet can't be hacked, first rule of a fight is don't be there, unfortunately many don't practice this and I'm still seeing topics of people screaming about how their coins got hacked despite using Tor etc. and they just don't take peoples advice, most likely because they think it won't happen to them.

It's fine leaving it online if you're going to spend it at some point or move it around but ideally if it's for long term storage offline is best.

I personally don't leave btc on an offline computer or a flash drive. My reasoning is that they're technology, and it tends to fail. What if that computer doesn't boot up one day, or what if it's somehow broken? What if you lose your flash drive that has your private keys, or what if it gets too close to a magnet?

What if the house burns down?

buy an old laptop.
format it.
install linux on it.
download, install and run electrum.
write on paper the 12 word seed electrum gives you.
memorize it and repeat it every day for a week.
destroy the paper.
keep the laptop powered down, never use it for anything except sending money with electrum.

Under 10 BTC not really

10+ BTC yes

What if BTC goes back to 1k per coin, does that change your opinion? I would imagine that many people who elect the cold storage option are looking to hold their BTC for a while in hopes that the price rises. I think that even if you have 1 BTC, it's important to secure it as best you can.

If you won't use your bitcoins for a while, it would be better to keep them in offline wallet.

This and make sure to create backups of your keys, also don't put all your eggs in one basket. You might want to split your coins up over 2-4 wallets.

Is that really an issue? I have dozens of flash drives, two of them have been near some pretty powerful magnets and they don't show any signs of damage. I can still read from them, write to them, reformat them and even boot an Ubuntu installer from them with no problems. I'm honestly curious about this, I know magnets will cause trouble for any kind of magnetic media, but I've never personally had any problems with flash drives.


Then you've also eliminated one of the more popular choices (paper wallets) as a viable means of cold storage, unless you keep your paper wallets in a bank vault (even a "fire safe" will not always protect paper locked inside).

Cold storage is a MUST.

There's an idea I haven't heard before.   I might just try that.   Even though I assume your private keys are BIP encrypted .... splitting them in half and putting them in two different locations is a pretty sick idea.

-B-

The metal is a great idea! What kind of metal, and how deep are the stamps?

It's actually two 10oz silver bars. The reasoning behind it is that it's something you're going to want to be careful protecting anyway, and the melting point of silver is around 1700 degrees F and a typical house fire burns around 1200 degrees F... Plus it's kinda neat  ;D

The stamped letters and numbers were hit relatively hard to make sure if the silver was scratched by something, everything would stand a great chance of being legible.

cold storage is a must imo.

also - never download cracked softwares ;)

Metal foil, like 0.03mm stainless steel, is cheap.  You can buy it on Ebay and write on it with anything, like a ball point pen.  That makes indentations that stay.  Then put the sheet of foil between two pieces of cardboard and put it in the safe.



A fire safe will not protect CDs, SD cards, hard drives, anything like electronics.

It MAY protect paper and things on paper.

The problem is the laser and inkjet characters on paper under temperatures of 200-400 F. 

What if characters stuck to the back of the next sheet?  Then you pull the papers out of the safe, try to separate them and the letters cannot be read.

Characters should be BIG for safe long term storage.  The bigger the better.  Say an inch high.  Hand writing with a permanent marker could be better than using a laser printer.

Exactly the same issue exists if no fire, but with long term storage - 10-20 years.  Do not trust little bitty characters.  Do not put sheets of paper next to each other.  Do not use both front and back of a sheet.

Look at the Archival storage industry.  Don't reinvent the wheel, these people already know how to do this.

http://www.archivalmethods.com/product.cfm?permalink=archival-paper

http://www.naa.gov.au/records-management/agency/preserve/physical-preservation/artworks.aspx

https://en.wikipedia.org/wiki/Archival_science

question,  hope to get an answer, thanks.

say a keylogger is logging my actions, would a right click copy and paste or ctrl c & ctrl v, expose the key to the hacker?

ooh paranoia.. lol

Wow, I must say this is very secure. Did you stamped it into silver yourself or had someone else do it?

I will bring them into two parts, one part of them adopt  storage  offline ,the other will be online for my often using .

I wonder if and how badUSB affects devices like trezor... The only thing i could find on their "security threats" page that is somehow related to badUSB attack vectors is this :

"Reflashing the TREZOR with evil firmware

Official TREZOR firmware is signed by the SatoshiLabs master key. Installing unofficial firmware on the TREZOR is possible, but doing so will wipe the device storage and TREZOR will show a warning every time it starts. Reprogramming the bootloader is impossible, because all TREZORs ship with their secure programming fuse blown."

Some keyloggers monitor the clipboard and other keyloggers also log mouse clicks.

It seems like to me that this really is the only way to be 99.99% safe.

That being said, I think that this is a huuuuuuge flaw with bitcoin. 

Who really is going to go through all those steps? 

In fact, not only would people not want too, I am pretty sure most people don't know how to format a computer and definitely don't know how to install Linux. 

For Bitcoin to advance, we need a rock solid way to protect bitcoins that is soooooo safe and sooooo easy

non of those steps are particularly hard to do.
im sure people can learn how to press the format button.
my grandma could install Ubuntu Linux, there is nothing to it except clicking next a bunch of times and entering a username and password.

using facebook is harder than any of these things.
and for the effort you get to store your money in your own international bitcoin bank, that can't be robbed or frozen.

BittBurger, you mean you have never heard of Armory's fragmented backup solution?
Fragmented backup halfway down (https://bitcoinarmory.com/about/armory-backups-are-forever/)

It's not essential, Linux, encrypted wallet and daily backup on 2 remote locations is enough... There are details about, but it's enough.

i am using armory to keep it safe offline. in a way it's the best possible security in my opinion. but I don't keep all of them. I spend daily.

Bitcoin Core itself is safe to use and nothing will happen if you use it when you have a good chunk of coins.

What I do is spreading my coins in at least four or five different wallets, and each wallet file has five backups stored on usb sticks and hdd's.

Bitcoins that I will spend are stored in my "fun" wallet, which is constantly online.

I keep 90% in BIP38 encrypted paper wallets and the hot BTC are split across Armory and Bitcoin-Qt (Linux only).

If you're running Windows, the need for cold storage is more important than ever.

Go look at BitKey http://bitkey.io/

Very simple process:

* Download the BitKey linux iso image,
* Burn it to a CD,
* Disconnect network and boot PC with the CD,
* Create your Electrum wallet, all software is already pre-installed and configured in that iso,
* Save Master Key to USB drive,
* Reboot PC (without CD),
* Startup Electrum and create watch only wallet with mater key.

If you need to send funds then create an unsigned transaction, boot up again with the CD, sign the transaction, boot again (without CD) and broadcast the transaction.

Does not really get simpler and more secure than that.

That's life, but if you're seriously that worried then split the Bitcoin up onto several USB drives or something to make sure it's safe, you'd have to have some seriously bad luck for all of them to break down or go missing.

I use an old laptop which i format clean and install only armory to keep the coins. I leave it offline and update once a while to check the balance. All the backups are stored separately. Another part of the stash , i transfer it to my phone for online purchases

I would suggest that you rather install armory on your normal PC and place the same wallet on there but in 'watch only' mode. You can then check your balance as and when you want without putting your other installation at risk by going online. That 1 minute online can be enough to infect the PC and when next you go on to broadcast anything the malware managed to obtain.

Nope!  But i'll check it out, thanks.  I've intentionally stayed away from Armory because it is not friendly to the less technically-inclined like myself.  I am sure its a robust and exhaustively secure system, but being robust and exhausting (for someone like me) is why I didn't bother.  I couldn't see any reason why a simple bitaddress.org Bip38 paper wallet printed offline and stored in a bank safety deposit box, is any less secure than Armory.  

In fact, leaving anything reliant upon *any* software seems like a bad idea to me in general.  

I was backing up my wallet.dat files for awhile there, and then one day bitcoin core wouldn't let me import my largest wallet file, which I had put on a USB drive.  I almost lost everything I had.  Fortunately I'd deleted a wallet.dat copy in the past, and it was still sitting in my recycle bin.  That one worked.  Any wallet.dat file that I had pulled off my hard drive and put back onto it wouldn't work anymore.  Scariest day of my Bitcoin life.  That's when I said "f*ck anything electronic, this is going on paper". 

There is no way im going to trust my life savings to a windows application.

-B-

If you have 100 bitcoins then you must need an offline storage.

I have no idea who made that bitkey or if it can be trusted.
i'd rather use a trusted linux distro like debian and install electrum myself.

That is the beauty of it, you do not need to trust it as its only booted when you are disconnected. The moment you reboot the memory is wiped and you are back to normal. So even if there were malicious code in that it would not be able to do anything. All the code is also open source and availabel to anybody so you can go look at how its setup.

Also, for the noobs who has never worked with linux this is the ideal, you need not know anything. Just burn the CD, boot it and that's it.

Flashing new firmware requires the user to physically respond and confirm the update on the trezor unit. 

I'm not sure if the general population is tech savvy enough to handle bitcoin wallets. Security proofing their machines, backups, and linux can be challenging for the non-nerd.

I think the cloud is the best solution. Blockchain and Coinbase and pretty good now but still need to improve. Professionals are better equipped to safeguard bitcoin than the mainstream computer user.

Eventually, these big players will have gold plated insurance and pay interest on deposits.  
There we go; back to traditional banks. Maybe my local bank will handle my bitcoin like they do my fiat in the future. I can see them jumping on the bandwagon if they cannot squash it entirely.

Yup paper wallet and split them up in smaller amounts.

it could infect the windows installation on your hard drive and save your keys.

Did it myself. You can buy a stamping kit for $15 and just practice on some metal until you get the hang of it. It was pretty fun, actually.

http://www.harborfreight.com/36-piece-14-in-steel-letternumber-stamping-set-60671.html

No it cannot. No drives are mounted on startup, all is done in ram. Best is go to their site and read what it does and how its put together. I think that will give you a better understanding of how it actually works. And by the way, its is based on Debian.

Forgot to add... You do not have to run the CD on your main PC. You can run it on a second offline PC if what you mention is a big concern. In that way there is no sub system to infect.

nothing stops a malicious live cd from mounting your drives and doing what ever it wants with them including infecting the OS installed on it and leaking the keys to the drive.

indeed having a separate laptop is the way to go and even then you still have to trust that those guys didn't change the electrum they are shipping to always sign a transaction that sends all your money to them.

I think Electrum is your best choice. Make sure your client is on a fairly secure (*nix) machine and don't worry about it.

The real problem with "cold" storage is that it removes many of the benefits BTC confers - like being able to access your stash anytime you like, anywhere you like. It's nice to have some spending money on blockchain.info or in Coinbase too for mobile purchases.

Serious question:

How about a fair amount of bitcoins, on Bitcoin Core, on a computer that:

1. is behind 2 routers, uPNP turned off (internet > router1 > router2 > computer)
2. is not port forwarded, therefore does not accept incoming connections (so connections are always at 8 out)
3. good password
4. is not used for anything else, only Bitcoin Core (was fresh installed OS, regardless of OS)

For added info, the routers are a service provided branded ZyXel router and a Cisco E1000 router, in that order. (Does it really matter ...)

It's essentially an "online" wallet that almost no hacker can get to (because it's behind two NATs).

Physical security is a different topic, but I've got that covered on my end.


Then I have another computer that is air-gapped for cold storage.

I didn't see this question asked.

Would it be safe to store all your coins on a Trezor hardware wallet long term?

- Fire/flood/theft risk (unless mitigated with some kind of backup)
- Keylogger risk (true for pretty much everything except trezor style device)
- Coins perhaps inaccessible if you travel
- Potential data corruption (again unless mitigated through solid backups, which is more opportunity for fuck ups)

Ive heard good things generally about Trezor, but
any hardware can fail or could be destroyed in
a fire, flood, etc...so you should have a back up.

Plus there is the possibility it could be stolen.

You need to consider all those things.

Thank you for your reply, but those are all covered.

Fire = encrypted backups
Keylogger = after initial set up disconnected, no further software is installed. no hardware is allowed near it. It's a clean machine, bare OS, all other services off, all other ports blocked.
Travel = that's a given, I would need to be on that particular machine. Backups will take time to set up, but can be done (same as for destruction).
Data corruption = same backups.

You are essentially a bitcoin leacher. Don't be a sissy, open up port 8333.  ;D
(j/k do whatever makes you feel safer)

Make sure initial key generation is done on clean machine as well or external random source. 
There's always the attack that could happen even on offline machines if the key generation
is from a known set.

Yes it is very very risky to keep them without a cold storage. I mean there are all sorts of people out there looking for just one chance to steal your Bitcoins !

Wiating for multisig support on bitcoincore gui

I have a few full nodes open up. Those don't have any coins in them. :)


Of course. Make it run for a day. Then create a brand new wallet. Or generate the wallet from another offline computer. I think there's the paperwal, and for mass production there is vanitygen and bitaddress.

You could post your private key on bitcointalk. Nobody would believe you! :p



Disclaimer:
JUST KIDDING DON'T DO THAT!!!

Absolutely.

Store in cold wallets the amount of bitcoins you are not planning to use in the coming weeks and at a high % (>90-95%) if you have a considerable amount.

Yeah I'm surprised this hasn't been implemented into core's gui yet, been meaning to try out Armory's multi-sig wallet just haven't got round to it.

You can try bither bitcoin wallet.It is easy to use and very  safety.

In order to properly protect yourself from data corruption you need to have multiple backups on multiple types of backups. For example if you have 3 backups of your private key on 3 USB drives all made by the same manufacturer then there is a highly elevated chance that all three will fail if one fails. Also, the same is true with the program that you use to encrypt your backup file. 

Correct! Also, best to have them in more than one physical location. To protect against earthquakes, volcanic eruptions, and tsunamis. No real protection against giant asteroids though, since that will wipe us all out.

Where do you guys store your paper wallets?  If I had a safe that weighed like 500 lbs I'd use that, but not many people have that.

I guess most people just find a hiding spot in their house and hope it doesn't burn down?

This is one of the best option you can have to keep your BTCs safe

This came up once before in this thread, but nobody responded directly.

If you are worried about your house burning down, you obviously do not have off-site, verified backups.

I currently have my Bitcoin stored in two locations at least 10km apart. I must confess, it was scary to open the sealed envelope only to learn that some of my private keys were only stored in one location (ie: not verified).

I hope to upgrade to 3 locations at least 10km from each other, each with m-of-n keys, such that 2 keys are needed to recover funds. If you opt for a safe-deposit box 10km from your home, you may get extra scrutiny for using a branch that is not near your home or place of work.

I chose 10km because I rarely leave the city. I concluded that if I am likely to survive any city-destroying event: so should my Bitcoin. If the city is totally wiped off the map, I probably won't be looking for my private keys.

With the precautions outlined above, I think there is no problem with paper wallets. Some people suggest encrypting your backups, but then you will need to back up the decryption key somewhere. As the number of locations go up, the higher the chance of compromise. That is why m-of-n keys with some kind of tamper detection would be ideal.

Me and another forum member were thinking of offering a service to hold some of your paper wallets, for a fee. I'm at least 10,000 km away from you.

If your city got wiped off the map, but you survive, you may want to have access to your bitcoins.

LOL. I think it would be theoretically possible to protect against this by storing your private keys in locations that are underground and have several years worth of food, water and electricity and medical supplies. I would think that protecting against asteroids would have a negative NPV as would protecting against volcanios - at least in most of the world

Yeah, just store your backups on a cubesat. Or the moon. Or under the sea. I dunno. They are all really far fetched.