Bitcoin Forum

I am ready to put some of my BTC holdings into a couple different cold storage wallets. I went through the process already moving around a few mBits as tests, created the keys on an offline PC, sent real funds, then ran an import in bitcoin-qt, all good there!

My concern is this, If I move a few BTC into individual 1BTC wallets, do I have to worry about any Change Address issues if I simply ignore them completely for a long time? Assuming my private keys are kept safe over time, is there any way I can lose funds this way? I do not plan on making further deposits into any of these wallets, if my funds grow I will keep another hot wallet or setup more cold storage. I also do not plan on withdrawing funds at any time, when I do it will be a full sweep per wallet.

Before I proceed with sending my hard earned mining BTC to each address, I want to make sure I take all the proper precautions, any help from you BTC pros is greatly appreciated.

 ???

There shouldn't be a problem, change addresses are used if you partially retrieve the funds from your cold wallet.

Why not use a paper wallet?

https://www.bitaddress.org is supposed to be safe

Good, testing is important.


Change only occures if you send coins, not if you receive them. So youd only have to worry about the wallet you send to coins from and not about the cold wallet you send the coins to.


Yes, if your private keys are the result of a bad random generation. E.g. you choose a brainwallet with "correct horse battery staple" as seed. What I liked best is the idea to point your camera at a lava lamp to take that as a source of randomness. I dont know how good a source of randomness it is, but it sounds good. If you generate a new wallet with bitcoin core it uses the random number generator (RNG) of your OS. So you might want to look into that. For other wallets they might take different RNG. Probably worth checking that out. Just in case.


Full sweep = no problems with change :)

As long as your private keys are safe there shouldn't be any problem.  As I understand it you'll only need to move funds out of these wallets if you ever want to spend them.  At that time, simply import your private keys to a wallet program and generate the transaction you desire.  Seems like you've done your due dilligence, I think you'll be fine.

As long as someone is not accidentally generating your private key, u r safe :)

I totally Agree with you , paper wallet and the cold storage are the same except you use printed paper for the #1 and a Flash for #2
the blow links may help you a little
https://www.youtube.com/watch?v=I1uefzJJ6nM
https://blockchain.info/wallet/paper-wallet-tutorial-web
http://www.reddit.com/r/Bitcoin/comments/22cwdx/noob_questions_about_cold_storage_dont_upvote/

Thanks

 

Are there reports of this sort of thing happening?  If so, I wonder where I can read an overview of the issue.  I'd like to reconsider now my own cold wallet.  I know which program and version of the program that I generated it with.  Now I want to make sure there was an appropriate randomness.  Any suggestions?

I am planning on using Electrum for cold storage. I will take a note of the word seeds and the 5 addresses, then uninstall electrum completely. I will then add those 5 addresses as 'view only' in blockchain wallet, and send funds to them for long term storage.

It would be much better to just run Electrum on an airgapped computer and use your Master Public Key to create a view only on an Electrum connected to the internet (then sign your txs offline). Otherwise if you ever need to send funds you'll have to install Electrum again add the seed and broadcast the transaction by connecting to the net (which isn't really cold storage anymore) and then uninstalling again. Are you committing the 12 words to memory - or are you keeping paper copies as well (possibly at least one in a fireproof safe/bank safe deposit box)?

Well this mainly is a problem with brain wallets and the fact that humans are a bad source of randomness.

https://bitcointalk.org/index.php?topic=299156.0

With the revelations by Snowden it was also shown that RNG are a good way for the NSA (and other organisations) to weaken the strength of an encryption. I learned this morning that Windows is also able to take further input when generating a random number. Dont know if this is common knowledge.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942%28v=vs.85%29.aspx

All in all. If you want to check that, research the programm and version you used and see where they take their randomness from. Usually this will be a libary or an OS source. You can then research these sources.
Usually randomness is taken from mouse/keyboard input, from network traffic (which might be a bad idea, because this might be manipulated) and from the HDD (not SSD though).

Edit oh and also randomness from allready random data, e.g. Private keys. I am not sure yet whether thats a good idea or not

Your suggestion seems too complicated for me.  :D
I will keep 2 copies of the word seeds in envelopes, one at home and the other in my brother's

shorena thanks so much for that reply, it really helped a lot!

I wanted to split my cold storage into different addresses, figured for security in case one were to get compromised.  But, if I make a single address as a main cold storage address, can I use it to make future deposits as well or do I have to worry about anything?

Yes, thanks for this writeup.  Very informative.  I see what you mean about this being an issue mainly with brainwallets.

In my case, I don't use Windoze so I'm not really worried about that aspect of it.  I only use GNU/Linux so I'm familiar with /dev/random and /dev/urandom.  In my case, however, I generated an address with a java program which most likely used the java rng lib.  Because the particular program is open-source, I can check on that, which is nice.

I like the suggestion earlier in the thread about pointing a camera at a lavalamp---funny, if impractical.

There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

There's also another one, which is quite a good idea, which involves recording random sounds in the street and then hashing it.

I suppose that any sort of media file hashed would be a relatively good source of random bits, but I'm not an expert in this topic.  If it were me, I'd be sure to either use a whole file or some portion of it which is definitely not a header (first bytes of many filetypes are going to be the same for every file of that type).

It should stay safe As long as the wallet stays offline. And the private keys are safe

I know how to calculate the sha256 hash of my files, but how am I going to get my private key and bitcoin address from it?

The idea is that you use the random number as a seed for generating a bitcoin address. There are some other threads about how to generate a bitcoin address by hand.

bitaddress.org -> wallet details tab -> paste in sha256 hex.

Someone made a dice2key app, (with source code) and also a paperwallet app (I think it was Deep Celeron)

Here are a few I found after some quick googling:

https://raw2.github.com/swansontec/dice2key/master/dice2key.sh

https://bitcointalk.org/index.php?topic=297077.25

https://bitcointalk.org/index.php?topic=297077.msg3197393#msg3197393 (This is my post in the same thread.)

https://bitcointalk.org/index.php?topic=361092 (Paper wallet app)

Or you could always use vanitygen (make sure to use compressed keys) so you have your custom cold storage that begins with 1COLDSTORAGExyxyzxyxyxyzxy or whatever you prefer.

The camera thing and files, and sound recording .... just for fun I guess.

Don't use a picture that is already posted on the internet, and don't use a song from the top charts. (actually, don't use any song unless you are sure you are the only person who recorded it.)

Definitely don't use a recent movie even if it never won a grammy award.

But just in case you do, make sure your equipment goes through an analog portion. So there is some noise introduced.

I tell you what I will do when I get my new DSLR, is I'm going to go around town and take pictures until the memory card is full. Copy those files to an offline computer. Then hash each one of them.

To be hard core, use the RAW format of your camera, if it is available, or the highest resolution.

Good luck with anyone figuring out 24 megapixels of data.

Right, well I guess that is one way to be "hardcore"  but I think the point here i just to provide an initial random seed to an otherwise and deterministic procedure.  It seeems to me that if you are taking hashes of random media (or, IMHO, just sampling from /dev/urandom) you should be fine.  Am I missing anything crucial?

You can make paper wallets with blockchain has well or with electrum

I like the idea of having my bitcoins on 2 or 3 different addresses, it is easier if you want to spend/sell some

Well, you want as many different sources as possible since any amount of good or decent randomness gets mixed in to the final private key. Your camera, your picture, your file, is about as good as it gets.

It's actually overkill, as you can use any of the apps or scripts I have mentioned above, as well as bitaddress.org

For instance under your mattress. Maybe in the freezer cause it's called cold storage, right?

I suggest taking a picture of your turds and using those. Turds tend to be very random.