How to design a perfect cold storage?

[aleksej996]

This way your family can never use these words to find the password because it will take them many years of trial and error, or even if you have extra words in that list that you don't use in your password they will never find it. And the other individual or safe box that you keep the paper with a series of numbers cannot be used for anything IF THEY DON'T KNOW ABOUT IT.

The amount of possible combination in your example is less then 16^10 which is about a billion. Billion is really not that big of a number when you consider that modern average CPUs do billions of operations a second. This operation would be more complex of course, but still, this is just per second. I doubt it would take years.

[lukaexpl]

I would not consider Trezor safe after it was revealed that trezord.exe phoned home

https://www.reddit.com/r/TREZOR/comments/6yti7p/trezor_bridge_trezordexe_calling_home/

Why would you trust anything with electronics on it when you can get a paper wallet, wrap it in plastic of special material that will survive fire and water and in general the pass of time, and put it somewhere at home in a safe? even if they stole it, they couldn't open it because BIP38 allows encryption in paper wallets. You can also deposit copies on other places if you have a couple of properties.

So how can it get any better than this?

One huge drawback is you can not carry it around in your head. If you lose physical access to the places where you put your encrypted wallets it's game over.
Whereas carrying a 24 word mnemonic is much easier than most people think with a widely available and thought memory practices.

[AlphaWolf]

I am paranoid by design and by professional deformation.

Suppose you have the following tools available:

1. two Trezor hardware wallets
2. offline bootable PC with Ubuntu
3. bitaddress.org site burned to a CD
4. BIP39 passphrase and mnenomic code generator burned to CD
5. passguardian.org Shamirs secret sharing page burned to CD
6. offline printer to print and laminate paper wallets
7. metalstamps to stamp seeds/keys to metal plates if need be
8. two rented safe deposit boxes in two banks in two different European jurisdictions

How would you go about designing a "perfect" cold storage that should fulfill the following criteria:

1. be resistant to my death hence inheritable
2. be reistant to my amnesia
3. be resistant to being denied physical access to both safe deposit boxes
4. be resistant to malevolent staff opening the contents of the safe deposit boxes
5. be resistant to goverment confiscation/access denial to your safe deposit boxes

So basically I want no other entity (spouse, underage children, bank staff, evil government officials) to be able to spend my bitcoins as long as I am alive and with a functioning brain.
I also want to be able to comitt to memory a seed or an encryption method that would grant me access to bitcoins if I am not able to access the cold storage in safe deposit boxes.
Ultimately I would need to leave clear instructions in case of my death so that the family would be able to reconstruct access to those bitcoins.

I have some ideas but would like to hear flaws in my design.

1. PAPER WALLET ROUTE

One way to go about it would be to create paper wallets, print them offline, encrypt them with a strong passphrase (for example Diceware generated) using BIP38 and store them in two separate safe deposit boxes.
The secret passphrase would be easy to memorise for me and could be split using sharding into 3 pieces (2 safe deposit boxes and my home for example) so that you would need access to all of those in order to decrypt the paper wallets.

It prevents goverment or the bank staff from spending your bitcoins but if you find yourself unable to access the physical location of your paper wallets you are doomed.

2. TREZOR MNEMONIC SEED

You load your Trezor hardware wallet and stamp the seed on metal plates in a randomly generated order that you put in one safe. In another safe you put an encrypted message that is simply the order in which you have to put the mnemonic seed to be able to access bitcoins. You distribute the passphrase to unlock the order in the same way as in design No. 1.

You carry your Trezor with you (your home) hoping that even if it gets stolen nobody will be able to break the PIN.

This method has the advantage that with some memory technique you should be able to remember the seed yourself and reuse it should you be locked out of access to your safe deposit boxes.



Is all of this an overkill? Are there simpler ways?

It's pretty nice explained here, but you've gone too far.
There are many simpler ways.
No need for that much of security.
Imagine you lose a key and you cannot access to it. What then?
Keep your backup on simple USB, that's all you need.

[kaushj28]

With electronics, people with hacking skills can uncover encrypted passes to your "storage". How about a time capsule in your garden?

[Testing Crypto]

With electronics, people with hacking skills can uncover encrypted passes to your "storage". How about a time capsule in your garden?

Time Capsule in the Garden of Eden +/-, many steps in offline nTIMELOCK process & only a few have the right knowledge of hardware & software around BTC IT to complete a perfect cold storage. IT be said that you can acquire almost any knowledge of any process online via search engines, just have to read & follow good /directions   

[Raliket]

This way your family can never use these words to find the password because it will take them many years of trial and error, or even if you have extra words in that list that you don't use in your password they will never find it. And the other individual or safe box that you keep the paper with a series of numbers cannot be used for anything IF THEY DON'T KNOW ABOUT IT.

The amount of possible combination in your example is less then 16^10 which is about a billion. Billion is really not that big of a number when you consider that modern average CPUs do billions of operations a second. This operation would be more complex of course, but still, this is just per second. I doubt it would take years.

Yeah my example was simple. The thing is with that way you can include as many words as you like. and make a very strong password. it depends on you and what you think your family can do to crack your password.

[nicosey]

What about using Crypto Steel?  I tried to order it once, but to no avail.

[Spendulus]

What about using Crypto Steel?  I tried to order it once, but to no avail.

Well, consider that the base 58 used by Satoshi can be held in 6 bits.

Here's three characters in a row

 010101 011111 010111

1/8" holes spaced 1/4" apart, that is 5 inches wide.

Three characters in a row, eighteen rows of drill holes.

Anybody with a hand drill, a 1/8" bit, cutting oil, and a 6x6 piece of stainless steel can do this.

[lukaexpl]

What about using Crypto Steel?  I tried to order it once, but to no avail.

I saw that but in my opinion it offers no advantage, it's costly and not available.

Engraving machines for 60$, metal stamps for 30$, waterproof pens and paper with combination of paper laminator are all widely available and cheaper alternatives.

[Spendulus]

What about using Crypto Steel?  I tried to order it once, but to no avail.

I saw that but in my opinion it offers no advantage, it's costly and not available.

Engraving machines for 60$, metal stamps for 30$, waterproof pens and paper with combination of paper laminator are all widely available and cheaper alternatives.

Metal stamps for 30$, upper case only so you do the hex codes.

Use a steel or copper plate and that's fireproof.

Use a passcode for the private key decryption, then there is not even a reason to hide it from view.

On Ebay there are stamping machines from China for stamping serial number plates will work and output nice neat little rows.

Metal beats paper.

[darkangel11]

I'd do it the simplest possible way that people have been using for centuries. You pick a member of your family (a wife?) that knows you well and that you want to be responsible for the money when you die or lose your memory. You write a letter that will give that person a hint of your passphrase. It has to be a chain of things you both know well. Then you write down the location of the wallet files and live it at the notary along with your last will and the instructions. The only way for this to go south would be if the wife would find herself a lover and it would happen to be the notary

[haltingprobability]

You may not be able to satisfy all design criteria simultaneously.

Large-cap cold storage would have to have some of the following.

- Address limit. Each address must have no more than X amount of bitcoins. This is basic risk management and limits the losses from a single stolen/lost address.

- Timelock. This makes it impossible for someone to steal your bitcoins even when you are tortured and tell them every detail, at least until the timelock expires.

- Multisig. Generate two separate keys, A and B. Each key has an associated seed. Store your bitcoins in a 2-of-2 multisig address and store the seed phrases in physically separate, secure locations. Note that you lose control of your coins if you lose *either* key, so you need to make sure that your backup situation is set up appropriately

- I would avoid hardware wallets. What happens if the device just goes fritz on you? Now you have a brick and no bitcoins.

- Cryptosteel (or a Dremel tool ... I just saved you a bunch of money, you're welcome... ;-) If we're talking a lot of money, you need to eliminate electronic devices completely not so much for security as reliability. A RAID disk in mirror mode might work or burning multiple copies to CD, USB, etc. but, at some point, this is all way more hassle than just physically writing out the seed on a durable surface.

Let's say you have 40 BTC (almost $800k). You could divide these into 8 addresses each holding 5 BTC ($75-$100k each) and timelock all but one for the longest time that you're sure you would be OK not having access to them (say, 1 year). Generate 10 keys - the non-timelocked address has two keys, and the 7 timelocked addresses each have their own key, plus another key that is shared across all 7 addresses (you need both to unlock the address). Each of these keys (that is, the seed) should be written down and labeled, with a duplicate copy. Now, securely store the physical seeds appropriately making sure to store the second key required for each multisig address separately. Suppose you have two bank deposit boxes in two separate banks, X and Y. Store one key for the non-timelocked address and one key for each of the 7 timelocked addresses in a deposit box at bank X. Deposite the other key for the non-timelocked address and the other shared key for the 7 timelocked addresses in a deposit box at bank Y. Bonus points if the banks are located in different, non-cooperating jurisdictions.

There are other, more advanced ideas that operate on active security principles. If you're in the $1M range or less, these probably don't make sense. At $10M and above, you should definitely start thinking about these kinds of things.