Cold storage security

[Stephen Gornick]

I don't want to deal with a second person

Will these customers be informed that the entire amount of funds they've entrusted with you are then one heartbeat away from being lost forever?

[1714034647]

1714034647

[1714034647]

1714034647

[1714034647]

1714034647

[1714034647]

1714034647

[1714034647]

1714034647

[SgtSpike]

I don't want to deal with a second person

Will these customers be informed that the entire amount of funds they've entrusted with you are then one heartbeat away from being lost forever?

Sorry, I should clarify.  Certainly, there would be multiple contingency plans in the event of my unfortunate departure from this world.  I just mean that I don't want to have to deal with gathering information from a second person on a day-to-day basis just to get some transactions signed.

[markm]

A few "crazy" ideas come to mind.

One that is kind of blown by mentioning it here at all would be a "pretend secure coldwallet service" which holds signed documents from you they can use to prove you and they both agree you do not actually have anything of value in their care, so that if for any reason at all anyone including you does try to claim they have something of yours they are off the hook. It would function by simply being a very public pretense that your emergency coldwallet is safe in their care. The purpose of this would be so that if someone raids you can claim the coins are in someone else's care and point at who; you would not actually place anything in their care, their purpose is simply to be a decoy, you and they both maintain a public sham that they have your emergency coldwallet.

Another idea is put your emergency coldwallet into police evidence locker, as evidence of your being blackmailed or under duress or murdered or rendered incommunicado by violence or whatever. It will only be needed in the event of such a scenario, so anyone coming for it is evidence of such an event having occurred. Arrange that all your coins get sent to that wallet automatically if you hit a panic button or take your hand off a deadman switch. Then in the event someone comes to your house you can show them the button or switch and explain that the coins are all in the evidence locker as evidence that they are at your house.

You could even use both methods; when someone comes to your house you tell them about the pretend secure wallet service people; when someone comes to their house they tell them about the evidence locker...

NOTE: Any number of online services could be monitoring your evidence-locker wallet address, ready to send in SWAT or call fire brigade or whatever in response to cries for help sent out by means of pre-agreed amounts being sent to it from pre-agreed dire-straights wallets etc...

-MarkM-

[MysteryMiner]

Encrypt the computer who have Bitcoins with TrueCrypt and strong password. Dont lose the rescue CD also as it will help in case of MBR damage.

If You live in USA buy a gun. Problem solved, no escaped slaves will successfully invade your home and take your Bitcoins.

[casascius]

One idea, you could just have a USB flash drive laying around, containing a wallet.dat file (which contains just random noise), and kept in a place where one would likely store something valuable... and hand it over when asked.  It could have in sharpie marker, "bitcoin backup".

Not very many armed robbers are going to pull out their laptop and rescan the blockchain to make sure it was the real deal.  And it will take them a while to figure out that the wallet is bogus.

Meanwhile, if Alice points a gun at Bob, and in return, Bob gives Alice a flash drive which she then scours and runs everything it contains... which person is the attacker?  

The flash drive may as well contain an executable that starts sending you e-mail, named "wallet.dat.exe", which they are likely to run, and this will squeal their IP to you.  While you're at it, you could include scripts that will gather the MAC addresses of nearby wireless base stations (e.g. in Windows: "netsh wlan show networks mode=bssid")... which might result in you getting lucky and finding out their physical location.

[MysteryMiner]

I don't know why Bitcoins can be more attractive target for home invasion robbers than other expensive things such as jewelry or paintings or exotic cars. Some people in your area might be known to have them. They probably cost more than your Bitcoins and most boneheads have no idea what bitcoins are. So don't worry!

[cypherdoc]

1.  just outside the vault of my safe deposit box at my bank is a small private room with electric plugs where customers can view the contents of the box or sign offline tx's in your case.

2.  some guy on etotheipi's thread came up with a very cool USB solution:  https://bitcointalk.org/index.php?topic=56424.msg1182346#msg1182346

[chriswilmer]

Just use a brainwallet. That way your bitcoins are not stored "offline"... they aren't stored anywhere at all. There would be no reason why people would come to your house looking for bitcoins, there would be no point. The only way to get them would be coerce you to give up the passphrase. I can go into more details about this (it's a pretty simple system -> you still use an offline computer to sign transactions, but the offline computer never stores the private key).

Why do you say there is no reason why people would come to my house looking for bitcoins?

As I said in the OP, my name and street address are fairly easily associable with my online identities.  Couple that with the fact that I would be running a business where anyone could see the exact amount of Bitcoins I am holding at any given time, and that number of Bitcoins may increase to a significant number (thousands or tens of thousands of BTC), and I can see very good reason for people wanting to "pay me a visit".

I don't understand. What would they stand to gain from paying you a visit? There is nothing to steal at your physical location.

[casascius]

I don't know why Bitcoins can be more attractive target for home invasion robbers than other expensive things such as jewelry or paintings or exotic cars. Some people in your area might be known to have them. They probably cost more than your Bitcoins and most boneheads have no idea what bitcoins are. So don't worry!

Those items are desirable because they have the property of being easily converted to USD cash.  As do Bitcoins.

[chriswilmer]

This thread confuses me. You don't need to have wallets stored anywhere at all to use Bitcoins. You don't need an online service, you don't need an offline wallet. All you need to do is remember (somehow) your private key. If it was publicly known that I had a million bitcoins, and everyone knew my physical address, thieves could come and steal everything in my house and all of my computers... it wouldn't do them any good.

Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.

[cbeast]

I am working on my crazy notion as a sort of credit union web-of-trust using multiple forms of multisig transactions. It's a social networking model of storing and lending, while building limited trust status.

[beckspace]

The solution proposed by casascius is interesting indeed. Safety deposit boxes, m-n, shamir secret, an unthrusted  third-party (bank clerk) that eventually could see the box's contents but unable to spend the keys, while spotting for a possible "coercion" and trigger an alarm. All this can help you to be a Donald Trump of Bitcoins and still protected by the need of physical presence at a secure site to sign transactions. Without dealing with a thrusted second person. One-man operation.

Great thread.

[MysteryMiner]

Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.

There are at least two schemes to prevent torture. First one is destroying the information enemy needs and not knowing it in first place. Second one is martyrdom to prevent capture. Both of them are somewhat overkill in case of bitcoins. Thiefs are good at physical things, not purely virtual ones like bitcoins.

[SgtSpike]

Just use a brainwallet. That way your bitcoins are not stored "offline"... they aren't stored anywhere at all. There would be no reason why people would come to your house looking for bitcoins, there would be no point. The only way to get them would be coerce you to give up the passphrase. I can go into more details about this (it's a pretty simple system -> you still use an offline computer to sign transactions, but the offline computer never stores the private key).

Why do you say there is no reason why people would come to my house looking for bitcoins?

As I said in the OP, my name and street address are fairly easily associable with my online identities.  Couple that with the fact that I would be running a business where anyone could see the exact amount of Bitcoins I am holding at any given time, and that number of Bitcoins may increase to a significant number (thousands or tens of thousands of BTC), and I can see very good reason for people wanting to "pay me a visit".

I don't understand. What would they stand to gain from paying you a visit? There is nothing to steal at your physical location.

They could threaten or coerce me, steal family members, etc, is what I was thinking.

This thread confuses me. You don't need to have wallets stored anywhere at all to use Bitcoins. You don't need an online service, you don't need an offline wallet. All you need to do is remember (somehow) your private key. If it was publicly known that I had a million bitcoins, and everyone knew my physical address, thieves could come and steal everything in my house and all of my computers... it wouldn't do them any good.

Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.

Problem is, this particular service does require the holding of ~15,000 different private keys.  I can't just remember those in my head. 

[markm]

Problem is, this particular service does require the holding of ~15,000 different private keys.  I can't just remember those in my head.  

I do not think that is the real problem.

The real problem seems to me to be your desire/need to brag about how many coins you hold.

If the amount was not bragged about / published / known then you could have magic words/commands that retrieve 15,000 keys but retrieve decoy keys instead of real keys given the wrong magic words/commands.

But bragging about how many coins you hold makes it necessary for any decoy to hold as many coins as the real target, which kind of spoils the usefulness of the decoy.

Fort Knox brags about having lots of wealth on the premises, maybe the service you have in mind would be more suitable for them to offer than for you to offer...

Gosh, bragging has a downside? Who'd'a thunk?

-MarkM-

EDIT: Hey waitasec, did I just basically imply there is some security to be found in obscurity?

[chriswilmer]

Just use a brainwallet. That way your bitcoins are not stored "offline"... they aren't stored anywhere at all. There would be no reason why people would come to your house looking for bitcoins, there would be no point. The only way to get them would be coerce you to give up the passphrase. I can go into more details about this (it's a pretty simple system -> you still use an offline computer to sign transactions, but the offline computer never stores the private key).

Why do you say there is no reason why people would come to my house looking for bitcoins?

As I said in the OP, my name and street address are fairly easily associable with my online identities.  Couple that with the fact that I would be running a business where anyone could see the exact amount of Bitcoins I am holding at any given time, and that number of Bitcoins may increase to a significant number (thousands or tens of thousands of BTC), and I can see very good reason for people wanting to "pay me a visit".

I don't understand. What would they stand to gain from paying you a visit? There is nothing to steal at your physical location.

They could threaten or coerce me, steal family members, etc, is what I was thinking.

This thread confuses me. You don't need to have wallets stored anywhere at all to use Bitcoins. You don't need an online service, you don't need an offline wallet. All you need to do is remember (somehow) your private key. If it was publicly known that I had a million bitcoins, and everyone knew my physical address, thieves could come and steal everything in my house and all of my computers... it wouldn't do them any good.

Obviously, if I was tortured I might give up my Bitcoins, but I don't see how any scheme can protect you against torture or other forms of coercion.

Problem is, this particular service does require the holding of ~15,000 different private keys.  I can't just remember those in my head. 

Apologies in advance for the large quote. Isn't the threat of being coerced a fundamental problem of being publicly rich?

[Berend de Boer]

But here's the problem:  People know where I live (or could easily find out, as I make little effort at hiding my offline identity).  If I have thousands of Bitcoins on hand, and people know that, then I fear I would be making myself a target for home invasion.

So how many visitors have you had, demanding you log in to your bank and transfer money to them?

Or demanding you drive them to an ATM and get them cash?

Or open the lock to your safe?

[beckspace]

Isn't the threat of being coerced a fundamental problem of being publicly rich?

The fundamental problem is easy/fast access to the loot.

So how many visitors have you had, demanding you log in to your bank and transfer money to them?

Zero. But it's traceable.

Or demanding you drive them to an ATM and get them cash?

One time, yes.

Or open the lock to your safe?

Last year a gang of thugs raided a residencial building where my co-worker lives. Looking for jewelry (inside information, two dealers at the penthouses). 3 hours of action. They started 5:10 AM.


I am interested in any procedure that provides deterrence protection (preferably) against extorsion. (m-n, ssss, banks with insurance, safe boxes with half a key, time lock features etc.)

[SgtSpike]

Problem is, this particular service does require the holding of ~15,000 different private keys.  I can't just remember those in my head.  

I do not think that is the real problem.

The real problem seems to me to be your desire/need to brag about how many coins you hold.

If the amount was not bragged about / published / known then you could have magic words/commands that retrieve 15,000 keys but retrieve decoy keys instead of real keys given the wrong magic words/commands.

But bragging about how many coins you hold makes it necessary for any decoy to hold as many coins as the real target, which kind of spoils the usefulness of the decoy.

Fort Knox brags about having lots of wealth on the premises, maybe the service you have in mind would be more suitable for them to offer than for you to offer...

Gosh, bragging has a downside? Who'd'a thunk?

-MarkM-

EDIT: Hey waitasec, did I just basically imply there is some security to be found in obscurity?

It's not about wanting to brag.  With this particular business, the knowledge of exactly how many coins I was holding would HAVE to be public information.  There is no way around that.

Also, anyone who says there is no security through obscurity is an idiot.  PASSWORDS are security through obscurity.

Apologies in advance for the large quote. Isn't the threat of being coerced a fundamental problem of being publicly rich?

Absolutely, point taken.  I just suppose it feels different when it is me being responsible for other people's coins, vs me being responsible for my own.

You could do what I do. Run your business out of a small public storage unit. Get a wireless internet card and work as long as your laptop battery lasts. If you really need additional power take the light bulb out of the unit and replace with a light/power tap and store your inventory there as well. Get a P.O. Box to accept the mail for the business and once a day make a run to the P.O. Box. Most multi-floor storage buildings also have included on-site security if someone follows you they will not get by security. This has worked for me for years.

Oh, make sure you associate the business with another name. Don’t let it be known that you are the one running the business. If anyone suspects it's you tell them you wish you had a business like that. In other words, "play dumb." This has worked for me for years.

Interesting idea, thanks.  I think I'd still prefer the deposit box route, but a storage unit WOULD accomplish the same thing.  Worth consideration, at least.

But here's the problem:  People know where I live (or could easily find out, as I make little effort at hiding my offline identity).  If I have thousands of Bitcoins on hand, and people know that, then I fear I would be making myself a target for home invasion.

So how many visitors have you had, demanding you log in to your bank and transfer money to them?

Or demanding you drive them to an ATM and get them cash?

Or open the lock to your safe?

Point taken.  Perhaps I am just too paranoid. 

[markm]

But here's the problem:  People know where I live (or could easily find out, as I make little effort at hiding my offline identity).  If I have thousands of Bitcoins on hand, and people know that, then I fear I would be making myself a target for home invasion.

So how many visitors have you had, demanding you log in to your bank and transfer money to them?

Or demanding you drive them to an ATM and get them cash?

Or open the lock to your safe?

Point taken.  Perhaps I am just too paranoid. 

Depends... has it already been public knowledge for quite a while that you hold as many bitcoins as this business you are planning will hold?

Will you still hold that many of your own when you start also holding those of the business?

Maybe it merely has not yet seemed worthwhile to target you yet due to your not being known yet to hold enough to make it seem worthwhile to try?

-MarkM-