Setting up a cold storage for bitcoins

[YIz]

I was thinking of setting up a single cold storage instead of all my wallets, and I wanted to ask for some technical advice:

This is the plan I have:

1) Disconnecting my laptop entirely from the internet, then installing Bitcoin Core from a USB drive.
2) Running Bitcoin Core and backing up the wallet.dat file on a few external hard drives.
3) Disconnecting all the drivers and formatting the computer when the process is done

I was wondering if there are any flaws in my method? Any way my private key touches the internet?

And is there a safer way of generating a wallet than Bitcoin Core? I was thinking about running a third party up when the computer is offline. and how do I extract the plaintext privkey from the wallet.dat file?
There are gonna be thousands in there before I even think about withdrawing, so it's gonna be deposit-only for a couple of months, maybe years.

And I can't really get hold of a hardware wallet locally, I'd love to, but they're not available anywhere.

Thanks in advance.

[1714997330]

1714997330

[1714997330]

1714997330

[achow101]

I was thinking of setting up a single cold storage instead of all my wallets, and I wanted to ask for some technical advice:

This is the plan I have:

1) Disconnecting my laptop entirely from the internet, then installing Bitcoin Core from a USB drive.

The laptop would have been connected to the internet at some point. It is possible that you could have received a malware on to your laptop which can transmit data even when offline (yes such malware exists, it does some crazy stuff).

2) Running Bitcoin Core and backing up the wallet.dat file on a few external hard drives.

So you would still have to run Bitcoin Core and connect to the internet?

It is possible that, since your computer was online, malware could be on your computer and then that malware writes itself onto your hard drives waiting for them to be plugged into a computer.

3) Disconnecting all the drivers and formatting the computer when the process is done

When you format, make sure you overwrite with 0's.

I was wondering if there are any flaws in my method? Any way my private key touches the internet?

And is there a safer way of generating a wallet than Bitcoin Core? I was thinking about running a third party up when the computer is offline. and how do I extract the plaintext privkey from the wallet.dat file?
There are gonna be thousands in there before I even think about withdrawing, so it's gonna be deposit-only for a couple of months, maybe years.

It would be safer to use a paper wallet.

[YIz]

I was thinking of setting up a single cold storage instead of all my wallets, and I wanted to ask for some technical advice:

This is the plan I have:

1) Disconnecting my laptop entirely from the internet, then installing Bitcoin Core from a USB drive.

The laptop would have been connected to the internet at some point. It is possible that you could have received a malware on to your laptop which can transmit data even when offline (yes such malware exists, it does some crazy stuff).

2) Running Bitcoin Core and backing up the wallet.dat file on a few external hard drives.

So you would still have to run Bitcoin Core and connect to the internet?

It is possible that, since your computer was online, malware could be on your computer and then that malware writes itself onto your hard drives waiting for them to be plugged into a computer.

3) Disconnecting all the drivers and formatting the computer when the process is done

When you format, make sure you overwrite with 0's.

I was wondering if there are any flaws in my method? Any way my private key touches the internet?

And is there a safer way of generating a wallet than Bitcoin Core? I was thinking about running a third party up when the computer is offline. and how do I extract the plaintext privkey from the wallet.dat file?
There are gonna be thousands in there before I even think about withdrawing, so it's gonna be deposit-only for a couple of months, maybe years.

It would be safer to use a paper wallet.

Thanks for responding.

I don't really trust paper to keep the private key readable for years. that's why I prefer backing the file up on multiple drives.
So how can I possibly eliminate the risk of a malware copying the private key and waiting for it to go online?

[CIYAM]

I put together this years ago: https://susestudio.com/a/kp8B3G/ciyam-safe

It is an OS image that doesn't even have internet capabilities (your keys are safely kept on the offline computer and txs are done using QR codes so that you don't even need to have any "wire" attached to your offline computer apart from its power).

You can backup your encrypted private keys via QR codes also (it uses GPG to do the encryption of those).

The system has been used to safely look after well over 500 BTC since 2011.

[YIz]

I put together this years ago: https://susestudio.com/a/kp8B3G/ciyam-safe

It is an OS image that doesn't even have internet capabilities (your keys are safely kept on the offline computer and txs are done using QR codes so that you don't even need to have any "wire" attached to your offline computer apart from its power).

You can backup your encrypted private keys via QR codes also (it uses GPG to do the encryption of those).

The system has been used to safely look after well over 500 BTC since 2011.

Thank you very much for replying.
I have little to no experience with linux systems but centOS, would it be difficult for me to use this OS? and I really liked the idea of using QR codes.

[achow101]

So how can I possibly eliminate the risk of a malware copying the private key and waiting for it to go online?

Use a completely new device that has never been online and never will be online. You could use something cheap like a Raspberry Pi.

[DannyHamilton]

This really comes down to just how paranoid you are and how sure you want to be that the addresses generated are completely secure.

1) Disconnecting my laptop entirely from the internet, then installing Bitcoin Core from a USB drive.

The laptop would have been connected to the internet at some point. It is possible that you could have received a malware on to your laptop which can transmit data even when offline (yes such malware exists, it does some crazy stuff).

More importantly, it would be possible that some undiscovered malware got onto your laptop while it was connected to the internet that can influence the choices that Bitcoin Core makes when generating private keys and addresses.  In other words, the malware wouldn't need to transmit the data while offline, it would just need to trick your Bitcoin Core into choosing private keys with an algorithm that the attacker can reproduce on their own system.  Your keys would look completely random to you, and until the attacker empties your wallet, you'd never know.

Are you likely to have such hidden malware running on your computer?  No. But if you really, really want to be safe, then this is an attack vector to be aware of.

2) Running Bitcoin Core and backing up the wallet.dat file on a few external hard drives.

So you would still have to run Bitcoin Core and connect to the internet?

No.  It isn't necessary to connect to the internet to run Bitcoin Core.

It is possible that, since your computer was online, malware could be on your computer and then that malware writes itself onto your hard drives waiting for them to be plugged into a computer.

Correct, it is possible that these external hard drives have malware on them (perhaps even installed in their firmware).  Again, this is unlikely (especially if you purchase brand new hard drives and never connect them to any other computer), but it is an attack vector to be aware of.

3) Disconnecting all the drivers and formatting the computer when the process is done

When you format, make sure you overwrite with 0's.

There are a variety of different forms of formatting of hard drives.  Some of them leave all the data on the drive and simply remove the indexes that indicate where that data is stored.  Even if the original data is all overwritten with new values, it can sometimes be possible to retrieve data from the slight weak data signals that may remain.

US Department of Defense in the clearing and sanitizing standard DoD 5220.22-M recommends the approach "Overwrite all addressable locations with a character, its complement, then a random character and verify"

I was wondering if there are any flaws in my method? Any way my private key touches the internet?

It's relatively safe. There are additional steps you can take to increase the security, but doing as you've stated isn't a horrible method.

And is there a safer way of generating a wallet than Bitcoin Core?

I really like the idea of rolling dice or shuffling cards.  Then I don't need to rely on a computer program generating a random enough private key.  There are a variety of tools that will convert a private key to a bitcoin address, and most of them are simple enough for an amateur programmer to confirm that they aren't doing anything malicious.

If you know how (or are willing to learn how) to convert a private key to Wallet Import Format (WIF), then you can even use Bitcoin Core to calculate the address from the value acquired from the dice or cards.

How do I extract the plaintext privkey from the wallet.dat file?

In the "Console" found under the "Debug Window" in the "Help" menu, you can run:

Code:

dumpprivkey 1YourBitcoinAddressHere

Replacing 1YourBitcoinAddressHere with the actual bitcoin address for which you want the private key.

It would be safer to use a paper wallet.

What software are you recommending for creating the paper wallet?
Have you considered the fact that a networked printer can be hacked and the data sent to it to be printed can be captured?
How well reviewed is the software you are recommending?
Wouldn't you need a computer to run the paper wallet generating software?
If so, wouldn't that software and computer be subject to all the same risks as running Bitcoin Core?

Much like the OP proposed method, a paper wallet created with bitaddress.org running on an offline computer is probably pretty secure, but there are attack vectors to be aware of, and steps can be taken to increase the security.

[CIYAM]

I have little to no experience with linux systems but centOS, would it be difficult for me to use this OS? and I really liked the idea of using QR codes.

It uses a custom SUSE distro and although it does come with documentation it is "console stuff" (I never had the time nor the interest from others to bother with creating a nicer UI sorry).

[YIz]

This really comes down to just how paranoid you are and how sure you want to be that the addresses generated are completely secure.

1) Disconnecting my laptop entirely from the internet, then installing Bitcoin Core from a USB drive.

The laptop would have been connected to the internet at some point. It is possible that you could have received a malware on to your laptop which can transmit data even when offline (yes such malware exists, it does some crazy stuff).

More importantly, it would be possible that some undiscovered malware got onto your laptop while it was connected to the internet that can influence the choices that Bitcoin Core makes when generating private keys and addresses.  In other words, the malware wouldn't need to transmit the data while offline, it would just need to trick your Bitcoin Core into choosing private keys with an algorithm that the attacker can reproduce on their own system.  Your keys would look completely random to you, and until the attacker empties your wallet, you'd never know.

Are you likely to have such hidden malware running on your computer?  No. But if you really, really want to be safe, then this is an attack vector to be aware of.

2) Running Bitcoin Core and backing up the wallet.dat file on a few external hard drives.

So you would still have to run Bitcoin Core and connect to the internet?

No.  It isn't necessary to connect to the internet to run Bitcoin Core.

It is possible that, since your computer was online, malware could be on your computer and then that malware writes itself onto your hard drives waiting for them to be plugged into a computer.

Correct, it is possible that these external hard drives have malware on them (perhaps even installed in their firmware).  Again, this is unlikely (especially if you purchase brand new hard drives and never connect them to any other computer), but it is an attack vector to be aware of.

3) Disconnecting all the drivers and formatting the computer when the process is done

When you format, make sure you overwrite with 0's.

There are a variety of different forms of formatting of hard drives.  Some of them leave all the data on the drive and simply remove the indexes that indicate where that data is stored.  Even if the original data is all overwritten with new values, it can sometimes be possible to retrieve data from the slight weak data signals that may remain.

US Department of Defense in the clearing and sanitizing standard DoD 5220.22-M recommends the approach "Overwrite all addressable locations with a character, its complement, then a random character and verify"

I was wondering if there are any flaws in my method? Any way my private key touches the internet?

It's relatively safe. There are additional steps you can take to increase the security, but doing as you've stated isn't a horrible method.

And is there a safer way of generating a wallet than Bitcoin Core?

I really like the idea of rolling dice or shuffling cards.  Then I don't need to rely on a computer program generating a random enough private key.  There are a variety of tools that will convert a private key to a bitcoin address, and most of them are simple enough for an amateur programmer to confirm that they aren't doing anything malicious.

If you know how (or are willing to learn how) to convert a private key to Wallet Import Format (WIF), then you can even use Bitcoin Core to calculate the address from the value acquired from the dice or cards.

How do I extract the plaintext privkey from the wallet.dat file?

In the "Console" found under the "Debug Window" in the "Help" menu, you can run:

Code:

dumpprivkey 1YourBitcoinAddressHere

Replacing 1YourBitcoinAddressHere with the actual bitcoin address for which you want the private key.

It would be safer to use a paper wallet.

What software are you recommending for creating the paper wallet?
Have you considered the fact that a networked printer can be hacked and the data sent to it to be printed can be captured?
How well reviewed is the software you are recommending?
Wouldn't you need a computer to run the paper wallet generating software?
If so, wouldn't that software and computer be subject to all the same risks as running Bitcoin Core?

Much like the OP proposed method, a paper wallet created with bitaddress.org running on an offline computer is probably pretty secure, but there are attack vectors to be aware of, and steps can be taken to increase the security.

Thank you for reviewing my method, can you please add some steps to my method to ensure safe generation and storage of the private key? I am thinking about never letting the computer connect to the internet again, and uninstalling the WiFi and ethernet drivers completely. but that still doesn't eliminate the risk of the malware in the hard drive, and the key could be stolen once I use it to withdraw the bitcoins.

I have little to no experience with linux systems but centOS, would it be difficult for me to use this OS? and I really liked the idea of using QR codes.

It uses a custom SUSE distro and although it does come with documentation it is "console stuff" (I never had the time nor the interest from others to bother with creating a nicer UI sorry).

I would really like to see something like that with a new UI for newbies. I am pretty sure the community will be able to support you and create an alternative for bitcoin hardware wallets that can be installed on any machine.

[CIYAM]

It uses a custom SUSE distro and although it does come with documentation it is "console stuff" (I never had the time nor the interest from others to bother with creating a nicer UI sorry).

I would really like to see something like that with a new UI for newbies. I am pretty sure the community will be able to support you and create an alternative for bitcoin hardware wallets that can be installed on any machine.

The "community" has not been interested in doing this since I created it (years ago) but in any case the software is there and is open source (the scripts and other software used are on github).

https://github.com/ciyam/safe

[BitcoinNewsMagazine]

Why not just buy a Ledger Nano S for $65 do you dislike hardware wallets for some reason?

[YIz]

It uses a custom SUSE distro and although it does come with documentation it is "console stuff" (I never had the time nor the interest from others to bother with creating a nicer UI sorry).

I would really like to see something like that with a new UI for newbies. I am pretty sure the community will be able to support you and create an alternative for bitcoin hardware wallets that can be installed on any machine.

The "community" has not been interested in doing this since I created it (years ago) but in any case the software is there and is open source (the scripts and other software used are on github).

https://github.com/ciyam/safe

I guess most people prefer to use exchanges as a wallet (yeah, that's ridiculous) and the "safe" way for keeping the bitcoins in their eyes would be blockchain.info.
For the more paranoid, careful, and people who hold large amounts, I am sure an OS like this one will be helpful. Trezors are not widely available worldwide, and cost an extra while you might have an old laptop capable of doing the same. I'll start a topic in the bitcoin discussion and ask if there is any demand of something like this. will you be able to add a UI? if you don't have the time maybe someone else may be able to continue this using your github contribution.

[CIYAM]

...maybe someone else may be able to continue this using your github contribution.

For sure - it wouldn't be a huge amount of work to do some GUI (Linux has some easy stuff for doing forms that actually works in the console).

You need to understand that I didn't create this project in order to make any money (so it had zero publicity and backing).

I created what I did in order to securely store a lot of Bitcoin back in 2013 and for that purpose it has worked flawlessly.

Of course after Segwit is released then maybe it will need to be revised to use the new forms of raw transactions required for that.

[pebwindkraft]

I meant to understand from the forum, that using multisig helps to increase security.
It adds a layer of complexity, but reduces the risk, if your private keys are partially compromised, that bitcoins can be stolen easily.
So one could even think of having one set of keys in an online wallet, the others offline, and both must sign a trx (or 2 out of 3; and so on...).
 

[DuddlyDoRight]

I keep my PK on an encrypted thumb drive and run Electrum on an air-gapped computer with lots of security and no NIC or audio.

Cold storage isn't hard to do for any type of person it's just isolating the private-key. It'd take a firmware or EMR level attack on my USB drive to compromise my policy and malware developers are too lazy and government don't care about my relative chump-change..

If you want to not have the hassle in a mobile environment watch out for a solution that uses Android or IOS hardware-isolated key services for multi-sig or even PK storage. With this you can use a system almost as secure the same way you do with standard key-storage.

[reb0rn21]

Don`t go why go so far in speculating, just get the original Microsoft ISO you can check with hash is it valid and not home cooked
Before you install do a fast zero mbr wipe if you think something could be hidden on HDD mbr sector, install it boot some valid wallet, I like electum because I get seed wards at creation which are easy to backup at the papers and no way anyone can sniff it

[ranochigo]

I meant to understand from the forum, that using multisig helps to increase security.
It adds a layer of complexity, but reduces the risk, if your private keys are partially compromised, that bitcoins can be stolen easily.
So one could even think of having one set of keys in an online wallet, the others offline, and both must sign a trx (or 2 out of 3; and so on...).
 

Multisig itself does not guarantee security. The addresses that is used to generate the multisig address must be kept separate from each other, preferably in separate offline computers. The signing of the transaction must not be done on one system and must be done on separate offline systems. It is quite a hassle however and I feel that using a paper wallet would suffice.

[DuddlyDoRight]

Don`t go why go so far in speculating, just get the original Microsoft ISO you can check with hash is it valid and not home cooked
Before you install do a fast zero mbr wipe if you think something could be hidden on HDD mbr sector, install it boot some valid wallet, I like electum because I get seed wards at creation which are easy to backup at the papers and no way anyone can sniff it

It's not just MBR it can be VBR or wininit.exe or another early PID or even driver or kernel patch after registry entry-points..

Use something like DeepFreeze that restores volume on boot and cryptographic checks the shadow copy before loading it. Or just use Tails live like I do and only use public key on that potentially hostile Windows box or volume.

Ubuntu or Fedora or another live distro would work too. Tails isn't any more protected from remote attacks.

[YIz]

Okay so I have installed Windows 10 from a USB drive and then Bitcoin Core 0.13.0 from bitcoin.org after verifying the digital signature. Backed up the wallet.dat and the private key I extracted using dumpprivkey on several external USB hard drives. I think this setup should be relatively safe, because the private key has never touched the internet.

One of the issues I'm experiencing is the WiFi driver getting automatically installed after I uninstall it using the device manager, so I just disabled it for now. I hope it's good enough.

Do you guys have any additional advice? and how should I spend the bitcoins when the time comes? import them to an online wallet such as blockchain.info or simply sync the blockchain with bitcoin core?

Thanks for all the answers.

[achow101]

Okay so I have installed Windows 10 from a USB drive and then Bitcoin Core 0.13.0 from bitcoin.org after verifying the digital signature. Backed up the wallet.dat and the private key I extracted using dumpprivkey on several external USB hard drives. I think this setup should be relatively safe, because the private key has never touched the internet.

One of the issues I'm experiencing is the WiFi driver getting automatically installed after I uninstall it using the device manager, so I just disabled it for now. I hope it's good enough.

Do you guys have any additional advice? and how should I spend the bitcoins when the time comes? import them to an online wallet such as blockchain.info or simply sync the blockchain with bitcoin core?

Thanks for all the answers.

I recommend that you don't use any online wallets, regardless. If you don't want to wait for the blockchain to download, then use an SPV wallet like Electrum.