Today we are going to discuss cold storage and some specific problems with cold storage. This applies to the Secret Key portion of a key-pair and to the seed used to backup HD wallets and hardware wallets. The point of this post is the show the motivation I had for making something better,
a new type of physical bitcoin.
The best way to keep you seed/secret key safe is to have multiple copies in multiple locations perhaps with multiple formats and even better if the keys are split. However not everyone has access to multiple locations, or access to land long term, or more than one place to store their things. This is an examination of faults with individual methods.
Not to say everything is all bad but there are many potential weakness out there, and some in the Bitcoin and crypto community like to know the edge cases of things. I will also highlight some of the aspects of
the Keyois Capsule which is a 'physical bitcoin'
We will focus on mediums relating to cold storage and not ones designed for more everyday use, but this applies to the seed you save to keep your everyday spending wallets safe and backed up.
We will assume you generated your keys securely and that you already have them on some medium.
We will also have to ignore endpoint physical security because they can all be carried away the same. Remember your cell phone /hardware wallet/ computer client are only as good as where you put the backup seed phrase, which can be thought of as data much like the SK discussed below.
I wanted to talk about cold storage methods that are secure, online storage is so far from secure I didn't even bother with it; if your method of storage is not mentioned here it may not be secure.
----
Written on a piece of paper * Anyone who can see it, can steal it
* Handwriting can be hard to read or completely illegible
* Human error in transcription can cause errors on end product
* Paper can rot, be torn,
burn, or be smoke damaged
Printed on a piece of paper * Anyone who can see it, can steal it
* Type of printer - non-laser printers can run if paper gets wet
* Have to trust printer - some have internet connections, wifi, and memory
* Paper can rot, be torn, burn, or be smoke damaged
On laminated paper * Anyone who can see it, can steal it
* Lamination is prone or degradation over time and puncture or cuts that could allow moisture to get trapped in the paper and cause deterioration or rotting in some circumstances - store in cool dry place
* Can burn or be smoke damaged
* 'Fireproof' & 'Fire-resistant' boxes can help protect paper in a small house fire but be warned that they can sometimes
fall apart in the fire and get wet if the fire is put out with water.
Remember people can just carry out a small safe.
Engraved / etched/ ablated/ stamped on a piece of metal * Anyone who can see it, can steal it
* Some metals can deteriorate or
corrode, choose a good metal; also store your metal away from direct contact other metals. Some metals that are
corrosion resistant have low
melting points, are
extremely expensive, or
hard to machine. Previously we had been working with 316 Marine grade Stainless Steel for the Keyois capsule engraving material, it is the best type of steel my research led me to, however we made the switch to
Titanium because it is even better.
* Metals can still deform or melt from heat, destroying any engraved SK.
"Most house fires do not burn hotter than 1,200 degrees Fahrenheit. This temperature is typically associated with the hottest portion of a home, which is in the roof area. Homes that burn for longer than 30 minutes or consist of multiple levels sometimes burn at higher temperatures."
You want to pick a metal that won't be destroyed by a fire. So magnesium (lol), tin, and lead are all out as engraving materials.
Silver, gold, copper, brass, bronze, nickel, cobalt, should survive a housefire fire unmelted.
Some Aluminium alloys can survive but you have to have the right ones. At around 1500° Steel and Nickel should be okay.
Titanium is what the Keyois Capsule has the Secret Key engraved on and it has a
melting point of over 1600° C / 3000°F. Tungsten is double that but
can be brittle.
* The Cryptosteel,
http://cryptosteel.com/, product, made of 304 Stainless Steel is in this category. It is an assemble-at-home secret key backup however it does not have tamper evident properties (but I bet it can easily). So anyone who can see it, can steal it.
* There are multiple companies that sell laser-engraved metal key pairs about the size of a calling-card; often there are color, material, and design options. This is a great option for BIP38 addresses, although anyone who can see it can see it, they still have to crack your BIP38 pass phrase. However it is my opinion that the Keyois capsule is much prettier than all of them.
Stored digitally on a computer * Computers can crash, making data
recoveryexpensive
* Data can still technically be
recovered after a system is abandoned by the user. In some cases data can be recovered after multiple overwriting attempts and physical destruction (as long as the attacker can get all or most the pieces) so if you copy files to a new computer and ditch the old one, be careful.
* Can burn or be smoke damaged
* A traditional hard disc drive can have data corrupted by powerful magnetic fields and can physically shatter
* A
non-negligible amount of HDDs suffer from factory defects that will cause them to fail unexpectedly during their lifetime
*
Accidents can happen that could result in loss of data
* Solid state drives (SSDs) will lose data if unpowered, they may last years before this becomes a problem but it is unwise to store long-term data in unpowered SSDs
* If connected to internet it is another attack vector and the safety is only as good as the encryption used; I don't know what I would recommend but it wouldn't be BitLocker. Someone could be trying to break into the computer constantly. Even with good encryption if the machine or location is compromised the key could be stolen as soon as it is decrypted.
* There are a lot of ongoing threats with computers, from
0-day exploits to [firmware exploits](
https://www.wired.com/2015/02/nsa-firmware-hacking/) and
malicious USB cords *
External hdds are good for storage for a few years at least if stored properly * If not connected to internet, safety is only as good as the physical protection encryption used; could someone break into the location and copy the data without anyone noticing?
Stored digitally on CD, floppy disk, laserdisc, or mini-disc *
Plastics break down over
time and with exposure to heat, humidity, regular light, all sorts of chemicals, even the oxygen in the air.
This can lead to the loss of your data when stored on a medium made of plastic or written/printed on plastic.
* Can burn or be smoke damaged
* Can be physically damaged, making data recovery expensive or even impossible
* Magnetic media (tapes, floppy disc) can be damaged by magnets
* Data can become difficult to recover if the
software and/or hardware to decode is old, don't use proprietary formats
Stored digitally on a flash drive * Can break and have to be physically repaired before use
* Rapidly changing magnetic fields can damage the data stored on flash drives
* Can burn or be smoke damaged
* Can become corroded from salt water or some atmospheric conditions
* If they break apart, some lighting conditions can cause data corruption (you can also put them back together and often still get the data)
* Different devices are all different, even similar devices from the same production batch can be different. There are large quality differences
in drives but I am assuming you aren't using these for anything but storage.
* There are some
fake flash drivesthat look like they saved the data but you can't get it back later
* Flash drives are not advised for long term storage; they can be used as one part of a multi-medium-location-format plan.
*Backups are essential for digital data* Computer code for performing operations
can be corrupted
in transfer or
in operation.
Special systems
exist and
procedures help data to
last longer.
For ideas, see this archive.gov page Remember to store in multiple locations. You can
lose everything in single structureA pre-funded physical bitcoin coin (where the manufacturer generates and installs the secret key)
* The medium that the key is on is often paper/plastic which can burn or be smoke damaged
* Trust in the manufacturer themselves, they could copy the key
* Trust in their
key generation procedure * Trust in the operational security of the manufacturer, they could be generating the keys on their everyday computer
* Trust no one is successfully spying on them, electronically, looking through their documents while they are out of town, or with tiny tin foil hat cameras or
long range ones * Trust that
the object was not
tampered with in delivery * Trust that no one has
tampered with the object since you got it---
What can solve most of these problems? A combination of good backup procedures and encryption. If you have permeant access to more than one location (people who live in big cities, without family or cars have a hard time with this) or have people you trust with your money (don't) then look into using some form of
Multi-
signaturemethod.
The Keyois
Capsule is a crypto piggy bank; it can be funded from the outside but you to break it open to get them out. You give me a
BIP38 encrypted key pair (well the address not the public key) and I engrave it in this tamper evident and time resistant package. You still have to hold on to the pass phrase that allows you to decrypt it; that is however the same problem as all methods with BIP38 encryption. How to store this without having to trust anyone but still being assured of it's security?
*
Engraving,
embossing, or
stamping on a sheet of metal is one option; however the metals that are easiest to stamp are ones that melt in a house fire. They could be put in a glass jar that's filled with aerogel and buried. These is the best readily available option for most people but it really can be tedious. - This puts you back at *anyone who can see it can steal it* so dip in plastic dip, wrap in duct tape, bake in clay, encase in concrete, whatever just don't leave unencrypted keys visible!
* The cryptosteel is another ready-made option
* Have the words
etched onto glass at home with off the shelf products; but be carful of this idea because the glass can shatter from impact and heat or even sudden temperature changes
* Anodize the words yourself on a pieces of metal, there used to be a service to help use your home printer to print the words with some chemicals you can buy
* Bake them in clay, then encase that in
epoxy resin so it can't shatter. then paint the outside, in the future you can solvent the paint off and see the written seed
* Use a combination of techniques to split the seed so that it is safe(because it is split and separated) and redundant (because it is backed up).
The most cost effective way for a 'normal' person (without their own land, without more than one location, and who cannot trust anyone else with their funds) to keep their backup seed/ secret key safe from damage from the elements would probably to buy a stamping kit and hammer and some stainless steel sheet or bar, Aluminium can be okay if you have the right alloy but better safe than sorry.
---
