Best Cold Storage Methods For LTC and BTC

[weex]

Just watch out: importing private keys is a minefield. Some guy on reddit lost $10,000 because he didn't know about "change" addresses and assumed his unspent coins stayed in his cold wallet address.

This is not an issue with private keys or importing them. It is perfectly safe to use importprivkey with bitcoind/litecoind. The problem comes when people go creating raw transactions (the brainwallet site let you do this and you can deliberately / not accidentally do it with bitcoind/litecoind). If you create a raw transaction and do not send all of the funds from the old address what's left will become a fee for the miners. The moral of the story is stay away from raw transactions unless you know exactly what you are doing. No need to be afraid of single private keys. If you have a question, ask!

[1715422815]

1715422815

[1715422815]

1715422815

[1715422815]

1715422815

[1715422815]

1715422815

[SnowDog2003]

Just watch out: importing private keys is a minefield. Some guy on reddit lost $10,000 because he didn't know about "change" addresses and assumed his unspent coins stayed in his cold wallet address.

I'm trying to figure out what this issue is, exactly, and how to avoid it.  Anyone have a link?

If you import a private key, and spend some of the coins, wouldn't the client create a new key to send the change to?  I just can't believe a client would ever send change to an address that it couldn't unlock.

Right, but the guy who loads his cold-storage private address into his wallet so that he can spend bitcoins, finds that after he spends them, and then deletes the wallet, that the remaining bitcoins are no longer in his cold-storage private address, but rather, were in a change address in the wallet that he just deleted.

[ralree]

I forked this project on my home server and I use it to generate paper wallets:

https://www.bitaddress.org/

Just print them with the QRcodes and keep them safe, and you can cash them in easily with your phone or another scanning device.

[jmw74]

You can use cold wallets in this way. You can also use a client like Armory that uses deterministic keys so that your wallet only needs to backed up once but can still contain more keys than you'll use in a lifetime.

This sounds convenient, but doesn't it give up some security?

I mean, let's say you use this deterministic wallet for years.  After 6 months you have 10btc and someone compromises it, but you don't realize it.  They just bide their time and after 2 years you have 1000 btc, then they just steal them.

If you use wallets generated fresh, then the window to steal coins becomes smaller, doesn't it?

[justusranvier]

This sounds convenient, but doesn't it give up some security?

I mean, let's say you use this deterministic wallet for years.  After 6 months you have 10btc and someone compromises it, but you don't realize it.  They just bide their time and after 2 years you have 1000 btc, then they just steal them.

If you use wallets generated fresh, then the window to steal coins becomes smaller, doesn't it?

On offline deterministic wallet is generated on a computer that does not, and never will, have Internet access. Compromising that wallet is not impossible as Stuxnet has shown, but currently not within the capability of the typical bot herder.


Hopefully by the time attackers are capable of reaching wallets that are held offline we'll be using specialized hardware wallets which are not vulnerable to remote attack.

[Dabs]

I don't like deterministic wallets for that reason. A compromise of the root chain or master password or the wallet, is a compromise of all keys from that deterministic wallet.

But hey, if it's offline, I guess it is secure, so long as you can be sure no one else has gotten to your offline computer.

[jmw74]

This sounds convenient, but doesn't it give up some security?

I mean, let's say you use this deterministic wallet for years.  After 6 months you have 10btc and someone compromises it, but you don't realize it.  They just bide their time and after 2 years you have 1000 btc, then they just steal them.

If you use wallets generated fresh, then the window to steal coins becomes smaller, doesn't it?

On offline deterministic wallet is generated on a computer that does not, and never will, have Internet access. Compromising that wallet is not impossible as Stuxnet has shown, but currently not within the capability of the typical bot herder.


Hopefully by the time attackers are capable of reaching wallets that are held offline we'll be using specialized hardware wallets which are not vulnerable to remote attack.

Yeah, I guess you have to compare the risk of compromise to the risk of screwing up and losing your coins.  I would have to agree that the latter is probably quite a bit larger.

[MarlboroMan]

Can someone please inform me on this, I have 130 bitcoins stored in blockchain i've had it stored in there for months because Im worried if I put them on armory client and my computer brakes I will never be able to recover my coins.

[Rassah]

Can someone please inform me on this, I have 130 bitcoins stored in blockchain i've had it stored in there for months because Im worried if I put them on armory client and my computer brakes I will never be able to recover my coins.

You need to make a backup whether you are storing them in Blockchain or Armory, since Blockchain can break to. Best method is to make a paper backup, and store a few copies of it in different locations.

[Dabs]

Gimme some of your bitcoins. I will store it for you. Any time after, you can request for it to be sent back to you, at a new address. We can discuss the storage fee later (or just tip me 1% or 1.3 BTC for it.)

Seriously. I'm in another country, in another continent. I have access to at least 20 different physical locations each one more than 5 kilometers to 10 kilometers away from the others, so I can make redundant backups in cold storage. (none of those physical locations have any internet access, so I would have to physically go there.)

Each location is protected by armed guards, and trustworthy people, and all of them have no idea what bitcoin is all about, so they wouldn't dare open the little package I send them for safe-keeping that contains an encrypted copy of the private key that holds the bitcoins.

I operate an offline business, so that's where those 20 locations come from. I can even document the process for you. All you have to do is send 130 coins to an address I make.

Of course, this means you have to trust me. So feel free to ask all the documentation you would want or need, or to come fly over here to my country and have a tour.

Oh yeah, I also have some influence over the local police and military here, so we're covered from violent attempts to get your private key.

[EtherDais]

Can someone please inform me on this, I have 130 bitcoins stored in blockchain i've had it stored in there for months because Im worried if I put them on armory client and my computer brakes I will never be able to recover my coins.

I'd split that up into a few separate accounts with well backed up private keys. 

[justusranvier]

Can someone please inform me on this, I have 130 bitcoins stored in blockchain i've had it stored in there for months because Im worried if I put them on armory client and my computer brakes I will never be able to recover my coins.

Paper backups are how you protect your offline from computer failure. If you're protecting 130 bitcoins it's worth it to buy a used laptop for a dedicated offline machine to hold your wallet if you don't already have a spare machine available.

[mai77]

print out on paper

[chufchuf]

Just watch out: importing private keys is a minefield. Some guy on reddit lost $10,000 because he didn't know about "change" addresses and assumed his unspent coins stayed in his cold wallet address.

This is not an issue with private keys or importing them. It is perfectly safe to use importprivkey with bitcoind/litecoind. The problem comes when people go creating raw transactions (the brainwallet site let you do this and you can deliberately / not accidentally do it with bitcoind/litecoind). If you create a raw transaction and do not send all of the funds from the old address what's left will become a fee for the miners. The moral of the story is stay away from raw transactions unless you know exactly what you are doing. No need to be afraid of single private keys. If you have a question, ask!

I don't quite understand what you're saying here. Isn't the problem as such: cold wallets don't renew their pool of 100 unused addresses, so by the 101st transaction they make they start sending change to addresses they don't have and so these go back to the miners. But then hot wallets do create these new addresses and deterministic wallets have a huge amount of spare addresses, so there's no problem with them. But as far as that understanding of the issue goes, there's no problem with the old address (the address that's sending the coins) only sending part of its funds elsewhere. What you're saying is that any given address in a wallet has to send all its coins, if not the difference between the originating address and the transaction will be lost to the miners?

[mccoyspace]

I have a related noob question.

If you have the public and private key printed out, maybe just as QR codes, (like what you can make at http://www.bitaddress.org) and you want to spend them, is there any online wallet or exchange that lets you just input those two keys and access the coins, or do you have to do it by importing keys though a wallet client application on your computer, then transfer it to on online exchange?

[drrussellshane]

I have a related noob question.

If you have the public and private key printed out, maybe just as QR codes, (like what you can make at http://www.bitaddress.org) and you want to spend them, is there any online wallet or exchange that lets you just input those two keys and access the coins, or do you have to do it by importing keys though a wallet client application on your computer, then transfer it to on online exchange?

You can redeem with blockchain.info

[Dabs]

You can also sweep the private key using Mt.Gox.

Personally, I'd importprivkey using the bitcoin-qt client.

[robamichael]

So to create a cold wallet we:

• Send to a new public key
• Record the private key (e.g., Write on a piece of paper, backup on multiple USB drives)
• Hold for safe keeping

Then to access the funds we:

• Load the private key on a client (e.g., Bitcoin client, blockchain.info, Mt. Gox)
• Make transaction (Does something happen here that changes the private key?)

Lastly, make the funds cold again:

• Record new private key, or send to a new public/private key pair

Can someone please weigh-in on the above?

[Rassah]

^^^ That's pretty much correct. Just make sure that you send all change back to the same private key when you spend it, otherwise it may send your change to one of your other addresses, and you may lose it when you delete your keys/wallet.

A better cold wallet option is Bitcoin Armory. It may look more complicated, but it's actually much easier to set up and use than this bit address paper method. (And more secure)

[Dabs]

Yes. Pretty much as above. You could think of the cold private key as disposable, and consider it "hot" after you have used it once.