Bitcoin Forum
December 08, 2016, 10:34:03 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: A Secure and Redundant Savings Wallet Concept, Hopefully  (Read 4326 times)
Dirt Rider
Member
**
Offline Offline

Activity: 111


View Profile
June 18, 2011, 03:43:36 AM
 #1

With news of recent lost or stolen Bitcoin, like many, I have been thinking about what steps I should be taking to protect my bitcoin savings (however small that may be).

Here's what I have currently swirling around in my head - please consider this just an initial brainstorm of sorts.  I am very interested in feedback, thoughts and other brainstorms Smiley

My experience lies mostly with Windows so that is what I'd use to do this but the concept could be implement in Linux and probably even on a MAC just as easy for those experienced in those platforms.

My general goals here are security and backup/redundancy for an offline savings wallet.

1) Start with a clean OS install on a non-networked PC.

2) Put clean copies, from trusted sources, signed, sealed, etc of the Bitcoin client, TrueCrypt, and some file splitting utility (such as hjsplit) onto a freshly formatted USB drive (or similar) and transfer to the sterile PC.

3) Using TrueCrypt, create 6 key files and then create an encrypted standard volume (in a file) using the 6 key files and also some strong password.  Mount the volume.

4) Run the Bitcoin client with the -datadir option to create a wallet.dat in the encrypted volume.  Make a note of the wallet address so you can send some Bitcoin to it once you're done.

5) Dismount the volume and then split the volume file into 6 parts using hjsplit or the like.  Delete the original volume file.

6) Grab 6 new media of your choice (USB thumb drive, SD card, CD-R, etc.. or any combination of).  I'll assume we're using USB drives...

7) Onto each USB drive, copy 5 of the 6 key files and 5 of the 6 TrueCrypt volume parts.  On each USB, exclude a different numbered pair of files.
   For example:
   Copy all key files except # 1 onto USB1 and all volume parts except part 1
   Copy all key files except # 2 onto USB2 and all volume parts except part 2
   Copy all key files except # 3 onto USB3 and all volume parts except part 3
   etc...

8 ) Delete all original files so all that remains is what's on the 6 USB drives.

9) Store each USB drive in a different location, put one in a safe deposit box, mail one to a friend or family member, put one under your pillow, etc..  Just keep them all separate.

10) Once all USB's are stored somewhere send some Bitcoin to the wallet address.

11) Sometime in the future when you want to retrieve the Bitcoin from your savings wallet, you only need any 2 of the USB drives and your password.  Combine the files from any 2 USB's, re-join the 6 encrypted volume parts, mount the volume with the 6 key files and your password, and access your wallet.dat file, send all the BTC somewhere and then dispose of the wallet (or better yet, keep it but don't use it again).   

This provides security in that only someone who has at least 2 of the USB drives AND your password can access the wallet, and redundancy in the fact that there are 6 USB drives out there and all you need are any 2 of them to get at your coin.  I will give one USB to my next of kin (just in case), and with the one in my safe deposit box I will include a note with my password.  Even if a thief gets the contents of the safe deposit box, they still will only have 1 USB and the password, not enough to access the wallet, but my next of kin will have access to everything in case I get hit by "the bus".

So that's it, what do you think?  Does this seem like a good idea, or am I nuts, or both?
1481236443
Hero Member
*
Offline Offline

Posts: 1481236443

View Profile Personal Message (Offline)

Ignore
1481236443
Reply with quote  #2

1481236443
Report to moderator
1481236443
Hero Member
*
Offline Offline

Posts: 1481236443

View Profile Personal Message (Offline)

Ignore
1481236443
Reply with quote  #2

1481236443
Report to moderator
1481236443
Hero Member
*
Offline Offline

Posts: 1481236443

View Profile Personal Message (Offline)

Ignore
1481236443
Reply with quote  #2

1481236443
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481236443
Hero Member
*
Offline Offline

Posts: 1481236443

View Profile Personal Message (Offline)

Ignore
1481236443
Reply with quote  #2

1481236443
Report to moderator
1481236443
Hero Member
*
Offline Offline

Posts: 1481236443

View Profile Personal Message (Offline)

Ignore
1481236443
Reply with quote  #2

1481236443
Report to moderator
1481236443
Hero Member
*
Offline Offline

Posts: 1481236443

View Profile Personal Message (Offline)

Ignore
1481236443
Reply with quote  #2

1481236443
Report to moderator
Dirt Rider
Member
**
Offline Offline

Activity: 111


View Profile
June 18, 2011, 03:55:36 AM
 #2

Good lord, you make it so complicated.

Edit: I apologize. I appreciate your interest in making a secure savings wallet.

I agree it's complicated, no apology necessary - but I don't know of an easier way to accomplish the same.  Most wallets won't need this treatment but all I can say is if BTC hits $100 each or more, I will want as much security and redundancy as possible for my few coins.
Dirt Rider
Member
**
Offline Offline

Activity: 111


View Profile
June 18, 2011, 04:16:12 AM
 #3

My approach requires new hardware (or at the least a clean install of software). I could share, but I'd love to make a new thread.

Step 1 doesn't cover that (well the at least part)?
Dirt Rider
Member
**
Offline Offline

Activity: 111


View Profile
June 18, 2011, 04:37:49 PM
 #4

Does this general concept make sense?

Any feedback welcome and appreciated.  But please at least read the OP first.
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 18, 2011, 04:50:41 PM
 #5

Does this general concept make sense?

Any feedback welcome and appreciated.  But please at least read the OP first.

You should better look at existiting advice on how to manage wallets, and if you find flaws there you can add ideas.

Your idea is complicated, which is very bad for security. You have to be able to think about the whole thing clearly and analyze it for possible flaws. You put so much obscurity in it that it's hard to check for flaws.

Misspelling protects against dictionary attacks NOT
Dirt Rider
Member
**
Offline Offline

Activity: 111


View Profile
June 18, 2011, 04:53:44 PM
 #6

I haven't noticed any other threads that discuss a concept that provides this level of security and redundancy (although I did develope this concept after reading as many other threads as I could.

Perhaps you could point me to the other threads that provide a similar end result?
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 18, 2011, 04:57:30 PM
 #7

I haven't noticed any other threads that discuss a concept that provides this level of security and redundancy (although I did develope this concept after reading as many other threads as I could.

Perhaps you could point me to the other threads that provide a similar end result?

I did a less effort setup with Ubuntu user accounds, you find it here:
http://forum.bitcoin.org/index.php?topic=15068

A high security idea more similar to yours has been made here:
http://forum.bitcoin.org/index.php?topic=17292

Misspelling protects against dictionary attacks NOT
Dirt Rider
Member
**
Offline Offline

Activity: 111


View Profile
June 18, 2011, 05:05:09 PM
 #8

Yes I had read both of those, thanks.

The problem with that "high security" approach is that the wallet exists in it's entirety in one single place.  Put it in a safety deposit box in a bank and that bank gets robbed, the thieves have your complete wallet - doesn't matter if it's encrypted, that can be hacked with enough time and resources, now the thieves have your wallet.

With my approach, even if they get at the contents of my safe deposit box, even if I've included my password along with the 1 removable media in that box, they do NOT have my wallet (I am of course using the safe deposit box just as an example, it could just as easily be under my bed, in a fire safe, etc..).

I apologize if creating a new thread to discuss my concept was inappropriate.

bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 18, 2011, 05:11:49 PM
 #9

The problem with that "high security" approach is that the wallet exists in it's entirety in one single place.  Put it in a safety deposit box in a bank and that bank gets robbed, the thieves have your complete wallet - doesn't matter if it's encrypted, that can be hacked with enough time and resources, now the thieves have your wallet.

No, that's not an issue. Of course, everything can be broken some day. But AES-encrypted wallets will not be broken before the very methods of bitcoin blocks are.

Misspelling protects against dictionary attacks NOT
onesalt
Sr. Member
****
Offline Offline

Activity: 308


View Profile
June 18, 2011, 05:19:47 PM
 #10

but when you want to actuall retrieve those coins you've got to remove all the security, and when bitcoin loads or reads a wallet file it loads the entire wallet.dat into memory, making it trivially easy to steal. It's like building a giant nuclear proof bunker to store all your priceless art in, but then to read it you take it out of that and walk to a bus stop at the dodgy end of town.
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 18, 2011, 05:26:33 PM
 #11

but when you want to actuall retrieve those coins you've got to remove all the security, and when bitcoin loads or reads a wallet file it loads the entire wallet.dat into memory, making it trivially easy to steal. It's like building a giant nuclear proof bunker to store all your priceless art in, but then to read it you take it out of that and walk to a bus stop at the dodgy end of town.

Since when do you have to use the regular client software?

Misspelling protects against dictionary attacks NOT
Dirt Rider
Member
**
Offline Offline

Activity: 111


View Profile
June 18, 2011, 05:29:33 PM
 #12

@bcearl:

So encryption is 100% perfect and can't possibly be hacked/cracked/etc?  I accept that this approach is probably overkill for many but it suites my tastes.  Even if it is unlikely that the encryption could be hacked, why not have the additional protection of each USB drive only having "part" of the wallet?

I am trying to understand your point..  Are you hinting that you think my concept for having the wallet split into multiple chunks where you need at least 2 of the chunks together in order to access the wallet is a bad idea?  

Is there a better way to achive the same "Security and Redundancy" that this approach provides?  Or does this approach maybe not provide the "Security and Redundancy" that I think it does?
tymothy
Full Member
***
Offline Offline

Activity: 224


View Profile
June 18, 2011, 05:31:13 PM
 #13

While you may be safe from remote and brute-force attacks, your strategy is no match for the rusty pipe gambit. If you had enough bitcoins for anyone to care about, they'd probably do that first.
Dirt Rider
Member
**
Offline Offline

Activity: 111


View Profile
June 18, 2011, 05:33:47 PM
 #14

but when you want to actuall retrieve those coins you've got to remove all the security, and when bitcoin loads or reads a wallet file it loads the entire wallet.dat into memory, making it trivially easy to steal. It's like building a giant nuclear proof bunker to store all your priceless art in, but then to read it you take it out of that and walk to a bus stop at the dodgy end of town.

Yes of course, in order to use the wallet sometime in the future it will then no longer be secure which is why you use it to send the saved Bitcoin somewhere else and then never use it again (last part of step 11).  The goal is to keep it secure and have redundancy so that the wallet and bitcoin are still there come the day when you need them.
Dirt Rider
Member
**
Offline Offline

Activity: 111


View Profile
June 18, 2011, 05:34:25 PM
 #15

While you may be safe from remote and brute-force attacks, your strategy is no match for the rusty pipe gambit. If you had enough bitcoins for anyone to care about, they'd probably do that first.

Sorry, I don't follow, could you elloborate?
Dirt Rider
Member
**
Offline Offline

Activity: 111


View Profile
June 18, 2011, 05:42:31 PM
 #16

While you may be safe from remote and brute-force attacks, your strategy is no match for the rusty pipe gambit. If you had enough bitcoins for anyone to care about, they'd probably do that first.

Sorry, I don't follow, could you elloborate?

I think he is talking about theft in meat space involving forcing you to tell someone where and how to access your Bitcoins. The solution is to have a bigger rusty pipe.

Ah ok well doesn't the TrueCrypt Hidden Volume address this, potentially?  You could have 2 wallets, one in the outter (decoy) volume with a small amount of Bitcoin in it and then the real savings wallet in the hidden volume.
bcearl
Full Member
***
Offline Offline

Activity: 168



View Profile
June 18, 2011, 05:51:36 PM
 #17

@bcearl:

So encryption is 100% perfect and can't possibly be hacked/cracked/etc?  I accept that this approach is probably overkill for many but it suites my tastes.  Even if it is unlikely that the encryption could be hacked, why not have the additional protection of each USB drive only having "part" of the wallet?

I am trying to understand your point..  Are you hinting that you think my concept for having the wallet split into multiple chunks where you need at least 2 of the chunks together in order to access the wallet is a bad idea?  

Is there a better way to achive the same "Security and Redundancy" that this approach provides?  Or does this approach maybe not provide the "Security and Redundancy" that I think it does?


Never make it more complicated, if you don't get a security advantage. It just makes flaws more likely.

How do you split the wallet for example? Splitting is stupid, I can tell you an absolutely secure (mathematically provable!!) way to do it:

1. Take your wallet.dat (call it file A)
2. Create a file with the same amount of bits, but totally random (each bit probability of 0.5, each bit independent of the other bits) (call it file B)
3. XOR files A and B (call the result file C)
4. Store files B and C at isolated locations


Now you can be absolutely certain that nobody reconstructs a single bit of your wallet without getting both files.
Further reading: http://en.wikipedia.org/wiki/One-time_pad




Another method is even more flexible, but not absolutely secure. [EDIT: Turns out to be absolutely secure also.] You can choose freely a number N of parts, and choose freely a number n of how many parts shall be needed to reconstruct the secret.

http://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing

Misspelling protects against dictionary attacks NOT
Dirt Rider
Member
**
Offline Offline

Activity: 111


View Profile
June 18, 2011, 06:11:19 PM
 #18

Did you notice, there's also 6 key files and only 5 of them are on each media.
Dirt Rider
Member
**
Offline Offline

Activity: 111


View Profile
June 18, 2011, 06:16:13 PM
 #19

3. XOR files A and B (call the result file C)
4. Store files B and C at isolated locations

Can you XOR  and end up with B, C, D, E, F & G and then just need any 2 of them to restore?
tymothy
Full Member
***
Offline Offline

Activity: 224


View Profile
June 18, 2011, 06:19:42 PM
 #20

While you may be safe from remote and brute-force attacks, your strategy is no match for the rusty pipe gambit. If you had enough bitcoins for anyone to care about, they'd probably do that first.

Sorry, I don't follow, could you elloborate?

I think he is talking about theft in meat space involving forcing you to tell someone where and how to access your Bitcoins. The solution is to have a bigger rusty pipe.

Yes. XKCD illustrates a variation of the rusty pipe gambit, in the form of a wrench:

Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!