With news of recent lost or stolen Bitcoin, like many, I have been thinking about what steps I should be taking to protect my bitcoin savings (however small that may be).
Here's what I have currently swirling around in my head - please consider this just an initial brainstorm of sorts. I am very interested in feedback, thoughts and other brainstorms
My experience lies mostly with Windows so that is what I'd use to do this but the concept could be implement in Linux and probably even on a MAC just as easy for those experienced in those platforms.
My general goals here are security and backup/redundancy for an offline savings wallet.
1) Start with a clean OS install on a non-networked PC.
2) Put clean copies, from trusted sources, signed, sealed, etc of the Bitcoin client, TrueCrypt, and some file splitting utility (such as hjsplit) onto a freshly formatted USB drive (or similar) and transfer to the sterile PC.
3) Using TrueCrypt, create 6 key files and then create an encrypted standard volume (in a file) using the 6 key files and also some strong password. Mount the volume.
4) Run the Bitcoin client with the -datadir option to create a wallet.dat in the encrypted volume. Make a note of the wallet address so you can send some Bitcoin to it once you're done.
5) Dismount the volume and then split the volume file into 6 parts using hjsplit or the like. Delete the original volume file.
6) Grab 6 new media of your choice (USB thumb drive, SD card, CD-R, etc.. or any combination of). I'll assume we're using USB drives...
7) Onto each USB drive, copy 5 of the 6 key files and 5 of the 6 TrueCrypt volume parts. On each USB, exclude a different numbered pair of files.
For example:
Copy all key files except # 1 onto USB1 and all volume parts except part 1
Copy all key files except # 2 onto USB2 and all volume parts except part 2
Copy all key files except # 3 onto USB3 and all volume parts except part 3
etc...
8 ) Delete all original files so all that remains is what's on the 6 USB drives.
9) Store each USB drive in a different location, put one in a safe deposit box, mail one to a friend or family member, put one under your pillow, etc.. Just keep them all separate.
10) Once all USB's are stored somewhere send some Bitcoin to the wallet address.
11) Sometime in the future when you want to retrieve the Bitcoin from your savings wallet, you only need any 2 of the USB drives and your password. Combine the files from any 2 USB's, re-join the 6 encrypted volume parts, mount the volume with the 6 key files and your password, and access your wallet.dat file, send all the BTC somewhere and then dispose of the wallet (or better yet, keep it but don't use it again).
This provides security in that only someone who has at least 2 of the USB drives AND your password can access the wallet, and redundancy in the fact that there are 6 USB drives out there and all you need are any 2 of them to get at your coin. I will give one USB to my next of kin (just in case), and with the one in my safe deposit box I will include a note with my password. Even if a thief gets the contents of the safe deposit box, they still will only have 1 USB and the password, not enough to access the wallet, but my next of kin will have access to everything in case I get hit by "the bus".
So that's it, what do you think? Does this seem like a good idea, or am I nuts, or both?
