Why I Am Not Using Hardware Wallet For Cold Storage

[RDDRocket]

Not sure if I should post it here, but I just wrote a steemit article on "Why I Am Not Using Hardware Wallet For Cold Storage" @ https://steemit.com/wallet/@dorky/why-i-am-not-using-hardware-wallet-for-cold-storage to help people make better decisions.

Check it out.

Lot of people posting their Steemit articles here trying to make bank.

Anyway, this is common sense. TRUE COLD STORAGE = PAPER WALLET

Anyone who lost  a significant amount of Bitcoin will tell you a paper wallet is the safest way of storing it. Think of it like cash money, except you are holding a paper with your keys on it. No one can hack you if you use this method.

SteemIt sounds like a new term for taking a shit on something.

[yinoye]

SteemIt sounds like a new term for taking a shit on something.

Hahaha .like steemshit

[ranochigo]

Anyone who lost  a significant amount of Bitcoin will tell you a paper wallet is the safest way of storing it. Think of it like cash money, except you are holding a paper with your keys on it. No one can hack you if you use this method.

And how are you going to spend/generate it? Offline wallet I suppose, for maximum security.

Everyone says paper wallets are the safest but they don't consider the generation and the spending process which exposes it to threats and once its spent, a new paper wallet will have to be generated. Hardware wallets are the closest you can get while balancing convenience and security.

[Coin-Keeper]

I find it easier to have half a dozen hidden wallets on my Trezors.  By entering my 7 digit Trezor PIN you would see the decoy wallet with < 2 coins at any time.  I therefore would have no clue such a thing as hidden wallets exist.  Its a better answer for the "$5 dollar wrench" than someone finding half a dozen paper wallets and me telling them there isn't a 7th or more around somewhere.  In a perfect NO adversary world both paper and hardware wallets are NOT able to be hacked at this point in time.  Only operator error would permit such an occurrence today.  Paper is more prone for errors when the time comes for coins to be moved, in my opinion.

[Dorky]

I'm sure there were people saying similar things about Mt. Gox... and Bitfinex... and <insert scam/hackedService/buggySoftware here> right before all their coins/$$$/data disappeared.

Not everything is the same. You are comparing apple to oranges.

Actually, they can be safer than you... because the hardware wallet gives them the safety of "plausible deniability". You can create "dummy" wallets with "small amounts" of bitcoin... say 1-10% of your total holdings. If someone threatens you, you give them the password to the dummy wallet... they find your coins and think "Job done"... meanwhile your 90-99% of actual holdings are safely stored in a hidden wallet that they can't possible know or prove exists... rendering a $5 wrench attack nullified for a relatively minor cost.

Whereas, with your method, they'll keep hitting until they get the password (or passwords in the case of multiple encryption) that decrypts it correctly.

I came upon that point too when writing my article. I would say you are an intelligent man if you can use my method to do similar dummy wallet. There is nothing to stop you from personal customization when you are 100% in control. Not being able to see that with my method means you are not.

See... I was going to let the "Saying no procedure is 100% safe sounds like speculation to me" slide... but now you're just coming off as a little bit arrogant.

"Saying your procedure is 100% safe sounds like arrogance to me"

"Saying no procedure is 100% safe sounds like speculation to me" means I believe in a way that can give 100% security. And my method is one example.

No, you just used a very public forum like Steemit to declare to the entire world that you use Crypto... and how you choose to store them. Guessing you trust them more than hardware wallet devs/manufacturers too... so I'm sure your IP address is safe when them.

And so when you participate in this forum and all your previous comments that also imply you have crypto. Your dummy wallet may not save you if they know you have a lot more. I wish when I debate with someone, that person would be objective. My method can also do dummy wallet, but unfortunately for you, you can't see how that is possible. 100% direct control of your own private keys is the building block. The only thing that stops you is your level of creativity.

I'm not declaring that hardware wallets are 100% safe, or the only answer to everyone's crypto storage needs... there are still attack vectors that exist (no solution is 100% secure). What they are is safer than using just a software wallet on a desktop PC/tablet/mobile device... and more convenient than locking everything away on paper wallets in secure storage (or triple encrypted, digitally stored private keys)...

But hey, like I said... Horses for courses... you've got a system that works for you, so that's great. Is it "better" than a hardware wallet? A viable alternative sure, but better? I'd say that is somewhat debatable and likely dependent on the use case(s) of a given person...

It was clearly stated for cold storage.

[Dorky]

You can't criticise them if you cannot find any fault with them. How are you going to be generating the keys with 100% security if you do not wish to verify the source code? No wallet will ever be safe for you then. You can only generate it by hand.

Alright, sure. Don't use Windows. Don't use any wallet generator. Just generate by hand. And proceed to digitally-encrypt the private keys like I suggested. If you want hardcore, then learn programming and write your own encryption program too for the job.

I don't really understand where you got that inference from. I merely said that the derivation method can be known. You can get the private keys from the seeds=getting your gold from the paper that holds your gold without any restriction at all.

I mean, if you generate a bunch of private keys thru seeds, and then derive the private keys from the seeds thru some source code, and encrypt them...
Or generate a bunch of private keys thru seeds and encrypt them, and if you want to know the private keys you use a source code to do the derivation...
You are making it an additional hassle compare to just...
Generate a bunch of private keys, and encrypt them.

You may just encrypt the seeds and save yourself the hassle. But then you are not really being responsible.

Wait... Didn't you mention that hardware wallets are flawed because you are depending on a third party to generate it for you? I think you misunderstood something.

I wasn't using some hardware wallet to do the generation. Just desktop ones that allow import and export features so I can backup the keys. And I did this with an offline, formatted 2nd computer. Hardware wallets were never programmed for exporting the private keys out. You are literally stuck with the hardware wallet. You may send your bitcoin to another wallet but that defeats the purpose. And writing a source code to derive the keys from the seeds isn't really the intention of hardware wallet companies anyway, or else they are simply complicating things.

Of course. I didn't say everyone SHOULD write their own OS in the first place, I don't even expect anyone using Bitcoin to be able to. If you love your privacy and security, you would be having thousands of private keys whenever you spend the coin. Isn't a 12 word seed way easier?

No. a 12-word seed (much less a 24-word one) is NOT way easier. That's your subjective opinion. I have given an example in my steemit article why that is so. You are not being objective. Besides, using those seeds allows easier brute force hacking because they are all dictionary words with all small caps (do you realize this?).

You uh, forgot to cover the way to spend your coins. Of course I can craft a transaction at the moment when you decrypt your encrypted rar file to send the coins to my address.

My method is for cold storage only. And I have already explained how to cover my trace partially when it's time to spend. Go re-read my article again. And I never lay claim that my method (nor any hardware wallet) can cover any trace, which is why that's not one of my points of argument. But then there are "free" washers around that can easily do the job when it's time.

[Dorky]

Lot of people posting their Steemit articles here trying to make bank.

Anyway, this is common sense. TRUE COLD STORAGE = PAPER WALLET

Anyone who lost  a significant amount of Bitcoin will tell you a paper wallet is the safest way of storing it. Think of it like cash money, except you are holding a paper with your keys on it. No one can hack you if you use this method.

Indeed, but if you can digitally-encrypt (maybe with double or triple encryption) your paper wallet with strong passwords (over 20-char with alphanumeric + symbol), that is even better than any paper wallet, as you can now store them anywhere online and multiple backups.

[Dorky]

And how are you going to spend/generate it? Offline wallet I suppose, for maximum security.

Everyone says paper wallets are the safest but they don't consider the generation and the spending process which exposes it to threats and once its spent, a new paper wallet will have to be generated. Hardware wallets are the closest you can get while balancing convenience and security.

My article said it was only for cold storage, with an offline and formatted computer. But when it comes to spending, it isn't less convenient if you appreciate 100% control.

Example:
You have 100 btc.
You generate 20 addresses (with keys of course).
You transfer 5 btc to each address.
When you spend, you take out only 1 of the 20 addresses for use.
You spend only 5 btc and everyone knows you have at least 5 btc only (instead of 100 btc, because your addresses aren't a bunch of change addresses that reshuffle your 100 btc with every transaction).
If you get the $5 wrench attack, you can pretend you have only another 5 btc address (just as when you pretend you have only the dummy wallet with your hardware wallet).
If you want to cover the trace of your 5 btc, you use washers.

How can you do all the above with hardware wallet, satisfactorily?

[shursight]

You are right, i dont use Hardaware wallet too, i believe in myself and there is only one person who has my private key, and that person is me.
Also, blockchain has a lot of security so it is safe to hold in there. there are a lot of security meassures and you are probably never gonna be stoled.

[maeusi]

I expected to get a tutorial, how to create a wallet. So no third party would be needed to save Bitcoins.

[Dorky]

I expected to get a tutorial, how to create a wallet. So no third party would be needed to save Bitcoins.

The short + simple idea is to generate a "paper wallet" and then digitally encrypt it (but then the whole process is digital, without the paper printing).

You need a forever offline + formatted computer (to be free of viruses, malwares, keyloggers, etc), preferably a 2nd computer, never mind the OS.
You use a reliable 3rd-party address generator like Electrum to generate new addresses + keys, preferably one at a time instead of a bunch of 20s.
You export and encrypt (single, double or triple encryption) the private keys with software like WinRar into .rar file format with strong but personally memorable passwords (alphanumeric + symbol, over 20+ characters long).
You do the necessary backups online (like email to yourself) and offline (i.e. burn to multiple copies of optical disc, I recommend Verbatim's CD with AZO technology).

Once you get the idea how the whole thing is done, you can customize the entire process according to your preference.

[YBLL]

  ???cold storage is a good choice for me now.

[HCP]

Not everything is the same. You are comparing apple to oranges.

No, I'm not. You stated that you have "used WinRar for many several years and it never disappoint me, not even once" as some sort of proof that you can trust it 100%... so I pointed out that this is exactly the type of comment people have made about various services/software over the years... which then turn out to be a scam or buggy and financial and/or data loss occurs. Just because something hasn't "failed" yet, doesn't mean it won't.

"Saying no procedure is 100% safe sounds like speculation to me" means I believe in a way that can give 100% security. And my method is one example.

I've asked several times now, how you can be 100% certain that WinRAR has no backdoors (or unpublicised bugs/flaws) that could allow an attacker to sidestep your encryption and access your private keys. The simple and very objective answer is that you can't be 100% certain of this, as it is closed source. You are putting your faith and trust in the WinRAR devs, just like you claim hardware wallet users are having to put their faith and trust in the hardware wallet manufacturers.

And just like you, we can't be certain that hardware wallets are 100% secure either... because there is no 100% secure system. There will always be attack vectors. Your continued assertion that your method is one example of 100% security without any real supporting proof seems to be showing a certain lack of objectivity.

I came upon that point too when writing my article. I would say you are an intelligent man if you can use my method to do similar dummy wallet. There is nothing to stop you from personal customization when you are 100% in control. Not being able to see that with my method means you are not.

"I wish when I debate with someone, that person would be objective" and play the ball... not the man.

My article said it was only for cold storage, with an offline and formatted computer. But when it comes to spending, it isn't less convenient if you appreciate 100% control.

Example:
You have 100 btc.
You generate 20 addresses (with keys of course).
You transfer 5 btc to each address.
When you spend, you take out only 1 of the 20 addresses for use.
You spend only 5 btc and everyone knows you have at least 5 btc only (instead of 100 btc, because your addresses aren't a bunch of change addresses that reshuffle your 100 btc with every transaction).
If you get the $5 wrench attack, you can pretend you have only another 5 btc address (just as when you pretend you have only the dummy wallet with your hardware wallet).
If you want to cover the trace of your 5 btc, you use washers.

How can you do all the above with hardware wallet, satisfactorily?

Is that a serious question? Because it should be fairly obvious to "an intelligent man" how one could satisfactorily achieve that with a hardware wallet.

and I'm not quite sure what you mean by:

everyone knows you have at least 5 btc only (instead of 100 btc, because your addresses aren't a bunch of change addresses that reshuffle your 100 btc with every transaction)

Why would your total of 100 BTC be shuffled with every transaction?

Why could you not also have 20 addresses with 5 btc each when using a hardware wallet? Assuming you're spending less than 5 btc as per your example, the wallet would only need one UTXO so "you spend only 5 btc and everyone knows you have at least 5 btc only (instead of 100 btc, because your wallet only needs to use one input from one address)".

For added defense against the wrench attack, you simply create multiple different wallets with one address each... hand over the passphrase to the "exposed" 5 BTC and your dummy wallet.

The bonus is that with a hardware wallet there is exactly ZERO evidence that these multiple wallets even exist... whereas, with your system of 20 different encrypted private keys and an attacker has hacked your email or found your USB/CD with the encrypted files... they can actually see all the different encrypted items in your inbox or on your CD etc. So, I'm not quite sure how you deny the existence of other keys/addresses?

You are not being objective. Besides, using those seeds allows easier brute force hacking because they are all dictionary words with all small caps (do you realize this?).

Do you realise that a 24 word seed... is effectively like having a 24 character password from an "alphabet" that has 2048 possible characters in it... whereas your proposed password of 20+ characters (we'll even be generous and say 24 character to compare apples to apples) using alphanumerics + symbols gives you a total of 26 upper + 26 lower + 10 numbers + say ~30 symbols... for a total "alphabet" size of ~92 total characters to choose from.

2048²⁴ combinations vs. ~92²⁴ combinations... Tell me again which one is going to be easier to brute force?

[Dorky]

No, I'm not. You stated that you have "used WinRar for many several years and it never disappoint me, not even once" as some sort of proof that you can trust it 100%... so I pointed out that this is exactly the type of comment people have made about various services/software over the years... which then turn out to be a scam or buggy and financial and/or data loss occurs. Just because something hasn't "failed" yet, doesn't mean it won't.

My article isn't mainly about using WinRar for cold storage. If you feel WinRar is insecure, or less secure, you have the freedom to go for other encryption software or write your own software.

I've asked several times now, how you can be 100% certain that WinRAR has no backdoors (or unpublicised bugs/flaws) that could allow an attacker to sidestep your encryption and access your private keys. The simple and very objective answer is that you can't be 100% certain of this, as it is closed source. You are putting your faith and trust in the WinRAR devs, just like you claim hardware wallet users are having to put their faith and trust in the hardware wallet manufacturers.

And just like you, we can't be certain that hardware wallets are 100% secure either... because there is no 100% secure system. There will always be attack vectors. Your continued assertion that your method is one example of 100% security without any real supporting proof seems to be showing a certain lack of objectivity.

If WinRar is not safe/secure, then tell me which software is. Or at least tell me or point out to me real-life cases of it being hacked, despite using very strong alphanumeric + symbol passwords.

"I wish when I debate with someone, that person would be objective" and play the ball... not the man.

You talked about hardware wallet's dummy wallet, as if doing your own encryption will render you incapable of doing the same, as if doing dummy wallet is only a possibility if you rely on a 3rd-party. To me, that is very subjective and not smart at all.

Is that a serious question? Because it should be fairly obvious to "an intelligent man" how one could satisfactorily achieve that with a hardware wallet.

Why would your total of 100 BTC be shuffled with every transaction?

Huh? I thought you know something about change addresses? If you are using hardware wallet, you should know what I mean.

Why could you not also have 20 addresses with 5 btc each when using a hardware wallet? Assuming you're spending less than 5 btc as per your example, the wallet would only need one UTXO so "you spend only 5 btc and everyone knows you have at least 5 btc only (instead of 100 btc, because your wallet only needs to use one input from one address)".

For added defense against the wrench attack, you simply create multiple different wallets with one address each... hand over the passphrase to the "exposed" 5 BTC and your dummy wallet.

The bonus is that with a hardware wallet there is exactly ZERO evidence that these multiple wallets even exist... whereas, with your system of 20 different encrypted private keys and an attacker has hacked your email or found your USB/CD with the encrypted files... they can actually see all the different encrypted items in your inbox or on your CD etc. So, I'm not quite sure how you deny the existence of other keys/addresses?

All that hardware wallet can do for cold storage, my method can do the same. This appears to be beyond your comprehension. You speak as if hardware wallet cannot be hacked. That's your subjectivity. And if you feel my method of encrypting all private keys in one place is unsafe, then what is actually stopping you from encrypting each of them separately? Clearly, you do not understand and yet act like you do. Show me real-life cases of any WinRar files getting hacked despite strong passwords (not passwords like "abc" or "123"). Hackers know if you are using hardware wallet, most likely the passphrase you give them will refer to the dummy wallet. There is nothing to stop them from keep using a $5 wrench on you, or on your loved ones.

Obviously to you, those arguing for paper wallet vs hardware wallet must be stupid. And those arguing for digitally-encrypted paper wallet (like me) is even more stupid. I begin to wonder, that if I were to write an article on why I use only hardware wallet for cold storage, you would find the false pleasure to argue why I am also wrong in this. Ultimately you will say no method is 100% safe. And if that is the case, I would like to refer you to the Bible verse Matthew 6:19-21.

Do you realise that a 24 word seed... is effectively like having a 24 character password from an "alphabet" that has 2048 possible characters in it... whereas your proposed password of 20+ characters (we'll even be generous and say 24 character to compare apples to apples) using alphanumerics + symbols gives you a total of 26 upper + 26 lower + 10 numbers + say ~30 symbols... for a total "alphabet" size of ~92 total characters to choose from.

2048²⁴ combinations vs. ~92²⁴ combinations... Tell me again which one is going to be easier to brute force?

I would like to send you a file encrypted with my method and see if you can actually hack it to rest the case.

[Dorky]

For added defense against the wrench attack, you simply create multiple different wallets with one address each... hand over the passphrase to the "exposed" 5 BTC and your dummy wallet.

That can be done with my method.

The bonus is that with a hardware wallet there is exactly ZERO evidence that these multiple wallets even exist... whereas, with your system of 20 different encrypted private keys and an attacker has hacked your email or found your USB/CD with the encrypted files... they can actually see all the different encrypted items in your inbox or on your CD etc. So, I'm not quite sure how you deny the existence of other keys/addresses?

If I encrypt 1 address, then encrypt another 1 separately, and store them both separately, will you be able to find the evidence of my other address if you are able to hack into one of them? You can't. But you just don't see this.

If the hacker can hack into my email and then hack my encrypted files, then there is nothing stopping them from hack every other people's, including your hardware wallet. Like I said, your argument is not objective. You keep assuming my method is a handicap and limited.

Let me say this to you:
Encrypting a paper wallet = encrypting a hardware wallet's recovery seeds/mnemonics/passphrases.
If only you can see this obvious truth...

Unless you say, "Well, there is no need to secure my recovery seeds/mnemonics/passphrases because I have 100% fail-safe brain memory."
In that case, I admit defeat.

Edit:
Or maybe I should be as specific as possible... just in case.
Digitally-encrypting or digitally-securing a paper wallet = digitally-encrypting or digitally-securing a hardware wallet's recovery seeds/mnemonics/passphrases.

The only difference with the former method is that I am 100% in control, don't need to do extra steps in securing/recovering the keys (like using a source code to derive the keys from the seeds), can customize the security to be as hardcore as I prefer, can do infinite backups, and don't need to spend more on any 3rd-party hardware.

Edit:
And please stop talking about dummy wallets.
In the future (or today?) hackers will know you will have a false seed standing by to trick them to a dummy wallet.
They will do far more than just accepting your dummy wallet.

Above it all, refer to Matthew 6:19-21. The Bible is right.

[HCP]

My article isn't mainly about using WinRar for cold storage. If you feel WinRar is insecure, or less secure, you have the freedom to go for other encryption software or write your own software.

I know this... but you seem to insist that your method is completely trustless... I'm simply pointing out, that it is not as you are trusting WinRAR or <insert encryption software here>. This directly counters what you consider to be advantages of your methods. Namely:
- maximum security (free of 3rd-party trust) - It isn't... you are trusting a 3rd party, with closed sources at this point in time.
- maximum trustless - Again, you are trusting a 3rd party.

If WinRar is not safe/secure, then tell me which software is. Or at least tell me or point out to me real-life cases of it being hacked, despite using very strong alphanumeric + symbol passwords.

That's my whole point... I (and others) have said several times now... that no method is 100% secure... but you seem to think yours is... who is not being objective again?

You talked about hardware wallet's dummy wallet, as if doing your own encryption will render you incapable of doing the same, as if doing dummy wallet is only a possibility if you rely on a 3rd-party. To me, that is very subjective and not smart at all.

And I also pointed out how having multiple copies of encrypted keys spread about the place in emails and on physical media leaves evidence behind that there is something hidden... whereas dummy wallets from seeds/passphrases do not. There is no evidence of anything existing other than the default wallet from the seed. You keep talking about being able to implementing a similar system using your method... but then just imply that I am unintelligent because I don't know how to do it... so would you care to enlighten us? I'm actually genuinely interested.

Huh Why would your total of 100 BTC be shuffled with every transaction?

Huh? I thought you know something about change addresses? If you are using hardware wallet, you should know what I mean.

I know what change addresses are used for and how they work... but I'm not sure why you think that hardware wallets only contain "a bunch of change addresses that reshuffle your .. btc with every transaction".

If I have 20x 5 BTC inputs in my hardware wallet and I spend 5 BTC like in your example... how are the rest of my 19 inputs being reshuffled?

All that hardware wallet can do for cold storage, my method can do the same. This appears to be beyond your comprehension.

You mean where I said "Is it "better" than a hardware wallet? A viable alternative sure, but better? I'd say that is somewhat debatable and likely dependent on the use case(s) of a given person"

You seem to be failing to grasp that I am not debating whether or not your system works... I've never once claimed that your system doesn't work... What I'm pointing out is that it is NOT 100% secure as you seem to believe... and that it is NOT 100% trustless (as currently implemented) and... in my opinion it is NOT better than a hardware wallet for the reasons I have explained.

You speak as if hardware wallet cannot be hacked. That's your subjectivity.

You mean where I have repeatedly stated that NO METHOD is 100% safe?? Unlike you and your magical "100% secure" method... subjectivity much?

I would like to send you a file encrypted with my method and see if you can actually hack it to rest the case.

Why? I'm not a hacker... I never claimed to be.

You claimed that a 24 word seed is easier to brute force than your 20+ alphanumeric+symbol password... I'm simply pointing out that you are incorrect and that seeds are in fact a lot stronger than a standard password. The maths already proves the case. But maybe you can just tell me what the seed is to my wallet and rest the case?

Above it all, refer to Matthew 6:19-21. The Bible is right.

Seriously? Now you want to make this a theological debate? According to those verses... you shouldn't even be using cold storage...

[Dorky]

And I also pointed out how having multiple copies of encrypted keys spread about the place in emails and on physical media leaves evidence behind that there is something hidden... whereas dummy wallets from seeds/passphrases do not. There is no evidence of anything existing other than the default wallet from the seed. You keep talking about being able to implementing a similar system using your method... but then just imply that I am unintelligent because I don't know how to do it... so would you care to enlighten us? I'm actually genuinely interested.

You will know the answer from within if you ask yourself what you should do if there is no other way other than to digitally-encrypt the keys.
To leave evidence behind is a choice, in which nobody has to make. Just ask yourself, since you have 100% control, what are the steps you should do to cover the evidence, your heart will point the way.
And you are assuming hackers and kidnappers will be ignorant of dummy wallets.

I know what change addresses are used for and how they work... but I'm not sure why you think that hardware wallets only contain "a bunch of change addresses that reshuffle your .. btc with every transaction".

If I have 20x 5 BTC inputs in my hardware wallet and I spend 5 BTC like in your example... how are the rest of my 19 inputs being reshuffled?

A fraction of the 5 btc not fully spent will be sent to some of the 19 addresses, in which I will know they are associated with you. Shouldn't this be obvious? Shouldn't you know this already?

You seem to be failing to grasp that I am not debating whether or not your system works... I've never once claimed that your system doesn't work... What I'm pointing out is that it is NOT 100% secure as you seem to believe... and that it is NOT 100% trustless (as currently implemented) and... in my opinion it is NOT better than a hardware wallet for the reasons I have explained.

Only because you need to trust WinRar. Now, tell me. How do you go about securing your hardware wallet seeds/mnemonics/passphrases? Don't tell me you leave them in the open, visually available for all to see. Surely you may not have a dog that may eat the stuff up. Or a fire-proof/flood-proof house. The moment you try securing them, the issue that you start to face is the EXACT same issue when trying to digitally-secure the private keys directly. Hardware wallets are offering you "Step 1-Step 2-Step 3" for cold storage. I am offering you "Step 1-Step 2" for the same cold storage with added advantages.

You mean where I have repeatedly stated that NO METHOD is 100% safe?? Unlike you and your magical "100% secure" method... subjectivity much?

Well, on 2nd thought, I guess nothing is safe. Or else there would be no Matthew 6:19-21.

I would like to send you a file encrypted with my method and see if you can actually hack it to rest the case.

Why? I'm not a hacker... I never claimed to be.

You claimed that a 24 word seed is easier to brute force than your 20+ alphanumeric+symbol password... I'm simply pointing out that you are incorrect and that seeds are in fact a lot stronger than a standard password. The maths already proves the case. But maybe you can just tell me what the seed is to my wallet and rest the case?

I guess that seed is much harder to brute force than my 20+ alphanumeric + symbol. But so what? I suppose you have a 100% fail-safe brain with super memory. Without such brain, how will you secure the seeds, that is the question I have for you.

Seriously? Now you want to make this a theological debate? According to those verses... you shouldn't even be using cold storage...

I am using cold storage to delay any attempt of thievery. It's like making myself a much harder target than the next guy beside me. The cold storage will not help because someday bitcoin and the rest will all die. I rather have my cryptos die on that same day/moment than way much earlier, thus the cold storage.

[HCP]

If I have 20x 5 BTC inputs in my hardware wallet and I spend 5 BTC like in your example... how are the rest of my 19 inputs being reshuffled?

A fraction of the 5 btc not fully spent will be sent to some of the 19 addresses, in which I will know they are associated with you. Shouldn't this be obvious? Shouldn't you know this already?

Wait... what?? The fraction of the 5 btc not spent will go to either a completely new "change" address, totally unrelated to all my other 19 addresses... or if I choose to not use change addresses as per the functionality offered in several wallets, the wallet will send the unspent amount back to the original address... which is also totally unrelated (from an external point of view) to all my other 19 addresses.

You have read BIP32 and BIP44 and understand about "external" (aka receive) and "internal" (aka change) addresses right? Pretty much all the hardware wallets that I'm aware of implement BIP44... and keep receive and change addresses separated as per the specification, that is to say using Derivation Paths of m/44'/0'/0'/0 and m/44'/0'/0'/1 respectively.

Most of them are also smart enough to prevent address re-use so while you could follow a chain of transactions that start with one 5 btc input... it'll never touch any of the other inputs (or their chain of transactions) until such time as you don't have enough coins in a single input to be able to send the amount you want to send and it needs to use 2 or more inputs.

All of which is relatively moot for "cold storage" anyway... and works pretty much the same way as your "paper" wallet system.

Like I've been saying all along... your system is pretty much the same as using a hardware wallet, without the convenience of being able to spend easily if required... or sign messages... or use on an online machine while maintaining security... or use easily with a mobile phone wallet... or use as a FIDO U2F secure key...

But hey, you're happy with it... and you saved yourself $100.

[Orbolon]

What about a bank cold storage, where you place your bitcoins in a cold storage online, but they put it on a paper ant store it for you ? Xapo for example does this. What are your thoughts on this type of cold storage?

[Kronos21]

Not sure if I should post it here, but I just wrote a steemit article on "Why I Am Not Using Hardware Wallet For Cold Storage" @ https://steemit.com/wallet/@dorky/why-i-am-not-using-hardware-wallet-for-cold-storage to help people make better decisions.

Check it out.

Lot of people posting their Steemit articles here trying to make bank.

Anyway, this is common sense. TRUE COLD STORAGE = PAPER WALLET

Anyone who lost  a significant amount of Bitcoin will tell you a paper wallet is the safest way of storing it. Think of it like cash money, except you are holding a paper with your keys on it. No one can hack you if you use this method.

To break can not, but you can lose the keys. If you store them on the computer then hack your PC and steal your codes much easier than to hack e-wallet. I think that in General it is impossible to store a large amount of bitcoins in one place.