I have compiled instructions for you on how to setup an actual bulletproof strategy for securing your coins that outperforms any kind of hardware wallet in high-threat scenarios. Hope you enjoy.
Tools used in this tutorial: GPG4Win and VeraCrypt. This tutorial is from the perspective of a Windows user since the most wallet software is on Windows. However, this tutorial is cross-platform compatible since these tools have equivalent counterparts on other operating systems.
1. Download the wallet software from a malware-free and up-to-date computing device and verify its checksums using
http://onlinemd5.com/ (or check the GPG signature inside GPG4Win) and upload it to
https://www.virustotal.com/en/ to check for any viruses. Sometimes there are false positives, but it's generally better to be safe than sorry.
2. Put that software onto a cleanly formatted(!) flash drive and plug it into an airgapped (airgapped = this computer is not and has not been connected to the internet), malware-free computing device. If you have an old laptop lying around; wipe its harddrive and install a fresh new instance of your preferred operating system (most wallet software uses Windows). You can also use an Raspberry PI or any computing device that can be used as an independent and dedicated computing device that is able to host the software you are trying to use. It's important that you do not EVER connect that dedicated computing device to the internet after you have installed any of your wallet software (even in fact you should not be using it beforehand because malware could accumulate). I'm saying this, because the wallet software you downloaded could have been compromised at some point where the attackers have added in code that sends your private keys to their command-and-control (C&C) servers. Plain malware or even ransomware is known to search through the wallet file directories and send any file found to their C&C servers. It's even more likely though that the attackers have compromised the pseudo-randomness of the key generation algorithm giving them the ability to regenerate your key pairs deterministically. This could especially be the case with lesser known wallet software. Make sure that this is not the case by performing your due diligence on the wallet providers and the software.
3. Install the wallet software on your dedicated machine. Now you have two options: a) Generate some wallets inside the software by letting it create a new seed. b) Create the seed yourself by using dice in order to wipe out any chance of someone having compromised the pseudo-randomness of the wallet's software's algorithms. This is the mega tinfoil hat case, however this can be a serious threat to anyone. If you want to do this for Bitcoin, you can go to
https://www.bitaddress.org , download the HTML page file and transfer it via a flash drive safely and securely to your airgapped machine. Open it there and in the "Wallet Details" section, you will be able to find instructions on how to use an actual dice (use a high-quality casino dice that has sharp edges) to generate a private key. You can also find instructions online on how to generate entire seeds using high-quality dices to guarantee real randomness for the safety of your crypto assets. For the average user, this seems like a stretch, however this is an unnecessary risk that can be eliminated easily.
5. Now write down the seeds into a text file on your airgapped machine and back them up on a couple of freshly formatted and clean flash drives distinct from the one that you transferred your files with (also delete the seed text files from your airgapped machine). You can also backup the encrypted wallet files and their passwords alongside the text file/s containing the seeds for even more redundancy.
6. You can now also encrypt these backup drives with a disk encryption tool of your choice (this would be your double encryption). I can highly recommend VeraCrypt. You can create a standard volume on any partition of a flash drive that will host and encrypt any files that are subsequently put into it. Once you mount the volume (only ever mount it on the airgapped machine which you make sure is at all times and costs malware-free), the files are only ever decrypted in RAM and stay on your flash drive at all times which means that your files remain encrypted even in the event of a sudden power outage. You should use a relatively long high-entropy password or a very long and mnemonic passphrase (with lots of cleverly put characters, symbols and numbers) for the disk encryption (in VeraCrypt you can also use PIMs and keyfiles (although I would suggest only using PIMs) for EVEN MORE security). I would recommend the latter so that you have it memorized incase something unexpected happens. Nevertheless you should still write down that password onto a small (hardly noticeable) sheet of paper in its full length. Store that somewhere CLOSE to you (somewhere people wouldn't bother to search incase of high-risk scenarios) and don't store it alongside your backups. You shouldn't ever need it because you should be able to remember your passphrase at all times. Distribute your encrypted backups in your house, at a safety deposit box at your bank, at houses of your relatives etc. Once again, hide them somewhere people don't expect them and make sure that not all the backups are exposed to similar environmental risks (e.g. a flood or fire inside one of the buildings). Incase you are still not paranoid enough, you can also write down the seeds on two distinct sheets of paper where you write down the first half on one sheet and the second on the other. You could then also distribute them in two distinct places and place them somewhere people wouldn't search for them. This method involves more risk because if someone found one half of the seed they could potentially be able to bruteforce the entire seed in some cases.
As far as the backups are concerned, this is the best practice I can come up with. If you are a high-profile and high-threat individual (someone could use extortion to get the passphrase and PIM to your backups) I would also recommend looking into VeraCrypt's hidden volumes. They allow you to create a standard volume on one of your drives that has an inner pointer to an outer hidden volume that requires a different password in order to be mounted. At all times, it cannot be proven from an attacker that the drive actually contains a hidden volume, if certain conditions are met. This means if someone is pointing a gun to your head demanding your passphrase (expecting to find the backups on there), you could give them the password for your standard volume. Into that standard volume, you should place some sensitive-looking files (if a potential attacker is likely to search for Bitcoin then you could place some wallet file in there with a minor part of your Bitcoin stash) in there, however the actual files that you are desperately trying to hide will be placed inside the hidden volume. So for instance, a wealthy individual could place 1000 BTC into the hidden volume and 10 BTC into the standard volume in order to preserve their life in high-threat situations. If they ask for more or for the password to the hidden volume, you have a good excuse that it does not exist. This is called plausible deniability and it's a very important concept.
The concept of hidden volumes can even be expanded onto operating systems which VeraCrypt has already done. In this case, you do a full disk system encryption and setup a hidden volume on a separate partition on your harddrive. Then you install a new fresh instance of your preferred operating system on the hidden partition. Whenever your computer boots, it asks for the encryption passphrase and PIM. If you enter the combination for the standard volume, you will access your decoy operating system. This is the OS you should give the attacker access to in case of extortion. Place some sensitive-looking files in there or even a minority of your coin stash depending on your risk profile. If you enter the combination for the hidden volume, you will be entering your hidden operating system. This is like the hidden volume; for the actual sensitive files that you are trying to preserve at all costs. So this allows for plausible deniability and encryption on the full system level. For more important information and crucial security and behavioral practices in case of high-threat scenarios, check out VeraCrypt's documentation (
https://veracrypt.codeplex.com/wikipage?title=VeraCrypt%20Hidden%20Operating%20System).
Installing a hidden operating system on your machines seems like a practical idea. This also directly solves the question: "How do I protect the wallet files on my airgapped machine incase I am not near it?" because the system is now fully encrypted and the only thing an attacker can do is destroy it at this point. In this case, you can also leave the passwords to your encrypted wallet files inside the hidden operating system. You might ask now: "Why do I still need to encrypt the wallet with the wallet software's inbuilt encryption algorithm at this point? The hidden OS takes care of all of this now, right?" Leaving your wallet exposed like that still exposes you to the risk of installing a malicious software that constantly sends out queries to send out your private keys or wallet files to its C&C server just in case that you should ever connect to the internet. That's why you should NEVER connect to the internet on that DEDICATED machine.
Now that you have set up your bulletproof cold storage, you can monitor your wallets on an internet-connected machine (e.g. for BTC on Electrum you would transfer the master public key) that is in sync with the specific blockchain and send transactions via a dedicated malware-free transfer flash drive to the airgapped machine. Then you sign off the transaction on the dedicated machine, transfer it back via a flash drive and broadcast it on the online machine onto the specific P2P network.
This is the ultimate tinfoil hat strategy. This is as bulletproof as crypto security can get. It surpasses the security of every hardware wallet, because this allows you to have plausible deniability in case the attackers manage to find your devices. It is not as convenient, however it is designed to potentially preserve the life of high-profile and high-threat individuals in high-pressure situations.
Please let me know if there are any kind of errors. I would also love to hear your feedback on these methods. Thanks for reading
