How to design a perfect cold storage?

[lukaexpl]

give your family an empty wallet. make a signed transaction, unbroadcasted in your safe deposit box. if you die, they can broadcast it to their wallet.

Nice idea. Never thought of that. How do I do it?

It's called an nLocktime transaction.

You can do it on greenaddress.it or you can do it manually(complicated as hell, i have never done it myself). Basically when a certain block height is reached your family member is able to get the transaction and broadcast it to the network, before that block height is reached they can't do anything with the raw transaction.

See here for an example and a tutorial: https://www.reddit.com/r/Bitcoin/comments/397xv3/howto_nlocktime_transaction_as_a_dead_mans_switch/

Just make sure that the private key that your family member holds is secure and completely offline as well, otherwise this setup is useless.

I read that idea but also the dangers it poses. Namely the biggest danger being that Bitcoin forks in such a manner that "old signed" transactions are no longer valid which would leave my "heirs" with bitcoins neither them nor anybody else can spend.

[1715327255]

1715327255

[TechPriest]

You can't do anything "perfect" in fact.
I would recommend use PC without Intel accessories (it has some interesting backdoors on the lowest hardware level)

[lukaexpl]

You can't do anything "perfect" in fact.
I would recommend use PC without Intel accessories (it has some interesting backdoors on the lowest hardware level)

Could you expand on that (Intel backdoors)?

[TechPriest]

You can't do anything "perfect" in fact.
I would recommend use PC without Intel accessories (it has some interesting backdoors on the lowest hardware level)

Could you expand on that (Intel backdoors)?

Read about Intel Management Engine. In fact it can read your RAM (hello to all your unprotected passwords which stored in RAM while session continue), your internet traffic, your screen.  

[aleksej996]

You can't do anything "perfect" in fact.
I would recommend use PC without Intel accessories (it has some interesting backdoors on the lowest hardware level)

Could you expand on that (Intel backdoors)?

Read about Intel Management Engine. In fact it can read your RAM (hello to all your unprotected passwords which stored in RAM while session continue), your internet traffic, your screen.  

More specifically Active Management Technology is the problem there, as it allows for a remote access to your CPU. As privacy issues are always security issues, this became clear like in many other cases when vulnerability was found in AMT and allowed for a hacker to fully take over Intel servers remotely on such a low level that no security software would be able to do anything about it. https://thehackernews.com/2017/05/intel-amt-vulnerability.html

[Morchid]

I personally use an ironkey USB thats password protected with electrum wallet. You can get the electrum wallet at electrum.org. It is very secure and reliable. I have never had any issues with this cold storage for my bitcoins. One thing for sure is write down your 10 keyword phrase and password incase something happens to the USB you can still recover your bitcoins.

[AGD]

I would start with creating the private key for the cold wallet with a coin or dice instead of a computer rng.

[Spendulus]

Some great ideas guys. It's weird how some ppl are happy just keeping coins on an exchange or in an online wallet. With all the goings on these days, don't discount EPM attacks. Possibly locking usb's and trezors etc in a metal safe would suffice. Although I guess if there were any EMP attacks most crypto would be wiped out and crypto would be the least of our worries.

store USB and such wrapped in several layers of aluminum foil.

Imprint stamped designs on the foil.

= "tamper resistant" while also being "tamper evident."

"Something" is in a bank safe deposit box.

You need a way to know, when you retrieve that item, that it is the same item, in the same condition, touched by nobody, since you put it there.

Otherwise, how do you even know it's the same USB?

[btcton]

In the end is all a compromise between security and accessibility/ease of use. The more secure you contain your bitcoins, the harder it will be for you to access them yourself. If you are looking for purely cold storage where security is king, you would have to compile Bitcoin Core or download an open source wallet with offline functionality, copy it over to an offline device with no access to the outside at all (think a laptop with a broken wifi card) and then never actually connect it back online. All you need to do is to keep those private keys secure and then somehow (perhaps by hand) copy over the public keys and send the Bitcoin you want to store to them. I can't see a more barebones, flawless method to keep Bitcoins secure. I do a variant of this method myself and all has been good, while keeping my hot wallet quite accessible for everyday expenses.

[Quickseller]

You need a way to know, when you retrieve that item, that it is the same item, in the same condition, touched by nobody, since you put it there.

Why do you want to be sure you are interacting with the same device you put in the safety deposit box? You would want to use an entirely offline computer to sign any transaction and once someone has physical possession of the USB stick they can potentially steal any money contained in the USB drive.

[lucifochrome]

I thank the people putting their ideas here, it is good for us (newbies). i have to admit that right now. I do not feel safe with the wallet that i have. however, the amount of bitcoin that i have is not of a substantial so i am not paranoid about it. Still i wanted to ask or clarify something regarding this paper wallet. I have read on the newbie section of somewhere that you can create a duplicate of the same wallet on this paper thing but my question is if you get to withdraw the bitcoin from that wallet say a duplicate it will still reflect on the original right? as it is just the same, i mean like you just have one wallet address it is just that it was duplicated for safe keeping. i apologize if this may be a newbie question but i am no IT expert, i am a medical professional who just so happened got interested with bitcoin.

[aleksej996]

I thank the people putting their ideas here, it is good for us (newbies). i have to admit that right now. I do not feel safe with the wallet that i have. however, the amount of bitcoin that i have is not of a substantial so i am not paranoid about it. Still i wanted to ask or clarify something regarding this paper wallet. I have read on the newbie section of somewhere that you can create a duplicate of the same wallet on this paper thing but my question is if you get to withdraw the bitcoin from that wallet say a duplicate it will still reflect on the original right? as it is just the same, i mean like you just have one wallet address it is just that it was duplicated for safe keeping. i apologize if this may be a newbie question but i am no IT expert, i am a medical professional who just so happened got interested with bitcoin.

Yes. A wallet is just a list of private keys which are just numbers that can be used to unlock the funds of the corresponding Bitcoin addresses and send the coins where you wish. Making a paper wallet is just writing that number on paper (but most often with QR codes so it machine readable). It is kinda like a password to your account, it doesn't matter where you store it, it will still be just a password.

It is nice to see people from different professions be interested in Bitcoin. It makes a whole ecosystem possible.

[lukaexpl]

I thank the people putting their ideas here, it is good for us (newbies). i have to admit that right now. I do not feel safe with the wallet that i have. however, the amount of bitcoin that i have is not of a substantial so i am not paranoid about it. Still i wanted to ask or clarify something regarding this paper wallet. I have read on the newbie section of somewhere that you can create a duplicate of the same wallet on this paper thing but my question is if you get to withdraw the bitcoin from that wallet say a duplicate it will still reflect on the original right? as it is just the same, i mean like you just have one wallet address it is just that it was duplicated for safe keeping. i apologize if this may be a newbie question but i am no IT expert, i am a medical professional who just so happened got interested with bitcoin.

One caveat regarding this (if I understood correctly what you mean) would be that once you import the private keys from a paper wallet and spend part of it most wallets would send the "unspent" output to a new address and you would be fooled into believing that your original paper wallet still holds some amount of BTC.

Say you have 0.5 BTC in a paper wallet, you import the Key into Electrum, you send 0.05 somewhere and you wipe Electrum or harddrive so no one gets your private key.
Your other copy of paper wallet no longer holds 0.45 because Electrum sent it to another "change" address (I FIND THIS FEATURE EXTREMLY UNDERADVERTISED and not TRUMPETED ENOUGH).

Read
http://bitzuma.com/posts/five-ways-to-lose-money-with-bitcoin-change-addresses/

[VenusianLion]

8. two rented safe deposit boxes in two banks

You will never "design" anything "safe".  Your brain is flawed. 

[lukaexpl]

8. two rented safe deposit boxes in two banks

You will never "design" anything "safe".  Your brain is flawed. 

I think I made it clear that I realise how fallable the brain is, i.e. susceptible to death and a myriad of diseases.
So I do not understand how your comment contributes.

[monkeydominicorobin]

I am paranoid by design and by professional deformation.

Suppose you have the following tools available:

1. two Trezor hardware wallets
2. offline bootable PC with Ubuntu
3. bitaddress.org site burned to a CD
4. BIP39 passphrase and mnenomic code generator burned to CD
5. passguardian.org Shamirs secret sharing page burned to CD
6. offline printer to print and laminate paper wallets
7. metalstamps to stamp seeds/keys to metal plates if need be
8. two rented safe deposit boxes in two banks in two different European jurisdictions

How would you go about designing a "perfect" cold storage that should fulfill the following criteria:

1. be resistant to my death hence inheritable
2. be reistant to my amnesia
3. be resistant to being denied physical access to both safe deposit boxes
4. be resistant to malevolent staff opening the contents of the safe deposit boxes
5. be resistant to goverment confiscation/access denial to your safe deposit boxes

So basically I want no other entity (spouse, underage children, bank staff, evil government officials) to be able to spend my bitcoins as long as I am alive and with a functioning brain.
I also want to be able to comitt to memory a seed or an encryption method that would grant me access to bitcoins if I am not able to access the cold storage in safe deposit boxes.
Ultimately I would need to leave clear instructions in case of my death so that the family would be able to reconstruct access to those bitcoins.

I have some ideas but would like to hear flaws in my design.

1. PAPER WALLET ROUTE

One way to go about it would be to create paper wallets, print them offline, encrypt them with a strong passphrase (for example Diceware generated) using BIP38 and store them in two separate safe deposit boxes.
The secret passphrase would be easy to memorise for me and could be split using sharding into 3 pieces (2 safe deposit boxes and my home for example) so that you would need access to all of those in order to decrypt the paper wallets.

It prevents goverment or the bank staff from spending your bitcoins but if you find yourself unable to access the physical location of your paper wallets you are doomed.

2. TREZOR MNEMONIC SEED

You load your Trezor hardware wallet and stamp the seed on metal plates in a randomly generated order that you put in one safe. In another safe you put an encrypted message that is simply the order in which you have to put the mnemonic seed to be able to access bitcoins. You distribute the passphrase to unlock the order in the same way as in design No. 1.

You carry your Trezor with you (your home) hoping that even if it gets stolen nobody will be able to break the PIN.

This method has the advantage that with some memory technique you should be able to remember the seed yourself and reuse it should you be locked out of access to your safe deposit boxes.



Is all of this an overkill? Are there simpler ways?

This is definitely not an overkill you are just taking precautions in case somebody who knows about bitcoin could get a hold of some of the information that you openly provide.

[nikisev]

Perhaps its better not to smoke for some time. Weed makes you paranoid sometime. Just kidding.
I think wiser idea will be not to store data physically in one place.
Implement some smart contract that will store keys to your wallets end send them to dedicated address if not accessed for some time.
The whole beauty of blockchain is that its distributed, never in some dedicated location under single jurisdiction, can store whatever you want. So why make it physical again?

[TechPriest]

I would start with creating the private key for the cold wallet with a coin or dice instead of a computer rng.

It may be worse way than using rng. Especially with coin 

[prettyij]

suppose you have the following tools available;

1. Two trezor hardware wallets
2.offline bootable pc with ubuntu
3.bitaddress.org siteburned to a CD

[Zagitta]

I was thinking about this earlier today. How to setup a perfect method of storing Bitcoin without any security flaws. I actually think it is a lot more complicated and maybe impossible. As long as you deal with physical external objects, they are bound to be able to get hacked. Therefore realistically memorizing your keys is the only way... and this is the most risky option as it relies 100% on your own self to remember them or not give them up if you were being tortured or something. What happens if you get dementia/Alzheimer's/Amnesia? For now I am sticking with offline-generated, laminated paper wallets.