How to design a perfect cold storage?

[unbiasedtech]

What seems to be used for centuries to store value in a secure way when it comes to precious metals seems to come in handy here is well: vaults. When it comes to "perfect cold storage", I think that the term "perfect" is overrated. Any security policy is as weak as its usability requirements restrict it to be.

For example, even a vault needs some usability in order to be a viable solution for storing your paper wallet.

Ultimately, it all boils down to the actual amount of stored value. Certainly different volumes require different security approaches.

[btcton]

Is leaving seed in unlocked place at friends house a risk if there is also strong passphrase on it or is there risk somebody could see seed and brute force it? Even keeping in bank safe seems a bit risky.

It would depend on what the passphrase to your seed is. If it is long and complex, say at least 12 characters including special characters and numbers, then you should have nothing to fear. The amount of time it would take for such a passphrase to be brute-forced is not within what you could call reasonably or efficient. You could also just use a set of words to end up with an even stronger passphrase. Given a strong passphrase, you should also feel fine about having multiple copies of it stored in different places. Just make sure that your passphrase and seed never meet, since anyone who has access to both of them at once can (and probably will) open your wallet and potentially steal your bitcoins. A physical copy of the seed and a brain copy of the passphrase is a good combination. Make sure not to forget about other possible attack vectors such as malware, however.

[Raize]

Since it wasn't mentioned yet:
https://glacierprotocol.org/

I don't use the glacier protocol itself, but I have used something similar.

[btcton]

Is leaving seed in unlocked place at friends house a risk if there is also strong passphrase on it or is there risk somebody could see seed and brute force it? Even keeping in bank safe seems a bit risky.

It would depend on what the passphrase to your seed is. If it is long and complex, say at least 12 characters including special characters and numbers, then you should have nothing to fear. The amount of time it would take for such a passphrase to be brute-forced is not within what you could call reasonably or efficient. You could also just use a set of words to end up with an even stronger passphrase. Given a strong passphrase, you should also feel fine about having multiple copies of it stored in different places. Just make sure that your passphrase and seed never meet, since anyone who has access to both of them at once can (and probably will) open your wallet and potentially steal your bitcoins. A physical copy of the seed and a brain copy of the passphrase is a good combination. Make sure not to forget about other possible attack vectors such as malware, however.

So if you find seed couldn't you rent out computer cluster and crack passphrase?

Not at all. You could get all the computing power in the world and it would still not be possible to crack it in any reasonable amount of time. And note that my definition of reasonably is very wide in this context. We're talking about being unable to crack a passphrase within a million years. Now, I have also heard from some that quantum computing may change things around in regards to cryptography, but I personally don't think in this situation it would matter. Of course, in the end it depends on how long and secure a passphrase you use. However, if you use 10 random words as your passphrase, you can rest assured that your seed will be safely protected and you have nothing to fear, as the difficulty in that is n^10 where n is the number of different possible words. Using any possible words in the English dictionary, currently around 170K, would result in 170,000^10, which results in 20159939004490000000000000000000000000000000000000000 or 2x10^52 possible combinations. In other words, don't worry about it.

[SolidBit]

What about cold storage on some services? I mean exchanges, web wallets etc.

Hot to protect funds there? Because there should be preset private keys to withdraw funds. Exactly it should be a hot wallet, but it's risky to store big funds there.

[LoyceV]

give your family an empty wallet. make a signed transaction, unbroadcasted in your safe deposit box. if you die, they can broadcast it to their wallet.

Nice idea. Never thought of that. How do I do it?

It's called an nLocktime transaction.

read that idea but also the dangers it poses. Namely the biggest danger being that Bitcoin forks in such a manner that "old signed" transactions are no longer valid which would leave my "heirs" with bitcoins neither them nor anybody else can spend.

You can reduce this risk by using a smaller time frame: move your coins to a new wallet every year, and create a new signed transaction. The lower you want this risk, the more work it is for you.

give your family an empty wallet. make a signed transaction, unbroadcasted in your safe deposit box. if you die, they can broadcast it to their wallet.

The bank staff and family member can work together to steal your funds.

For example, even a vault needs some usability in order to be a viable solution for storing your paper wallet.

When using a vault for cryptocurrencies, you can use OP's #7: "metalstamps" to just hammer the passphrase into the vault itself. Hammer it at the back, don't even lock it, no thief is going to steal a heavy wall-mounted empty metal box.

I would start with creating the private key for the cold wallet with a coin or dice instead of a computer rng.

It may be worse way than using rng. Especially with coin 

Throwing a dice is quite random. Just throw hard enough and make it bounce through your room if you're totally paranoid. Among others this video explains how to use it. But, creation of private key is not really the scope of this thread.

[TechPriest]

Passphrase is limited to 50 charachters on Trezor, so there could be a bit less words, is it still secure then? Also should you choose words with dice or just pick some sentence that makes sense just to you?

Maybe you mean "50 words" If that right, 170 000 ^ 50 combinations are possible.

If you mean "charachters" then we have  (numbers of English letters + number of numbers + number of keyboard symbols) . It's very strong password as you could see) ^ 50
Also you may notice that mnemonic phrase is stronger than passphrase. mnemonic phrase has 170 000 ^ 10 possible combination while passphrase has  60 ^ 50 .

[Martisor-Sobru]

bleah...technological singularity along with the quantum computer make any arrangement pathetically

[btcton]

Passphrase is limited to 50 charachters on Trezor, so there could be a bit less words, is it still secure then? Also should you choose words with dice or just pick some sentence that makes sense just to you?

Maybe you mean "50 words" If that right, 170 000 ^ 50 combinations are possible.

If you mean "charachters" then we have  (numbers of English letters + number of numbers + number of keyboard symbols) . It's very strong password as you could see) ^ 50
Also you may notice that mnemonic phrase is stronger than passphrase. mnemonic phrase has 170 000 ^ 10 possible combination while passphrase has  60 ^ 50 .

Yes, this is the math that I followed previously. If it takes only up to 50 characters (I am personally not familiar with Trezors, so I do not know their limits) then somewhere around n^50 would be the maximum number of possible combinations where n is the number of accepted symbols. You can still use words and assuming that each word is around 6-7 characters in length you may be able to fit still 8-9 words in there which mathematically speaking still makes up a very strong password of up to 170K^9 possible combinations. Using just characters could be even more secure in this case, though.

[TechPriest]

Yes, this is the math that I followed previously. If it takes only up to 50 characters (I am personally not familiar with Trezors, so I do not know their limits) then somewhere around n^50 would be the maximum number of possible combinations where n is the number of accepted symbols. You can still use words and assuming that each word is around 6-7 characters in length you may be able to fit still 8-9 words in there which mathematically speaking still makes up a very strong password of up to 170K^9 possible combinations. Using just characters could be even more secure in this case, though.

Yeah, my bad. passphrase with 50 characters will be stronger because it has more combinations. 60 ^5 > 170 000

[Spendulus]

suppose you have the following tools available;

1. Two trezor hardware wallets
2.offline bootable pc with ubuntu
3.bitaddress.org siteburned to a CD

There are laser engraving machines that are selling on Ebay for $71 now. They look like a little 3d printer and you can hold one in one hand.

This type of machine would allow putting keys and squarecodes on anodized aluminum plates or painted steel plates. They would burn through the paint or anodized layer.

I suggest this as a way to avoid all the issues of paper getting wet, mildewing, rotting, catching on fire, etc.

Although it's possible that an engraved steel or aluminum plate would not survive a fire with the engraving legible. Still a gigantic improvement.

[radjie]

even I haven't found out how the right design for perfect cold storage.do you have a solution?

[manselr]

I would not consider Trezor safe after it was revealed that trezord.exe phoned home

https://www.reddit.com/r/TREZOR/comments/6yti7p/trezor_bridge_trezordexe_calling_home/

Why would you trust anything with electronics on it when you can get a paper wallet, wrap it in plastic of special material that will survive fire and water and in general the pass of time, and put it somewhere at home in a safe? even if they stole it, they couldn't open it because BIP38 allows encryption in paper wallets. You can also deposit copies on other places if you have a couple of properties.

So how can it get any better than this?

[vit05]

 

suppose you have the following tools available;

1. Two trezor hardware wallets
2.offline bootable pc with ubuntu
3.bitaddress.org siteburned to a CD

There are laser engraving machines that are selling on Ebay for $71 now. They look like a little 3d printer and you can hold one in one hand.

This type of machine would allow putting keys and squarecodes on anodized aluminum plates or painted steel plates. They would burn through the paint or anodized layer.

I suggest this as a way to avoid all the issues of paper getting wet, mildewing, rotting, catching on fire, etc.

Although it's possible that an engraved steel or aluminum plate would not survive a fire with the engraving legible. Still a gigantic improvement.

Didn't now that was so cheap.
http://www.ebay.com/itm/1000mW-Usb-Gravacao-A-Laser-Maquina-de-imprimir-calcografo-Carver-Automatico-Escultura-faca-voce-/362006949144?_trksid=p2349526.m2548.l4275

[btcton]

suppose you have the following tools available;

1. Two trezor hardware wallets
2.offline bootable pc with ubuntu
3.bitaddress.org siteburned to a CD

There are laser engraving machines that are selling on Ebay for $71 now. They look like a little 3d printer and you can hold one in one hand.

This type of machine would allow putting keys and squarecodes on anodized aluminum plates or painted steel plates. They would burn through the paint or anodized layer.

I suggest this as a way to avoid all the issues of paper getting wet, mildewing, rotting, catching on fire, etc.

Although it's possible that an engraved steel or aluminum plate would not survive a fire with the engraving legible. Still a gigantic improvement.

The problem with that is that the cost for doing it is too high, and it might not be worth it if it made up any significant portion of your worth im bitcoins. On the other hand, we could simply keep separate and several backups in safe places and the store a brain secret to decode the seed or private key. This way, it is very unlikely that the coins could be obtained by anyone else or lost by the owner.

[link2yasar]

I am paranoid by design and by professional deformation.

Suppose you have the following tools available:

1. two Trezor hardware wallets
2. offline bootable PC with Ubuntu
3. bitaddress.org site burned to a CD
4. BIP39 passphrase and mnenomic code generator burned to CD
5. passguardian.org Shamirs secret sharing page burned to CD
6. offline printer to print and laminate paper wallets
7. metalstamps to stamp seeds/keys to metal plates if need be
8. two rented safe deposit boxes in two banks in two different European jurisdictions

How would you go about designing a "perfect" cold storage that should fulfill the following criteria:

1. be resistant to my death hence inheritable
2. be reistant to my amnesia
3. be resistant to being denied physical access to both safe deposit boxes
4. be resistant to malevolent staff opening the contents of the safe deposit boxes
5. be resistant to goverment confiscation/access denial to your safe deposit boxes

So basically I want no other entity (spouse, underage children, bank staff, evil government officials) to be able to spend my bitcoins as long as I am alive and with a functioning brain.
I also want to be able to comitt to memory a seed or an encryption method that would grant me access to bitcoins if I am not able to access the cold storage in safe deposit boxes.
Ultimately I would need to leave clear instructions in case of my death so that the family would be able to reconstruct access to those bitcoins.

I have some ideas but would like to hear flaws in my design.

1. PAPER WALLET ROUTE

One way to go about it would be to create paper wallets, print them offline, encrypt them with a strong passphrase (for example Diceware generated) using BIP38 and store them in two separate safe deposit boxes.
The secret passphrase would be easy to memorise for me and could be split using sharding into 3 pieces (2 safe deposit boxes and my home for example) so that you would need access to all of those in order to decrypt the paper wallets.

It prevents goverment or the bank staff from spending your bitcoins but if you find yourself unable to access the physical location of your paper wallets you are doomed.

2. TREZOR MNEMONIC SEED

You load your Trezor hardware wallet and stamp the seed on metal plates in a randomly generated order that you put in one safe. In another safe you put an encrypted message that is simply the order in which you have to put the mnemonic seed to be able to access bitcoins. You distribute the passphrase to unlock the order in the same way as in design No. 1.

You carry your Trezor with you (your home) hoping that even if it gets stolen nobody will be able to break the PIN.

This method has the advantage that with some memory technique you should be able to remember the seed yourself and reuse it should you be locked out of access to your safe deposit boxes.



Is all of this an overkill? Are there simpler ways?

Why do we need such thing? Sorry I am new to the concept of cold store. I just want to know why would one need such thing

[LoyceV]

Didn't now that was so cheap.
http://www.ebay.com/itm/1000mW-Usb-Gravacao-A-Laser-Maquina-de-imprimir-calcografo-Carver-Automatico-Escultura-faca-voce-/362006949144?_trksid=p2349526.m2548.l4275

Although very cool, this also seems like a very dangerous thing! It's an industrial laser in a box with open sides.
A much safer solution is a Letter & Number Punch Marking Stamping Tool Kit, although you need to find a set that has both upper and lower case punches.
Ideal for using a mini private key:

[VegaAISolutions]

I have to be honest with you this is an extremely interesting thought puzzle and I want to be one of those people who sits here and plans it out elaborately and gives you some kind of solution that may or may not be foolproof... the truth of the matter is though short of setting up some kind of National Treasure level system that can withstand the test of eons, and without knowing for certain that Bitcoin will absolutely be in existence when or if this extremely elaborate system is utilized... I can't see any such thing as a perfect system for Cold Storage but that being said I'm sure there's many that are close enough to being perfect two at the very least allow you to access your cold storage in the event that most disasters happen short of the internet dieing, all power on the planet going out or your ability to retrieve any information from your life is not possible.

[Raliket]

I have a very simple solution for you. Which i think is kind of genius because its simple and bulletproof. Best if you have a will or if you have access to a safe deposit box.

What you will need:
A paper with multiple words.
A paper with a series of numbers.
A safe deposit box OR a Will.

Procedure:
Make a multiple word password from the words you wrote on the Multiple words paper.
1. Bob
2. Hello
3. School
4. Bike
etc.. etc...
I propose more than 16 words.

There is no need for you to USE all words or every word only once. For the sake of it you can only use 2 words 5 times each in series or consecutive order. OR you can use 10/16 words some of them double. What ever you think is better for you.

Then after you created your password, write on your (paper with a series of numbers) the correct series of each word by its number. e.g.
Lets say i used the words mentioned above to create this password (SchoolBikeSchoolHelloBobBobBobBike)
On my paper with a series of number i must have (34321114).

JUST DON'T MAKE THE PASSWORD 123456789, 987654321, 13579, or any other combination, keep it random just write a random number on your PC and follow it.

Now,
The paper with multiple words you have to give it to your family. ( I propose through email which they will not lose after years)
And the paper with a series of numbers you have to save it in a safe deposit box OR include it to your will. This goes without saying that you will never mention to anyone what these numbers mean. Only your family should know that these words come with a password which they will get after a bad think happened to you.

This way your family can never use these words to find the password because it will take them many years of trial and error, or even if you have extra words in that list that you don't use in your password they will never find it. And the other individual or safe box that you keep the paper with a series of numbers cannot be used for anything IF THEY DON'T KNOW ABOUT IT.

[dreamer81]

It's all really great. But a better solution is to simply just use a warpwallet. With a password of only 5-6 characters it will be impossible to crack. Check out https://keybase.io/warp/warp_1.0.9_SHA256_a2067491ab582bde779f4505055807c2479354633a2216b22cf1e92d1a6e4a87.html