Bitcoin Forum
November 22, 2017, 03:08:40 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Organizing Proper Cold Wollet Storage  (Read 344 times)
Colorblind
Jr. Member
*
Offline Offline

Activity: 56


View Profile
October 20, 2017, 01:28:30 PM
 #1

Say I want to organize Cold Wollet storage.
My plan is to do following:

1. Organize a disconnected secure room where 1 PC with encrypted private key is located (Room 1).
2. Equip another PC with properly connected and synced blockchain (Room 2)

Follow next protocol to execute transaction from Cold Wallet:
1. Take clean USB drive and use PC in Room 2 to create a transaction message. Write it on USB;
2. Go to Room 1 with the USB drive containing transaction message and sign transaction on "cold" PC using it's private key;
3. Return to Room 2 to execute (broadcast) transaction from "hot" PC


Do I miss something?
What are possible attack vectors here? 


Thanks!



1511363320
Hero Member
*
Offline Offline

Posts: 1511363320

View Profile Personal Message (Offline)

Ignore
1511363320
Reply with quote  #2

1511363320
Report to moderator
1511363320
Hero Member
*
Offline Offline

Posts: 1511363320

View Profile Personal Message (Offline)

Ignore
1511363320
Reply with quote  #2

1511363320
Report to moderator
1511363320
Hero Member
*
Offline Offline

Posts: 1511363320

View Profile Personal Message (Offline)

Ignore
1511363320
Reply with quote  #2

1511363320
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
ranochigo
Legendary
*
Offline Offline

Activity: 1260

In the midst of an exam, will be very inactive.


View Profile WWW
October 20, 2017, 02:28:30 PM
 #2

Do I miss something?
The steps are correct. What wallet are you planning to be using? I would recommend Electrum due to the ease of using the UI. Bitcoin Core is fine though I'm not sure how would you be able to create watch addresses from the HD key.
What are possible attack vectors here?
The only possible attack vector is if the USB somehow gets infected with virus and the virus has the ability to copy the files from the offline computer, store it in USB and broadcast it in the online computer. As far as I know, no malware has been this sophisticated thus far. If you're using Linux, it would be even more secure.

The 100% foolproof method is to just use QR codes instead of USB.














 

 

█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
BitBlender 

 













 















 












 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
█ 
Thirdspace
Sr. Member
****
Offline Offline

Activity: 437


Mixing reinvented for your privacy | chipmixer.com


View Profile
October 20, 2017, 03:54:20 PM
 #3

---snip---
Bitcoin Core is fine though I'm not sure how would you be able to create watch addresses from the HD key.

---snip---
The 100% foolproof method is to just use QR codes instead of USB.

with QR codes definitely the best air gapped system
he just need to get a camera for each PC to read/capture QR codes
and for creating watch addresses on online-PC in Room 2
he could also use the camera and do one address at a time, couldn't he?

piotr_n
Legendary
*
Offline Offline

Activity: 1778


aka tonikt


View Profile WWW
October 20, 2017, 04:03:07 PM
 #4

What are possible attack vectors here? 

You can't really think of all the possible attack vectors.

If I was to be an attacker, I'd probably first look into where you store the backup of the private key.

Then at a physical security of the room with the wallet PC.

Then the people having access to it.

There must be more.

Check out gocoin - my original project of full bitcoin node & cold wallet written in Go.
PGP fingerprint: AB9E A551 E262 A87A 13BB  9059 1BE7 B545 CDF3 FD0E
bob123
Sr. Member
****
Offline Offline

Activity: 392


JOLYY - The future of beauty!


View Profile
October 22, 2017, 12:02:00 PM
 #5

Do I miss something?
What are possible attack vectors here? 

One big attack vector would probably be the most obvious. Physical access. Until you are not living in a bunker and depending on the amount you store this would be an efficient attack vector.
Since your plan does not mention any backups a "simple theft" of your harddrive would be an option.
Another way to gain access over your private keys is to infect your pc which is connected with the internet.
If you have a big amount stored and an attacker is targeting at you it probably wouldn't be that hard to get malware on your pc which will infect the usb stick.
And once USB is infected and you plug it into your cold pc to sign the TX the private keys could be copied over to the usb without you noticing it.
And the next time you connect it to a pc with internet connection (e.g. when you want to push the TX) the malware automatically pushes a TX of all your coins to his address even before you can start pushing your TX.

Of course this is more theoretical nature. But its definetly possible. Noone would put so much effort into it for 1-2 coins.
But 100 BTC are pretty attractive. Big Big Holders should definetly be careful about giving too much personal information away.

            ███           ▄▄▄████████▄▄▄           ███       ▀███          ▀██▄ ▄██▀          ███▀
            ███         ▄████▀▀    ▀▀████▄         ███         ███          ▀█████           ███
            ███       ▄███▀            ▀███▄       ███          ▀██▄         ▄███▄         ▄██▀
            ███      ███▀                ▀███      ███            ███       ███▀███       ███
            ███     ███▀                  ▀███     ███             ▀██▄   ▄██▀   ▀██▄   ▄██▀
            ███     ███                    ███     ███               ███▄██▀       ▀██▄██▀
            ███     ███                    ███     ███                ▀███▀         ▀███▀
            ███     ███                    ███     ███                 ███           ███
            ███     ███▄                  ▄███     ███                 ███           ███
            ███      ███▄                ▄███      ███                 ███           ███
           ███▀       ▀███▄            ▄███▀       ▀███                ███           ███
██▄▄▄  ▄▄▄███▀          ▀████▄▄    ▄▄████▀          ▀███▄▄▄  ▄▄▄██     ███           ███
▀▀████████▀▀              ▀▀▀████████▀▀▀              ▀▀████████▀▀     ███           ███
           T H E   F U T U R E             
                       o f   B E A U T Y


 ▀█▄             ▄▄▄▄▄▄
   ▀█▄      ▄▄███▀▀▀▀
    ▄██     ▀▀▀     ▄▄▄▄
 ▄▄▄ ██         ▄     ▀▀██▄
▀█▀█▀█▀▄       █▄     ▄██▀
               ▀████████
               ▀ ▀ ▀ ▀ ▀


      ▄▄
     ▀█▀▀▀

    █▄
     ███████▀▀▀
    █▄
      ▀▀▀▀▀
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!