Best cold storage option.

[Kylepr]

I was considering a paper wallet until I saw a YouTube video on how they are "randomly" generated and my gut instinct is that they are insecure in the way its generated even offline. My concern is that the randomly generated wallets like bitaddress.org have pre-generated wallets that the site makers have access to and all the random typing and waving the cursor around is all a ploy to make you think it's randomly generated. I might be ultra paranoid, but what would be the most secure cold wallet? Could ledger nano s or trezor have similar security risks even.?

[coingeeks]

If you want to be relatively certain no one is tampering with your wallet address, I'd suggest the following:

1. Fresh install of a some Linux distro
2. Fresh install of Bitcoin Core wallet (let it fully update/full node: https://bitcoin.org/en/full-node)
3. Once the wallet is good to go, power off the machine and remove it from your network

Plenty of up/down sides to all of the available cold-storage methods, but if you don't trust any third party solutions, the above is probably best for your peace of mind.

You can probably just generate an address once you've installed core, and write THAT address down on a piece of paper.

Just my 2 cents :/

[HCP]

I was considering a paper wallet until I saw a YouTube video on how they are "randomly" generated and my gut instinct is that they are insecure in the way its generated even offline. My concern is that the randomly generated wallets like bitaddress.org have pre-generated wallets that the site makers have access to and all the random typing and waving the cursor around is all a ploy to make you think it's randomly generated. I might be ultra paranoid, but what would be the most secure cold wallet? Could ledger nano s or trezor have similar security risks even.?

Bitaddress.org is open source, so the source code is available for auditing and review. Given the popularity of the service, I'd be surprised if there was anything hidden in the code that spits out "pre-generated" wallets.

If you're going down THAT paranoid path... what makes you think that ANY Bitcoin Wallet doesn't do the same thing?

But you can always sit down with some dice and roll up a random private key and then convert that to an address, if you want to go for a totally offline generation (https://www.swansontec.com/bitcoin-dice.html).

As they point out in the article... it's a relatively short script that is easy to audit... for extra peace of mind, you could cross verify the addresses generated with multiple tools from different sources to confirm that they actually match with the Hex private key that you're generated from dice and aren't just "pre-generated" addresses.

[pooya87]

I was considering a paper wallet~~

you don't need a specific program to generate paper wallet! in other words bitaddress.org is not the only way of creating a paper wallet.
ask yourself this, what is a paper wallet? is it not a private key printed on a paper? and how can you create a new private key?
you see it is pretty simple when you look at it like that. if you trust a wallet (lets say you trust bitcoin core) then you use that wallet to create a new key and print that (the key and address and you can encrypt it too) on a paper and that would be your paper wallet!

and as @HCP said there is always the Dice option. private key is just a random number and there are ways of generating a random number without a computer.

[vit05]

You could Download Tails and use on a USB as cold storage.


You could Use WarpWallet:

Buy your retirement coins on Coinbase or the exchange of your choosing.
Visit WarpWallet and note the SHA-256 sum in the URL after the redirect. Save the HTML to a file.
Boot up your air-gapped machine (AGM), preferably from a Linux live disk. (See Bruce Schneier’s article for more information on maintainig an AGM.)
Copy the HTML to your AGM using a USB-stick.
Run sha256sum warp.html on the AGM to verify that the sum matches the sum you observed in step 2.
Open the HTML as a local file with Chrome or Firefox.
Test the configuration with a few temporary passphrases and small transfers (see below for more details).
Pick a good passphrase. For example: vicar formal lubbers errata. More on this later.
Run the configuration in “production”, with your real passphrase. Use your email address as your “salt”. You’ll get a public/private key pair out.
Use your phone to scan the public key, and transfer it to your networked machine (via email, for example). When scanning, be careful to resize your browser window so that only the public QR code is visible.
Turn off the air-gapped machine.
On your networked machine, transfer coin from Coinbase to the WarpWallet-generated address.
Leave little cryptic notes around your house and office to remind you of what your passphrase is in case you ever forget.


You could use bitaddress.org and make a paperwallet using this Kit


You could use Shamir's Secret Sharing Scheme

[Stonetium]

I was considering a paper wallet until I saw a YouTube video on how they are "randomly" generated and my gut instinct is that they are insecure in the way its generated even offline. My concern is that the randomly generated wallets like bitaddress.org have pre-generated wallets that the site makers have access to and all the random typing and waving the cursor around is all a ploy to make you think it's randomly generated. I might be ultra paranoid, but what would be the most secure cold wallet? Could ledger nano s or trezor have similar security risks even.?

I have the same concerns. I bought through a third party on amazon and realized how silly of an idea that was. If you are going to buy, buy direct from the website

[DennisM]

Myself, I use a Ledger Nano S for cold storage.

[David Way]

Perhaps the simplest of all the wallets, these are pieces of paper on which the private and public keys of a bitcoin address are printed. Ideal for the long-term storage of bitcoin (away from fire and water, obviously), or for the giving of bitcoin as a gift, these wallets are more secure in that they're not connected to a network. They are, however, easier to lose.

[posi]

No wallet is totally secure mate but the wallet secure once the necessary precaution are put into consideration and concerning the paper wallet I think the wallet generated are still good for now and there are also some company that create their own paper wallet, you order one from them if you don't trust the one generated offline. However, I still prefer Trezor than Ledger cause the Ledger usually problem lately.

[vite]

Trezor and ledger would be best cold stroage option. And also there is pi wallet which is similar to that of a small computer which is not mentioned by any other user. Transaction are signed offline in Pi wallet and transfeered to usb

[Cryptoteleutios]

Nano ledger s is really secure. Totally invulnerable I would say

[HCP]

Nano ledger s is really secure. Totally invulnerable I would say

That's dangerous thinking... NO solution is 100% secure and it is foolish to think as much.

It has already been proven for both Trezor and Ledger Nano S that their solutions have had security flaws...

Granted, they've both now been patched to fix those flaws... and no doubt another round or three of security auditing has happened since... but I, for one, would not be making such bold statements regarding the security of ANY wallet.

[bob123]

And also there is pi wallet which is similar to that of a small computer which is not mentioned by any other user. Transaction are signed offline in Pi wallet and transfeered to usb

One should note that transferring transactions via USB can impose a new risk of getting infected.
While this is a (relatively) uncommon attack vector, it still does exist.

Since you are using an USB storage to 'communicate' between your offline storage and your online PC, it effectively isn't fully air-gapped anymore.

An approach to negate that attack vector would be to use QR codes and webcams (on your PI and online PC) to transmit data (un-/signed transactions).

[onurgozupek]

The best option is the one you have full control. Right now only Bitcoin Core wallets give you the option to directly connect to the blockchain. Any others (mobile wallets, hardware wallets, nearly all software wallets) sync the blockchain on their side and let your device/software communicate through their servers. So, format your old unused laptop, install a lite, clean linux distro and install Bitcoin Core wallet. Sync it time to time using cable connection and keep it safe... (you can install nearly all crypto wallets and this is the widest range option to store coins. But do not store all your coins on a single computer/device for your own safety)

[bob123]

The best option is the one you have full control. Right now only Bitcoin Core wallets give you the option to directly connect to the blockchain.

Every(!) cold storage gives (only) you full control over the private keys.
You don't have to 'connect to the blockchain' at all. A cold storage is meaned to be OFFLINE.

Additionally.. you are not 'connecting to' a blockchain. You are downloading the blockchain. You are connecting to other peers in the bitcoin network.

Any others (mobile wallets, hardware wallets, nearly all software wallets) sync the blockchain on their side and let your device/software communicate through their servers.

This is irrelevant when talking about cold storage. Cold storage = Offline.
You only have to keep the seed or private keys saved in an offline environment.

So, format your old unused laptop, install a lite, clean linux distro and install Bitcoin Core wallet. Sync it time to time using cable connection and keep it safe...

If you are going to sync it, it is not a cold storage. Syncing is useless. It just creates additional attack vectors.
When using a cold-storage-PC, you have to use it purely in offline (air-gapped) mode. Another PC (which is connected to the internet) is used to broadcast transactions.

But do not store all your coins on a single computer/device for your own safety

IF the device is truly air-gapped, you don't run any risk when installing multiple wallets on one device.
Even if one wallet is malicious, it won't ever be able to connect to the internet.

[goddog]

tails is a live OS with electrum preinstalled.
so you can insert tails usb stick in an airgapped pc,
start tails os,
open electrum to generate a seed write down the seed,and some generated address, on a paper.
Power off your pc, wait at least 10 seconds to allow ram to be wiped out
boot yuor normal os,
start electrum generate new watch only wallet
insert your addresses(not the seed) as watch only
done.

other option to be safe can be using 2-2 multisig address to store your bitcoin, so you can store one private key on your pc and one private key on your smartphone. So both devices have to be compromised to steal your bitcoins. if you have 3 or 4 devices you can use a 3-3 multisig or 4-4 multisig, for additional security

[dalookaj]

nano s is the best cold storage wallet

[CoinMarcel]

Ledger Nano S is the best. It is safe, easy, secure and I like also the safe use together with MyEtherWallet and GreenBits.

[Tomahawk One Two]

I think the best option is this one - you need to buy Trezor hardware wallet, and then, if you do not trust the password phrase that is installed on it, you will need to burn data on this wallet, there is a built-in function as it can be done manually. And then after burning you can set your own passphrase, but now you will need to select the option not 12 words, but choose 24 words. I think that this option will guarantee that your coins will now be in complete safety for many years.

[adaseb]

If you are really paranoid or storing over $1 million dollars on your device then you should just split it with different methods.

In my opinion... I wouldn't trust a hardware wallet either. Reason being is that exploits can still be discovered in the future or you are never sure if your device was "hacked" in some way prior to delivery.

The paper wallet is very safe. Just make sure to download from the correct website and do it all offline. Just go to Youtube and there are a few videos on how to do this.

However the paper wallet is usually for long long term storage... because when you sweep to spend it you need to use another wallet.

So you should use something like Electrum or Armoury and just use an old laptop as your second computer which will do all the signing for you.