Thank you all for the answers,
Below the first line, I have quote each answer and replied to it.
Below the second line, those are my next steps and further questions.
Cheers
Comments / reply to your messages :
I can't comment on your cloud storage solution, because I keep literally zero data on the cloud. I simply don't like other people having access to my data, even if it is encrypted.
Indeed it is not ideal, but I am yet to find a solution that allow me the flexibility of updating data, accessing it, and storing all being super safe.
Storing the USB and the password together (obviously)
Storing the seed on paper - ink fades, paper degrades, vulnerable to water, fire, etc. Consider changing to the seed inscribed/engraved on a piece of metal.
Yes I will do that, I will also get a paper punch, good quality paper, and store it into a sealed bag.
Regarding the metal plate, I did find this product, it appears to be the good versatile solution :
Crypto key Stake . it is 70$, I will order one in the next few days.
My wife has 0 knowledge about crypto / computers... I need to find easy solutions.
Step 1: talk to your wife! Make sure she understands the important things, and doesn't instantly get scammed if she ever needs to recover funds.
Yes, job done.
The good thing Is that her brother (my brother in law) is quite tech savy and knows about bitcoins and wallets. He has a ledger as well and use almost the same recovery software as I do.
(But he doesn't know my quantity of crypto, he doesn't know any of my password, and he is not approved to enter the vault to access my box, he is totally locked away from my coins... he is family but we are never too cautious).
Next problem, how to store a USB key for 10 years ?
What if the guy above me (in the vault) is storing a huge magnet, or a meteorite that is highly magnetic.
As far as a know,
a magnet isn't a risk for a USB stick. However, in 10 years, I wouldn't trust a single stick to still work.
If you don't trust paper, ink and electronics, why not just get a letter punch?
Yes I will get the metal engraved plate described above.
I still haven't found the right balance between security and accessibility.
Glad to see that i am not the only one
Thanks heaps for the feedback.
if you are going to be storing stuff like passwords, scans of important documents, things in any particular storage or encryption format in data files etc. i mean in addition to just paper/steel with seeds on them.
somewhere in your vault you should include as much information about the format and version numbers of all software/encryption you used on any files she needs to access. also a cd/dvd of archive quality plus a usb stick and and actual usb hard drive of all software you used. that way versions match and she can load the actual software version you are using. maybe an operating system image too or at least the iso of the OS installation media. who knows what software will still be around and how backward compatible it will be when she needs it. there may be quirks specific to the particular version of the some software used.
USB drives fade with age. hard drives not so much but are susceptible to magnetism/moisture. iow each has strengths weaknesses which is why i include both, as well as archive quality optical media.
this strategy applies to any scenario where you need to preserve electronic data. perhaps she has access to data files later than whats in the vault. she needs to have all software needed to access it.
Thanks for the feedback, I did purchase 3 USB key and wrote on them 1 / 2 / 3
Number one was supposed to have a plein text with a tutorial.
Number two was a live USB of linux mint
Number 3 was LUSK encrypted (password on a paper / and or at the lawyer / Will) all the needed software, the wallets I have been using and the data base.
I think I will stay away from the USB key storage, I will also pass on the DVD, looks better for long term storage but not as easy to use and update.
I think I will move toward a could base encrypted data base.
See my message below the line.
this may sound too obvious but you'd be surprised how many people are caught with their pants down later on because unknowingly did something wrong. do a test recovery yourself and see if things work! try decrypting what you encrypted before, import the seed, try seeing if you can get the same addresses,... and see if it actually works. I have seen people that wanted to recover their seed (even the not encrypted one) and be unable to because they wrote down a word wrong.
I also like the letter punch idea posted above, basically any form of engraving letters on metal. just remember to encrypt it first.
Yes totally agree with you.
I already tested once my recovery system when I put 3 wrong pin in my ledger nano S. I used the paper seed to rebuild it.
I have a second nano S in the vault that is already built with the same seed, the pin is on a paper next to it.
I know that she will be able to access those coins, without any fear of being hacked.
<…> But if I want to buy a Trezor and send all my crypto from nano to Trevor, I then need to back up and put to a safe place the new seed of my trezor.<…>
You can use the same seed of your current Ledger Nano S to restore to a Trezor device (or clone it on to another Ledger Nano S as I have). From what I’ve read, when restoring the Ledger Nanos S seed on to a Trezor device, there seems to be a fuzzy thing: The ETH in each device seems to use a different derivation path, being (m/44'/60'/0') on Ledger and (m/44'/60'/0'
/0) on Trezor (it includes the "change" path of the BIP44 specification). MEW connected to the hardware wallet lets you change the derivation path, but not all Etherum based wallets do, so it looks like an awkward feature when importing the seed on one of the hardware devices into the other.
I haven’t personally tried Ledger Nano S to Trezor migration though, as for now I prefer using my two cloned Ledger Nanos S devices.
Wow !!! thanks so much for the info, I will do a little bit more research about it as this is very useful to know.
I already clone my ledger (see answer below), but using it into a tremor and the other way around it good !
It makes sense, but still it is cool to know that they rebuild the "wallet" the same way from the same seed.
I liked the idea of engraving encrypted keys on a metal plate. But maybe your wife won't be able to recover the data if, as you say, she doesn't know anything about cryptography. Maybe you need to teach her cryptography. If she doesn't deal with the recovery, she can ask for the help of the scammers.
She will have access to a good chuck of my coins on the ledger ( I have one at home in the safe, and a copy in the vault).
the rest will be explained to her via data in the vault.
My new thoughts, my new systems, my new questions :
After reading comments and spent the night on it, here are my updates / thoughts.
- I talked to my wife, she knows where the vault is, she knows where the vault key is (one hidden at home, one with a friend) and she knows that she can access the vault with a death certificate.
- The vault will have the seed of my ledger on a metal plate (link to the product)
- The vault will also have my lastpass master password (engraved), something with 70 to 100 entropy. That password shall only be entered once on each computer I own.
I have tested a similar password to mine on this website : http://rumkin.com/tools/password/passchk.php
This is the result : submarineTYGHVDSA2018
Length: 21
Strength: Strong - This password is typically good enough to safely guard sensitive information like financial records.
Entropy: 97.4 bits
Charset Size: 62 characters
- The master password will give access to my lastpass password manager. On last pass I will have all my passwords, my 2FA keys and some general text for her to read. Basic explanation and stuff. Last pass will also have the ".data base" file from KEEPASS. This file will be updated from time to time (from my linux computer) with new seeds or sensitive info. I will also upload the correct software version.
- the ".Key" file will be in the vault on a USB key (not ideal for long term storage). along with the software installer (same version).
- I will also have the ".key" file somewhere hidden in the house (and also given to friend for safekeeping) on a USB key LUSK protected. That password will be in the vault.
Testing of my system : She goes to the vault with death certificate, she gets the ledger and the pin, it is still working, she has access to funds. It is not working, she has to buy a new ledger and use the engraved seed.
Using the master password she gains access to last pass and can read in clear some information about the coins, their value, where and how to spend
(believe me, she will learn quick and spend the coins haha !). She gets access to various exchanges, my emails and stuff.
Because she has access to last pass, she can get the encrypted database from keepass. Its master password is in the vault too.
Option one, the USB key from the vault is still working, it is all good. She has access to super sensitive data as well (a recent seed that is not engraved in the vault... private keys to some addy for cold storage ...).
Option two that USB key is dead, I shall write in Lastpass where the "hidden recent USB key" is in the house. No risk of anyone finding it, the password is in the safe. If I gave one to a friend, she can just get it of them.
- Case 2, I don't die, my house is in Fire.
Same as above, except that I could do some short cut, if I remember my master passwords.
Do you guys have any feedback, comments, warning, improvements ?
Once I have something I am confident will work, I will update the reserved post in second position and write up some tutorial / tips and give appropriate credit.
