Bitcoin Forum
August 24, 2019, 07:29:11 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Safest cold storage options currently  (Read 293 times)
jd218
Newbie
*
Offline Offline

Activity: 11
Merit: 0


View Profile
August 02, 2019, 11:49:22 PM
 #1

I currently have some bitcoin on a ledger nano S, but I find myself increasingly worried about the company just exit scamming (not for any particular reason besides central point of failure). This made me consider other cold storage options, and I'm currently considering a 2-of-3 multi-sig wallet using Electrum. Is there any similar risk doing this with Electrum, or is that mitigated since it is open source? I ordered a Trezor and ColdCard to tinker with, so I'm also considering the basic idea of splitting up funds amongst all hardware wallets, but that feels like it's I'm just increasing my exposure. Losing any satoshis will be painful, irregardless of portion.

Does anyone have any ideas?
1566674951
Hero Member
*
Offline Offline

Posts: 1566674951

View Profile Personal Message (Offline)

Ignore
1566674951
Reply with quote  #2

1566674951
Report to moderator
1566674951
Hero Member
*
Offline Offline

Posts: 1566674951

View Profile Personal Message (Offline)

Ignore
1566674951
Reply with quote  #2

1566674951
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1566674951
Hero Member
*
Offline Offline

Posts: 1566674951

View Profile Personal Message (Offline)

Ignore
1566674951
Reply with quote  #2

1566674951
Report to moderator
1566674951
Hero Member
*
Offline Offline

Posts: 1566674951

View Profile Personal Message (Offline)

Ignore
1566674951
Reply with quote  #2

1566674951
Report to moderator
1566674951
Hero Member
*
Offline Offline

Posts: 1566674951

View Profile Personal Message (Offline)

Ignore
1566674951
Reply with quote  #2

1566674951
Report to moderator
joniboini
Hero Member
*****
Offline Offline

Activity: 658
Merit: 1088



View Profile WWW
August 03, 2019, 01:30:46 AM
 #2

Why not use a paper wallet and save it in a secure place? I assume you need to store your funds in a long time and won't touch in on a daily basis. If that's what you want to do then you don't really have to buy a hardware wallet. What you need to make sure is that no one will be able to access your private key/seed, so you need to store it in a secure place. Even if you buy a new HW, you'll probably need to back up the seed to so if the wallet is lost somehow, you can still access your funds. So, if you don't plan on touching your funds once in a while, no need to buy HW imo.




.




  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄████████▀▀▀▀███▄
███████▀     ████
███████   ███████
█████        ████
███████   ███████
▀██████   ██████▀
  ▀▀▀▀▀   ▀▀▀▀▀

  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄██▀▀▀▀▀▀▀▀▀▀▀██▄
██    ▄▄▄▄▄ ▀  ██
██   █▀   ▀█   ██
██   █▄   ▄█   ██
██    ▀▀▀▀▀    ██
▀██▄▄▄▄▄▄▄▄▄▄▄██▀
  ▀▀▀▀▀▀▀▀▀▀▀▀▀

            ▄▄▄
█▄▄      ████████▄
 █████▄▄████████▌
▀██████████████▌
  █████████████
  ▀██████████▀
   ▄▄██████▀
    ▀▀▀▀▀

    ██  ██
  ███████████▄
    ██      ▀█
    ██▄▄▄▄▄▄█▀
    ██▀▀▀▀▀▀█▄
    ██      ▄█
  ███████████▀
    ██  ██




               ▄
       ▄  ▄█▄ ▀█▀      ▄
      ▀█▀  ▀   ▄  ▄█▄ ▀█▀
███▄▄▄        ▀█▀  ▀     ▄▄▄███       ▐█▄    ▄█▌   ▐█▌   █▄    ▐█▌   ████████   █████▄     ██    ▄█████▄▄   ▐█████▌
████████▄▄           ▄▄████████       ▐███▄▄███▌   ▐█▌   ███▄  ▐█▌      ██      █▌  ▀██    ██   ▄██▀   ▀▀   ▐█
███████████▄       ▄███████████       ▐█▌▀██▀▐█▌   ▐█▌   ██▀██▄▐█▌      ██      █▌   ▐█▌   ██   ██          ▐█████▌
 ████████████     ████████████        ▐█▌    ▐█▌   ▐█▌   ██  ▀███▌      ██      █▌  ▄██    ██   ▀██▄   ▄▄   ▐█
  ████████████   ████████████         ▐█▌    ▐█▌   ▐█▌   ██    ▀█▌      ██      █████▀     ██    ▀█████▀▀   ▐█████▌
   ▀███████████ ███████████▀
     ▀███████████████████▀
        ▀▀▀█████████▀▀▀
FIND OUT MORE AT MINTDICE.COM
pooya87
Legendary
*
Offline Offline

Activity: 1736
Merit: 1820



View Profile
August 03, 2019, 03:56:33 AM
 #3

cold storage is a storage that is created on an air-gap computer that has never had any communication with the outside world and never will. things such as multi-signature are the extra layer of security you are adding to that design. using hardware wallets is also a semi-cold option in my opinion since the device is still communicating with the "outside world" even if it is in a secure manner not leaking (or rather trying to) any secret information.

so with your design you could use your hardware wallet with an "offline" Electrum as the secondary signature provider if you want to be able to call it "cold storage". i'd say the third one is an overkill though. a 2 of 2 is enough.

crwth
Copper Member
Hero Member
*****
Offline Offline

Activity: 1036
Merit: 564


IMPROVE YOUR TRADING - Go 24/7 - https://gunbot.ph


View Profile WWW
August 03, 2019, 05:40:07 AM
 #4

I'm just curious about your claim. What makes you think that the company, Ledger, is exit scamming? Do you mean that you would not get your funds anymore? Or you are worried that your Ledger won't get updates anymore?

Before I had a hardware wallet, I used an old laptop that is particularly slow now and I just reformatted it completely. After that, I just didn't connect it on to the internet, whatsoever. Preventing connections from the internet. Just like pooya said, you could do something like that.




.




  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄████████▀▀▀▀███▄
███████▀     ████
███████   ███████
█████        ████
███████   ███████
▀██████   ██████▀
  ▀▀▀▀▀   ▀▀▀▀▀

  ▄▄▄▄▄▄▄▄▄▄▄▄▄
▄██▀▀▀▀▀▀▀▀▀▀▀██▄
██    ▄▄▄▄▄ ▀  ██
██   █▀   ▀█   ██
██   █▄   ▄█   ██
██    ▀▀▀▀▀    ██
▀██▄▄▄▄▄▄▄▄▄▄▄██▀
  ▀▀▀▀▀▀▀▀▀▀▀▀▀

            ▄▄▄
█▄▄      ████████▄
 █████▄▄████████▌
▀██████████████▌
  █████████████
  ▀██████████▀
   ▄▄██████▀
    ▀▀▀▀▀

    ██  ██
  ███████████▄
    ██      ▀█
    ██▄▄▄▄▄▄█▀
    ██▀▀▀▀▀▀█▄
    ██      ▄█
  ███████████▀
    ██  ██




               ▄
       ▄  ▄█▄ ▀█▀      ▄
      ▀█▀  ▀   ▄  ▄█▄ ▀█▀
███▄▄▄        ▀█▀  ▀     ▄▄▄███       ▐█▄    ▄█▌   ▐█▌   █▄    ▐█▌   ████████   █████▄     ██    ▄█████▄▄   ▐█████▌
████████▄▄           ▄▄████████       ▐███▄▄███▌   ▐█▌   ███▄  ▐█▌      ██      █▌  ▀██    ██   ▄██▀   ▀▀   ▐█
███████████▄       ▄███████████       ▐█▌▀██▀▐█▌   ▐█▌   ██▀██▄▐█▌      ██      █▌   ▐█▌   ██   ██          ▐█████▌
 ████████████     ████████████        ▐█▌    ▐█▌   ▐█▌   ██  ▀███▌      ██      █▌  ▄██    ██   ▀██▄   ▄▄   ▐█
  ████████████   ████████████         ▐█▌    ▐█▌   ▐█▌   ██    ▀█▌      ██      █████▀     ██    ▀█████▀▀   ▐█████▌
   ▀███████████ ███████████▀
     ▀███████████████████▀
        ▀▀▀█████████▀▀▀
FIND OUT MORE AT MINTDICE.COM
Lucius
Legendary
*
Offline Offline

Activity: 1512
Merit: 1297


Fortis Fortuna Adiuvat


View Profile WWW
August 03, 2019, 01:17:20 PM
 #5

I currently have some bitcoin on a ledger nano S, but I find myself increasingly worried about the company just exit scamming (not for any particular reason besides central point of failure).

How Ledger can scam you even if they say that they will stop support all products? You should have backup in safe place, and with that backup you can get access to your coins with help of some other wallet.

Maybe you think on some thing as backdoor exploit or something like that, that can allow Ledger to get all or some % of our seeds, but I don't think that's a very realistic option, although there is no such thing as 100% security.

Using some other hardware wallets is probably good way to reduce the risk, but if you just need to protect your coins for long-term, maybe form of paper wallet would be best option. But if you go in that direction be sure that you make such wallet in a safe environment (100% clean PC&printer, top quality ink and paper), and to wipe out all possible data after. After that you need to protect such backup, and this is not easy task - you may ask yourself what is less certain, that Ledger will somehow scam you, or that you will somehow scam yourself.

We recently have one user who is lost coins from paper wallet by using bad online service, and I also remember one user who is ask help because ink on his paper wallet is faded and he miss few characters in private key. People are losing coins every day from exchanges, hardware/desktop/mobile wallets - and in most cases due to their own fault.

hugeblack
Hero Member
*****
Offline Offline

Activity: 784
Merit: 639


Bitcoin is my stable coin. Eid Mubarak


View Profile
August 03, 2019, 01:22:15 PM
 #6

Does anyone have any ideas?

you can do this using Electrum or using https://www.bitaddress.org/

 - Download an open-source (Linux) system using the official URL.
 - Download Electrum using the official URL & verify the signature.
 - Boot your OS from an offline PC (It is better to remove internet Hardware parts) and install Electrum wallet (that contain the private key).
 - Create a watch-only wallet.
 - use online PC to access to that wallet (watch only).
 - Create a new transaction ----> click Preview ----> check everything is correct ----> click save or generating a QR code.
 - open your offline OS -----> open Electrum ----> Load Transaction or use a QR code  ----> check it is correct -----> click Sign ----> enter your password.
 - back to your online PC ---> Load Transaction ----> Broadcast it.

bitmover
Hero Member
*****
Offline Offline

Activity: 574
Merit: 977


rent this space


View Profile
August 03, 2019, 01:31:36 PM
 #7

Hardware Wallet can be considered a cold storage.
Easy to use, safe and cheap.

As discussed many times already here, making a paper wallet may be complicated and risky, as there are many problems regular users do not consider when creating one, and they may even lose funds due to those mistakes.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1736
Merit: 1990

Use SegWit and enjoy lower fees.


View Profile WWW
August 03, 2019, 05:15:44 PM
 #8

There's no correct answer for your question, all options have different attack vector, trust required & convenience offered.

  • HW wallet is obviously best option since the only hard part is verify HW wallet integrity when you buy it. Then you just need to verify address destination/coin amount on your HW wallet when you make transaction.
  • Use Electrum on air-gapped computer is very annoying, you need to move data (unsigned & signed transaction) few times on 2 different computer.
  • It's quite difficult to create paper wallet & you must make new paper wallet when you decide to spend your Bitcoin (due to security and privacy concern).
    There are various risks when create paper wallet from using malicious service, run on infected browser or do it on online computer

Additionally, all of them need different kind of trust, either HW wallet manufacture, Electrum developer and developer of paper wallet creator.

bob123
Legendary
*
Offline Offline

Activity: 994
Merit: 1415



View Profile WWW
August 05, 2019, 07:57:35 AM
 #9

Do you want to elaborate your exact issues with the risk of ledger exit scamming ?
Like, what scenario are you afraid of exactly ?

One of the most secure options would probably be to buy a new laptop, remove each wireless interface (wifi, bluetooth, ... ) and install a linux distro on it.
Then use any preferred desktop wallet (e.g. electrum) to store your private keys.

You just need to make sure that this computer never goes online and that you never plug in any device/storage which has been connected to an online computer once.

You'll need to move unsigned and signed transactions between your online and your cold storage computer.
Using webcams would be an option.

But you know.. there might be an exploit in the QR code scanner. So effectively, you are never 100% secure.
However, using a dedicated computer just for storing the private keys is definitely one of the most secure options.

mjglqw
Hero Member
*****
Offline Offline

Activity: 1036
Merit: 787


https://coinsources.io/bitcoin


View Profile WWW
August 05, 2019, 10:11:36 AM
 #10

Why not use a paper wallet and save it in a secure place?

Paper wallets shouldn't be suggested to the masses in my opinion. It simply is not easy enough(for your typical non-techie folk) to make a secure paper wallet, and widely suggesting it just puts them at risk. It won't be farfetched to think that they would simply just create one using their personal computer and print it without having any additional safety precautions.

bitmover
Hero Member
*****
Offline Offline

Activity: 574
Merit: 977


rent this space


View Profile
August 05, 2019, 10:44:51 AM
 #11

But you know.. there might be an exploit in the QR code scanner. So effectively, you are never 100% secure.
However, using a dedicated computer just for storing the private keys is definitely one of the most secure options.

I think the main reason for people to avoid hardware wallets are the physical attacks.

However those attacks  can't be mitigated by an airgapped computer, unless you format it after creating the paper wallet.

But you could also do it in a ledger, just reset it always after use. (Pretty annoying and I don't think that's useful)

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1736
Merit: 1990

Use SegWit and enjoy lower fees.


View Profile WWW
August 05, 2019, 05:46:16 PM
 #12

I think the main reason for people to avoid hardware wallets are the physical attacks.

In this case, using HW wallet or not doesn't matter because the thief already know you own cryptocurrency or someone saw HW wallet among your possession because you don't hide it properly.

However those attacks  can't be mitigated by an airgapped computer, unless you format it after creating the paper wallet.

But you could also do it in a ledger, just reset it always after use. (Pretty annoying and I don't think that's useful)

Encryption with strong password to your storage drive and bitcoin wallet could help, unless you specifically meant $5 wrench attack rather than physically steal HW wallet, recovery sheet or your computer.

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 658
Merit: 2555



View Profile
August 05, 2019, 06:45:09 PM
Merited by bitmover (1)
 #13

However those attacks  can't be mitigated by an airgapped computer, unless you format it after creating the paper wallet.
I wonder how many people using this set up fully encrypt their airgapped machine, and how many have no protection on it at all, assuming that no one else will gain physical access. If your airgapped computer (or at least the wallet file) isn't encrypted with a strong password, then it is far more vulnerable to a physical attack than a hardware wallet is.

Encryption with strong password to your storage drive and bitcoin wallet could help, unless you specifically meant $5 wrench attack rather than physically steal HW wallet, recovery sheet or your computer.
If someone is attacking you this thoroughly, knows you own bitcoin, and finds an encrypted drive or an encrypted file, it won't take them long to put 2 and 2 together. I suppose you could use a hidden volume to increase your plausible deniability; hide a wallet with a small volume of bitcoin on the outer volume, and hide your money wallet on the hidden volume, much like you would do with a passphrase on a hardware wallet.

If someone is willing to torture you for your bitcoin, then it is pretty irrelevant if you have a hardware wallet, airgapped device, paper wallet, or whatever.

bitmover
Hero Member
*****
Offline Offline

Activity: 574
Merit: 977


rent this space


View Profile
August 06, 2019, 01:50:34 AM
 #14

If someone is willing to torture you for your bitcoin, then it is pretty irrelevant if you have a hardware wallet, airgapped device, paper wallet, or whatever.

Lol

But there is something you could try to do in this situation

Ledger nano allows you to keep 2 pins registered in the same device. The second one has the same seed, but with a passphrase. You could a small quantity in one of them, and then the torturer could be cheated. If he is satisfied with quantity

o_e_l_e_o
Hero Member
*****
Offline Offline

Activity: 658
Merit: 2555



View Profile
August 06, 2019, 09:03:39 AM
 #15

Ledger nano allows you to keep 2 pins registered in the same device.
Trezor devices also have the passphrase functionality. Using a passphrase is akin to the scenario I described above with using a hidden encrypted volume; you can give away the PIN or encryption key to the "dummy" wallet, while keeping you real wallet hidden. This all relies on the hidden wallet not being known about by the attacker, which in addition to keeping it a secret, also means not having it obviously linked to your "dummy" wallet via the blockchain.

Using a passphrase is a good additional security measure, and everyone with a hardware wallet should be using a passphrase. In addition to the plausible deniability as described above, it also helps to mitigate against physical attacks on the device itself.

Boriss
Full Member
***
Offline Offline

Activity: 588
Merit: 114


Bitcore (BTX)


View Profile WWW
August 06, 2019, 10:35:09 AM
 #16

you can do this using Electrum or using https://www.bitaddress.org/

 - Download an open-source (Linux) system using the official URL.
 - Download Electrum using the official URL & verify the signature.
 - Boot your OS from an offline PC (It is better to remove internet Hardware parts) and install Electrum wallet (that contain the private key).
 - Create a watch-only wallet.
 - use online PC to access to that wallet (watch only).
 - Create a new transaction ----> click Preview ----> check everything is correct ----> click save or generating a QR code.
 - open your offline OS -----> open Electrum ----> Load Transaction or use a QR code  ----> check it is correct -----> click Sign ----> enter your password.
 - back to your online PC ---> Load Transaction ----> Broadcast it.



For this you need to have 2 PCs and fiddle around with them, not practical at all if you need to use it, only for deep freeze usage, not even cold storage. Grin

For the amount of money you can buy Trezor One or Ledger nano it's just isn't worth the fuss and you get the same thing, 2 points of security that mitigate attack if one point gets infected.


NeuroticFish
Legendary
*
Offline Offline

Activity: 1946
Merit: 1279


There are no mistakes. Only opportunities wasted.


View Profile
August 06, 2019, 10:44:07 AM
 #17

Does anyone have any ideas?

In my head hardware wallet is not identical with cold storage. Maybe I'm wrong with the terms, however, I am also concerned that maybe someday, for one reason or another I cannot sign anymore with my hardware wallet.
(edit: yes, I know, I do have the seed and I can probably import it into Electrum or another Ledger wallet, still, I have my fears that things can go wrong)

So my suggestion is: use the hardware wallet for amounts you spend over a certain period of time (that depends on how much you spend, really) and for collecting/storing a 100% offline option is preferred.
The offline option will be either one or more paper wallets (private keys + addresses), either one or more seeds (BIP39 or Electrum) with some addresses at hand.
And for transferring from the offline sources to the hardware wallet (maybe 1-3 times a year) you make on your computer a watch only wallet for creating (step1) and broadcasting (step3) the transaction and a Tails OS USB stick for signing it offline(!) (step2).

pooya87
Legendary
*
Offline Offline

Activity: 1736
Merit: 1820



View Profile
August 07, 2019, 03:48:34 AM
 #18

~
For this you need to have 2 PCs and fiddle around with them, not practical at all if you need to use it, only for deep freeze usage, not even cold storage. Grin

not really. when you burn a Linux OS on a DVD and boot using it, you are in a new system that is fresh without needing to have another PC. it can be run 100% live from your RAM without needing HDD and no need for internet access. a 100% clean and offline environment.

this can be used 2 different ways:
1. boot from DVD, import seed, sign tx, shut down, transfer to online and broadcast
this means each time you want to spend you have to both install the wallet and import your key or seed

2. install it on a removable media like a USB disk or a portable hard disk.
this way you can add additional things such as encryption and save the settings such as disabling network completely. and you won't have to import your key every time.

PrimeNumber7
Full Member
***
Online Online

Activity: 182
Merit: 213



View Profile
August 07, 2019, 05:13:21 AM
 #19


If someone is willing to torture you for your bitcoin, then it is pretty irrelevant if you have a hardware wallet, airgapped device, paper wallet, or whatever.
The solution to a $5 wrench attack, and other similar attacks involving physical force to you as a person is to keep a small number of coin associated with a BIP 39 seed with the passphrase/last seed word being something different than the passphrase that secures the majority of your coin. This will allow you to give something to the attacker while both preserving a portion of your coin and maintaining your safety.

To answer the OP's question, I would not over complicate my cold storage setup. I would choose a HW wallet manufacturer I am comfortable is making a product that cannot easily be compromised, keep my coin secured by that HW wallet, and use the paper card as a backup with the seed hand written on it stored in a safety deposit box.

bob123
Legendary
*
Offline Offline

Activity: 994
Merit: 1415



View Profile WWW
August 07, 2019, 07:22:02 AM
 #20

The solution to a $5 wrench attack, and other similar attacks involving physical force to you as a person is to keep a small number of coin associated with a BIP 39 seed with the passphrase/last seed word being something different than the passphrase that secures the majority of your coin. This will allow you to give something to the attacker while both preserving a portion of your coin and maintaining your safety.

Well, but this is only possible if either 1) the person attacking you doesn't know the magnitude of BTC's you own or 2) you have an amount large enough accessible without the passphrase.

If an attacker knows (e.g. because you are telling everyone, or because you are some known person in the community) that you own about X - Y bitcoins, he won't be happy with seeing 1/10 X or even less of that in your non-password protected wallet.
I mean.. you might be able to deceive attacker which aren't familiar with BTC and wallets, but in any other case it will be pretty obvious that the full amount is protected with an additional password.

This might be useful for plausible deniability regarding a person which doesn't know how much you own, but it won't protect you if he knows how much approximately own.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!