.

[Dabs]

I personally prefer generating a completely random private key / public key pair than using deterministic methods to create / recreate a wallet (or bunch of keys), as there is the risk (no matter how small) of the method to be discovered and the whole wallet compromised.

[1714113912]

1714113912

[1714113912]

1714113912

[Kazimir]

You should try Wuala.com. ( it also accept Bitcoin as payment: http://www.wuala.com/bitcoin )
It has many features like Dropbox, but it also include a local encryption before the upload

I only just discovered about this Wuala thing, but this is pretty awesome!

Looking into Wuala right now, didn't try it yet but so far it seems a big improvement over Dropbox:

• Encrypted locally, which is extremely important for sensitive data (such as your wallet)
• 5GB instead of 2GB in the free plan (well even 2GB is already WAY more than you need to backup your wallet)
• Ability to have multiple sync folders on your computer (as opposed to just one global 'Dropbox folder')

Looks pretty nice so far.

[etotheipi]

I made a pretty comprehensive tutorial for using cold storage in Armory:  Using Offline Wallets in Armory. 

Get an old laptop, and it's 7 steps to get setup.  Then 7-8 steps to actually execute a transaction.  But of course, this is all with a pleasant graphical user interface with directions shown along the way, so the steps are a lot easier than the alternatives! 

Offline wallets/cold storage is exactly what inspired me to make Armory in the first place! 

The only potential point of failure is USB viruses.  And those viruses would have to be highly-targeted:  your private keys never touch any computer that will ever touch the internet.  So a USB virus would have to be fully automated and exploit autorun vulnerabilities to even have a chance.  In the future, I will support serial cables to close this tiny little gap, for the super-paranoid.

</spam>

[fivemileshigh]

How do you guys feel about bitaddress.org paper wallets for offline storage? Pdf's backed up as physical paper in a secure location and as a file on an encrypted disk image on email/dropbox/various usb sticks (25+ char. pwd)?

[Dabs]

@etotheipi

The offline computer can have an offline antivirus, anti-malware, anti-rootkit software installed. It is updated by virus definition files offline through the USB. Serial cables (as in the RS232?) are non-existent on modern computers and you can consider them obsolete.

Personally, I don't have enough bitcoins to justify an offline computer for the purpose of cold storage, and I think I know relatively enough about malware to prevent it from affecting my daily computer usage despite not having installed anti-virus software (they slow down my computer so much that I notice it.)

Your software is interesting though and I might just download and try it out.

@fivemileshigh

That's almost how I do it. I generated some key pairs and they're backed up on paper and encrypted and rar'd with recovery records, and then protected from damage. I haven't actually printed them out to paper but will do it soon.

A piece of paper, printed using a dot-matrix impact printer (because laser toner sticks and inkjets smudge), optionally laminated, stored in a folder or envelope, in a safe is cheaper than a used mini laptop / netbook.

I'm actually looking for a decent font to print out my private keys and so far I've come up with Courier, Consolas and Lucida (fax / mono). I prefer monospaced font for this purpose.

[etotheipi]

@etotheipi

The offline computer can have an offline antivirus, anti-malware, anti-rootkit software installed. It is updated by virus definition files offline through the USB. Serial cables (as in the RS232?) are non-existent on modern computers and you can consider them obsolete.

Personally, I don't have enough bitcoins to justify an offline computer for the purpose of cold storage, and I think I know relatively enough about malware to prevent it from affecting my daily computer usage despite not having installed anti-virus software (they slow down my computer so much that I notice it.)

Your software is interesting though and I might just download and try it out.

You can get USB-to-Serial-port converters for $10.  One for each system and a null modem cable to hook'em together.

I agree that you can install all sorts of extra stuff on the two systems to prevent most nastiness.  But if users are storing $100,000+, they would prefer the 100% guaranteed solution, even if it's a little extra work and a few extra dollars.

Please try it out and let me know if you have any issues or concerns.  I'm always available to help

[justusranvier]

I agree that you can install all sorts of extra stuff on the two systems to prevent most nastiness.  But if users are storing $100,000+, they would prefer the 100% guaranteed solution, even if it's a little extra work and a few extra dollars.

If users really are storing $100,000+ there's no reason to use a general-purpose computer as an offline wallet. It seems like a dedicated hardware device should be able to be produced for less than the cost of two USB to Serial converters plus a PC. All it would need to do is receive unsigned transactions, wait for user input, sign the transaction, and return it.

[etotheipi]

I agree that you can install all sorts of extra stuff on the two systems to prevent most nastiness.  But if users are storing $100,000+, they would prefer the 100% guaranteed solution, even if it's a little extra work and a few extra dollars.

If users really are storing $100,000+ there's no reason to use a general-purpose computer as an offline wallet. It seems like a dedicated hardware device should be able to be produced for less than the cost of two USB to Serial converters plus a PC. All it would need to do is receive unsigned transactions, wait for user input, sign the transaction, and return it.

Yes and no. 

(1)  Such hardware devices do not exist yet
(2)  Offline systems can usually be found for free, because even 10 yrs old with 256 MB of RAM will work
(3)  A specialized hardware device may work, but will lack flexibility -- with the offline system you can import keys, juggle wallets, print backups, etc.

I agree that a specialized piece of hardware would be nice, but there's a lot of flexibility in using a general purpose system that was about to be thrown out anyway.

[justusranvier]

I agree that a specialized piece of hardware would be nice, but there's a lot of flexibility in using a general purpose system that was about to be thrown out anyway.

Flexibility is nice but it also means more potential ways for a remote attacker to find an exploit. The lack of flexibility in a specialized device is a feature because it greatly reduces the attack surface.

It might not be worth it for $1000 but a wallet with $100,000+ is a highly desirable target for someone to go after.

[kjlimo]

This thread lost me at 14 steps... easy?

anyway, in case I feel like I need more security... sub

[etotheipi]

I agree that a specialized piece of hardware would be nice, but there's a lot of flexibility in using a general purpose system that was about to be thrown out anyway.

Flexibility is nice but it also means more potential ways for a remote attacker to find an exploit. The lack of flexibility in a specialized device is a feature because it greatly reduces the attack surface.

It might not be worth it for $1000 but a wallet with $100,000+ is a highly desirable target for someone to go after.

I agree with your sentiment.  But a computer that has never touched the internet has no attack surface.  The only attack vector is the autorun-USB vulnerabilities when using a USB key for moving tx data back and forth.  It's a small surface, but it is theoretically exploitable.  That's why I brought up the USB-serial connection, which reduces that attack surface to zero (barring compromised software updates), because there is no way to induce remote-code execution through the serial cable.

EDIT: last sentence is true given a couple basic precautions taken on the offline system.  And the entirety of the above is true given that the software was designed "correctly."

I designed Armory specifically for the easiest cold storage capability possible.  And most people either have an old spare laptop sitting around waiting to be junked, or can get one from a neighbor/friend/coworker for free.  The program walks you through the process, and unlike other solutions, you get a watching-only wallet on your online computer so you can still generate addresses and monitor your balance and transactions, without the risk of someone getting the private keys.

[justusranvier]

because there is no way to induce remote-code execution through the serial cable.

That's what has me worried. It's been a long time since we used dial up modems as a primary means of accessing the internet so how much attention has been paid to the OS serial port drivers and libraries with regards to security flaws? Can you prove there is no possible sequence of bits capable of exploiting a bug somewhere in the stack?

In the case of Linux, wasn't the entire TTY layer recently rewritten? How much security auditing has been done on that, given that serial ports don't get a lot of use these days?

[proudhon]

I agree that a specialized piece of hardware would be nice, but there's a lot of flexibility in using a general purpose system that was about to be thrown out anyway.

Flexibility is nice but it also means more potential ways for a remote attacker to find an exploit. The lack of flexibility in a specialized device is a feature because it greatly reduces the attack surface.

It might not be worth it for $1000 but a wallet with $100,000+ is a highly desirable target for someone to go after.

I agree with your sentiment.  But a computer that has never touched the internet has no attack surface.  The only attack vector is the autorun-USB vulnerabilities when using a USB key for moving tx data back and forth.  It's a small surface, but it is theoretically exploitable.  That's why I brought up the USB-serial connection, which reduces that attack surface to zero (barring compromised software updates), because there is no way to induce remote-code execution through the serial cable.

EDIT: last sentence is true given a couple basic precautions taken on the offline system.  And the entirety of the above is true given that the software was designed "correctly."

I designed Armory specifically for the easiest cold storage capability possible.  And most people either have an old spare laptop sitting around waiting to be junked, or can get one from a neighbor/friend/coworker for free.  The program walks you through the process, and unlike other solutions, you get a watching-only wallet on your online computer so you can still generate addresses and monitor your balance and transactions, without the risk of someone getting the private keys.

I love Armory, and I think it is the easiest possible solution for much of the current bitcoin crowd, but I think the time is approaching that we'll need to begin developing for our parents and less-tech-savvy friends.  I know lots of people, even among my cohort, who don't have spare computers sitting around, and even if they did they wouldn't be able to setup an offline Armory wallet.

Edit:  BTW, you've got PM.

[etotheipi]

I love Armory, and I think it is the easiest possible solution for much of the current bitcoin crowd, but I think the time is approaching that we'll need to begin developing for our parents and less-tech-savvy friends.  I know lots of people, even among my cohort, who don't have spare computers sitting around, and even if they did they wouldn't be able to setup an offline Armory wallet.

Edit:  BTW, you've got PM.

I whole-heartedly agree.   My priority has been to make the functionality exist and accessible for those who want it.  So far, I haven't seen cold-storage implemented anywhere else that isn't a complete PITA to use.   In that sense, Armory is the perfect response to this thread, because you were already expecting to do 14 steps when you clicked on this thread     At least the steps for Armory cold storage are built into the interface, and lets you have a watching-only wallet...

However, as you point out, absolute beginners would probably not figure this out.  And to be fair, Armory is not designed, in its current state, to be a beginner's tool.  Armory is intended to be the ultimate advanced-users' tool first, then I will work on networking-independence and standard-usermode to make it usable by new users.  As long as you need the Satoshi client running in the background, there's no point in catering to beginners, yet...

[2112]

I'm pretty sure that Mr. etotheipi is well meaning, but he is also very young and inexperienced. His advice about "attack surface" is generally right, but it just betrays his lack of experience.

1) Those who remember the old product called Laplink and its special "serial and parallel on both ends" cable will probably also remember the trivial procedure used to transfer Laplink from one machine to the other through that cable. Once you had Laplink on both machines you had access to all files on both machines.

2) Ten years old laptop computers frequently have IrDA (or other infrared) port. There wasn't many commercial products using those ports, but it was heavenly invention for hackers. Clever person could gain access to the other person's computer while siting right in front of him around the conference table during negotiations.

3) The biggest attack surface on 10 years old computers in not from hackers, but from your good old friend Murphy. If you plan on following his advice to store your valuable bitcoins on an old PC please buy at least 2 or 3 identical copies to have spare parts in case of inevitable component failure. Also make sure that either you know how to swap those parts or have a trusted person who could help you with that task.

This is pretty much close to a security theater performance art.

The constructive advice I could give is:

1) use modern computers, just learn how to boot them off the external drive or how to swap internal drives.
2) when storing on the hard drives learn about SmartMonTools (or other S.M.A.R.T. toolset), how to use them and how to interpret the results.
3) DVD-RAM is the only consumer-grade removable media technology with any track record of long-term reliability.
4) USB flash drives are to be trusted only if you also have access to the test and configuration application that is specific to the particular controller used in your flash device.

Thank you for reading.

[proudhon]

I'm pretty sure that Mr. etotheipi is well meaning, but he is also very young and inexperienced. His advice about "attack surface" is generally right, but it just betrays his lack of experience.

1) Those who remember the old product called Laplink and its special "serial and parallel on both ends" cable will probably also remember the trivial procedure used to transfer Laplink from one machine to the other through that cable. Once you had Laplink on both machines you had access to all files on both machines.

2) Ten years old laptop computers frequently have IrDA (or other infrared) port. There wasn't many commercial products using those ports, but it was heavenly invention for hackers. Clever person could gain access to the other person's computer while siting right in front of him around the conference table during negotiations.

3) The biggest attack surface on 10 years old computers in not from hackers, but from your good old friend Murphy. If you plan on following his advice to store your valuable bitcoins on an old PC please buy at least 2 or 3 identical copies to have spare parts in case of inevitable component failure. Also make sure that either you know how to swap those parts or have a trusted person who could help you with that task.

This is pretty much close to a security theater performance art.

The constructive advice I could give is:

1) use modern computers, just learn how to boot them off the external drive or how to swap internal drives.
2) when storing on the hard drives learn about SmartMonTools (or other S.M.A.R.T. toolset), how to use them and how to interpret the results.
3) DVD-RAM is the only consumer-grade removable media technology with any track record of long-term reliability.
4) USB flash drives are to be trusted only if you also have access to the test and configuration application that is specific to the particular controller used in your flash device.

Thank you for reading.

I think you're forgetting that Armory can be use, and should be used IMO, to create offline paper backups.  Laminate a few of those suckers and store them in fireproof safes.  If the the old computer you used, which may have had an active wallet on it, dies; then just grab another computer and one of your paper backups and your back in business.

[2112]

I think you're forgetting that Armory can be use, and should be used IMO, to create offline paper backups.  Laminate a few of those suckers and store them in fireproof safes.  If the the old computer you used, which may have had an active wallet on it, dies; then just grab another computer and one of your paper backups and your back in business.

Thank you for reminding me about another "attack vector" that I neglected.

You'll also need to store the Armory source code as well as the source code of its tangled mess of dependencies, including the toolsets required to rebuild them. Or just buy a life insurance policy and a performance bond on Mr. etotheipi.

Sorry, but I have a feeling that explaining certain long-term attack vectors will look too much like a personal attack. I really don't want to go into that discussion.

[etotheipi]

I think you're forgetting that Armory can be use, and should be used IMO, to create offline paper backups.  Laminate a few of those suckers and store them in fireproof safes.  If the the old computer you used, which may have had an active wallet on it, dies; then just grab another computer and one of your paper backups and your back in business.

Thank you for reminding me about another "attack vector" that I neglected.

You'll also need to store the Armory source code as well as the source code of its tangled mess of dependencies, including the toolsets required to rebuild them. Or just buy a life insurance policy and a performance bond on Mr. etotheipi.

Sorry, but I have a feeling that explaining certain long-term attack vectors will look to much like a personal attack. I really don't want to go into that discussion.

2112,

I know what you're saying: it's improper to talk about "zero attack-surface" because there's always a vulnerability due to one of the assumptions made which isn't necessary true (unexpected software on the OS, improper software design, maliciously modified software, etc).  But what solution do you recommend instead?  Both, "what do you do right now to secure your coins" and "how do you improve the software to make it more secure"?

I am not sure if there's anything better than Armory for the first question, right now, in terms of being a solution that moderately-experienced users can use.  The answer to the second question has been the topic of many discussions including this one where I sought input from other users on exactly this topic.  I don't see any posts from you.

(EDIT: added the correct link to the previous paragraph)

You clearly have constructive input to add, so please do so on those threads.  You are clearly very experienced and your input would be valuable so that stupid things don't happen.  For reference, I am aware of various pre-installed tools for communicating via serial port -- and even IrDA could be used to initiate logins.  I didn't mean to imply that all you need is a serial cable -- using the serial cable would come with a lockdown procedure.  It would be for the really advanced users.  

I heed your advice about claiming "zero attack vector", I should really be claiming that this is the "best solution currently available."  It's certainly better than keeping an encrypted wallet on your online HDD.  

P.S. -- One thing to clear up:  paper backups for Armory are invaluable.  You can print off multiple copies to protect against hardware failure, and any version of Armory can produce a raw list of private keys that could be imported into any other program.  Agreed that old hardware is likely to fail, but new hardware fails too -- that's why there's such exhaustive backup features in Armory.

[justusranvier]

This is just my purely subjective personal opinion but if I had a wallet with $100,000+ in it I would store it on a computer that had complete air gap security - not even an RS-232 link to an Internet-connected computer. I would want the ability to create offline transactions by hand-keying in the source and destination addresses and would broadcast the transaction by having the offline computer print a hard copy that another computer could scan in and upload to the network.

[etotheipi]

This is just my purely subjective personal opinion but if I had a wallet with $100,000+ in it I would store it on a computer that had complete air gap security - not even an RS-232 link to an Internet-connected computer. I would want the ability to create offline transactions by hand-keying in the source and destination addresses and would broadcast the transaction by having the offline computer print a hard copy that another computer could scan in and upload to the network.

Well you can do that with Armory.  It just might be quite a bit of handwriting (I think some transactions can be up to 10kB)...

However, I had considered the possibility of using webcams and QR codes.  But that will turn into a mess of wires and complicated interfaces to deal with multiple QR codes, etc.