Cold Storage Question before I jump in!

[martinw79]

I am ready to put some of my BTC holdings into a couple different cold storage wallets. I went through the process already moving around a few mBits as tests, created the keys on an offline PC, sent real funds, then ran an import in bitcoin-qt, all good there!

My concern is this, If I move a few BTC into individual 1BTC wallets, do I have to worry about any Change Address issues if I simply ignore them completely for a long time? Assuming my private keys are kept safe over time, is there any way I can lose funds this way? I do not plan on making further deposits into any of these wallets, if my funds grow I will keep another hot wallet or setup more cold storage. I also do not plan on withdrawing funds at any time, when I do it will be a full sweep per wallet.

Before I proceed with sending my hard earned mining BTC to each address, I want to make sure I take all the proper precautions, any help from you BTC pros is greatly appreciated.

 

[byt411]

There shouldn't be a problem, change addresses are used if you partially retrieve the funds from your cold wallet.

[boumalo]

Why not use a paper wallet?

https://www.bitaddress.org is supposed to be safe

[shorena]

I am ready to put some of my BTC holdings into a couple different cold storage wallets. I went through the process already moving around a few mBits as tests, created the keys on an offline PC, sent real funds, then ran an import in bitcoin-qt, all good there!

Good, testing is important.

My concern is this, If I move a few BTC into individual 1BTC wallets, do I have to worry about any Change Address issues if I simply ignore them completely for a long time?

Change only occures if you send coins, not if you receive them. So youd only have to worry about the wallet you send to coins from and not about the cold wallet you send the coins to.

Assuming my private keys are kept safe over time, is there any way I can lose funds this way?

Yes, if your private keys are the result of a bad random generation. E.g. you choose a brainwallet with "correct horse battery staple" as seed. What I liked best is the idea to point your camera at a lava lamp to take that as a source of randomness. I dont know how good a source of randomness it is, but it sounds good. If you generate a new wallet with bitcoin core it uses the random number generator (RNG) of your OS. So you might want to look into that. For other wallets they might take different RNG. Probably worth checking that out. Just in case.

I do not plan on making further deposits into any of these wallets, if my funds grow I will keep another hot wallet or setup more cold storage. I also do not plan on withdrawing funds at any time, when I do it will be a full sweep per wallet.

Full sweep = no problems with change

Before I proceed with sending my hard earned mining BTC to each address, I want to make sure I take all the proper precautions, any help from you BTC pros is greatly appreciated.
 

[tspacepilot]

As long as your private keys are safe there shouldn't be any problem.  As I understand it you'll only need to move funds out of these wallets if you ever want to spend them.  At that time, simply import your private keys to a wallet program and generate the transaction you desire.  Seems like you've done your due dilligence, I think you'll be fine.

[BitCoinDream]

I am ready to put some of my BTC holdings into a couple different cold storage wallets. I went through the process already moving around a few mBits as tests, created the keys on an offline PC, sent real funds, then ran an import in bitcoin-qt, all good there!

My concern is this, If I move a few BTC into individual 1BTC wallets, do I have to worry about any Change Address issues if I simply ignore them completely for a long time? Assuming my private keys are kept safe over time, is there any way I can lose funds this way? I do not plan on making further deposits into any of these wallets, if my funds grow I will keep another hot wallet or setup more cold storage. I also do not plan on withdrawing funds at any time, when I do it will be a full sweep per wallet.

Before I proceed with sending my hard earned mining BTC to each address, I want to make sure I take all the proper precautions, any help from you BTC pros is greatly appreciated.

 

As long as someone is not accidentally generating your private key, u r safe

[Hash72]

Why not use a paper wallet?

https://www.bitaddress.org is supposed to be safe

I totally Agree with you , paper wallet and the cold storage are the same except you use printed paper for the #1 and a Flash for #2
the blow links may help you a little
https://www.youtube.com/watch?v=I1uefzJJ6nM
https://blockchain.info/wallet/paper-wallet-tutorial-web
http://www.reddit.com/r/Bitcoin/comments/22cwdx/noob_questions_about_cold_storage_dont_upvote/

Thanks

 

[tspacepilot]

I am ready to put some of my BTC holdings into a couple different cold storage wallets. I went through the process already moving around a few mBits as tests, created the keys on an offline PC, sent real funds, then ran an import in bitcoin-qt, all good there!

My concern is this, If I move a few BTC into individual 1BTC wallets, do I have to worry about any Change Address issues if I simply ignore them completely for a long time? Assuming my private keys are kept safe over time, is there any way I can lose funds this way? I do not plan on making further deposits into any of these wallets, if my funds grow I will keep another hot wallet or setup more cold storage. I also do not plan on withdrawing funds at any time, when I do it will be a full sweep per wallet.

Before I proceed with sending my hard earned mining BTC to each address, I want to make sure I take all the proper precautions, any help from you BTC pros is greatly appreciated.

 

As long as someone is not accidentally generating your private key, u r safe

Are there reports of this sort of thing happening?  If so, I wonder where I can read an overview of the issue.  I'd like to reconsider now my own cold wallet.  I know which program and version of the program that I generated it with.  Now I want to make sure there was an appropriate randomness.  Any suggestions?

[PolarPoint]

I am planning on using Electrum for cold storage. I will take a note of the word seeds and the 5 addresses, then uninstall electrum completely. I will then add those 5 addresses as 'view only' in blockchain wallet, and send funds to them for long term storage.

[Light]

I am planning on using Electrum for cold storage. I will take a note of the word seeds and the 5 addresses, then uninstall electrum completely. I will then add those 5 addresses as 'view only' in blockchain wallet, and send funds to them for long term storage.

It would be much better to just run Electrum on an airgapped computer and use your Master Public Key to create a view only on an Electrum connected to the internet (then sign your txs offline). Otherwise if you ever need to send funds you'll have to install Electrum again add the seed and broadcast the transaction by connecting to the net (which isn't really cold storage anymore) and then uninstalling again. Are you committing the 12 words to memory - or are you keeping paper copies as well (possibly at least one in a fireproof safe/bank safe deposit box)?

[shorena]

As long as someone is not accidentally generating your private key, u r safe

Are there reports of this sort of thing happening?  If so, I wonder where I can read an overview of the issue.  I'd like to reconsider now my own cold wallet.  I know which program and version of the program that I generated it with.  Now I want to make sure there was an appropriate randomness.  Any suggestions?

Well this mainly is a problem with brain wallets and the fact that humans are a bad source of randomness.

https://bitcointalk.org/index.php?topic=299156.0

With the revelations by Snowden it was also shown that RNG are a good way for the NSA (and other organisations) to weaken the strength of an encryption. I learned this morning that Windows is also able to take further input when generating a random number. Dont know if this is common knowledge.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942%28v=vs.85%29.aspx

All in all. If you want to check that, research the programm and version you used and see where they take their randomness from. Usually this will be a libary or an OS source. You can then research these sources.
Usually randomness is taken from mouse/keyboard input, from network traffic (which might be a bad idea, because this might be manipulated) and from the HDD (not SSD though).

Edit oh and also randomness from allready random data, e.g. Private keys. I am not sure yet whether thats a good idea or not

[PolarPoint]

I am planning on using Electrum for cold storage. I will take a note of the word seeds and the 5 addresses, then uninstall electrum completely. I will then add those 5 addresses as 'view only' in blockchain wallet, and send funds to them for long term storage.

It would be much better to just run Electrum on an airgapped computer and use your Master Public Key to create a view only on an Electrum connected to the internet (then sign your txs offline). Otherwise if you ever need to send funds you'll have to install Electrum again add the seed and broadcast the transaction by connecting to the net (which isn't really cold storage anymore) and then uninstalling again. Are you committing the 12 words to memory - or are you keeping paper copies as well (possibly at least one in a fireproof safe/bank safe deposit box)?

Your suggestion seems too complicated for me. 
I will keep 2 copies of the word seeds in envelopes, one at home and the other in my brother's

[martinw79]

shorena thanks so much for that reply, it really helped a lot!

I wanted to split my cold storage into different addresses, figured for security in case one were to get compromised.  But, if I make a single address as a main cold storage address, can I use it to make future deposits as well or do I have to worry about anything?

[tspacepilot]

As long as someone is not accidentally generating your private key, u r safe

Are there reports of this sort of thing happening?  If so, I wonder where I can read an overview of the issue.  I'd like to reconsider now my own cold wallet.  I know which program and version of the program that I generated it with.  Now I want to make sure there was an appropriate randomness.  Any suggestions?

Well this mainly is a problem with brain wallets and the fact that humans are a bad source of randomness.

https://bitcointalk.org/index.php?topic=299156.0

With the revelations by Snowden it was also shown that RNG are a good way for the NSA (and other organisations) to weaken the strength of an encryption. I learned this morning that Windows is also able to take further input when generating a random number. Dont know if this is common knowledge.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942%28v=vs.85%29.aspx

All in all. If you want to check that, research the programm and version you used and see where they take their randomness from. Usually this will be a libary or an OS source. You can then research these sources.
Usually randomness is taken from mouse/keyboard input, from network traffic (which might be a bad idea, because this might be manipulated) and from the HDD (not SSD though).

Edit oh and also randomness from allready random data, e.g. Private keys. I am not sure yet whether thats a good idea or not

Yes, thanks for this writeup.  Very informative.  I see what you mean about this being an issue mainly with brainwallets.

In my case, I don't use Windoze so I'm not really worried about that aspect of it.  I only use GNU/Linux so I'm familiar with /dev/random and /dev/urandom.  In my case, however, I generated an address with a java program which most likely used the java rng lib.  Because the particular program is open-source, I can check on that, which is nice.

I like the suggestion earlier in the thread about pointing a camera at a lavalamp---funny, if impractical.

[Dabs]

There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

[byt411]

There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

There's also another one, which is quite a good idea, which involves recording random sounds in the street and then hashing it.

[tspacepilot]

There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

There's also another one, which is quite a good idea, which involves recording random sounds in the street and then hashing it.

I suppose that any sort of media file hashed would be a relatively good source of random bits, but I'm not an expert in this topic.  If it were me, I'd be sure to either use a whole file or some portion of it which is definitely not a header (first bytes of many filetypes are going to be the same for every file of that type).

[activebiz]

It should stay safe As long as the wallet stays offline. And the private keys are safe

[Dannie]

There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

I know how to calculate the sha256 hash of my files, but how am I going to get my private key and bitcoin address from it?

[tspacepilot]

There are a few places and threads here:

1. using dice
2. using camera pointed at the sky
3. using random input from keyboard

As for the camera part, just use a brand new memory card, and take videos and pictures as you walk all over town of anything in any angle.

By the end of the day, you have thousands. Pick a few dozen as input, then hash the entire file to get your new "random" number.

I know how to calculate the sha256 hash of my files, but how am I going to get my private key and bitcoin address from it?

The idea is that you use the random number as a seed for generating a bitcoin address. There are some other threads about how to generate a bitcoin address by hand.