Simplest USB stick cold storage.

[Dan The Man]

What is the simplest way to get my bitcoins securely onto multiple usb sticks?

I don't want to futz around with extra operating systems or offline computers. I don't want to have to remember long passphrases. I am okay with the risk of assuming that I don't have any keyloggers on my computer at this moment. I don't need to be able to spend them anytime soon. What I want is basically a bunch of public addresses I can email to myself that I can safely send bitcoins to and have no worry of them disappearing in a computer crash or future hacking event.

Thanks.

[1714980678]

1714980678

[1714980678]

1714980678

[1714980678]

1714980678

[DeathAndTaxes]

Copy the unencrypted wallet.dat to multiple usb drives.

Still you need to be wary on keylogger not just now but any point in the future you use the USB drive. 

Say you store 100,000 BTC to those private keys over the next three decades.  You plug the USB drive in 2042 for the first time.  The inject computer instantly detects an unencrypted wallet.dat circa v0.6 client and makes a copy, transfers the balance to the attackers computer all in <1 sec.

Honestly if you want offline security use offline security and forget the USB drive.

https://www.bitaddress.org

[bitdragon]

Thanks for the bitaddress.org

I saved the webpage and seem to be able to generate new addresses like that as well.
Is there any difference/safer in proceeding like that?
Is the SHA-1.......html specific to my computer?

[Revalin]

+1 bitaddress.org.  Minimum futzing, paper is very reliable, and it prevents bulk-stealing your keys when you go to redeem them in the future.  You can also save a copy to USB if you want.

The sha1 f2e410251c8741ac65d29a1c6fb8ef6919b6ab8b hash is the same as everyone gets for version 1.5.  It's the sha1-sum of the actual web page itself.  This lets you verify that you have a legitimate copy of the page.  Yes, it works fine from a local copy.

Edit: More info about bitaddress here: https://www.bitaddress.org/pgpsignedmsg.txt

[Dan The Man]

Has anyone been able to verify for certain that bitaddress doesn't keep any logs?

[DeathAndTaxes]

Has anyone been able to verify for certain that bitaddress doesn't keep any logs?

The code doesn't send anything anywhere temporarily or otherwise, everything is done locally on the browser via javascript. 

I have looked over the code (it is just just javascript all the code is right there) and there is no communication to any server.

Still I would recommend that a user do what the the author has recommended ... save a local copy of the generation page.


1) save a local copy of the webpage from http://bitaddress.org
2) disconnect from the internet
3) generate your addresses
4) print 2+ copies (and/or encrypt a copy of output and store)
5) close browser, delete all files, and reboot
6) store your print or encrypted digital copies in multiple safe locations.

[Ente]

..or eject the linux-live-cd or delete the virtual machine file.

/paranoia off

Ente

ah, screw that!
/paranoia on

[rjk]

Don't forget to laminate that paper and stick it in a safe!

[MaxSan]

An Ironkey is easy enough, secure enough, strong enough.

Id trust it up to atleast 5 figures. Personally.

[DeathAndTaxes]

An Ironkey is easy enough, secure enough, strong enough.

Id trust it up to atleast 5 figures. Personally.

Every byte of flash ever created will eventually fail that is an absolute guarantee.

[Ente]

An Ironkey is easy enough, secure enough, strong enough.

Id trust it up to atleast 5 figures. Personally.

Every byte of flash ever created will eventually fail that is an absolute guarantee.

well, "eventually" is quite open, not?
But I agree, flash stands no chance to survive as long as plain (acid-free) paper written with a pen.
A laserprinter-print should work fine for several lifespans too.
Pro-mode: engrave a metal plate with the privkey. Should survive much about anything, including mould, water, fire.
Use steel for high temperature resistance, copper/brass for high corrosion resistance, silver for being cool! :-)

Ente

[Phinnaeus Gage]

Say you store 100,000 BTC to those private keys over the next three decades.  You plug the USB drive in 2042 for the first time.  The inject computer instantly detects an unencrypted wallet.dat circa v0.6 client and makes a copy, transfers the balance to the attackers computer all in <1 sec.

That's, assuming of course, USB drives will still be around in 2042.

[DeathAndTaxes]

USB drives may not be made anymore but USB ports will probably exist either natively or via adapters.

RS-232 (serial) has been around since the 1960s and most computers today have a serial port (if only as a MB header).  If they don't USB to serial adapters exist.

[Phinnaeus Gage]

USB drives may not be made anymore but USB ports will probably exist either natively or via adapters.

RS-232 (serial) has been around since the 1960s and most computers today have a serial port (if only as a MB header).  If they don't USB to serial adapters exist.

Got it! BTW, where would you plug it in?

[DeathAndTaxes]

That port right there on the left.   I can get a lightstream to legacy USB adapter from Walmart for 3 mBTC.

[Nim]

Has anyone been able to verify for certain that bitaddress doesn't keep any logs?

The code doesn't send anything anywhere temporarily or otherwise, everything is done locally on the browser via javascript. 

I have looked over the code (it is just just javascript all the code is right there) and there is no communication to any server.

Still I would recommend that a user do what the the author has recommended ... save a local copy of the generation page.


1) save a local copy of the webpage from http://bitaddress.org
2) disconnect from the internet
3) generate your addresses
4) print 2+ copies (and/or encrypt a copy of output and store)
5) close browser, delete all files, and reboot
6) store your print or encrypted digital copies in multiple safe locations.

You forgot to purge the printer's memory after you print and burn a blanking document (to prevent people from looking at the next document that comes out of your laser printer with a microscope).

If you guys want to go that far into the depths of paranoia, your printer is a huge security hole that most people don't do anything about.

[Stephen Gornick]

1) save a local copy of the webpage from http://bitaddress.org
2) disconnect from the internet
3) generate your addresses
4) print 2+ copies (and/or encrypt a copy of output and store)
5) close browser, delete all files, and reboot
6) store your print or encrypted digital copies in multiple safe locations.

You forgot to purge the printer's memory after you print and burn a blanking document (to prevent people from looking at the next document that comes out of your laser printer with a microscope).

If you guys want to go that far into the depths of paranoia, your printer is a huge security hole that most people don't do anything about.

Paranoia?  

If the system was infected with malware that does screen captures even when offline, then even your "offline paper wallet" is at risk.

Some malware families are capable of generating a screen capture with every mouse click during login, then sending the captured sequence of screens to the fraudster, where they can be sifted through visually to steal login credentials.

- http://www.technewsworld.com/story/74461.html

Also
 - http://usa.visa.com/download/merchants/key-logger-key-stroke-and-screen-capture.pdf

Now if you are storing small amounts to the paper wallet, ending up with a paper wallet created from a compromised system might be a risk you are willing to take.  But since some people are putting larger amounts or are using the wallet for long-term savings of bitcoins, they should know that doing the above only after booting from a trusted live-CD (such as an official Ubuntu release) is the significantly more secure approach.

[Ente]

You forgot to purge the printer's memory after you print and burn a blanking document (to prevent people from looking at the next document that comes out of your laser printer with a microscope).

If you guys want to go that far into the depths of paranoia, your printer is a huge security hole that most people don't do anything about.

Whoa! Thats news to me!
I only knew about printers marking printouts with tiny yellow dots to make them uniquely identificable, and that some typewriters and needle-printers (oh, and labelprinters too!) have a printing ribbon where you can read exactly what was printed.. Talking about paranoia, huh?

Hmm.. I will have to investigate in that ghost-images on the next printout some day. Interesting. Paranoia: this reminds me on the cold-boot-attack, where you reboot a computer with your own OS (USB-drive) to read out the still readable data from the RAM, or simply pry out the RAM modules after supercooling them and read out the data on another computer..

If its that far, you probably wont like the idea to print/write the priv key, walk to a jeweller and give him that key to engrave in some metal piece. Do it quick, before Bitcoins and keys are widely recognized! :-)

Ente

 

[Revalin]

I'm not a fan of IronKeys.  Just use TrueCrypt on a regular USB drive.

Inkjets are better than laser for this purpose since they don't have problems with ghost images.  Unfortunately the inks are water soluble, so make sure you laminate the pages.

[payb.tc]

Some malware families are capable of generating a screen capture with every mouse click during login, then sending the captured sequence of screens to the fraudster, where they can be sifted through visually to steal login credentials.

- http://www.technewsworld.com/story/74461.html

Also
 - http://usa.visa.com/download/merchants/key-logger-key-stroke-and-screen-capture.pdf

Now if you are storing small amounts to the paper wallet, ending up with a paper wallet created from a compromised system might be a risk you are willing to take.  But since some people are putting larger amounts or are using the wallet for long-term savings of bitcoins, they should know that doing the above only after booting from a trusted live-CD (such as an official Ubuntu release) is the significantly more secure approach.

for this reason you might consider putting together an 'offline' computer specifically for this purpose (i.e. a computer that is never put back online). ...or use an old $50 laptop with the wifi thoroughly disabled.

once you're done with it, melt it.