Is old 3.5 floppy safer than USB drive for cold storage?

[cozk]

Floppies seem to have a life of about 15 years (give or take). And flash media needs to be powered up every once in awhile to prevent you from losing data.

I personally have password protected wallets inside a TrueCrypted file, copied and stored on multiple forms of digital backup. If one backup fails, I have plenty of other methods. I highly suggest this.

You know that there is speculation that TrueCrypt has been compromised?

TC is safe.

[Keyser Soze]

For transaction signing, QR codes would probably be the safest way possible. Not sure exactly how to get it all set up myself, but I know there are some users out there who do this.

[snappa4ever]

For transferring, an offline computer with a CD burner is good enough.

For long term storage, engraved metal is the best bet.

Make sure that the metal also has a high melting point to ensure maximum safety in case of fires. Along with a fireproof safe.

[virtualx]

With the news on USB firmware hacks I was wondering if I should add a 3.5" floppy to my online computer to transfer from my cold storage old XP computer that already has a floppy. Would it be safer?

Floppy disk by itself is not safe, you'd have to encrypt the data. 
Do you have any details about this firmware hack?

[Moria843]

Reading the replies in this thread makes me realize that hardly anyone uses an offline wallet  or makes transactions from an offline wallet (if they even know what that is).

I agree. I just would be using the floppy (with an IDE/ATA) interface on each machine to transfer signature files from my offline cold storage computer; I'm not storing anything. I reposted this to the Armory thread.

[deepceleron]

The problem with floppy disks is that they are quite dependent on the drive that wrote the data. Head alignment is paramount, it is possible to write and read two different disks in two different drives, but switch the disks and they can't read each other's data.

Also, newly manufactured floppies drives are cheap and error prone, made in China for under $15 with quality nothing like drives made in 1995; conversely, drives from 1995 are 20 years old and full of dust, and have head wear and motor and alignment issues if they've been in service.

Floppy disk media is also at least 10 years old; for applications where I need to use a disk for something like updating a BIOS, I bulk erase an old disk, reformat it, and write data patterns over and over. At least 50% of the disks I wipe that said something like "photoshop 3" on them will no longer take error free data. A smaller but still noticeable percentage cannot have their 20 year old data read off of them.

Windows operating systems since XP no longer fully format disks. If you bulk erase a disk, they can no longer "format" the disk. You need to use a real dos-win98 machine or a non-crippled OS or utility.

Finally, it will be harder to find a computer with a floppy drive in serviceable condition.


USB sticks have a different problem - bit rot. There have been several studies that suggest flash RAM slowly erases itself in cold storage, with some errors likely to show up within five years. As newer flash pushes the limit of what can be stored and retrieved from silicon (with error correction required and hidden from the user to even use the super high density error prone MLC), this may be even sooner.

A lot of flash RAM makes its way through back channels; novelty unbranded flash drives, counterfeit SD cards. A lot of this stuff comes out of the discard bin or from the night shift in China where anything to make a buck, including theft and fraud, seems the MO. Branded flash RAM from 10 years ago in the 64MB range that originally cost $100 seems like a more reliable option that what you will get these days.

So the answer? Why not both? Better would be old-stock Delkin archival gold CD-R. Not only 300-year lifespan, a closed-session disk also can't be meaningfully modified after being written.

[ANTIcentralized]

For transaction signing, QR codes would probably be the safest way possible. Not sure exactly how to get it all set up myself, but I know there are some users out there who do this.

I agree. You would have very few to no potential attack vectors if you never have any hardware touch both your offline computer and your online computer.

I'm not storing on the floppy, I'm talking about using the floppy to store the signed message that I generate on my offline computer and transfer to my online computer.

I think you would need to have a pretty high level of paranoia to not trust a USB drive, especially considering the fact that you can easily purchase one without a potential attacker knowing ahead of time that you will be buying one nor where you plan on purchasing it from. This would still leave the possibility that someone with physical access to your USB drive could infect it with some kind of malware however you could prevent this by keeping it in some kind of safe or other location where an attacker cannot access it.

To answer your question, yes a "floppy disk" would be a safer medium to use to sign a TX when defending yourself from an attacker, however you would open yourself up to additional mishaps (for example the TX that you are signing gets corrupted on it's way to your offline computer and you end up signing a TX that you did not intend to sign)

[johnyj]

Floppy degrades very fast under warm and humid condition. Engrave a QR code on metal is really a long term idea

But I like to move the coin once a while to be on the safe side (Even that piece of metal is photographed without being noticed, the thief won't have enough time to crack the encryption) . Any thing that can store it more than 3 months will be good enough

[AdamWhite]

How about 1000 year storage? http://www.mdisc.com/

[btcbug]

You know that there is speculation that TrueCrypt has been compromised?

I don't think that is correct https://www.grc.com/misc/truecrypt/truecrypt.htm

[coinableS]

I dunno I used to always use floppys back in the day, because that's all there were. I had DOOM on, what was it, 4 floppys? It worked fine, but then after 5 years or so they corrupted and stop working, so I always made back ups and back ups of back ups. Flopps are not reliable enough. I prefer to store them on a paper wallet created offline.

[raveldoni]

No. 3.5 Floppy has more chances of data corruption, bad sectors etc. DVD is a lot more better than that.

[TheButterZone]

Put my really old backup 3.5 floppies in a PC, the drive made some noise, and they failed to be read. Pretty sure they never got near a magnet...

[CIYAM]

For transaction signing, QR codes would probably be the safest way possible. Not sure exactly how to get it all set up myself, but I know there are some users out there who do this.

CIYAM Safe using QR codes for 100% "air-gapped" security (https://susestudio.com/a/kp8B3G/ciyam-safe). It does involve running "bash scripts" (instructions are provided but it is not friendly enough for just "point and click" at this stage).

[jackpotjoe]

Floppy disk? come on... We are now in the most powerful generation and you think that floppy disk is the safest for storage.

[moriartybitcoin]

just encrypt your USB drive with truecrypt 7.1a and put your wallet.dat file on it .. easy.  Or order one from http://BitSecurity.net

[Soros Shorts]

You'd have trouble finding a 3.5" drive that works properly. If it gets dirty, can you still buy a 3.5" head cleaner from CompUSA?

[CtrlAltBernanke420]

Reading the replies in this thread makes me realize that hardly anyone uses an offline wallet or makes transactions from an offline wallet.

Most people do not have 100+ bitcoin to care about...

If you do, congrats, for the rest, things like blockchain will suffice their entry.. for now.

[Dabs]

Paper wallets should last 200 years, if kept in a cool dry place.

How old is the original declaration of independence? How old are some bibles?

How old are those paintings in the cave walls?

[51percemt]

With the news on USB firmware hacks I was wondering if I should add a 3.5" floppy to my online computer to transfer from my cold storage old XP computer that already has a floppy. Would it be safer?

Yes, but not very incrementally so. A better solution would be to buy several USB sticks/drives made my various manufacturers from various stores in a random fashion. This would prevent an attacker from potentially being able to attack you, a bitcoin user, specifically.

You would also have the risk of either floppy disk drive crash or the disk itself fail. This would make it impossible to spend your bitcoin until you can either replace or fix whatever broke. It would also be possible that you would be left without a way to maintain proper security and still be able to spend your bitcoin in the event you are unable to repair/replace a floppy disk/floppy drive, which could lead to a higher chance of theft in the future