Bitcoin Q&A: Secure, tiered storage system


Anonymous asks, “What is the easiest
way to generate a paper wallet securely?”
There is no easy way to
generate a paper wallet securely.
You should probably be using a hardware wallet,
not a paper wallet. If you can’t afford a hardware wallet,
then you don’t have enough money to secure.
You can buy a hardware wallet for [between
$30 and $200]; if you have less than $30…
and you want to secure it,
a paper wallet is not a good solution.
A properly secured smartphone with a Secure Element,
and [mobile] wallet backed up with a mnemonic phrase,
with a PIN and an encrypted file system, is far more
secure than whatever scheme you could come up with.
“Could you elaborate on possible or feasible tier levels
for storing bitcoin, how to technically manage them?”
“Hardware wallets, encrypted backups, and BIP-38 etc.”
I would suggest that, for storing bitcoin,
you do not try to build your own scheme.
That is the first rule. Do not roll your own crypto! You
will fail. People tend to over-estimate the risk of theft…
versus the risk of loss due to technical
failure, process failure, or backup failure.
Most people are much more likely to lose
bitcoin because they lose access to their keys.
They encrypted them or concealed them in such
a way that they couldn’t [recover] them years later.
People are much more likely to lose [their bitcoin]
that way, than to lose because it was stolen.
That being said, you should have
your [bitcoin] in stored in tiers.
Don’t [put] all of your money in
an easily accessible hot wallet.
That is just as stupid as walking around with
all of your savings as cash in your back pocket.
I usually suggest that people have two or three tiers.
The first tier is a hot wallet.
Most likely, it will be a smartphone wallet.
Your smartphone should be properly secured. You
should turn on encryption and a large complex PIN.
You should not allow your phone to be unlocked
only by fingerprint. Require another factor like a PIN..
that you have memorized, but do not use
a simple PIN that you have used elsewhere.
You should use two-factor authentication [on
any smartphone wallet with an account system].
[Ideally], use wallets that store the keys locally,
and then make a backup of the mnemonic seed.
When you backup seeds, you should store those
in the locations that you can physically secure.
For many people, that means opening a
safe deposit box at a private vault or a bank.
Or it means installing a safe in your house. If you
can’t do that, your seed [will] just be [laying] around.
You need to get a fireproof safe [at least], so you can
protect it from fire, flood, and environmental damage.
You should probably also consider using a fairly
simple passphrase in addition to your BIP-39 seed;
follow the standards as much as possible, like BIP-39
used for mnemonic seeds between 12 to 24 words.
It is a good standard that balances security
and reliability. You should use it as it is.
You should create a seed on a hardware device
or on your smartphone, depending on whether…
you are doing a cold storage tier
or a more warm wallet tier.
Then record that seed on paper with pencil or pen,
and then apply some cold laminate to seal it…
between two sheets of plastic with glue; this is better
than hot laminate, which degrades the paper and ink,
but that is good too.
[You want to] laminate it so it can’t [be
damaged by] water, or put it in a sealed bag.
I like to use tamper-evident bags
that you can buy from Amazon.
They are opaque. Once you seal them, they can’t be
opened without it being obvious the bag was opened.
That protects it from water damage too. Then store
that [bag or laminated paper] in a fireproof safe.
[Also, create] multiple copies, not just one. Store them
in two different locations at a distance from each other.
Use a passphrase in addition to your seed if you
can’t find a secure location for your seed [copies].
The passphrase should be simple.
[Maybe] give that passphrase to one other person who
doesn’t have the seed; if something happens to you,
they can recover [your bitcoin] by following
[your] estate planning [instructions].
If you use a hardware wallet,
you still need to backup the seed.
Then you could keep the hardware wallet with
a good PIN, [stored] in your home for example.
You could even take it with you
when you travel. I don’t, but you could.
Use [a hardware wallet] as your cold storage [tier].
For the ultimate in cold cold storage, you
could generate the seeds on a hardware wallet,
preferably with a multi-sig [setup], [send a test]
transaction, then wipe all the hardware devices.
That way, your keys only exist as a set of seeds backed
up [on paper and stored] in multiple secure locations.

56 thoughts on “Bitcoin Q&A: Secure, tiered storage system

  1. What’s your honest opinion on the first British crypto currency electroneum?? It’s trying to bring crypto to the masses! I love the project and I’m sure you will as well!

  2. Here is a copy of the letter I sent to Kraken and Bitstamp. I and a friend of mine have been trying to get listed on ANY exchange for 18 months now to trade but the AML and The KYC process has brought us a harvest of sorrow instead. It is a sad story:

    You rejected me and my buddy Tony -even though you compelled us to submit and endure many months of jumping through hoops for the obligatory 'Know your customer' (KYC) and Anti money laundering (AML) process and you finally let us know a few days ago:
    You "cannot accept us because we live in Washington State."
    Thank you for finally telling us – Is there there anything left you don't know about us?
    Yes, I and my friend Tony have been trying to enter your exchange for months now – with no luck. THIS has been THE THEME that is noted among our peers.
    THIS is an ongoing battle… It is unfortunate that YOU DO NOT OFFER THIS CRUCIAL INFORMATION in your media to peruse before 'the process.'
    As such, we are forced to 'find out the hard way' AFTER the lengthy KYC and AML process… It has caused DAMAGE – and NOW you are telling us?

    We see a pattern – and this letter is YOURS (bitstamp).

    If we have a Class action suit you will (AGAIN) see this letter in the 'venue of our choice…'
    People are compelled by the KYC and AML processes to 'submit' their personal information FIRST to entities such as yourself, only to FIND OUT LATER that they ‘risked their personal info’ with no chance of acceptance into the exclusive 'club' or exchange to begin with! It is infuriating.

    Selling 'risk without reward' and yet 'pretending as such' by lying or omission is FRAUD. We are aware.

    We are going to paint this out for ALL to see. YOU (Bitstamp) are one of those entities that do bother to share the parameters of expulsion until AFTER potential customers have 'trusted' you with it.

    As such, YOU are now compelled to enjoy a reverse KYC and AML process – through the forensic study of metadata as an elegant expression of MATH.

    WE have experts in this field that are eager to share, and we will have our day.

    Perhaps you will be found 'free of all wrongdoing' and maybe you are merely 'sloppy and irresponsible, careless and distracted.'

    It is clear that managing such a venue of exchange is not an 'easy' thing to do (especially in such a fast – growing market of new tech) but we have to help to build a transmission for ALL parties from both ends if we are going to engage in an open marketplace.

    So FAR you guys are doing a horrible job in your tier process. "Do you need a consultation?"

    What will actually happen in time remains to be seen… Many of us are risked to exposure to 'special interests' with criminal intent… Is this YOU?

    WE are not stupid and we (and our 'charges') will be watching YOU now – and very closely. We are talking about THE THEME and it 'looks bad for you…'

    Of course, it could be ‘a comedy of errors and accidents’ – and as such are not within our parameters of control. It is not likely. Events, thus transpired are often found to be 'choreographed' and immutable. ‘We own the information’ – it is our PROPERTY and if you have sold our property without ‘due process of Law’ –WE WILL SUE YOU.

    Perhaps it is because 'you are careless' or 'you do not have access to wise counsel', or "we made a number of clerical 'errors' or 'omissions' that were unlawful."

    What is YOUR excuse? Adults who are aware of EXACTLY 'how the system works' knows this as fallacy, we have to deal with REALPOLITIK and 'the de facto arrangement' every day in our affairs- so that might be a 'hard sell' to 'the educated.'

    As a matter of fact: We are proving our case now through data 'forensics.' It is not politics or opinion- it is MATH.

    Be careful 'what you do' as ADULTS are watching YOU. We 'watch' each other…
    It has been shown that “the sale of that key private info is (in itself) a valuable commodity to be bought and sold on many venues or exchanges”…. and today you are telling us to 'trust you' AFTER we were compelled to 'pull our skirts down so you can 'peek at our ‘undies'? (sic)

    We know the difference. YOU are being watched, now.

    I will offer my services as 'consultant' if you are wise enough to fathom 'risk and opportunity.'

    You can start by 'getting out of my way' and opening this exchange for me and my friend Tony.

    Neither Washington State nor 'the Law of the land' is preventing this – You have decided this on your own.

    Everything I say can be proved with documentation but it can only go so far and if you keep 'playing this game' you are going to receive another layer of regulation – from the 'new regulators' – the 'private sector, itself.' This well occur in a form of which you have no clue. READ what I just wrote again.

    If you claim to have the skill to recognize these traits but do not posses them, yourselves? It may be fatal to your business.

    The fact that your legal counsel is 'not functioning at a capacity' to a point that would grant further compensation to US ‘as a lobby’ is moot as you have already exposed yourselves to risk.

    The first bit of advice I would give you is ‘FIRE THEM’ or at least 'send them to me' and perhaps I will educate them if I am compensated as such.

    It’s up to you. If you don't want to be saddled with the 'consequences' of 'bad decisions' it may be time to change your approach….

    As a class of citizens; we are forced to expose ourselves to more risk, with no real reward in sight.

    WHO is the adult who is going to 'step up?'

    Tony and I have been tallying up all the results and thus far we have found many of the entities (such as you, perhaps?) are marketing this private info and we are tracking that.

    If you are found to be 'one of those' you will be hearing from our lobby soon and – perhaps a subpoena to boot!

    I am very sorry I had to send you this letter. Don't take it personal. It's 'just business' and all the other exchanges that have shown the same policy have received a similar letter or will be doing as such shortly…

    At the very least there will be a class action suit.

    Our lobby is growing exponentially with each passing day and you will be hearing from us again – especially if you ignore this timely letter.

    Circulate this letter freely. If you do not, questions will likely be asked? "Where did it go?"

    If we want to follow 'past paths' they are open to us – but they are not open to debate if the Metadata proves otherwise…Justify your reasoning or stand for the consequences.. .

    After we assemble the information it will be served up in the proper venue when (and IF) it is needed.

    I was tasked with 'finding out' how difficult it is for a retired person who lives on a fixed income to get listed on these cryptocurrency exchanges and so far it looks bad.

    It appears you have 'an exclusive club' but are 'masquerading' as an open venue of exchange? “Tut-Tut.” This IS the situation we find ourselves in despite all of our ministrations to avoid all misgivings.

    Again, please circulate this letter as you please. If you do not share 'the mood of your own constituency or market' and stubbornly continue to ignore key information it will be 'costly' in the long run and I can tell you right now an 'exit strategy' that screws 'The People' is a path to your own destruction.

    Do you want to wake up one Morning and find your business is ‘closed?’

    You don’t want to go there.

    Once more; I did not want to write this letter. I would rather just be ‘conducting business in an open marketplace’ – but YOU (Kraken and Bitstamp) and entities such as yourself have proven that this silly premise only exists in 'Disneyland.'

    You could always review and decide. Your hands are not tied…WE will see 'what happens' next…

  3. I can honestly say I've never watched a video from Andreas that I didn't agree with, I've watched some that I didn't understand but I set them as goals to understand.

  4. Hello Andreas, I am a huge fun of you and thank you for what a wonderful job you are doing. I have the following question and I look forward to your feedback:

    I am very new to Bitcoin and I have limited understanding of the technology.

    I wonder if introducing random selection can work to improve speed and scalability.

    The idea here is to make the difficulty of solving the mathematical puzzle less difficult and produce more blocks and then introduce random selection by the protocol to select successfully verified blocks instead of waiting for longer chain to be formed. If this approach will work then it will achieve the followings:
    Faster speed and improve scalability.
    More decentralization since you do not need extremely powerful mining hardware.
    Needless to say, this will create less incentive for miners since it is not enough to be only faster, you need some luck as well since randomness is introduced. However, still you need to be very fast in producing blocks to increase your chance of winning.

    Do you think such approach will be workable or it is completely nonsense for any technical reasons.

    I appreciate your thoughts on this.

    Thanks

  5. I dont understand why Mr. AA is saying storing bitcoin on a secured smartphone is more secure than any paper wallet method… You can generate a paper wallet on an offline device that will never be connected to the internet. How is that less secure than storing on a smartphone with bluetooth and wifi?

  6. It's always good to have a offline computer imho one that never goes online a older raspi is good for this like the one without WiFi and never ever connect it to a network

    Use a hardware wallet I like the trezor and as mentioned write down your seed but I also like to store in a text file in a USB stick this is where a offline computer is used only use the USB stick in the offline computer you can also populate it with some offline tools like a seed to private key converter and a paper wallet creater etc for more advanced users

    a seed to private key converter can be useful if you need to use a old key that no longer contains any Bitcoin to claim some of the forked coins but be careful doing things like this if you are unsure what you are doing then it's not worth the risk

  7. Are you saying paper wallet generators like Bitaddress are compromised? Or are you saying people are likely to loose their paper wallets?

  8. Great info Andreas and thank you for helping to spread the importance of taking responsibility for the personal security of your cryptocurrency. I also like the use of engraving or punched letters on metal for storing the recovery seed. This protects from fire, water, wind, accidental damage and time degrading paper/ink.

  9. That’s some good info there. Thank you so much for sharing this. I try to spread only the right information. I’m glad I have somewhere to turn to in order to get it.

  10. man I wish I could hang out with you just for one day. you are so wise on this bitcoin shit. were can I donate to you? I have learned so much from you.

  11. From watching Andrea’s video and reading his book by Kindle, I begin to know Bitcoin and bough my 1st bitcoin! Thank you Andrea!

  12. Subscribed. You know what you’re talking about and you are capable of communicating that knowledge effectively. As someone that watches YouTube primarily in my spare time, it’s really refreshing to see new uploads from great content providers.

  13. Andreas, on your last point on Cold Cold Storage- do you restore a seed of your choice on both hardware wallets after wiping them? Thank you for all your work.

  14. Use both paper wallet and hardware… Split your holdings to different secure devices to get optimal security. No one method is flawless

  15. The thing that confuses me is that even though I have my crypto on a trezor, I rely on the trezor website to access the device. If trezor website gets hacked, could my holdings not be hacked?

  16. $5 hardware wallet. 2gb USB drive and tails OS. Best cold storage system I've found, but a little harder to access and spend than ledger or trezor. I consider this a good thing and operate in tiers as aantonop suggests.

  17. Very! Very!! Very!!! good advice..👍 I'm just now getting back to #Bitcoin since the early days with Satoshi et al. Though I have run a full node off and on when I could from the beginning, as I do now. 

    I spent the past few years on the sidewalks of skid-row, sleeping under cardboard. So I wasn't able to keep up with things for a while. But it's all good now.

    I've really been enjoying #Bitcoin again, and enjoy updating my computer science and cryptography. The tools and science have advanced significantly.

    If your threat level is extremely high, there are some additional things that might be fun knowing about and looking into. Without question a hardware wallet is a great way to go.

    But I can't resist the Red! pill. So here we go. I like bip39 and feel it's the safest way to go. But I also love the Idea of #Electrum on an offline clean boot live CD/USB (tails). Then using Gnome on-screen keyboard to enter your Electrum extended passphrase.

    Then copy your seed + all your keys to #keepassx on USB. Lock the vault with a password and keyfile. Then copy your keepassx database to a #veracrypt hidden container. Lock the container with a password and keyfile.

    Then uuencode/old school (base64 etc) the multi-layer vaults and there keyfiles separately. Next we add the secret sauce. Shamir's Secret Sharing to be specific (k, n). Then we scatter the pieces to the wind (the darknet, email, embedding in audio, pictures, printed on paper, safes, lockbox, buried in the ground, you name it)..😀

    This is multiple layers of security, and multiple layers of plausible deniability. This way you can safely, plausibly deny custody and control, including physical possession. All while maintaining security and access.

    This is just a rough draft. But you get the idea. #TheRedPill..😉

  18. I wouldn't recommend listening or watching anyone else other than Andreas. This man is truly the heart of cryptocurrency explaining it from his heart. I truly appreciate all of the hard time that you have put into this and then what impact you have made. You're the only one who makes sense nor have I ever question anything you have said. Thank you!

  19. Good storing suggestions but what are the chances of Bitcoin becoming mainstream if the average person has to do all these steps to secure his/her wallet?

  20. Lucky you guys, to us in South Africa a hardware wallet at a reputable seller is around 280$. If it was 30$ I would have owned 10 by now lol

  21. I feel like I'm nitpicking here, but you should use a different background. A roll of seamless photo paper – the stuff professional photographers use – will run about $60. I'll even buy it for you if you are simply feeling cheap.

  22. You trust hardware wallets too much… One can't determine if some of them were tampered with, or made using a "custom" random number generator…

  23. Hey Anton. I remember seeing in one of your video's, you mentioned that you have a paper wallet which was made on a computer that had never touched the internet. Does that mean that you aren't using this paper wallet anymore?

  24. How likely is it that some one randomly guesses the seed of a wallet? There are countless possibilities, but crypto adoption spreads and billions of wallets are created in the mean time.

  25. Does the actual phone need do be locked by passcode? I never have a lock screen cause they kinda suck, and if someone breaks into my banking i dont really care because they refund what's stolen. Obviously with bitcoin its a different case, is it really that important to have multiple redundancies/ passcodes for everyday device functions? And not just have them to access the applications where you use and manipulate coin?

  26. It’s clear to me that Andreas has an amazing technical brain combined with great common sense solid advice. I love his videos and I’m about to read his book which I’m looking forward to, even though I’ll need google and a scientific dictionary to interpret all of his writings.

Leave a Reply

Your email address will not be published. Required fields are marked *