Deep cold storage

Clayton

New member
Hi all, newbie here.

Was watching one of Andreas' videos in which he mentions his form of deep cold storage.

He says his funds are:

"held on keys that are not initiated on any device. They exist in such a way that they're encrypted with a memorized passphrase which I have also communicated to people who might become my heirs so that they don't get lost with me and that's cold storage"

Can someone please explain how do you

(a) transfer funds to keys that have not even been initiated? Don't you need a wallet to generate that for you?

(b) How do you encrypt them with a passphrase without a wallet?

Thank you.
 

Maxwell

Member
I guess he just meant that the private keys are not in any device or wallet. Of-course the address and its balance has to be in the blockchain.

Encryption does not need a wallet. there are lots of encryption programs, that have nothing to do with bitcoin, out there.

Maybe he just created the private keys in an offline computer eg. in an offline version of bitaddress.org and never loaded the keys anywhere. Just keeps them encrypted in an USB disk or paper wallet or something.

Edit: You can create an encrypted paper walled in (offline) bitaddress.org. That could be it
Smiley


Edit2: corrected the address. Had a typo in the address and it pointed to a scam site
Sad

Very sorry for the mistake. And thanks to LoyceV for pointing it out.
This just proofs that it is very important to check every bitcoin related address very carefully.
 

Juan

Member
Hi all, newbie here.

Was watching one of Andreas' videos in which he mentions his form of deep cold storage.

He says his funds are:

"held on keys that are not initiated on any device. They exist in such a way that they're encrypted with a memorized passphrase which I have also communicated to people who might become my heirs so that they don't get lost with me and that's cold storage"

Can someone please explain how do you

(a) transfer funds to keys that have not even been initiated? Don't you need a wallet to generate that for you?

(b) How do you encrypt them with a passphrase without a wallet?

Thank you.
Hi,

(a)
Quick answer : you make a transaction sending coins to the hash of the public key derived from the private one you generated somehow.
Detailed/explained answer : a private key is nothing but a random number that you can generate in many ways, like the famous "tossing a coin 256 times" (since the key is 256bits long). From there you can derive a public key from it, and then hash it : you got a fresh address without any wallet. You can then make a transaction from a wallet to this address without having to import the private key.
You can have a look at my signature if you want to know more about how exactly you get from the private key to the address.

(b)
The encryption algorithm (a.k.a bip38) is openly consultable here https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki and surely from other places. Thus it can be implemented outside of a wallet
 

Kingston

Member
I guess he just meant that the private keys are not in any device or wallet. Of-course the address and its balance has to be in the blockchain.

Encryption does not need a wallet. there are lots of encryption programs, that have nothing to do with bitcoin, out there.

Maybe he just created the private keys in an offline computer eg. in an offline version of bitaddress.org and never loaded the keys anywhere. Just keeps them encrypted in an USB disk or paper wallet or something.

Edit: You can create an encrypted paper walled in (offline) bitaddress.org. That could be it
Smiley
There is no such thing as a balance for an address in the block chain, just transactions
 

Rowan

Member
There is no such thing as a balance for an address in the block chain, just transactions
AFAIK the balance is the sum of all transactions to or from a public address
Yes, but this balance is not stored as such on the blockchain but are rather the way wallets choose to display the sum of inputs / outputs available to you as a user (as opposed to Ethereum, for example, where accounts and their respective balances are stored and maintained as a global state).
 

Ivan

Member
I think he means that the keys must be generated within an offline environment. So an offline computer without anything that could leak into the outside world is ideal, but he says that this is overkill for most people and hardware wallets are good enough.

However he says something that raises alarms in me: He says 4 words are good enough? Unless I was too tired watching the video or too distracted doing other things because I do a lot of stuff at once while watching videos, anyway what I remember is, he said 4 words is enough. I think this is insane. Anyone that has the time can confirm this? I wouldn't trust anything under 12 words for a seed. Ideally 24 words
 

Diego

Member
I can't imagine that he said 4 words are enough for a BTC mnemonic.
Using the 2048 word BIP 39 list, each word represents 11 bits of entropy
Thus, 4 words = 44 bits of entropy.

44 bits of entropy can be brute-forced in a matter of months, even at a reasonable 1 million guesses/second.


At a minimum, if you consider your adversary to have an NSA-level (according to Snowden) 1 trillion guesses/second capablilty
you would need at least 7 words (77 bits of entropy) to make brute-forcing your mnemonic unlikely for at least your lifetime
 

Camden

Member
[Didn't watched the Video]
I got a feeling that he's talking about "Brain Wallet", if it is, there's a huge risk in security here.
If it's not, he might just wanted to know more about what's blockchain under the hood
(a) transfer funds to keys that have not even been initiated? Don't you need a wallet to generate that for you?
In addition to what others said, in simple words:
[a] You can receive funds in any address anytime as long as you have its Private key pair even without a wallet or internet. All you need is a piece of paper and a pen.
Addresses which are based from Pub keys aren't "initiated" in order to be valid. Even if it is not yet used, every address is valid as long as it was correctly derived from a valid Public key which is derived from the Private key (wallets do this automatically but it's possible to compute manually).

More info: Bitcoin Wiki
 

Calvin

Member
Hi,

(a)
Quick answer : you make a transaction sending coins to the hash of the public key derived from the private one you generated somehow.
Detailed/explained answer : a private key is nothing but a random number that you can generate in many ways, like the famous "tossing a coin 256 times" (since the key is 256bits long). From there you can derive a public key from it, and then hash it : you got a fresh address without any wallet. You can then make a transaction from a wallet to this address without having to import the private key.
You can have a look at my signature if you want to know more about how exactly you get from the private key to the address.

(b)
The encryption algorithm (a.k.a bip38) is openly consultable here https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki and surely from other places. Thus it can be implemented outside of a wallet
Thanks alot for the information, would have a read!
 

Jayce

Member
(b) How do you encrypt them with a passphrase without a wallet?
adding to darosior's answer, and as dumb as it may sound I use substitution cipher method to encrypt my offline wallets , i am a little bit paranoid about the fact that it's possible for someone to get a hold to my PKs.

while manual substitution cipher is an old method and considered to be have the lowest security measures, it can be very handy at some point, and as long as you do it right, chances are nobody will ever be able to decryption it.

you just need to come up and an easy to remember sequence to substitute some of the characters "hex format" in your PK, make sure you never forget that the sequence , because then you will lock yourself out too.
 
Top