How to set up a secure offline savings wallet

From Bitcoin Wiki
Revision as of 13:18, 29 June 2011 by Forever (talk | contribs) (Created page with "# Set up a [http://www.wuala.com/en/bitcoin Wuala] account (or other cloud backup service of your choice). # Create a strong and unique password offline (manually). This passwor...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
  1. Set up a Wuala account (or other cloud backup service of your choice).
  2. Create a strong and unique password offline (manually). This password should be at least 20 characters long; it should contain numbers, upper and lower case letters, and symbols. It should be as random as possible, ie it should look something like this: Zr%8qL03&cvwS9@05AatdP71. Never use this password elsewhere.
  3. Do not forget this password. Recite it several times a day. It is easy to overestimate your ability to remember a password several months in the future. To be on the safe side, write it down and store the piece of paper in a safety deposit box.
  4. Download Bitcoin Linux binary and save it on a USB drive.
  5. Download Truecrypt for Linux and save it on a USB drive.
  6. Shut down your computer, and boot Ubuntu (or Linux distribution of you choice) from a liveCD. This will not affect your current operating system.
  7. Disconnect machine from the internet. Unplug any network cables and disable wireless. Verify that wireless is disabled in the icon on the upper right corner (Ubuntu). Double check that machine is disconnected by opening the web browser.
  8. Insert USB drive. Install and run truecrypt. Create an encrypted file container, using the strong and unique password from step 2. Mount truecrypt container.
  9. Run bitcoin while disconnected to the internet. The client will show 0 connections and 0 blocks, but it will still generate a wallet.dat file and a bitcoin address.
  10. Copy wallet.dat (found in hidden folder .bitcoin in your home directory) to mounted truecrypt volume. Dismount volume and and copy truecrypt container file to USB drive.
  11. Save bitcoin address to a text file and copy it to USB drive.
  12. Shut down system and turn off computer. Before switching your computer on again, remove all power sources for about 1 minute. Physically remove battery from laptop.
  13. Backup truecrypt container file in several places:
    • Send it to your 5 best friends by email attachment and ask them to save it for you.
    • Save it on your Wuala account created in step 1.
    • Save it on several USB drives and CDs and store them in different geographic locations.
  14. Send bitcoins to the address saved on the USB drive. Double check in the block explorer that they have been sent.


Notes

  • This procedure is only secure if you perform steps 1-14 in this exact order.
  • Perform several trial runs of the above procedure with a few bitcents, and make sure that you know how to successfully retrieve them, before making a bulk transfer.
  • Every time you retrieve bitcoins from your savings wallet, create a fresh savings wallet by repeating the above procedure, and send all your remaining savings balance there.
  • There is more than one way to do it. Similar procedures have been suggested on the forums here and here.
  • Beware that even savings wallets have limited lifetimes. New, backwards incompatible versions of bitcoin might come out in future, AES might be broken, bit rot might destroy your wallets, etc. Update to fresh savings wallets every couple of years, or as needed.
  • This procedure will create a wallet that, for all practical purposes, is safe against online threats, such as viruses and hackers. It is still however exposed to offline threats, such as hardware keyloggers, extortion, or people looking over your shoulder.
Retrieved from "https://en.bitcoin.it/w/index.php?title=How_to_set_up_a_secure_offline_savings_wallet&oldid=12039"