How do you store your wallet / private keys where you would be comfortable storing an amount of money that's important to you?
It feels like a bunch of consumer grade options we have are kind of flaky:
Flash drives are extremely undependable. I've had a few fail to read after sitting in a closet for a year.
SSDs can supposedly have data loss pretty quickly if left unpowered (days to months).
DVDs have decent lasting power (I have some CDs that still work after 15 years) but this makes me nervous because it's so susceptible to damage.
HDDs also make me think what would happen if it's not powered on for 5-10+ years (it's mechanical, does it use some type of oil internally to keep friction down?).
Putting it on the cloud seems risky, even with encryption at rest and now we need to backup the encryption keys.
I guess tape is still our best bet?
I would also think if you have a decent amount of crypto you'd likely want to have 3 backups in your apartment along with 3 offsite backups, perhaps lock boxes in a few different banks in different towns (or even hundreds of miles apart).
Basically it still feels like a huge pain in the butt to keep digital currency secure and available. The more backups you have, the more risk you have around being compromised but the less backups you have the more susceptible you are to data loss and losing everything.
This is what stresses me out the most about crypto. The supposed gold standard is a hardware wallet and access is done via 12-word recovery phrase but even that is sketchy. If I'm not wrong all an attack has to do is get recovery phrase and load it into another hardware wallet if they don't have mine, this is functionality is there if the hardware wallet fails. If I've been doxxed and have several mil in crypto, thieves can break into my house steal and crack my safe or hold me at knifepoint and ask me to open it.
I'd want to keep it on in encrypted file but even that is sketchy if I have to have in on multiple clouds.
thieves: it's fine, you can ring them and explain the situation as we remove your fingernails
(This technique has been used in real bank robberies; both of the people required to open Northern Bank had their families taken hostage https://www.theguardian.com/uk/2008/oct/09/northernbankrobbe... , and that was for a mere £28m in easily traceable physical money!)
Many people are very rich and don't own crypto. You can kidnap them also and do the same thing. This is common in many parts of the world. The US used to have this problem also and got it under control by the state focusing on capturing kidnappers and putting them in jail. Crypto does make the transfer of anonymous money a bit easier, but so does motor vehicles.
Also, in ten years you won’t know what to do with the 12 words because the application was abandoned and when you try to install it you get some error messages from npm about certain dependencies being deprecated.
You have a different definition of easy than I do! You have to figure out which of those your client was using at the time, and then how to convert it into a currently functional client’s private key format. Most people need to hire a specialist to figure that out.
There are standards for seed phrase generation and the big providers mostly use the same one called BIP-39 I think. That's why they advise writing the standard and wallet and some other info down with the seed phrase, a layperson likely won't
The gold standard is multi-sig with at least 3 hardware signing devices.
Devices can be permanently geographically distributed, protecting from disaster in any single location. This is superior to shamir’s because it never requires the single all-powerful private key to exist, removing that as a single point of failure/compromise.
So far this is only 100% achievable with Bitcoin as far as I know.
Paper backups are the best option for this. Private keys are simple enough that a whole wallet can be printed to a single piece of paper using an OCR-friendly font.
I wouldn‘t send it to a printer (and certainly not generate the passphrase on a computer that is connected to the internet). Write by hand, it is only 12 to 24 words.
A copy could end up stored on the printer's hard drive. Figuring out whether you have a printer where that's possible is more work than writing it by hand.
There's a misconception here, I think. "Backups" are the problem, not the solution. Once any one of them is compromised, the money is gone. Having more backups increases your risk.
I don't play in this world, but if I did, I'd note that the actual keys required to define a wallet are trivially small and comparatively easily re-entered at a keyboard by hand. If you're got millions in this stuff that you need to park, delete it from the internet, print it out, and stick it in a safe.
You write down the N different Shamir passphrases of your hierarchical deterministic wallet on paper and store them in N different locations. Or for longevity and fire resistance, use metal foil and a punch.
> where you would be comfortable storing an amount of money that's important to you?
I wouldn't. I'd give it to an insured institution in my local jurisdiction to look after. It's not a perfect solution but it doesn't rely on the horrible impermanence of IT.
But there's no exchange that will hold my funds and is insured like this right? Makes me wonder if El Salvador is requiring something like that, BTC being legal tender and all.
Use SLIP-39, and a hardware wallet that allows recovery from SLIP-39 shards (eg. a Trezor).
With BIP-39, you are simply going to lose your wallet, eventually. It's almost inevitable. Either because you lose the 12- or 24-word passphrase, OR because someone else finds one of your backups.
I've written a decent Python implementation, here, which is simple enough to review:
I work for a crypto company. This is actually a solved problem. The solution is to use multi-sig wallets - at least for amounts that would be missed.
A company might have a "5 of 8" multi-sig. This means that to move money, five of the eight team member accounts with keys have to agree and sign off on each transaction.
This is massively better than secret sharing - once a secret is put together, that secret then works for all time and could be stole by the person that put it together. By using multi-sigs, every new transactions has to be agreed on.
With a multi-sig, if you forgot your hardware wallet's PIN, or lost it, then other team members can remove the old account from the multi-sig and add the new account. You are back in business.
When you backup a single account's key to paper or other computers, then anyone getting access to one backup compromises the entire thing. However, with a multi-sig, an attacker would have to gain access to many of the signing account keys to steal funds.
This scheme works for individuals too. You could have a 2 of 4 multi-sig wallet, two hardware wallets that you usually use for authentication, and then two backup paper keys stored in different locations. For your normal use, you just use your two hardware wallets. If you forget a password / lose one, then you can use one of the paper wallets, plus your remaining hardware wallet to get it back. If you loose both, use both paper keys. You can also rotate the paper key backups if you want, by removing the old and adding the new.
I think that a ton of people are going to find out that their SSS technique fails when they don't use k-of-n and then one of their friends loses the piece of paper. I have a hard enough time keeping my "absolutely critical credentials" doc safe through things like house moves. I can't imagine relying on several different people to all do this perfectly for wealth that isn't actually theirs.
SSS is precisely the sort of "wow sounds awesome" thing that would capture the attention of geeks without really deeply thinking about the most likely failure modes.
Cryptocurrencies use mnemonic phrases as a master key for a wallet. All the private keys are generated deterministically from the master key. BIP-39 mnemonic phrase is a list of 12 or 24 words. It is quite easy to write down on a piece of paper or metal, and/or memorize. Offline hardware wallet is usually used to securely generate and use the key for signing transactions.
While “being your own bank”, aka keeping all your savings in a shoe box under the bed, is idiotic, you can simply write the seed phrases down in ink on paper. So you don’t necessarily need some digital storage to keep them.
They are, but your protections are pretty minimal. We have more theft by our government (civil asset forfeiture) than by actual thieves. Not just that, banks themselves have proven to be unreliable with boxes independent of government theft.
You can get a PO box but it is not a safe deposit and would not keep there anything valuable for longer that a day or two.
Getting a box in the bank on the other hand was tough as I was looking for it in Poland/Netherlands/Germany, banks don't care and it is more hassle for them than it is worth.
How do you store your wallet / private keys where you would be comfortable storing an amount of money that's important to you?
It feels like a bunch of consumer grade options we have are kind of flaky:
I would also think if you have a decent amount of crypto you'd likely want to have 3 backups in your apartment along with 3 offsite backups, perhaps lock boxes in a few different banks in different towns (or even hundreds of miles apart).Basically it still feels like a huge pain in the butt to keep digital currency secure and available. The more backups you have, the more risk you have around being compromised but the less backups you have the more susceptible you are to data loss and losing everything.