/biz/ - Business & Finance

bump

Bump

Bump

>>14938184
I want to know what professionals are using. Surely something like coinbase is not using a ledger.

If I ever get millions of dollars idk the most secure way to store it. I'd be tempted to use coinbase like a bank. Someone can easily rob your ledger and torture you for your password and when millions are on the line its almost sure to happen.

I just ordered two ledgers, waiting for them to come. im really interested in this topic. lets start making this a general thread

>>14938516
But by having it online you are opening yourself to theft. Coinbase can be hacked, your computer or phone can be hacked etc. It's actually easier.

>buy 2x old and irrelevant books from half-price books
>write 24 words in order on 24 pages
>do the same to the backup book
>test your keys and confirm they work
>put one on your shelf at home and other at your grannie's house

>>14938725
>House burns down
>Go to Grandma's
>"Oh deary me I donated that shelf of books to the church years ago!"

I’m more interested in knowing where you goys store your recovery phrases.

I don’t trust keeping it on paper even in a fireproof safe.

Has anyone tried engraving theirs onto a sheet of stainless steel?

>>14938829
kek

>>person who has the book figures out what those words written in bold are

>>steals anon bitcoins

Nano x, bury the key somewhere. Have 2 paper copies laminated. 1 in a safe possibly.

>>14938184
https://blog.lopp.net/metal-bitcoin-seed-storage-stress-test/
https://blog.lopp.net/metal-bitcoin-seed-storage-stress-test--part-ii-/

billfodl

>>14938184
Seed phrase wallets are a fucking joke. When lil trayvon breaks into your home and steals your seed phrase all your funds are gone.
Store them on Coinbase. If Coinbase is hacked bitcoin will unironically go to 0.

>>14939186
but its not just about coinbase been hacked. It's your own stupidity that can leak information about your account to the internet

without a secure pc or phone coinbase does not mean a thing

anybody can steal your coinbase login and go from there.


And yes I agree with you I don't like seed phrase wallets because they make it obvious that it's something important written on metal. someone who does'nt know what it is can take it and figure it out later

>>14939353
Write all your seed phrases down in reverse or with a certain change to the order. Even if someone took it and worked out it was a seed, the chance of them trying it successfully in another order is pretty damn unlikely. It doesn't have to be anything complicated. Just the last two words switched or something.

>>14939186
>Store them on Coinbase. If Coinbase is hacked bitcoin will unironically go to 0.
https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124

>>14939186
>what is a safe deposit box

>>14939507
>keeping anything of liquid or near liquid value in the local thief’s safe

JUST STAMP INTO STAINLESS YOU IDIOTS

>>14938184
i think a physical backup of your seed phrase is worth having, for me it's basically just in place for my family to have access to my cones should i have an accident or something.

most of the stuff on the market is pretty overpriced but it's easy enough to just buy a few cheap stainless steel or titanium plates and engrave them with a dremel. then i did essentially an unnecessarily complicated, programmatic version of this >>14939437, and stored a copy of the plate at my parents place and another in my safe deposit box. seems like a solid and practical backup system to me.

>>14938516
>Someone can easily rob your ledger and torture you for your password and when millions are on the line its almost sure to happen.
The fact anyone actually still says this shit boggles my mind. DOES IT HAPPEN TO MILLIONAIRES TODAY? NO

>>14939353
mutli-factor and white-list wallets solve the problem you describe
Overall I agree with you, however an air-gapped PC (older hardware is better) with a paper wallet generator or Armory multi-sig wallet will not be hackable.

>>14939658
this + byzantine method will make you safe asf

gpg encryption

All I have to remember is my password for the seedphrase file. Just have this stored on my cloud. Go ahead, try and decrypt this. Thought about doing this but with a QR code instead.

>>14939866
Thanks just stole 100k

>>14939464
>sim porting was Coinbase's fault

>>14939866
Thanks brute forcing for the next week

>>14939909
*10 years

>>14939507
>rogue bank employee steals all your coins

I just use a USB stick. Cheap and easy

air gaped multisig in several locations to mitigate risk

>>14939507
I use a safety deposit box for some of my multisig locations
They're put in a tamper proof box so I know if the bank tried anything, and also they're only 1 key out of several so they can't do anything with the information anyways

I encoded my private keys in hex, then encrypted them with AES256 with a password that is 70 characters long, then put them on 8 redundant thumb drives, 2 of which are in a safe deposit box. You don't need hardware wallets.

>>14939963
this

i keep my 10k linkies on binance

when binance got hacked i didnt really care about losing my linkies.

to lazy to take them off of their

>>14939987
>8 redundant thumb drives
that's where you went wrong

>>14940022
nah I'm just austistic enough to envision a scenario in which a wildfire wipes out my place and the bank.

>>14939711
>doing this to a millionaire who has cash in his bank account/stocks/real estate
>doing this to a person who owns an assets whos transactions cannot be reversed and almost completely anonymous, in addition to the fact that the authorities said individual would report the theft to hate the asset as it threatens their survival

really gets the brain thinking doesn't it

>>14940036
you don't understand what i'm getting at
you must go back to reddditt

>>14938939
Without the wallet adress?

>>14938184
if you can't post your wallet to 4chan it's not secure

>>14939711
millionaires have banks you fucking idiot.

If you live remotely somewhere or just keep your keys near you in general, what is stopping someone from torturing you to move your funds out of your wallet.

It may be possible to do this to a millionaire now, but much less likely due to 3rd parties like banks.

>>14940022
Please explain why having redundant copies of already-encrypted data is bad in any way.

>>14939987
>encoded in hex
This means nothing lol, who cares whether you feed the raw bytes of the key or some encoded version of it into the AES algorithm.

>>14940098
>thumb drives
not just retarded but 8xretarded

>>14940097
>It may be possible to do this to a millionaire now, but much less likely due to 3rd parties like banks.
which is why god invented multisig schemes

>>14940098
Nah for AES it uses the key derivation algorithm when I enter the password, I encode the actual private keys in hex for storage. I actually derived one of my BTC keys by flipping a coin 256 times just for fun.

>>14940119
It's encrypted. Doesn't matter whether you store it on a thumb drive, or a QR code on a piece of paper.

>>14938184
this is something I think about a lot. I'm going to be giving up my apartment soon for an extended backpacking trip, and I've been thinking about how best to store my crypto so that it's accessible to me, but not able to be lost or stolen. Just like any data backup scheme, redundancy is key. That is to say, employing multiple strategies with multiple wallets is a safer than trying to secure a single wallet with a single method. It's also crucial to have several wallets so that, in the unlikely case that you are forced to relinquish keys under duress, you won't lose all of your crypto holdings.

So let's say we have three types of wallets: hot, warm, and cold.

The hot wallet is what you have total access to for regular transactions, holding only a modest balance and with relatively insecure key backup - metamask on laptop, trust wallet on phone, etc - with your key or recovery phrase stored in an encrypted file in your email or whichever file hosting service you like. You can always access or recover it when necessary, the keys are reasonably secure, but it isn't something you'd want to keep a large balance on.

A warm wallet is something you can access when necessary, but with difficulty, and employing multiple failsafes. My current thinking is: raspberry pi running something like parrot OS, with the wallet software of your choice password-protected. This would be stored at a family member's house, and would be powered off/disconnected except when you get in touch to have it booted up so that you can tunnel in through and encrypted connection and transfer funds to your hot wallet. I'm not an expert in cyber security, so I'm not sure of the flaws in this plan.

Finally, your cold wallet(s) stay totally air-gapped at all times, and requires time and leg work for even you to be able to access. I was thinking physically written keys or recovery phrases, split into parts and divided between multiple safe deposit boxes in different banks/credit unions.

>>14940174
>thumb drive
>paper
wow
you really are a special one aren't you
please go back to /v/ or wherever it was you last found yourself

>>14939353
Same can be said about your PayPal account or bank account. Retard

>>14940405
I figured you would want to at least put some effort into your posts since you're behind a trip, but I suppose not. How about casting aside the ad hominem and actually making an argument? Or would you like to just gracefully admit that you made a mistake and that you still have more to learn about data security?

It's just a byte array representing already-encrypted data. Just like HTTPS packets being sent publicly over the internet, it doesn't matter if you post it on a public website, send it over e-mail, store it on a thumb drive, or whatever you want.

>>14940369
I wouldn't feel 100% secure using safe deposit boxes though, because banks get robbed, and, more importantly, the gubment could potentially seize those holdings.

When I own land or a home, I'd prefer to engrave the keys onto something non-magnetic and bury them somewhere safe.

The comment about writing your recovery phrase into a book got me thinking, though: what if you were to generate a text file containing thousands of pages of random words, and have your recovery phrase interspersed therein, retrievable via algorithmic text filter, where the algorithm is stored in an encrypted file in another, totally separate storage solution?

>>14940405
>>14940482
DarkTrip outed as complete brainlet

>>14940047
this guy gets it.

People know traditional assets can be tracked, reversed.
Steal someones bitcoin, coinjoin it in wasabi, and you're set, easy.


Best method;

Have TWO ledgers with the same seed, secure them with a passphrase. Your normal pin opens the standard ledger, where you have some dummy bitcoin - this is what you open when someone puts a gun to your head - they get some small %, lets say 2-3% of your holdings, but you don't die and they stop digging.

The alternative pin opens the passphrased set of accounts, with your real holdings.

STRONGLY suggest everyone uses a passphrase (25th word) on their Ledger.


You're all fucking welcome.

>>14940085
thanks for the money loser

Are you retarded I'm ready to market dump this flaming Ponzi piece of shit the second I can break even

>>14938725
Please, any better way than this?

>>14940098
>>encoded in hex
>This means nothing lol,
it does, but like he said later its just one aspect

>>14940818
rofl

>>14939941
imagine knowing so little about deposit boxes that you think a single employee can get into a safe deposit box or would even be allowed to know what you're storing. imagine knowing so little about bip39 that you don't know about passphrases.

>>14940489
>>14940369
I appreciate the way you think

>>14940973
if only you learned about bip38 too...
i mean sure if you want to throw money out the window to actually potentially decrease your security then buy these gadgets! by all means. it requires good practice and special care not to be compromised by hardware wallets. too bad hey are advertised as fool proof.

>>14938184
i didn't even notice at first
>yes goy write down your ultimate secret 25th word also with the other 24 you shouldn't be writing down!
aahhahahah

>>14940511
lol

>>14941107
>requires good practice and special care
literally all custodial methods require good practice and special care. but you probably don't know much about it with your 103 link and .0215 btc. stay poor.

>>14938700

Exchanges are insured nowadays anon. If they get hacked you get your funds back.

>>14939987
>>14940166
going through all this trouble, ya all need to read up on bip38 seriously.
scrypt takes about 5 secs to try a password on a pc, and it would take more then 900 quintillion years to put a dent on a strong password with the entire hashing power of nicehash.
it's that fucking good. and it's standard. probably exchanges gonna let you import it directly in a year or two but already has opensource toolset out in the public.

i mean homebrew crytography is fun, but this one is too good to pass up on.

>>14941300
>literally all custodial methods require good practice and special care.
except the ones that only require you to follow standard good practice.

>>14941232
I know. I hate this stupid wallets on the market right now. They advertise to the whole world what those numbers are.

There's a cold wallet that literally has the word cryptocurrency on the back. Why would you sell some stupid shit like that.

>>14938184
>25

NEVER store your password with your mnemonic

>>14941414
>Exchanges are insured nowadays anon.
By who and to what amount? I know of no exchange that is fully insured.

>>14938184
I use a piece of paper in a plastic bag in a fire proof safe.

>>14938184
I engraved mine on to stainless steal plates, no need to buy that shit. I used a pneumatic engraver, but no reason why a cheap dremel/pump & hammer wouldn't work.

>>14941954
They aren't, that anon's a moron. Even when your funds on CB are 'secured' its only the fiat.
FYI account insurance is a meme in this 'too big to fail' world. check out how much is in the fun in your jurisdiction

>>14940075
You know anon's an idiot and scribbled that on the table of contents

>>14941967
>>14942001
look redundancy is worth a hell of a lot more than bags and ""fireproofing"" but only if it doesn't compromise security. if you add locations to plain text keys/seeds it weakens security if you encrypt them and have many many backups digital and physical it only strengthens it.

please stop being retarded and use the fucking paper wallets!

>>14942196
>use the fucking paper wallets!
How is a paper wallet any different than writing down seed words securely?
You can have multiple 25th words (passphrase) under the same seed. ie. multiple private keys by even having a 1 letter/number/symbol passphrase.
>please stop being retarded
P R O J E C T I N G
Pretty sure the same arrogant anon that come along to most of these threads...

>>14940482
>he thinks his electro babble will save him when his usb bit rots or melt whilst his paper goes up in smoke in a second
classic /g/ tard talk. didn't see the big picture.
welp

>>14938885
Buy a cryptosteel and go back

>>14942309
>How is a paper wallet any different than writing down seed words securely?
well if you are not a retard you use a bip38 paper wallet like >>14940085
it gives you practically free redundancy while being so secure that it would bankrupt a galactic empire to break it.

>>14942309
i never understood this... if you 25th word is strong enough what's the point of fucking around with the 24 other? or what's the point of buying a gimmicky gadget if you don't even want to use it?

>>14942447
Confirmed arrogant Anon

Why the fuck would it be rational for the average user to run an air gaped computer? Sure you think you're smart, but lots of anons think they know what there doing, fuck it up, lose their funds.
>>14942529
>i never understood this
I know you don't understand! I've fuckin had this convo with you before cunt face! No point in wasting more of my time on arrogant people. You think you're smart, think about it.

>>14942569
> I've fuckin had this convo with you before cunt face!
and you had no arguments then either i bet