How I secure cryptocurrency for under $1 [Creating a Cold Storage Locker]
If you remember my recent posts regarding Why I do not like hardware wallets and my follow up Hardware Wallet Hacked you will know that I do not advocate expensive, bulky and frankly very scary devices to secure your coins! So how do you do it? And better how for less than $1???
Step 1: Prepare your hardware
Grab an old pc or laptop and remove all networking abilities from it. If you are completely paranoid you can build a cardboardbox lined with tinfoil faraday cage to shield your computer from anyone side jacking you (this is borderline wearing a tinfoil hat).
Step 2: Get a Linux Distro
Once you have it setup and running get a xubuntu cd burned (or your preferred linux distro) prepared. You can also use the USB method if you wish, just be sure to install a legit copy of linux!
Step 3: Install your Linux Distro
Boot your offline computer with the new cd (or usb device) and follow the instructions to install the operating system (xubuntu) to your computer. This will take a few minutes.
Step 4: Setting up
Once you have your Distro completely setup you will be at a normal desktop you are used to. At this point you will need to get the software required to generate the wallets for the coins you wish to store.
You have 2 options.
A) Less secure, but easier: connect to the internet and download and install the wallet.
B) Get the wallet source code from github and transfer via a cd-r (not a usb, write only media should be used for air gaped security when you care this much).
Step 5: Installing wallet
Once you have either connected to the internet and gotten the wallet (A) or used the air gaped method to acquire the code (B) you are ready to follow the installation instructions for the wallet. Simply compile if needed and install the wallet as you would on any normal computer.
Step 6: Generating the Private Key
Once you have the wallet loaded up you should be ready, if you chose step (A) you NEED to immediately turn your wallet off and disconnect power. Remove your network card and any ability for the hardware to communicate via a wireless signal. Turn back on and only when you have no ability for networking proceed to reload the wallet. You should also delete all key files (see Step 7) before you continue;
Once the wallet is loaded you will notice it can not sync the blockchain, this is expected since we have no internet and is not needed! We just need the keys it made!
Step 7: Where are my Private Keys
At this point you have created a Private Key "wallet" and can generate public addresses to receive funds! You can verify this by clicking on receive on the wallet (or if cli using the cli interface). You will be presented with a public address to send funds to. The big question now is where is the key, the Private Key, that unlocks those funds!
In linux almost EVERY coin will have that in your home folder. Simply open up a file browser and under settings in the menu "view hidden files". Most of the time, no almost ALL the time, you will see things like ".bitcoin" and ".ethereum" and ".zcash". it is very easy most of the time to find your coin's folder.
These folders usually contain 2 things, the blockchain AND your private key(s). You will need to ensure you back up your private key. Rule of thumb is blockchain folders tend to be HUGE, but if you are unsure ASK, GOOGLE, or worse case BACK UP THE WHOLE FOLDER! You can't loose backing up worthless files you didn't need, you only get messed up loosing the 1 file you did need! Remember, if you don't know, just back it all up!
Step 8: Where to store my key(s)
At this point you have generated your keys, located them and now need to burn them on a CD-R, AND copy them to a brand new, UN-USED, USB thumb drive (NEVER RE-USE USD DRIVES FOR THIS see Bad USB Exploit for more).
**** Remember everytime you use a USB thumbdrive on a computer connected to the internet you can consider it compromised unless/until it has been security checked OR has been verified to not be subject to the bad usb attacks.
Step 9: Getting my funds to my secure offline cold storage
This is the second to last step, on your air-gaped computer with your wallet running, generate a deposit address. Manually copy that address (DO NOT MESS UP) and type it into the send from the exchange or wallet you are sending from (or send to the person paying you). You can use online block explorers to monitor the transfer of those funds.
Once you send funds to that public address (or someone else pays you to that address), you will see them appear in your wallet on the blockchain. However, your private key, the key that unlocks your funds, has NEVER touched the internet or a computer that does! You can sleep safe at night knowing your funds can't be hacked!!!
Step 10: How do I send my funds?
This is the last step you need, eventually you want to spend some of those funds! Well thankfully there are 2 options, however to be safe, both require you to do the following;
(1) Repeat the steps above generating a NEW key and new wallet and new deposit address for that wallet/key!
(2) Load your private key into a wallet on your main computer with internet access (consider your funds "hot" and at risk during this process).
(3) Transfer the funds you wish to the party(s) you wish to.
(4) Transfer ALL remaining funds to your NEW secure offline public address! This is the critical last step. IF you leave your funds accessible by the Private Key you loaded on your computer it is no longer truly a cold storage wallet! You MUST follow ALL steps before this one and generate a NEW Private Key and corresponding Deposit Address to send ALL additional funds to in order for them to be truly safe.
Conclusions
If you follow these steps, you will see your funds stay secure and pay probably $0 to do so! I will be happy to answer any questions and will continue to expand out more on how to create a cold storage locker for free at home without the risks involved from trusting third parties!
Remember TRUSTLESS = CRYPTO!
Good information @bigdeej, I'm still beginner to this world of cryptocurrency, So can you please tell me when I can start secure my cryptocurrency in steemit? is there a specific level of money or steem power.
Thanks for your reply.
I advise you secure your coins from day 1. It is best to learn how to parallel park before you are stuck in a city and have to do it right? Same goes for security. It is never too early to consider being secured, it can only be too late (after your funds are stolen). Securing steem is a little more complicated and I will do a follow up article specifically for how to secure your steem.
For now on steem NEVER give our your active or master key. You will want to store those keys offline as well. The biggest issue is that almost everyone uses steemit.com (or another web portal) as their wallet. Look for my follow up article on securing your steem account!
Thanks a lot,
What about related websites that utilizes my work such as
https://steemd.com
https://steemfollower.com
https://streemian.com/
What is the risk of using them?
Nice! I love these instructions and for the right price too $1!
I only said $1 assuming you might need to buy a cd-r or a piece of paper and a pen! Most people will already have everything at home they need.
Very educative. Thanks
great @bigdeej thnks for sharing Resteemed
I prefer to have a raspberry pi that stores my wallet on an encrypted file and updates itself. The file is uploaded to google drive. From a security point of view it would be best to have cold wallets but in practice you buy a lot of different coins and you are always too lazy to enforce good security. At least I am. I think it is always better to enforce working security than to not enforce perfect security.
Using the raspberry pi is a great cheap alternative to a computer or laptop that is air-gaped. The part of using google drive scares the life out of me! I understand the convenience, but I do not day trade, I invest, so I have predictable times when I know I need to get my coin(s) loaded into a hot wallet. I prefer not to ever rely on 3rd parties to store a copy of my key (even if encrypted). Call me paranoid, but I prefer just to never trust 3rd parties with my keys. Cold storage is designed for long term HODL, if you are day trading or moving funds often you probably can just store you funds on the exchanges you trade on, siphoning off profits to cold storage.
I agree there is a trade off for usefulness, but this article was about cold storage, the ideal long term storage mechanisms that do not worry about convenience, but focus only on security. Even at the end re-generating a new cold wallet and paying an additional TX FEE to send your unspent coins to that new truly secure offline wallet is for most people "over kill", BUT, if you want REAL security it is one of the best solutions!
Everything you wrote is true. It's when you want to do it right. I wish I could be as disciplined as you, I tried but failed every time I opened my wallet again.
About google drive, i thought a lot about that because I was trained to not load things into the cloud. In the end I trust AES and a good passphrase more than I calculate the risk of a fire in my flat. I thought about other solutions but atm I don't have any ressources outside my house other than gdrive.
As you mentioned, the big thing is real security. I am talking long term paranoid storage of coins.
Great post, lot of heads up quite useful. Definitly use some of these advices ... thanks so much