Hardcore Bitcoin Wallet Security and Privacy

In my previous post I wrote that the best primary Bitcoin wallet, at least for people who take their involvement in Bitcoin seriously, is a Bitcoin full node. To quickly summarize: if you are using a hardware wallet, you're losing a lot in terms of privacy and usability (including limiting your own access to your own bitcoin) and you could lose everything in a blink of an eye if your seed mnemonic isn't passphrase protected. Today I'll expand a bit on how you could further improve your primary Bitcoin wallet (your full node) security and privacy in the case where you don't really want, or need, a high degree of usability. A situation where you can look at your stash when you want to, but mainly just want to hodl some bitcoin for a long time with maximum security and privacy.

How would Satoshi do it?

No idea, but here's a guess (inspired by rumors!)

  1. This was already discussed, but worth repeating: buy a new computer which will be a dedicated bitcoin machine, a simple desktop with at least a 1TB hard disk drive (HDD). Don't let this one have any wireless radios like wifi or bluethooth, as these are additional attack vectors and are unnecessary for our purposes. A HDD is going to be the most reliable and cheapest disk storage method. Don't bother with a laptop; modern SSDs are expensive and prone to failure. Install Ubuntu and then plug it into a wired ethernet connection. Make sure to lock down network access using the ufw firewall as described before.
  2. Install Bitcoin core, tor, VeraCrypt, and K3b on your new machine.
  3. Add passphrase protection to your Bitcoin wallet, this means you are encrypting your wallet.dat file.
  4. Configure Bitcoin core to run over tor. Let it sync with the network.
  5. Create a VeraCrypt (VC) volume by following the instructions.
  6. Encrypt your VeraCrypt (VC) volume using a very strong passphrase. This might be the same passphrase as the one you use for your password manager, so you are less likely to forget it. You could add your wallet.dat passphrase inside your (local disk only) password manager.If you forget the passphrase to the VC volume or for your wallet.dat file, you will lose your bitcoin.
  7. Save a copy of your wallet.dat file to somewhere inside the new VC container. Why put your wallet.dat into a container? Because this prevents someone who finds your wallet.dat file from just loading it into their own machine and seeing all your past and future transactions. If you are using a hardware wallet you are doomed from a privacy standpoint- the hardware provider sees everything you do.
  8. Burn your VC container to M-Disk optical disks. How many copies should you burn? This is an important question. Anyone who ever gets access to these disks (and your bitcoin dedicated computer) can start working on cracking these passphrases to steal your bitcoin. If your passphrases on your wallet.dat and VC volume aren't very strong, then it could be game over for your hodl stack within seconds or just a few years. Imagine trying to mail a copy of one of these optical disks to a friend or relative in another country: customs (or the secret police, or postal service, or whoever can intercept it) may very well take this disk, quietly make an image of it, pass the disk along to its intended destination as if nothing happened, and then start working at cracking your passphrases. If it's weak they will have your funds (and/or your privacy, you did use a strong passphrase for the VeraCrypt container didn't you?!) in a matter of seconds. If it's strong it might take them many lifetimes.

What should be clear at this point is that there are two key variables in play. 1) the strength of your passphras(es) and 2) access to the physical media (the M-Disk and your computer's HDD) which contain your wallet.dat file. There is a balance to be struck here: if you use a very strong passphrase, perhaps a 12 word passphrase generated via Diceware, then you don't necessarily need to be so paranoid about bad actors, like evil maids or bankers, gaining access to your encrypted media. But if you use a weaker passphrase, you should be very careful.

Now you can generate a bunch of receiving addresses with Bitcoin core.

Fig. 1. Generate more addresses than you think you might need.

Save those addresses to a text file and copy that file to a USB stick. This way it's easy to give out a new address when someone wants to give you bitcoin.

Wrapping up

Finally, with your wallet.dat file safely inside it's VeraCrypt container, the right amount of expensive M-Disks burned (and you checked that they were burned properly right?!), and with a list of receiving addresses at the ready, you can wipe your dedicated Bitcoin computer's HDD completely and use it for activities which would make any security consultant blush, like checking your email.

So what are the issues with this approach? There are a few. 1) don't forget your passphrase. This is a real problem for everyone, especially as people get older. 2) You are relying on a few different things to stick around for the future, including VeraCrypt and optical disk readers. These tools could fall into oblivion at any time, especially if you decide to take a trip to Mars before coming back to take control again of your bitcoin. You also need to be disciplined enough to not use this machine for anything *but* bitcoin. But it's definitely going to give you faster and more reliable access to your bitcoin than a paper wallet, because you simply have to load the optical disk into a clean machine and decrypt/copy your wallet.dat file. This approach to backup/recovery will maintain your full transaction history and give you more privacy than BIP-39 style paper wallets and hardware wallets.

One last note: this is still a "single signer" approach, which exposes you to risks of violent coersion. To avoid that, you'll want to use this setup + at least two duplicate setups in a 2/3 or five duplicate setups in a 3/5 multisignature arrangement. This is a lot of effort for most private persons, but some big financial companies might already be taking this approach in a bid to offer bitcoin custody accounts to their clients...



Return to main