You are viewing a single comment's thread from:
RE: Tomshwom's Advanced Crypto Security Guide (Part 2) - Wallet Analysis
Great post! I was wondering though, you say password managers are "completely out of the question," but then you tell us how to use KeePass to store a wallet. I understand why you would never use LastPass or your hot KeePass database to store private keys, so I'm guessing cold-storage KeePass is your solution of choice...
Password managers alone are out of the question. In part 3, I go over the method I find to be most secure for personal cold storage. KeePass is involved, but the database is doubly encrypted (by KeePass and the persistent storage volume on Tails). You also need a secondary USB key containing the keystore file. Accessing the contents of the database requires:
An attacker could have 2/3 and still be totally unable to access the system, and if you are storing these properly you should be able to verify their physical security and take measures to move funds if one of the devices is compromised. This is why you should memorize at least one password, whether it's the KeePass one or the Tails encrypted volume one. That way there's no way that somebody can physically steal all the parts.
The wallet should only be used during creating (for testing), and for a one-time withdrawal (at which point you should create a new wallet for maximum security).
How does anyone access the funds of a deceased family member/spouse, if an essential password was stored in the deceased family members brain (e.g. brain wallet)? In terms of security (securing your blockchain assets), this is THE ultimate security risk for loosing all your funds (yes, you will be dead too, but you lost everything, right in the end there), that is overlooked all too often, I believe. What would you recommend, a a private key recovery mechanic for family members?
This is a very good point. If you want to allow somebody else to be able to access your wallet, especially in the case where you are no longer able to, you should be sure they are aware of how your security system is configured and where to find all the pieces to safely access it. For crypto, you would also want to have directions on how to actually sell the coins since it's unlikely that the people who would be helping in the case of a death would know, and you don't want to leave it up to a stranger online.
There are many ways to create a password that can be figured out by a specific person. Leave a note that says "The secret word is: the restaurant we met at + the year your aunt was born". Don't use sensitive information like SSNs. The note could be stored in a location outlined by your security diagram.
Another way is to avoid using a weak password like this and simply split the password into locations that you and your spouse only have physical access to, like a safety deposit box and a home safe.
This is great advice. Thanks!