In my previous post I wrote that the best primary Bitcoin wallet, at least for people who take their involvement in Bitcoin seriously, is a Bitcoin full node. To quickly summarize: if you are using a hardware wallet, you're losing a lot in terms of privacy and usability (including limiting your own access to your own bitcoin) and you could lose everything in a blink of an eye if your seed mnemonic isn't passphrase protected. Today I'll expand a bit on how you could further improve your primary Bitcoin wallet (your full node) security and privacy in the case where you don't really want, or need, a high degree of usability. A situation where you can look at your stash when you want to, but mainly just want to hodl some bitcoin for a long time with maximum security and privacy.
No idea, but here's a guess (inspired by rumors!)
What should be clear at this point is that there are two key variables in play. 1) the strength of your passphras(es) and 2) access to the physical media (the M-Disk and your computer's HDD) which contain your wallet.dat file. There is a balance to be struck here: if you use a very strong passphrase, perhaps a 12 word passphrase generated via Diceware, then you don't necessarily need to be so paranoid about bad actors, like evil maids or bankers, gaining access to your encrypted media. But if you use a weaker passphrase, you should be very careful.
Now you can generate a bunch of receiving addresses with Bitcoin core.
Save those addresses to a text file and copy that file to a USB stick. This way it's easy to give out a new address when someone wants to give you bitcoin.
Finally, with your wallet.dat file safely inside it's VeraCrypt container, the right amount of expensive M-Disks burned (and you checked that they were burned properly right?!), and with a list of receiving addresses at the ready, you can wipe your dedicated Bitcoin computer's HDD completely and use it for activities which would make any security consultant blush, like checking your email.
So what are the issues with this approach? There are a few. 1) don't forget your passphrase. This is a real problem for everyone, especially as people get older. 2) You are relying on a few different things to stick around for the future, including VeraCrypt and optical disk readers. These tools could fall into oblivion at any time, especially if you decide to take a trip to Mars before coming back to take control again of your bitcoin. You also need to be disciplined enough to not use this machine for anything *but* bitcoin. But it's definitely going to give you faster and more reliable access to your bitcoin than a paper wallet, because you simply have to load the optical disk into a clean machine and decrypt/copy your wallet.dat file. This approach to backup/recovery will maintain your full transaction history and give you more privacy than BIP-39 style paper wallets and hardware wallets.
One last note: this is still a "single signer" approach, which exposes you to risks of violent coersion. To avoid that, you'll want to use this setup + at least two duplicate setups in a 2/3 or five duplicate setups in a 3/5 multisignature arrangement. This is a lot of effort for most private persons, but some big financial companies might already be taking this approach in a bid to offer bitcoin custody accounts to their clients...Return to main