Cold Storage
Offline Cold Storage
Description: Blaustahl USB dongle
The Blaustahl USB dongle provides long-term storage for four pages of text (about 8000 characters) 8 kilobytes (KB) or about 0.0076 megabytes (MB).Simply plug the device into your computer and open any serial communications program that supports VT100 emulation.
Supported Client programs include, PuTTY, Tera Term, Minicom, screen, see the example below.
Its Unmatched Longevity
Unlike SSDs, which use delicate NAND flash with limited write cycles, The Blaustahl USB is built with industrial-grade SLC or MRAM storage.It lasts 10–100× longer due to zero-wear architecture, radiation resistance, and no degradation from charge leakage over time.
Usage
Designed for ultra-secure offline storage, The Blaustahl USB excels at safeguarding Bitcoin seed phrases, SSH private keys, and sensitive credentials.Where to buy
Learn more at Machdyne ↗Cloud Cold Storage
IBM Cloud cold Storage
This guide is for using encrypted containers, with tools like Veracrypt, cryptsetup, then uploading them to
IBM Cloud private buckets enable encrypted container storage with built-in versioning.
Each upload creates a new immutable version, preserving previous states.
Encryption at rest ensures data integrity and confidentiality, ideal for securely managing sensitive files such as ssh backup keys, bitcoin seed words, etc.
Security
Storing SSH keys and Bitcoin seed words requires the highest level of security.
Encrypting them with a strong, randomized 64-character password ensures near-impossible brute-force resistance.
A strong randomized 64-character hexadecimal secret provides 256 bits of key material, because each hex character represents 4 bits and 64 × 4 = 256.
This makes brute-force attacks computationally unrealistic when the value is generated randomly and kept secret.
Even the cloud provider cannot decrypt the container, making it truly private and resilient against insider or external threats.
Extra Security: IP Restrictions & FIDO2 for File Access
To further harden access to encrypted files, IBM Cloud supports setting IP restrictions on private buckets—allowing only trusted source IPs or CIDR ranges.
This ensures only authorized networks can attempt access.
FIDO2 hardware-based authentication can be enforced at the application layer (e.g., within your container decryption flow or secure front-end) to require physical presence for access.
Combined, these controls dramatically reduce attack surface—defending against token theft, API abuse, and even insider access from the cloud provider or compromised systems.
Extra Security: IP Restrictions & FIDO2 for File Access
To further harden access to encrypted files, IBM Cloud supports setting IP restrictions on private buckets—allowing only trusted source IPs or CIDR ranges.
This ensures only authorized networks can attempt access.
FIDO2 hardware-based authentication can be enforced at the application layer, such as within your container decryption flow or secure front-end, to require physical presence before access is granted.
Combined, these controls dramatically reduce attack surface—defending against token theft, API abuse, and unauthorized access from compromised systems.
Debate
Since commercial cloud object storage became mainstream around 2006, there has been an ongoing debate about the security risk of storing backups on third-party cloud infrastructure.
The concern is valid: cloud storage can increase exposure if buckets are misconfigured, credentials are stolen, access tokens are abused, or files are uploaded without strong client-side encryption.
This debate changes significantly when the backups are stored inside encrypted file containers before they ever reach the cloud provider.
If the container is encrypted locally with a strong cipher, a correct cipher mode, a properly generated high-entropy key, and a long randomized passphrase or keyfile, the cloud provider only stores ciphertext.
In that model, the cloud becomes the storage layer, not the trust boundary.
For full-disk or block-style encrypted containers, modes such as XTS are commonly used because they are designed for storage encryption rather than simple message encryption.
The important point is not just the cipher name, but the full design: correct mode, strong key length, random key material, authenticated access controls, safe key handling, and tested recovery procedures.
In practice, encrypted backup containers stored in cloud object storage can be more resilient than keeping the only backup in one physical location.
A single local backup can be lost to theft, fire, hardware failure, ransomware, or operator error.
A properly encrypted off-site cloud backup adds geographic separation while still keeping the provider unable to read the contents.
This section is specifically about encrypted file containers that hold backup files.
It does not cover every possible backup design, such as individually encrypted image files, per-file compression before encryption, or application-native backup formats.
Debate: Paranoid Level
For those who still argue that cloud storage is not a viable safe solution, there are more extreme defensive tricks that can reduce the value of the stored cloud object even further.
These approaches are sometimes used as an additional obscurity layer on top of real encryption, not as a replacement for strong encryption.
One paranoid method is to keep the encrypted container header offline.
With container formats where the header is required for decryption, the cloud copy can be stored with the real header removed or overwritten, while the valid header is kept separately on offline media.
The missing header can later be restored with dd before mounting or recovering the encrypted backup container.
Another variation is to overwrite sensitive header or identification areas with random data from /dev/urandom, then restore the correct bytes only when the backup container needs to be used.
This can make the cloud-stored object look more like random noise and reduce obvious metadata exposure.
A second trick is to record an offline checksum or hash value for the valid encrypted image, then deliberately store a modified cloud copy whose visible hash no longer matches the real one.
The correct verification value is kept offline and only used during recovery validation.
This may confuse simple integrity tracking or attacker-side cataloging, but it also makes normal automated verification harder.
NOTICE: These tricks are not recommended for normal backups.
They introduce extra recovery steps and new points of failure.
If the offline header, checksum notes, restore commands, or byte offsets are lost or written down incorrectly, the backup may become unrecoverable even when the encrypted data itself still exists.
For most serious backup designs, strong client-side encryption, tested restore procedures, offline key storage, multiple backup locations, and regular integrity checks are safer than intentionally damaging or modifying the stored backup image.
Summary: Backups
Backups should never be treated as a single solution.
A strong backup strategy is built in layers, with different priorities for different types of data.
Not all backups should live in the same location, and not all backups need the exact same security controls.
Less sensitive backups may be stored using normal encrypted cloud storage or standard off-site backup methods.
More sensitive backups should receive extra protection, such as being stored inside an encrypted container image before being uploaded to cloud storage.
For higher-value data, a layered approach can include both cloud storage and offline storage.
For example, the same encrypted backup container can be stored in a private cloud bucket and also copied to a hardware-encrypted USB key.
Smaller but highly sensitive data can also be kept on a separate cold-storage USB key that stays offline until needed.
The goal is resilience and controlled access.
Cloud storage helps protect against local hardware loss, theft, fire, and site failure.
Offline storage helps protect against account compromise, ransomware, provider outages, and accidental deletion.
Used together, they create a stronger backup model than relying on any single location or single technology.
Cloud Cold Storage Providers
-
Oracle Cloud Object Storage: Archive Storage Tier (Cold)
https://www.oracle.com/a/ocom/docs/cloud-training-storage-services.pdf
https://cloud.oracle.com -
IBM Cloud Object Storage: Archive Storage Tier (Cold)
https://mediacenter.ibm.com/media/How+to+provision+IBM+Cloud+Object+Storage+%E2%80%93+Native+Backup/1_ksk5m2td
https://cloud.ibm.com
Encrypted USB Drives
USB hardware-embedded AES-XTS 256-bit encryption
These drives offer hardware-embedded AES-XTS 256-bit encryption, FIPS-level certifications, PIN/keypad entry, and tamper-/water-resistant designs — ideal for securing SSH keys, Bitcoin seed phrases, or sensitive data.
Risks: Storage Reliability
Despite advanced encryption and rugged housing, most of these devices still use flash storage (SSD) under the hood—subject to wear-out over time.
NAND flash has limited write cycles, and environmental stress (e.g., ESD, heat, physical trauma) can still cause failure.
Encrypted drives protect your data from theft—not from electrical or hardware degradation.
For critical data (like Bitcoin seed words or SSH keys), consider additional redundancy (e.g., paper backups or hardware wallets) and periodic health checks.
Usage: Flash Storage Needs Power
Most hardware-encrypted USB drives and secure storage devices still use NAND flash storage internally.
NAND flash needs power to read, write, erase, and maintain stored data reliably over time.
Flash cells store data as tiny electrical charges.
If a device sits unpowered for long periods, those charges can slowly drift or leak.
Over time, this may lead to bit errors, corrupted files, or data loss.
This means encrypted USB keys and SSD-based backup devices should not be treated as permanent cold storage without maintenance.
Encryption protects the data from unauthorized access, but it does not protect the flash memory from charge leakage, wear-out, heat damage, ESD, controller failure, or physical damage.
For important backups, power the device on periodically, verify the files, refresh the backup copy when needed, and keep more than one backup in more than one location.
Technical: Hardware Encryption
Hardware-encrypted USB drives usually encrypt data inside the drive’s controller, often using AES.
The user password or PIN is typically processed through a key-derivation function, which turns it into an unlock key rather than using the password directly.
The actual data-encryption key is normally generated and stored inside the device’s secure hardware, controller, or protected memory area.
It should not be stored as plain text in normal flash storage.
In a well-designed hardware-encrypted drive, the host computer only sees the unlocked storage after authentication succeeds.
The encryption and decryption operations happen inside the device, which helps reduce exposure of the raw encryption key to the operating system.
The exact design depends on the vendor and model, so higher-security use cases should prefer devices with public security certifications, documented encryption design, and a strong recovery and backup plan.
Cost: Hardware-Encrypted USB vs Normal Backup Storage
Hardware-encrypted USB drives can be useful for sensitive data, but they are usually not cost-effective for every backup.
Devices such as Integral Crypto USB drives cost much more per gigabyte than normal USB-attached SSD storage.
This makes them a poor choice for large backup sets such as full computer image recovery files, VM images, media archives, or bulk system backups.
For those use cases, it is usually better to use normal high-capacity storage and apply strong software encryption before writing or uploading the backup.
Capacity | Integral Crypto USB price per GB | Normal USB-attached SSD price per GB
---------|----------------------------------|-------------------------------------
1 GB | ~€6.5-€7 per GB | ~€0.04-€0.11 per GB
16 GB | ~€3-€5 per GB | ~€0.04-€0.12 per GB
64 GB | ~€1.0-€1.4 per GB | ~€0.04-€0.11 per GB
At every listed capacity, the hardware-encrypted USB device is much more expensive per gigabyte.
Because of that, these devices make the most sense for smaller, high-value data sets such as SSH private keys,
password vault exports, recovery codes, seed backups, legal documents, or small encrypted containers.
A practical model is to reserve hardware-encrypted USB storage for the most sensitive files, while using larger,
cheaper SSDs or cloud storage for bulk backups that are already protected with strong client-side encryption.
RISK! Auto-Wipe and Lost Passwords
Hardware-encrypted USB drives can be dangerous if they are misused, because many of them are designed to protect data by making it inaccessible rather than by allowing unlimited password guessing.
Some devices allow only a limited number of wrong-password attempts before the storage is locked, reset, or wiped.
Depending on the model, this limit may be configurable, commonly around 3 to 10 attempts.
Once the failure threshold is crossed, the device may permanently erase the internal encryption key.
When that happens, the encrypted data is effectively lost even if the physical USB device is still intact.
This is why these devices are excellent for protecting against theft, but risky for backups if the password, PIN, recovery notes, or recovery process are not carefully managed.
A well-known example is
Stefan Thomas
,
a programmer who lost access to an IronKey encrypted USB drive holding private keys for about 7,002 BTC.
Reporting from WIRED described the device as an IronKey S200 and explained that Thomas had already used several password attempts, with only two guesses reportedly remaining before the device would erase itself.
The case shows how the same security feature that protects the data, restricted guessing and automatic wipe behavior, can become a serious liability when the correct password is forgotten or misrecorded.
For backup use, the lesson is simple: never depend on one hardware-encrypted device, one password, or one written recovery note.
Keep tested redundant backups, document the recovery steps, store recovery material offline, and periodically verify that the backup can actually be restored.
List of devices:
Strongly recommended to get a USB-C version for future-proofing.
-
Kingston IronKey D500S
8 GB–512 GB — XTS‑AES 256‑bit, FIPS 140‑3 Level 3 (pending), dual hidden partitions, rugged IP67 zinc alloy casing, auto crypto‑erase, BadUSB protection -
iStorage diskAshur PRO²
128 GB–16 TB (HDD/SSD) — XTS‑AES 256‑bit, FIPS 140‑2 Level 3, NATO/NCSC certified, PIN keypad, tamper-evident epoxy seal, IP56, auto‑lock, self‑destruct -
Apricorn Aegis Secure Key 3NXC
8 GB–64 GB — XTS‑AES 256‑bit, FIPS 140‑2 Level 3, hardware keypad with integrated battery, brute-force protection, IP67 waterproof casing -
Integral Crypto Drive FIPS 140-2
4 GB–128 GB — AES 256-bit hardware encryption, FIPS 140‑2 validated, software-enforced password access, auto-erase on brute-force, zero software install -
Integral Crypto Dual+
8 GB–128 GB — AES 256-bit encryption, dual password (user/admin), optional read-only mode, secure entry via software, FIPS 197 validated -
Integral Crypto Key USB 3.0
4 GB–64 GB — PIN-based access on a physical keypad, AES 256-bit, auto-lock, no drivers required, rugged design -
Corsair Padlock 3
16 GB–128 GB — AES 256-bit hardware encryption, numeric keypad, FIPS 197 validation, rugged rubber housing, auto-lock after inactivity