HOME
art gallery Linkedin GitHub Donations Our Recommendations
Login
Hashcat Cold Storage Premium
Info
Vuln Fact Check Server Managment Links
SSH
Auth.log Debug DNS key share Cheatpapper
Encryption
fido2 Twofish serpent .ssh/config cipher set sshd set cipher
Firewall
IP block list Fail2ban fail2ban Config SELinux
Tools
Mpiexec Rsync Mosh Glances SSHFS Tmate autossh XQuartz
VPN
SSH Tunneling Cloudflare Onion Network/Tor sshuttle SSH Proxy Reverse Tunnel SSH Tunnel ssh socksv5 proxy
Keys
CA Info Generate Ed25519 key Certificates keys CA & Host auth Backup Key OTP Hardware key SCP Trezor Ledger Nano X
Tweaks
DNS BASH Zsh ssh client env sshd env config X11
Configfiles
sshd, Single Node. sshd, Firewall Single Node. sshd, Cloud Firewall Single Node. sshd, Firewall X11. Win 11 OpenSSH Server

Cold Storage

Offline Cold Storage

Blaustahl USB dongle icon

Description: Blaustahl USB dongle

The Blaustahl USB dongle provides long-term storage for four pages of text (about 8000 characters) 8 kilobytes (KB) or about 0.0076 megabytes (MB).
Simply plug the device into your computer and open any serial communications program that supports VT100 emulation.
Supported Client programs include, PuTTY, Tera Term, Minicom, screen, see the example below.

Blaustahl USB dongle icon

Its Unmatched Longevity

Unlike SSDs, which use delicate NAND flash with limited write cycles, The Blaustahl USB is built with industrial-grade SLC or MRAM storage.
It lasts 10–100× longer due to zero-wear architecture, radiation resistance, and no degradation from charge leakage over time.

Usage

Designed for ultra-secure offline storage, The Blaustahl USB excels at safeguarding Bitcoin seed phrases, SSH private keys, and sensitive credentials.

Where to buy

Learn more at Machdyne ↗

Cloud Cold Storage

Cloud Cold Storage icon

IBM Cloud cold Storage

IBM Cloud private buckets enable encrypted container storage with built-in versioning.
Each upload creates a new immutable version, preserving previous states.
Encryption at rest ensures data integrity and confidentiality, ideal for securely managing sensitive files such as ssh backup keys, bitcoin seed words, etc.

Security

Storing SSH keys and Bitcoin seed words requires the highest level of security.
Encrypting them with a strong, randomized 64-character password ensures near-impossible brute-force resistance.
Even the cloud provider cannot decrypt the container, making it truly private and resilient against insider or external threats.

Extra Security: IP Restrictions & FIDO2 for File Access

To further harden access to encrypted files, IBM Cloud supports setting IP restrictions on private buckets—allowing only trusted source IPs or CIDR ranges.
This ensures only authorized networks can attempt access.
FIDO2 hardware-based authentication can be enforced at the application layer (e.g., within your container decryption flow or secure front-end) to require physical presence for access.
Combined, these controls dramatically reduce attack surface—defending against token theft, API abuse, and even insider access from the cloud provider or compromised systems.

Encrypted USB Drives

Encrypted USB Drives

USB hardware-embedded AES-XTS 256-bit encryption

These drives offer hardware-embedded AES-XTS 256-bit encryption, FIPS-level certifications, PIN/keypad entry, and tamper-/water-resistant designs — ideal for securing SSH keys, Bitcoin seed phrases, or sensitive data.


Risks: Storage Reliability

Despite advanced encryption and rugged housing, most of these devices still use flash storage (SSD) under the hood—subject to wear-out over time.
NAND flash has limited write cycles, and environmental stress (e.g., ESD, heat, physical trauma) can still cause failure.

Encrypted drives protect your data from theft—not from electrical or hardware degradation.
For critical data (like Bitcoin seed words or SSH keys), consider additional redundancy (e.g., paper backups or hardware wallets) and periodic health checks.


List of devices:

Strongly recommended to get a USB-C version for future-proofing.

  • Kingston IronKey D500S
    8 GB–512 GB — XTS‑AES 256‑bit, FIPS 140‑3 Level 3 (pending), dual hidden partitions, rugged IP67 zinc alloy casing, auto crypto‑erase, BadUSB protection
  • iStorage diskAshur PRO²
    128 GB–16 TB (HDD/SSD) — XTS‑AES 256‑bit, FIPS 140‑2 Level 3, NATO/NCSC certified, PIN keypad, tamper-evident epoxy seal, IP56, auto‑lock, self‑destruct
  • Apricorn Aegis Secure Key 3NXC
    8 GB–64 GB — XTS‑AES 256‑bit, FIPS 140‑2 Level 3, hardware keypad with integrated battery, brute-force protection, IP67 waterproof casing
  • Integral Crypto Drive FIPS 140-2
    4 GB–128 GB — AES 256-bit hardware encryption, FIPS 140‑2 validated, software-enforced password access, auto-erase on brute-force, zero software install
  • Integral Crypto Dual+
    8 GB–128 GB — AES 256-bit encryption, dual password (user/admin), optional read-only mode, secure entry via software, FIPS 197 validated
  • Integral Crypto Key USB 3.0
    4 GB–64 GB — PIN-based access on a physical keypad, AES 256-bit, auto-lock, no drivers required, rugged design
  • Corsair Padlock 3
    16 GB–128 GB — AES 256-bit hardware encryption, numeric keypad, FIPS 197 validation, rugged rubber housing, auto-lock after inactivity