German_American_Bank_vault_lock

Bitcoin Cold Storage In Plain English

In this, the latest edition of my “In Plain English” series, we’ll tackle another subject normally bogged down with technobabble in the simplest terms we can manage.

Today’s topic is that of “cold storage” – the storage of valuables, specifically bitcoins, in such a way that they are significantly harder to steal than normal, though at the admitted cost of delay in access times. There are a number of popular methods for performing such bitcoin storage, but to use most of them you still have to wade knee-deep into cryptography jargon and it seems like you need an advanced degree just to keep your coins safe. Well that’s just not the case and I intend to prove it.

One of the bigger benefits Bitcoin has is its cash-like nature. People are used to cash, they understand cash much better than most digital payment systems, so let’s make an analogy with cash. Imagine you’re very rich (one of my favorite fantasies). You take a million dollars cash to a bank and deposit it. Would you be surprised at all if you returned to the bank a few months later and were told you’d have to wait a few days to withdraw your million dollars? Probably not. It’s well-understood that your branch probably doesn’t have enough cash on hand to cash out your million and still do business – they don’t feel comfortable holding that kind of money in the same place they hold the smaller amount of cash they transact their daily business with – they have most of their money somewhere much more secure. Even the convenience store on the corner keeps a small amount of cash in the register and the majority of their money in a safe. Cold storage is the Bitcoin version of a safe.

The one tiny bit of terminology you need to understand to fully comprehend the basic concept of cold storage is what techies mean when they refer to systems, databases and other things as “hot” or “cold.” A “hot” system is one that’s live, running, connected. A “cold” system is powered-down, stopped, offline. To this end what we really mean when we say “cold storage” is that we’re storing Bitcoins somewhere that’s not connected to the Bitcoin network or, in most cases, even connected to the internet or even on a computer at all.

There are a multitude of ways to do this, and we’ll explore a few in detail, but it all boils down to the very basic principle that if your data isn’t on a computer that’s connected to internet then someone has to physically gain access to it to compromise it, and it’s way easier to secure things physically than digitally.

So how do you ensure the safety of your coins? Most of the options fall into one of two categories:

  • Paper Wallets
    Paper wallets are one of the most popular methods for storing bitcoins offline. A program of some kind generates the public and private halves of a Bitcoin address (or several). There are usually handy little barcodes that you can scan with your phone, so you don’t have to type those monstrously long things in by hand when the time comes to use your coins. You print off what you’ve generated and send coins to that address. You’ve just printed your very own paper money and it can be stored securely in exactly the same ways that cash can.
  • Brain Wallets
    Brain wallets are a little more complicated. Where the addresses in paper wallets are generated at random, the addresses in brain wallets follow rules. You memorize something long and random, like a random sequence of words: “steady harbor business last barn test instant begun know silver driver naturally closer sum automobile some” would make a decent passphrase, for example. Again some piece of software comes into play and turns your passphrase into one or more Bitcoin addresses in a completely reproducible way. There is something of a standard method for turning passphrases into addresses, but that would bring us knee-deep in jargon again. Via the standard method, our above passphrase would yield a Bitcoin address of “1Jkibvu28YqSiSqdyB9jgcAAJCRWqg2QQL” so we could send some coins to that address and as long as we can remember the passphrase. It’s also incredibly important to have a long and secure passphrase for this method – longer than most can remember, which makes this method somewhat less popular. If someone can guess your password, they can steal your money. This address, for example, was generated from the example passphrase from this comic. Someone used a pop culture reference to create their Bitcoin address and if there were actually funds there, we could all steal them now.

It’s important to note that, under most circumstances, you generate these addresses, use them for storage once and then never use them again. In order to use the funds in a paper wallet, you have to use the account on an online (hot) computer, which lowers the security of whatever account you just used. Under most circumstances, cold storage addresses should be considered to be single-use addresses only. Which way you should go is up to you, but I’ll give you a few tools you can use either way.

First, bitaddress.org is an excellent and accessible tool. Despite looking like a normal web page with multiple tabs, the whole thing is written in such a way that once it’s loaded it never needs internet access again. You can go to the page, completely disconnect your computer from the net and it will still work. As a matter of fact, that’s the way the most paranoid among us suggest you do this – it’s probably not necessary, especially not for the comparatively small amount of coins most of us are likely to be storing, but hey, you can never be to careful. Bitaddress.org is also fairly unique in that they offer a huge amount of functionality: they can generate paper wallets one address at a time or in bulk, they do brain wallets too and they even have a special “bulk wallet” function for people who want to accept payments on their web site without actually storing their coins on some scarily-insecure web server.

Users of the popular blockchain.info wallet service can also create a paper wallet through blockchain.info’s “offline” functionality (tutorial here) and as an added bonus, you can keep monitoring the funds in those accounts through the same site (and apps) you monitor your regular balances with. They even have a method for performing transactions with paper wallet addresses that doesn’t “burn” the address – at least not as badly as any other method of spending from such wallets (they prompt you to enter they key and then use it once, never actually storing it).

For brain wallets, I’ll simply mention two more tools: Casascius’ Bitcoin Address Utility and the Bitcoin Address Tool for Android. Full disclosure: I wrote a few bits and pieces of Casascius’ tool and I’m the sole author of the Android app, but they’re both open source and people much smarter than me have looked at their code and found no problems. They also both use the same method as bitaddress.org so the same passphrase will produce the same address in all 3. They all work about the same way: put your passphrase in one box, hit a button, a Bitcoin address comes out the other end.

Of course, there are other ways to turn your bitcoins into easily-secured physical goods without even resorting to a do-it-yourself method. There are Casascius’ always-popular physical Bitcoins, a few different folks are offering some variety of Bitcoin-based checks, and more products are hitting the market all the time – of course these all require that you trust the person sending you to not keep copies of everything they send out and steal your funds later. To my knowledge this hasn’t happened yet, but it’s a possibility and with money to be stolen it’s almost certain that at some point it will.

So there you have it, a few ways to keep your coins as safe as cash without wading through a pile of techie terms. If you’ve got anything to add or any questions, please post them in the comments and as always I’ll do my best to keep the article up-to-date.

5 tips so far
0.00865771 BTC
(avg tip 0.00173 BTC)

Tip With Bitcoin

1GnnNKbYzqPFrMe2g6F5Whpw54CskLV5k1

Each post gets its own unique Bitcoin address so by tipping you're not only making my continued efforts possible but telling me what you liked. Vote with your (Bitcoin) wallet!

Share ThisShare on Reddit0Share on Google+4Share on Facebook17Tweet about this on Twitter16
Loading Facebook Comments ...

Comments

    • says

      Only if you mean "moving a wallet.dat file created on a completely offline computer to a USB drive" – the idea of cold storage isn't to back up your wallet, it's to create addresses that have never ever been seen by any system that was connected to the internet – to literally create an address for which the only copy of the private key is on one or more pieces of paper that only you possess.

    • says

      Only if you mean "moving a wallet.dat file created on a completely offline computer to a USB drive" – the idea of cold storage isn't to back up your wallet, it's to create addresses that have never ever been seen by any system that was connected to the internet – to literally create an address for which the only copy of the private key is on one or more pieces of paper that only you possess.

  1. mafaesto says

    I am confused, is the idea to send your current bitcoin wallet ballence to these "cold storage" bitaddresses? If so how to you re-obtain the amount? Are we to remember or write down the amount when printed out so we do not forget? I apologize I am very new to bitcoins in general and only recently started.

    • DoleBob says

      You can always check the amount in a bitcoin address via the blockchain, but to spend the cold-storage coins you'll have to retrieve them and typically use a QR reader on your piece of paper to spend it. Typically you'd resend the remaining balance to a NEW cold-storage address as mentioned in the article.

      Also if you have large sums you'd split the sum into smaller sums over more addresses so that you're only ever potentially exposing a smaller value to a connected system.

      • says

        Exactly correct. It's a tradeoff of security vs. time-to-access. It takes more time and effort to spend coins from paper wallets but they're also WAY more secure, so they make for a very effective savings account.

        • mafaesto says

          I think what I'm also a little confused about is, how you send your bitcoins to cold storage if it is offline. Isn't it required to be online to send it? I feel like I'm making it overly complicated but, it is unclear to me lol.

          • Adrian says

            You never actually have the coins in your wallet they are on the net. Your private key gives you ownership of them. When you make a paper wallet anyone can "deposit" to the public key at any time, but only the person with access to the printed private key can use the coins.

          • Otoh says

            yep, you do have to be online to send coins to the offline cold storage, this may be for coins that you earn or coins that other's send to you (then they're the one's online), or for mined coins – then it's a few at a time etc – basically keep what you need to use & are comfortable with not in cold storage & when you wish to remove some to greater & longer term security just send them to your cold storage.

  2. mafaesto says

    I am confused, is the idea to send your current bitcoin wallet ballence to these "cold storage" bitaddresses? If so how to you re-obtain the amount? Are we to remember or write down the amount when printed out so we do not forget? I apologize I am very new to bitcoins in general and only recently started.

    • DoleBob says

      You can always check the amount in a bitcoin address via the blockchain, but to spend the cold-storage coins you'll have to retrieve them and typically use a QR reader on your piece of paper to spend it. Typically you'd resend the remaining balance to a NEW cold-storage address as mentioned in the article.

      Also if you have large sums you'd split the sum into smaller sums over more addresses so that you're only ever potentially exposing a smaller value to a connected system.

      • says

        Exactly correct. It's a tradeoff of security vs. time-to-access. It takes more time and effort to spend coins from paper wallets but they're also WAY more secure, so they make for a very effective savings account.

        • mafaesto says

          I think what I'm also a little confused about is, how you send your bitcoins to cold storage if it is offline. Isn't it required to be online to send it? I feel like I'm making it overly complicated but, it is unclear to me lol.

          • Adrian says

            You never actually have the coins in your wallet they are on the net. Your private key gives you ownership of them. When you make a paper wallet anyone can "deposit" to the public key at any time, but only the person with access to the printed private key can use the coins.

          • Otoh says

            yep, you do have to be online to send coins to the offline cold storage, this may be for coins that you earn or coins that other's send to you (then they're the one's online), or for mined coins – then it's a few at a time etc – basically keep what you need to use & are comfortable with not in cold storage & when you wish to remove some to greater & longer term security just send them to your cold storage.

  3. Nunya Bidnez says

    Re: "There is something of a standard method for turning passphrases into addresses," – where can I learn more about this 'somewhat standard' algorithm?

    I've not yet created a brain wallet, as I am unsure the existing passphrase-to-key converters (e.g. bitaddress.org) will be around in a quarter-century. Knowing the algorithm would eliminate this barrier.

    • says

      Almost all of them just use sha256(passphrase) to generate a private key, the private key is of course used to generate the public key as normal and everything else is Bitcoin-as-usual.

  4. Nunya Bidnez says

    Re: "There is something of a standard method for turning passphrases into addresses," – where can I learn more about this 'somewhat standard' algorithm?

    I've not yet created a brain wallet, as I am unsure the existing passphrase-to-key converters (e.g. bitaddress.org) will be around in a quarter-century. Knowing the algorithm would eliminate this barrier.

    • says

      Almost all of them just use sha256(passphrase) to generate a private key, the private key is of course used to generate the public key as normal and everything else is Bitcoin-as-usual.

  5. Robert says

    whats your opinion on generating private keys offline, encrypting them, then storing the encrypted keys in some random place online?

    • says

      I'd say that you haven't really gone anywhere since now instead of worrying about your Bitcoin private key you're worried about the private key you used to encrypt it. There's still a key you have to keep track of and it still has to be a strong one, otherwise you've decreased the overall security of the system. Since the kind of keys/passwords the average person is capable of reliably remembering are not particularly strong, it's unlikely that this is a good idea.

  6. Robert says

    whats your opinion on generating private keys offline, encrypting them, then storing the encrypted keys in some random place online?

    • says

      I'd say that you haven't really gone anywhere since now instead of worrying about your Bitcoin private key you're worried about the private key you used to encrypt it. There's still a key you have to keep track of and it still has to be a strong one, otherwise you've decreased the overall security of the system. Since the kind of keys/passwords the average person is capable of reliably remembering are not particularly strong, it's unlikely that this is a good idea.

  7. Axa says

    Why no mention of the two bitcoin wallets Armory and Electrum that support cold storage?

    Both wallets allow your private keys to be kept on an offline computer.

    • says

      Beacuse this article was written over a year ago and neither of those were really options at the time ;-)

      In all honesty, though, it's because the specific applications supporting cold storage will change over the years but the idea itself is probably a bit more future-proof. I probably shouldn't even have mentioned the applications I did – Brain wallets are highly out of fashion now and Casascius' physical bitcoins had their security broken at Defcon 21.

      I personally do use an offline electrum system for my own cold storage and I'm even helping a friend set one up for himself tomorrow morning.

      All that said, I do think some of these older (but quite popular) articles could use some brushing up. Maybe as soon as I've ensure my buddy's coins don't get stolen I'll have to come back here and re-read my older work.

  8. Axa says

    Why no mention of the two bitcoin wallets Armory and Electrum that support cold storage?

    Both wallets allow your private keys to be kept on an offline computer.

    • says

      Beacuse this article was written over a year ago and neither of those were really options at the time ;-)

      In all honesty, though, it's because the specific applications supporting cold storage will change over the years but the idea itself is probably a bit more future-proof. I probably shouldn't even have mentioned the applications I did – Brain wallets are highly out of fashion now and Casascius' physical bitcoins had their security broken at Defcon 21.

      I personally do use an offline electrum system for my own cold storage and I'm even helping a friend set one up for himself tomorrow morning.

      All that said, I do think some of these older (but quite popular) articles could use some brushing up. Maybe as soon as I've ensure my buddy's coins don't get stolen I'll have to come back here and re-read my older work.

Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *