In this, the latest edition of my “In Plain English” series, we’ll tackle another subject normally bogged down with technobabble in the simplest terms we can manage.
Today’s topic is that of “cold storage” – the storage of valuables, specifically bitcoins, in such a way that they are significantly harder to steal than normal, though at the admitted cost of delay in access times. There are a number of popular methods for performing such bitcoin storage, but to use most of them you still have to wade knee-deep into cryptography jargon and it seems like you need an advanced degree just to keep your coins safe. Well that’s just not the case and I intend to prove it.
One of the bigger benefits Bitcoin has is its cash-like nature. People are used to cash, they understand cash much better than most digital payment systems, so let’s make an analogy with cash. Imagine you’re very rich (one of my favorite fantasies). You take a million dollars cash to a bank and deposit it. Would you be surprised at all if you returned to the bank a few months later and were told you’d have to wait a few days to withdraw your million dollars? Probably not. It’s well-understood that your branch probably doesn’t have enough cash on hand to cash out your million and still do business – they don’t feel comfortable holding that kind of money in the same place they hold the smaller amount of cash they transact their daily business with – they have most of their money somewhere much more secure. Even the convenience store on the corner keeps a small amount of cash in the register and the majority of their money in a safe. Cold storage is the Bitcoin version of a safe.
The one tiny bit of terminology you need to understand to fully comprehend the basic concept of cold storage is what techies mean when they refer to systems, databases and other things as “hot” or “cold.” A “hot” system is one that’s live, running, connected. A “cold” system is powered-down, stopped, offline. To this end what we really mean when we say “cold storage” is that we’re storing Bitcoins somewhere that’s not connected to the Bitcoin network or, in most cases, even connected to the internet or even on a computer at all.
There are a multitude of ways to do this, and we’ll explore a few in detail, but it all boils down to the very basic principle that if your data isn’t on a computer that’s connected to internet then someone has to physically gain access to it to compromise it, and it’s way easier to secure things physically than digitally.
So how do you ensure the safety of your coins? Most of the options fall into one of two categories:
- Paper Wallets
Paper wallets are one of the most popular methods for storing bitcoins offline. A program of some kind generates the public and private halves of a Bitcoin address (or several). There are usually handy little barcodes that you can scan with your phone, so you don’t have to type those monstrously long things in by hand when the time comes to use your coins. You print off what you’ve generated and send coins to that address. You’ve just printed your very own paper money and it can be stored securely in exactly the same ways that cash can.
- Brain Wallets
Brain wallets are a little more complicated. Where the addresses in paper wallets are generated at random, the addresses in brain wallets follow rules. You memorize something long and random, like a random sequence of words: “steady harbor business last barn test instant begun know silver driver naturally closer sum automobile some” would make a decent passphrase, for example. Again some piece of software comes into play and turns your passphrase into one or more Bitcoin addresses in a completely reproducible way. There is something of a standard method for turning passphrases into addresses, but that would bring us knee-deep in jargon again. Via the standard method, our above passphrase would yield a Bitcoin address of “1Jkibvu28YqSiSqdyB9jgcAAJCRWqg2QQL” so we could send some coins to that address and as long as we can remember the passphrase. It’s also incredibly important to have a long and secure passphrase for this method – longer than most can remember, which makes this method somewhat less popular. If someone can guess your password, they can steal your money. This address, for example, was generated from the example passphrase from this comic. Someone used a pop culture reference to create their Bitcoin address and if there were actually funds there, we could all steal them now.
It’s important to note that, under most circumstances, you generate these addresses, use them for storage once and then never use them again. In order to use the funds in a paper wallet, you have to use the account on an online (hot) computer, which lowers the security of whatever account you just used. Under most circumstances, cold storage addresses should be considered to be single-use addresses only. Which way you should go is up to you, but I’ll give you a few tools you can use either way.
First, bitaddress.org is an excellent and accessible tool. Despite looking like a normal web page with multiple tabs, the whole thing is written in such a way that once it’s loaded it never needs internet access again. You can go to the page, completely disconnect your computer from the net and it will still work. As a matter of fact, that’s the way the most paranoid among us suggest you do this – it’s probably not necessary, especially not for the comparatively small amount of coins most of us are likely to be storing, but hey, you can never be to careful. Bitaddress.org is also fairly unique in that they offer a huge amount of functionality: they can generate paper wallets one address at a time or in bulk, they do brain wallets too and they even have a special “bulk wallet” function for people who want to accept payments on their web site without actually storing their coins on some scarily-insecure web server.
Users of the popular blockchain.info wallet service can also create a paper wallet through blockchain.info’s “offline” functionality (tutorial here) and as an added bonus, you can keep monitoring the funds in those accounts through the same site (and apps) you monitor your regular balances with. They even have a method for performing transactions with paper wallet addresses that doesn’t “burn” the address – at least not as badly as any other method of spending from such wallets (they prompt you to enter they key and then use it once, never actually storing it).
For brain wallets, I’ll simply mention two more tools: Casascius’ Bitcoin Address Utility and the Bitcoin Address Tool for Android. Full disclosure: I wrote a few bits and pieces of Casascius’ tool and I’m the sole author of the Android app, but they’re both open source and people much smarter than me have looked at their code and found no problems. They also both use the same method as bitaddress.org so the same passphrase will produce the same address in all 3. They all work about the same way: put your passphrase in one box, hit a button, a Bitcoin address comes out the other end.
Of course, there are other ways to turn your bitcoins into easily-secured physical goods without even resorting to a do-it-yourself method. There are Casascius’ always-popular physical Bitcoins, a few different folks are offering some variety of Bitcoin-based checks, and more products are hitting the market all the time – of course these all require that you trust the person sending you to not keep copies of everything they send out and steal your funds later. To my knowledge this hasn’t happened yet, but it’s a possibility and with money to be stolen it’s almost certain that at some point it will.
So there you have it, a few ways to keep your coins as safe as cash without wading through a pile of techie terms. If you’ve got anything to add or any questions, please post them in the comments and as always I’ll do my best to keep the article up-to-date.