Cold Storage: how to safely store bitcoin

Tuesday 18 March 2014

The best way to keep your bitcoin safe from the many dangers in the Internet world is to keep them in Cold Storage. What is this cold storage you ask? Is it important and do I need to know this info? I answer you with an unequivocal YES!

Bitcoin cold storage is the term given to the practice of keeping your wallets “PRIVATE KEYS” on an offline computer that does not connect to the outside world. Without a doubt, there is no better or safer way to store your bitcoin. Cold storage absolutely protects your bitcoin from loss or theft as long as the creation of these wallets is not done on an infected computer. If your computer is already infected, the Cold Storage you create could be a lesson in security, because if someone gets the private keys to your wallet addresses, you can consider your bitcoin… gone. So please, make sure you are using a security client, and you have tested for malware and viruses before you take any steps to creating a Cold Storage for your bitcoin.

Creating Cold Storage is not an easy task, however if you have a large amount of bitcoin, it is so very important that you protect that nest egg and Cold Storage can be the answer. So, if protecting your investment to the fullest is important, the following pointers might help you with setting up and understanding how cold storage works.

What you first must remember about bitcoin:

1. Your bitcoins are made up of a long series of numbers and letters that make up your “PUBLIC ADDRESS”. These public addresses are what are embedded in those QR codes you have been seeing. Companies will give you this address to you so that you can pay them. You can release this address to the masses. For payments, transfers, donations, etc. etc.

2. Your bitcoins are protected by a” PRIVATE KEY.” This means in order for any of the coin that has ever been put into the “Public Addresses” to be spent, the transaction must be made with permission from the Private Key.

3. Your “PRIVATE KEY” and your “PASSWORD” are different things! Your “PRIVATE KEY” is an even longer set of numbers and if encrypted, these private keys would be password protected. Please remember the importance of remembering this password, as without it, your bitcoin will be lost forever because your “PRIVATE KEY” is encrypted and can only be retrieved by a Password. For more on password safety, check out these tips.

So, first lets clear up the common misconception on the concept of a "wallet". The wording in and of itself is not correct, since it is more like a key. Cryptographically speaking, it is actually exactly that: your “private key.” With this comes the following implication: If someone steals your wallet.dat file, and you deposit coins in it later, the thief will be able to spend/transfer ALL your coins, including those you added after the wallet was stolen! So, it isn’t like your cash wallet: If someone steals it today, they won’t be able to spend the $100 bill you put in your wallet a month from now. So, clearly, you have to make it impossible for anybody to ever steal your wallet.

If you tried to keep all your bitcoin in cold storage, you’d create quite a task as it would become a pain to spend bitcoin on a day to day basis. So the solution is the following:

1. You will have your pocket change, where you keep only low amounts of coin (much like a real-life wallet), and you

2. Will have your super-safe and secure savings wallet, which you will only access on rare occasions.

Please remember that online wallets such as blockchain.info and coinbase.com are convenient but should be considered your bitcoin “spending cash” or “pocket change”' and should only be used for a few dollars. This is because those online wallets can be hacked, overtaken from the websites side, and even stolen by website owners. For your “savings account” or your child’s “college tuition” you need maximum security and that means using a bitcoin client on your home computer and one that supports cold storage. Which bitcoin wallets offer me cold storage you ask? Currently Only the Armory and Electrum wallets allow you to split your wallet into an offline 'cold storage' wallet which contains your private keys and an online 'watching only' wallet that only contains your public keys.

Remember as we discussed here, a scammer who has access to your online wallet cannot steal your bitcoin, which are protected by your private keys, which you will place in the offline wallet on a separate computer that never connects to the outside world. This is why we call it Cold Storage and why it is the #1 way to keep your bitcoin safe from those out there that would very much like to crawl through your firewall and make out like bandits.

These online 'watching only' wallets can give out receiving addresses and generate new transactions but when you spend cold storagebitcoin from your online wallet the wallet generates an unsigned transaction file. Now, you can take that file to your offline computer on a USB drive. You import the unsigned transaction into your offline wallet and sign with your private key. Once you have signed that transaction with your private key that is stored safely on the offline computer, you can take that transaction back to your online wallet and broadcast the signed transaction to be picked up by the network. Seeing as your offline wallet never connects to the Internet, your bitcoins are as secure as possible.

Armory and Electrum are both deterministic wallets and only need to be backed up once. In a deterministic wallet all the bitcoin addresses your wallet will ever generate are derived from a long series of numbers or letters called a seed. As long as you have your seed backed up, you can recreate the wallet whenever you may need, say if you lost the thumb drive, or that offline computer is stolen.

Does this mean I must buy another computer? No, not necessarily. Any computer made in the last ten years should work for your Armory offline wallet. However, for maximum security, your offline wallet should be used on a computer with full disk encryption to protect your private keys in case the computer itself is stolen.

That is Cold Storage and what you have done is you have made it impossible to spend the money in the wallet without signing the transaction from the client that only runs on your offline computer.

Be Alert – Be Aware – Be Accurate


comments powered by Disqus