How to create really cold storage

Monday 06 April 2015

You might have heard of cold storage: the practice of holding bitcoins ‘offline’ to keep them secure. Whilst it’s convenient to keep coins in a hot wallet (one that’s connected to the internet, such as a web wallet on Blockchain.info), this convenience comes at the price of lower security. If you own a significant quantity of bitcoins, this becomes a risk you’ll need to contend with.

Take a look at CoolWallet: cold storage with style

If you set it up properly, coins held in cold storage are untouchable. Only the person with the private key can access them. Creating a cold storage account isn’t difficult, but there are various short-cuts it’s tempting to take. The bottom line is, if you want to be really certain your bitcoins are safe, do it right. Here’s how.

Air gaps and proper keys

Firstly, you’re going to generate a new private key and its associated address. When you’ve done that, you can send funds into the new address, where they can sit safely until you need them again.

The trick is to make sure that key generation is done properly, so there’s no chance of anyone learning it. The way to do that is to ensure that key generation is ‘air-gapped’: it happens completely offline.

Bitaddress

1) Go to https://www.bitaddress.org. You can use the site to generate new private keys and accounts online, but if you want properly cold storage then that’s not good enough. On the off-chance you’ve got a keylogger installed or someone has unwanted access to your computer, your new ‘cold’ address will immediately be compromised.

2) Save the site to a USB stick.

3) Moving to an offline computer, load the site from the USB stick. Bitaddress is designed to be used client-side: nothing is sent over the web, so you can use it offline without any issue. If you’re really paranoid or are dealing with large amounts of money, use a computer that will never go online again - or wipe the disk and reinstall the operating system after you’ve finished generating your key and address.

4) Move the mouse around to seed the random number generator, then use the Single Wallet tab to generate a new private key and address. You can use the Paper Wallet tab to generate printable paper wallets that fold up neatly.

5) You can now record your private key in whatever way you feel best. You can copy it by hand, save it to the offline computer - with another layer of encryption, if you like - or print out a paper wallet. If you are using a printer, make sure it is not connected to the internet. And make sure you keep the new paper wallet somewhere safe!

6) Back on an online computer, you can pay bitcoins into the new address. Unlike a hot wallet, the address has been generated offline, and at no point has the private key been available from an online computer.

7) When you need the bitcoins, you can ‘sweep’ the balance from your cold wallet into a hot wallet using the private key. Blockchain.info has a facility for this.

And that’s it! Untouchable cold storage. You can still view your balance in the cold account by checking on the blockchain or adding a ‘watch only’ account to blockchain.info, but won’t be able to move the funds without the private key.


comments powered by Disqus