Bitcoin Forum

Apologies if this has already been asked, but as bitcoin gains more popularity and adoption, I'm increasingly concerned for the bitcoins I have.

Could someone please explain, in the simplest possible steps - the easiest way to protect your bitcoins. I've heard of "cold storage" and "offline storage" what's involved in this process?

Any help is much appreciated.

It has been asked and answered many, many times.  But that's because it is important.  I have written a very detailed method, it was supposed to be the script to a how-to video.  I will copy and paste it in a PM to you.  Check your inbox.  Any feedback on it is appreciated but not expected.

Really appreciate that, just about to read it - but out of curiosity, why would you not post it publicly on here?

Would you mind me pasting the message, for the benefit of everyone else? Thanks a lot, really appreciate your help.

Use cold storage end of story  ;)

Hey, think about a wallet left in a vault at home. That's the simple illustration for offline storage.

They easiest way to have one is to have another netbook, clean installed and hard drive formatted low level, no other application installed except the bitcoin wallet, a firewall and or security suite. And only turn it on or hook it online if you need to transfer funds.

A second hand laptop could also be used but be sure to scrape the hard drive and install an OS that is stable and genuine if you're thinking about windows.

I simply tossed mine on an SD Card.  The SD Card is not in a safe or anything, but of course, my wallet is encrypted (4096 RSA).

The private key I used to encrypt the the wallet is also encrypted w/ another key pair and stored offline.  Lastly, the actual encrypted wallet files are obfuscated in source code archives - basically hiding in plain sight.  Casual thieves probably wouldn't even find the encrypted wallet/key files.  Personally, I'm more concerned with fire, so I have things stored on Google Drive in a similar format.  When I have more funds transitioned to bitcoin, I'll think about picking up a fire-proof safe.

I think all the strategies mentioned here are too convoluted for mainstream usage. Unfortunately, once the mainstream press gets wind of stories about hapless users getting their bitcoins stolen, it's going to throw cold water on bitcoin adoption. Bitcoins won't go widespread until brokers can secure bitcoins the same way banks secure customer deposits.

Armory should be mentioned here:

https://bitcointalk.org/index.php?topic=56424.0

Precisely; most people are lazy. It's easy for people to say "well the lazy ones just won't benefit from bitcoin" but as Barek says, in order for it to be adopted on a much larger scale - security needs to be easier.



The link to that tutorial doesn't work :(

Just don't store all your bitcoins in a single place, even if it's "cold wallet", which can be physically destroyed by accident or confiscated.
Split it between three places, in example:

- paper printed private keys stored in bank safe (don't forget to mention it in your bequest).
- QT wallet encrypted with strong password on offline computer, then uploaded to many different online storage services, emails, etc.
- brain wallet generated key with a very long but very memorable passphrase (i.e. password made with combination of very rare and private words like your mom's birthplace + your grandma's maiden name + address where your family was living in 1985 + your usual password).

Anyone who doesn't use paper wallet is crazy in my opinion.

Even BitcoinQT - the most trusted of them all - started getting file corruptions on my wallet files.  You don't even need hackers when you've got software errors.

Hell to the no. 

My bad, I did not check the link in the quote. This seems to be the correct link:

http://bitcoinarmory.com/about/using-our-wallet/#offlinewallet


An interview with Alan Reiner, founder and CEO of Armory Technologies and lead developer on the open source Armory Wallet project, can be found at:

http://letstalkbitcoin.com/e55-happy-birthday-bitcoin/#.Unj_z-VX98E (around 16:00)

In that interview he talks about the existing features, the problems, and the vision. There is also a very important point about paper backups. He says "I think the most important feature of Armory is the backups. It's kind of difficult to describe, you know, what's really going on under the hood. The Satoshi client, BitcoinQT, or however you want to call it, I wish they would come up with a better name for it, randomly generates addresses. It generates a pool of them and when you run out of that pool it makes more. It's not deterministic, which means that if you were to restore your wallet to a previous version and regenerate these addresses, you'd get different addresses. That's a serious problem in terms of backups."

Now, what is that pool of addresses used for? It seems that when you send a bitcoin transaction, all the coins in the sending address are spent in that transaction, divided into the amount that you intended to send, and "change", which goes back to you, but at another (newly created) receiving address. If that "change" address is one that is generated after you made your paper backup, you have a problem. Armory solves this problem (see interview or website for details) and BitcoinQT supposedly will also in the future. Anyways, just something I wanted to point out.

You mean even if you backup the wallet.dat files it can get corrupted???

To my understanding, you need to backup the wallet.dat after every transaction. If you do not, there is a chance that newly generated keys will not be in your backup.

Devils advocate time!

• How do you verify that the wallet.dat is still intact? For a printout that is easy.
  
• The more cards/sticks, the more places you have to worry about for them to be found/stolen.
• What if you want to transfer some coins? Collect, update, and re-hide the cards/sticks?

Use Armory.

It's got cold storage that's easy to use, and permanent paper backups that can be encrypted and m-of-n split.

Well, it's just a draft, and I only want to publish things when they are as good as I can make them.  I've only sent it to a few people who have asked specific questions about wallet security.  Did you find it helpful?  Maybe I should take a few minutes and clean it up into presentable form.

I'm surprised nobody said it already, you may have several wallets. It's free! I have 2 wallets on blockchain.info. I have multibit too, on 2 computers.
I may lose one wallet, but I won't lose all my BTC.

I lost 1.9 btc to that. Still hurts.

USB sticks often fail. A few corrupted bites and your wallet is useless. Besides having encrypted walled on USB flash, distributing it into many online storages will assure it's always safe and accessible.
Offline computer is only needed to create and encrypt your wallet - to avoid possibility that some virus/trojan steals your key while you create it.

Step 1) Create a live Linux CD
Step 2) Download the latest version of the wallet generator from here https://github.com/pointbiz/bitaddress.org Put on USB Stick
Step 3) Unplug the network cable from your computer, boot to the USB drive
Step 4) Once in Linux, open up the offline wallet generator
Step 5) Print or write down your private and public keys and addresses (or print out a pretty wallet)
Step 6) Low level format the USB drive
Step 7) Power up the computer again (Still disconnected) and format the USB drive (wipe with 0)
Step 8) Reboot
Step 9) Profit with your new paper wallet

But then again, why go to all that trouble. I have a feeling that some people are just way too paranoid for their own good.

S

So how safe is a website such as blockchain.info?

it will be harder to send out if save on computer / offline?

cold storage is easy enough (use something like bitaddress.org, though preferably offline and using randomness from someplace other than javascript - e.g. use the standard Bitcoin client offline to generate a private key, and then use that private key in an offline bitaddress.org).

actually paying out from the paper wallet *safely* is still pretty damn hard.

This was started on, but never really tested or finished:
https://bitcointalk.org/index.php?topic=167312.0

armory is good if you can get your head around it *AND* you are capable of (or willing to) synching the blockchain

but there is really nothing complete-newbie friendly, for the complete path from generating secure offline wallets to redeeming them, I consider this an unsolved problem!

At some point there is no way around taking security seriously. That includes disconnecting the private key from the internet and making sure the backup works.



Yes, it takes a moment to get used to, but makes you sleep so much better.

http://bitcoinarmory.com/about/using-our-wallet/

Electrum (http://electrum.org) seems secure enough for me. I have my stash distributed among 6 wallets, so that if one gets compromised, I still have the other 5. And the only thing I have to store are the seeds to the wallets, each seed consisting of 12 words.

So what's everyone's take on Trezor?
http://www.bitcointrezor.com/

You have to trust the makers that it does what they say it does.

It is very similar to what an offline Armory transaction does. Except that Armory is open source and that you can review the transaction details again before you sign the transaction. On the other hand, Trezor is more user friendly (you don't need an offline computer).

Easy tool for making (secure) paper wallets, heavily documented and open source (so it's safe, as the code can be checked by hand): http://bitcoinpaperwallet.com

All web wallets are not safe as they are out of your control. Keep only small amounts for fast online transactions.
The same warning is for exchanges (mtgox,bitstamp,coinbase,etc). Everything can be hacked in time.

Perfectly safe, if you use it only to import private keys and immediately and completely sweep (spend) them to addresses that have no private keys stored electronically.

I love the design of this paper wallet. I have the source downloaded and on an offline computer and print wallets locally =)

One of my favs by far!

This does sound very good, what I don't understand - and this is where it all goes a bit beyond me is... essentially you're printing off a private address/wallet to send bitcoins to, right? Surely that bitcoin address needs to be online somewhere in order for the bitcoins to reach it?

I really want to start using this paperwallet - but need to fully grasp how it works first, any help would be appreciated.

Armory + paper wallet

Take a bit of time  to understand the risks of......

1.  Loss due to file overwrites from backups an data corruption.
2.  Theft, hacking of your private key and theft of wallet file, a hacker needs both which is why online is less secure.
3.  Password loss, make it strong and write it down in a couple of places

Number 1 mentioned earlier in the thread about new addresses, is important as they will not be in old backup files.  But if you have or send coins to old addresses you should be fine is my understanding.

Armory is a deterministic wallet so your paper backups will support any new addresses created.

It's funny people derided, SecondMarket for charging clients 2% storage, beginning to look more and more like a bargain for big investors.

Reusing addresses is not ideal.

After looking around and doing a bunch of reading I'm going to use blockchain.info + lastpass + yubikey as a pretty secure method for spending money amounts. Note that you can't use the MTGOX yubikey, it has to be a normal one.

Is anyone running their own coinpunk server yet? That seems like it'd be fun but risky.

Hi, this is the author of https://bitcoinpaperwallet.com here. I'm glad you like the design of the paper wallet, though it's worth mentioning the design is functional too: it's got tamper-evident features and a folding design that help guard against (1) theft from people in your trusted environment, and (2) accidental copying or distribution of private keys (e.g. laywer or spouse photocopying all precious-looking documents in safety deposit.)

Paper wallets are in my opinion the safest way to protect bitcoins, though only if your paper wallet design doesn't easily give up your private keys.

https://bitcoinpaperwallet.com/bitcoinpaperwallet/images/finished-sample-sealed.jpg

My top 6 security tips for making paper wallets (in ascending orders of paranoia) are here:
https://bitcoinpaperwallet.com/#security

In brief:
1. Keep it physically safe from water, light, etc.
2. Know how to withdraw funds
3. Produce your wallets offline
4. Destroy cache files
5. Use a clean OS
6. Use a dumb printer

PS: Holiday design now available!

https://bitcoinpaperwallet.com/holiday-design/bitcoin-paper-wallet-gift.jpg

Armory paper backup + offline wallet. It's pretty hard to mess up.