What is Cold Storage?
Cold storage is a method of holding private keys in a completely offline environment, out of reach of cyber thieves and their progressively more sophisticated malware. Many very high-profile bitcoin hacks – including Bitstamp, Bitfinex, Gatecoin and Shapeshift – resulted from breaches in hot wallet, or online security. If these exchanges, who ostensibly dedicate much resource and knowledge to the protection of their coin, are susceptible to hot wallet theft, it follows that the average user who cannot afford security audits and personnel are most likely susceptible as well.
Of course, some of these hacks have inside help, and the amount of bitcoin held in exchange hot wallets make them a much more attractive target. But alas, the internet is a jungle filled with malware and other nasties, and bitcoin is the perfect target. As you read this, evil hacker geniuses are sitting in their parents’ basement, devising ways of spreading malware to as many computers as possible, looking for the 1 out of 100,000 with a security hole and a bitcoin wallet. As they say in the lotto commercials – somebody’s gotta win the lotto, might as well be you.
If you have a properly set up cold storage system, they will not get you. Now, many different products claim to be cold storage, but true cold storage requires the key to be created in an entirely offline environment and never touch the web. A single touchpoint compromises this hermetic seal and invalidates the label of cold storage. Many people conflate the concepts of hardware and cold storage; as a matter of fact, hardware per se does not a cold storage system make. We quickly review the types of cold storage below.
Paper wallet program generate a private key and it’s public key counterpart offline. Generally, a QR code will be printed to allow for handily swiping your paper wallet public address into an online wallet. Simply send bitcoin to this address from an exchange, and you’ve got your bitcoin in a wallet with the associated private key printed on a piece of paper having never touched the internet.
However, there is a serious issue with paper wallets, aside from the “extremely flammable” consideration. As outlined by the incomparable David Perry in his blog coding in my sleep, paper wallets are not “proper” cold storage because they do not provide an offline signing functionality – or in other words, they do not allow transactions to be completed without compromising the storage. To spend bitcoin from a paper wallet, you will need to import the private key to an online wallet. At that point the paper wallet is no longer secure as the hermetic seal between online and offline has been broken. So, these paper wallets are one-time secure storage containers, which is fine for saving, but not fine if you want a system allowing continued use.
DIY Cold Storage (with a little help from some friends)
There are a number of products that allow for setting up your own cold storage at home. The most well known of these systems is Bitcoin Armory, which gives its users the tools to generate keys and sign transactions on an offline computer. There are a number of different alternatives, but the basic process is:
- Download the program onto a USB
- Install the program on an offline computer or device of some sort.
- Generate the private key and associated public key.
- Transfer the public key only back to the online wallet.
- To make a transaction, copy an unsigned transaction to your USB, load it into your offline computer, sign it transfer back via USB.
Not the simplest method of doing things, but if properly executed your private keys never touch the web and, barring natural disasters or unruly accident-prone children or spouses, you are super safe.
Hardware – convenience and safety
OK, so first off it is important to note that not all hardware is cold storage. Some hardware wallets seek to brand themselves as cold storage but, while they might be extremely secure they cannot be termed cold storage as defined above. Pay particular attention to how and where exactly the private key is generated.
The trailblazing, and still best in our opinion, hardware solution in Trezor. We won’t go into too much detail – check out the review for more info – but essentially Trezor serves as a hermetically-sealed second screen which generates the private key and also serves to sign transactions when connected via usb using randomly generated keypad orders to foil any would-be keyloggers. Have a look at the top three hardware wallets.
Of course, holding your bitcoin private keys offline brings a different sort of problem. Physical theft, natural disasters, jilted spouses looking for revenge, there are tons of things that can go wrong. For that reason, it is essential to backup your private keys and store them in a separate, secure location. Don’t procrastinate, this should be part of your initial set up. Don’t become a statistic!
For more information on the different sorts of wallets on offer, check out our wallet comparison page.