Pinterest Stumbleupon Whatsapp
Ads by Google

Bitcoin has seen its share of controversy lately, with a lot of people losing a lot of money in various thefts, and most recently the widely-publicized collapse of Mt. Gox. This is unfortunate, because (with a little care) Bitcoins can be made so secure that theft is functionally impossible.

We’ve covered getting started with Bitcoin before, but the software and security available have improved a lot since then. In this article, we’ll show you how to set up a hot and cold wallet, and teach you to use both. It takes ten minutes, requires no special software, and provides quite a bit of security.

You can follow this tutorial on Windows, OS X, Linux, Android, and iOS. If you’ve been thinking about getting into Bitcoin, now is the time, and this is how.

What You’ll Need

Picking Secure Passwords

Pay careful attention to this step, because – while it isn’t hard – it is where most people get sloppy and make a mistake. To use this technique, you’ll need a cryptographically strong password. In order to generate this, we’ll use something called “pass phrases,” a technique for generating memorable but secure passwords (see this recent xkcd for a vivid example). As with cryptographic tools like TrueCrypt, you must take your choice of password seriously: don’t use birthdays, poems, quotes, names, or short passwords. Be aware that there are bots that do nothing but attack random Bitcoin wallets all day, using sophisticated dictionary attacks. Weak passwords will be cracked, often within seconds, and there is no way to recover stolen Bitcoins.

shutterstock bitcoin stock 1

 

Ads by Google

Here’s how we’ll generate your password: get out your book, and flip to a random page, then put your finger down on the page with your eyes closed. Look at the word under your finger and write it down on a sheet of paper, then close the book. Repeat until you have seven words. In my case, this produced the string ‘am welding carpet attacked tranquilized laughs postage‘ (generated from a Kurt Vonnegut anthology). Obviously, you should never post your real password online, but I won’t actually be using this one for anything, so it’s okay!

Be sure to only write your password down on a single sheet of paper. Do not save it on your computer, don’t put it anywhere on the Internet, and don’t let anyone else see it. Spend some time memorizing it; it’ll save you trouble down the line.

These kinds of passwords are more secure than you might think. The entropy of a seven word randomly generated passphrase is about 80 bits, which means that, on average, it’ll take a dictionary attack about a septillion guesses to crack it, a task that would take a modern supercomputer many billions of years.

shutterstock bitcoin stock 2

Setting Up Your Hot Wallet with CoinBase

A “hot wallet” is the term for a Bitcoin address that you actively use for transactions, sending or receiving. The private key is stored on an Internet connected machine, and is at increased risk of theft. In contrast, a ‘cold wallet’ is a bitcoin address not connected to the Internet, used only to store Bitcoins in a safe way.

Think of it as the difference between storing money in your pocket and storing money in your bank account: your pocket is easy to access, but vulnerable to theft, so you don’t store much money in it. When you have more than you want to spend at once, you move most of it to your bank account. Likewise, you should never store more in your hot wallet than you’re prepared to lose. It may also be worth malware-proofing 3 Free Real-Time Malware Protection & Removal Tools 3 Free Real-Time Malware Protection & Removal Tools If you realize that your browsing and download habits put you at a high risk of catching malware, you should make an effort to be protected from these threats in real-time. An anti-virus tool is... Read More your computer to keep your hot wallet a little safer.

For our hot wallet, we will use a service called CoinBase, which provides an SSL/TLS connection (which you’ll recognise thanks to the HTTPS prefix to the URL) to a secure online wallet that’s easy to use. Go to CoinBase and create an account. You don’t need a cryptographically secure passphrase here, but do try to pick a strong password How To Create A Good Password That You Will Not Forget How To Create A Good Password That You Will Not Forget Read More . The website will ask you to connect your bank account and verify your phone. Follow their instructions. From there, using your hot wallet is easy! There’s even an Android app available, if you find the mobile browser uncomfortable.

You can buy Bitcoins at coinbase.com/buys.

CoinBase Buy Bitcoins

You can sell Bitcoins at coinbase.com/sells.

CoinBase Sell Bitcoins

You can send Bitcoins to someone else at coinbase.com/transactions.

CoinBase Send Bitcoins

If you want to be paid in Bitcoin, you can find your address here: coinbase.com/addresses.

CoinBase Public Address

You can distribute that address to anyone, freely, and they can use it to send Bitcoins to your account, using CoinBase or any other Bitcoin client.

Setting Up Your Cold Wallet with WarpWallet

Setting up your cold wallet is also a simple, easy process. We’ll use the WarpWallet service, which automatically converts pass phrases into the public-private key pairs that make up a Bitcoin wallet. Warp Wallet is secure, open source, and does all of its processing locally, so it’s reasonably trustworthy.

For added security, if you’re using your PC, you can download a local copy of the web page and use that in the future, to protect against the website getting hacked later or simply becoming unavailable (right click on the page, select ‘save as’, then open the file in your browser when it’s done downloading).

WarpWallet Generate

To use WarpWallet, get the strong password you generated earlier, and type it into the ‘passphrase’ field and enter your email address under ‘salt’, and let it run (make sure there are no misspellings or unwanted spaces). After a few seconds, it’ll provide you with a public and private key. Ignore the private key, but grab the public key: this is the address of your cold wallet. You can transfer excess funds to it using CoinBase as you would send any other transaction. The public and private keys will look like this:

WarpWallet Public Key Private Key

Once again, obviously never post your real private key online. This is a dummy wallet I’m using for the purposes of this tutorial. Once you close the webpage, the only way to retrieve Bitcoins sent to that address is by repeating the process with your passphrase, getting the private key, and importing it into CoinBase. This means that Bitcoins stored in your cold wallet are very, very hard to steal. Your private key / password aren’t stored anywhere, on any computer, so there’s nothing to be hacked. The only way for an attacker to retrieve your Bitcoins is by brute-forcing your password. And, if you were careful about generating it, that is likely to take a very, very long time. Furthermore, since WarpWallet uses your email address as a salt, any attack would have to be targeted specifically at you: you couldn’t be caught up in a mass, brute-force sweep.

At this point, the password written on the sheet of paper is called a ‘paper wallet.’ It’s your backup in case you forget the password to access your cold wallet. Find a safe place to keep it (like a safe, a safety deposit box, or a loose floorboard). Don’t lose it, don’t carry it on your person, and don’t show it to anyone. That sheet of paper is money now: treat it as such.

At some point in the future, you’ll probably want to get money out of your cold wallet. To do this, enter your password and email into WarpWallet, and copy the private key when it’s done processing. Then go to coinbase.com/paper_imports, paste the private key under ‘Enter Private Key Manually’ and click ‘import.’ This will give your CoinBase account access to your cold wallet. At this point, you should probably make a new cold wallet with a new passphrase and move any unneeded funds into it, as your old one could be compromised if CoinBase or your PC is hacked.

Advantages to This Approach

This technique has a number of advantages over using a standard Bitcoin wallet for all of your funds: CoinBase is amazingly convenient, and, by maintaining a simple cold wallet, you can still effectively protect the majority of your funds from theft. You’re never trusting CoinBase with all of your funds for any length of time, and if CoinBase is ever compromised, your total risk is limited to whatever’s in your hot wallet at the time. To make things better, by using a passphrase, you allow relatively convenient access to your cold wallet in the event of an emergency, provided you can remember the passphrase. And, unlike so called ‘brainwallets’ which don’t store the passphrase anywhere but inside your head, this technique includes a recourse if you do forget your passphrase. It’s secure, convenient, simple, and probably ideal for a Bitcoin beginner.

shutterstock bitcoin stock 3

Once it’s all set up and you have a few Bitcoins safely stored, you can order from Overstock.com, donate to Wikipedia, or buy a ticket to space. If you give it a try, let us know how it goes in the comments. Are there any great Bitcoin utilities that we’re missing?

  1. Andre I
    March 31, 2014 at 11:32 pm

    A quick disclaimer: If you're investing a substantial amount of money into Bitcoin, please, please, please take the time to do some research on your own. This technique IS secure for casual use (a few hundred dollars' worth of Bitcoins), but to be completely safe, you should be booting from a Live CD to use WarpWallet, and you should be splitting your cold funds up into several wallets to reduce your risk if a single wallet is compromised. If you've got more Bitcoins than you can afford to lose, take the time to educate yourself about security. It's interesting, and it could save you a lot of heartbreak.

  2. Julien C
    March 31, 2014 at 10:43 pm

    What about using cold storage with https://bitcoinarmory.com/about/faqs/ or using https://www.bitaddress.org/bitaddress.org-v2.8.1-SHA1-a6e63f2712851710255a27fa0f22ef7833c2cd07.html
    you can do the same things. With bitcoin armory can create a wallet that is "protected" forever.

    • Andre I
      April 1, 2014 at 6:53 pm

      Armory is definitely a cool interface for some of the more sophisticated security tools available. I can't vouch for that company personally, but something like that is what I'd look for if I were trying to store a significant quantity of Bitcoin (more than a couple of thousand dollars worth).

      Right now, the biggest bottleneck for Bitcoin security is the malware problem. It's really hard to guarantee that your PC or phone isn't hosting malware that's designed to fish private keys out of whatever Bitcoin applications you're using. Someone will solve that problem eventually (either by coming up with something cryptographically clever, or by manufacturing secure, dedicated hardware devices that only do bitcoin transactions and are impermeable tomalware). Until that happens, though, there are limits to how secure Bitcoin can possibly be.

Leave a Reply

Your email address will not be published. Required fields are marked *