11

Keeping a large amount of bitcoins in an online computer is dangerous. The bitcoin wallet is merely a file, and once the file has been copied the bitcoins can be transferred to another account. Password protected files can be hacked using keylogging and other types of spyware.

Therefore, the general advice is keeping a small amount of bitcoins in a computer, while keeping the rest in an offline account. There are two major types of offline accounts:

  • Brain Wallets: These wallets are created offline from a passphrase. The wallet can be constructed from the the same passphrase whenever the owner wants to make a transaction. Whoever guesses - or bruteforce attacks - the passphrase, has the wallet.
  • Paper Wallets: These wallets are generated using a random seed. They should be printed on an archive-quality paper and kept in a safe.

What are the pros and cons of each method? Which is more secure for storing bitcoins offline for a long period of time?

Suncatcher
  • 282
  • 2
  • 13
Adam Matan
  • 1,237
  • 2
  • 11
  • 14
  • 7
    This is a security question which applies not only to bitcoins, but to any public-private key pair that isn't accessed often. – Adam Matan Feb 12 '13 at 07:30

1 Answers1

7

A way to secure online storage

One thing that could very much help with securing any data file of interest from access is to make use of Mandatory Access Control (SELinux in this example) and an second machine, possibly airgapped. You'll need a small program running on the wallet machine (I'll call it banker for this post) whose job it is to generate challenges and release coins only to properly authenticated requests.

We rely on SELinux to do the following: prevent read, write, and permission changing access to the bitcoin and authentication seed files to every application except for banker and whatever it spawns. We also rely on SELinux to prevent itself from being taken out of enforcing mode without a system reboot.

The banker authenticates any withdrawal by printing a random seed value and the corresponding HMAC output generated by combining the seed value with your authentication seed. This authentication seed is kept somewhere else, perhaps on your phone. You can use any method you'd like for exchanging the signed request such as email, scp, web interface, or taking a picture of a QR code and running it through your own app on the phone, then taking a picture of that code with your computer's camera. Go wild! You could also make use of an incrementing counter that never lets an equal or lower-numbered request succeed in order to make one-way authentications, or if you're feeling very fancy, you can use GnuPG and an OpenPGP smartcard to authenticate with a pinpad.

Expire any requests after a certain period of time: five minutes to an hour depending on how speedy you feel. Expire any requests that work immediately so they can't be replayed. Not that I recommend it (defense-in-depth is always wise), but in theory this should permit you to allow somebody to login to your machine as root and still be unable to steal your coins.

The security of your offline storage

I realized I didn't actually answer your initial question, so here's the followup: you're trying to defend against losing your money in one of two ways:

  • Somebody steals your wallet
  • You lose your wallet

In both cases of offline storage, you're protected if you weren't compromised before the data was printed out and erased from the computer's memory. That second part is a big caveat: if you're printing files they may be left as temporary files somewhere on the disk.

Both systems are roughly equal for risk of loss. Your password should be very long and complex. If you forget or lose the paper where your password is written, your wallet becomes lost, in essence to a fire. If you lose the paper your printed individual values on, the same happens.

Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171