@ -49,11 +49,27 @@ Over the past three years, as a direct result of bitcoin adoption, we have seen
==== Physical Bitcoin Storage
((("storage", "physical bitcoin storage")))((("paper wallets")))((("wallets", "types of", "paper wallets")))((("paper wallets", see="also wallets")))Because most users are far more comfortable with physical security than information security, a very effective method for protecting bitcoin is to convert them into physical form. Bitcoin keys are nothing more than long numbers. This means that they can be stored in a physical form, such as printed on paper or etched on a metal coin. Securing the keys then becomes as simple as physically securing the printed copy of the bitcoin keys. A set of bitcoin keys that is printed on paper is called a "paper wallet," and there are many free tools that can be used to create them. I personally keep the vast majority of my bitcoin (99% or more) stored on paper wallets, encrypted with BIP-38, with multiple copies locked in safes. ((("cold storage")))((("storage", "cold storage")))Keeping bitcoin offline is called _cold storage_ and it is one of the most effective security techniques. A cold storage system is one where the keys are generated on an offline system (one never connected to the internet) and stored offline either on paper or on digital media, such as a USB memory stick.
((("storage", "physical bitcoin storage")))Because most users are far more comfortable with physical security than information security, a very effective method for protecting bitcoin is to convert them into physical form. Bitcoin keys are nothing more than long numbers that can be printed on paper or etched into a metal plate.
((("cold storage")))((("storage", "cold storage")))When the first edition of this book was published, it was common to print bitcoin keys on paper and store them offline as so-called _cold storage_. Securing the keys then becomes as simple as physically securing the printed copy of the bitcoin keys. ((("paper wallets")))((("wallets", "types of", "paper wallets")))((("paper wallets", see="also wallets")))A set of bitcoin keys that is printed on paper is called a "paper wallet". However, using paper wallets is now obsolete, risky, and should be avoided, though you may encounter some classical bitcoin users who still use them. A hardware wallet is a safer option and easier to use.
[WARNING]
====
As mentioned in <<ch04_keys_addresses>>, paper wallets are an OBSOLETE technology and are dangerous for most users. DO NOT USE PAPER WALLETS.
====
((("wallets", "technology of", "seeds and mnemonic codes")))((("mnemonic code words")))((("bitcoin improvement proposals", "Mnemonic Code Words (BIP-39)")))As described in <<ch05_wallets>>, the BIP-39 mnemonic belonging to a wallet are secret words, in a strict order, with which one can recover a wallet from loss or destruction. It is important to keep the mnemonic safe because it is the backup for the wallet. A common best practice is to write the mnemonic on paper and store copies at multiple locations with physical security such as locked safes. Moreover, to address the fragility of paper, there are steel plates for sale that are specifically designed for water-proof, fire-resistant, cold storage of mnemonics. Jameson Lopp periodically publishes torture-tests of such steel plates (https://blog.lopp.net[]).
[WARNING]
====
((("warnings and cautions", "mnemonic storage")))((("Shamir's Secret Sharing")))Do not split your list of mnemonic words into multiple fragments with the intention to store each fragment at a different location. This is not a good idea. It is not secure because it's possible for an attacker to derive the seed from a fragment, and more likely, you'll lose your bitcoin if any fragment is lost. Instead, check if your wallet supports Shamir's Secret Sharing, which is more secure and less prone to accidental loss (follow the vendor's instructions carefully). If you are concerned that someone might access the mnemonic at a remote location, adding a BIP-39 passphrase to the mnemonic is another option, though it introduces the risk of loss when the passphrase is forgotten (see <<ch05_wallets>>). In general, do not invent fancy security schemes on your own. A lot of bitcoin has been lost forever because of non-standard "do-it-yourself" security that could not be unlocked by the owner.
====
==== Hardware Wallets
((("wallets", "types of", "hardware wallets")))((("hardware wallets")))In the long term, bitcoin security increasingly will take the form of hardware tamper-proof wallets. Unlike a smartphone or desktop computer, a bitcoin hardware wallet has just one purpose: to hold bitcoin securely. Without general-purpose software to compromise and with limited interfaces, hardware wallets can deliver an almost foolproof level of security to nonexpert users. I expect to see hardware wallets become the predominant method of bitcoin storage. For an example of such a hardware wallet, see the https://trezor.io/[Trezor].
((("wallets", "types of", "hardware wallets")))((("hardware wallets")))Bitcoin security has increasingly taken the form of hardware tamper-proof wallets. Unlike a smartphone or desktop computer, a bitcoin hardware wallet has just one purpose: to hold bitcoin securely. Without general-purpose software to compromise and with limited interfaces, hardware wallets can deliver an almost foolproof level of security to nonexpert users. Hardware wallets are the predominant method of bitcoin storage. Look for hardware wallets that are open-source, audited, and user-friendly. Store the mnemonic on paper or a steel plate in multiple secure locations as described earlier in this chapter. For examples of such hardware wallets, see the https://trezor.io/[Trezor] and https://coldcardwallet.com/[Coldcard].
Some hardware wallets can be operated in a completely "air-gapped" fashion. An air-gapped hardware wallet does not need to attach to another computer to complete transactions, not even requiring a USB cable. This provides a higher level of security that reduces the chance of malware compromising the hardware wallet.
Donn Lee
8 months ago
committed by