CoinCooler is a kit that helps you create and manage Bitcoin addresses for cold-storage in a secure and easy way. CoinCooler was designed to make the process of cold storage easy and user friendly without compromising security.
CoinCooler runs on a dedicated RaspberryPi that is forever kept offline.Digital files containing the list of Bitcoin Addresses and their associated Private Keys are generated, strongly encrypted, and then downladed to USB memory sticks.
You can choose to keep several unencrypted copies in safe places, as one would do with, e.g. Paper Wallets. However, due to the fact that CoinCooler generates digital files instead of physical media, you can upload encrypted files to cloud storage which enables maximal availability and reduces the risk of loss or degradation.
Advanced Features allow you to mitigate some of the risks associated with password loss and a way to enable heirs of your choice to inherit your bitcoins in case anything was to happen to you.
Finally, you can use CoinCooler to securly inspect the content of your cold storage files so that you can glean the private key when you decide to retrieve funds from any of your cold storage addresses.
is the process of keeping bitcoins in addresses to which the private keys are kept offline
(i.e. not connected in any way to the internet).
The Raspberry Pi computer by itself is, of course, fully capable to connect to the internet. However, in order to do so you need to either
- Plug in an ethernet cable
- Plug in a wireless adapter
Clearly, you would not want to do that with CoinCooler. To ensure that you don't accidentally do so, we implemented two safety measures:
- If it so happens that you are connected to the internet (for example on this website, or installing the application on your own), we display a warning
- When we install CoinCooler on the RaspberryPi we disable all network drivers, so even if for some reason you connect an ethernet cable or a wireless dongle, CoinCooler will still not connect to the internet.
It is considered a best practice
to keep only small amounts of bitcoins on hot wallets
(i.e. the private keys are interacting with a device with some level of internet connectivity), while keeping the bulk of your coins in cold storage.
Think of a bitcoin hot wallet like the physical wallet in your pocket, where you will not normally carry significant amounts of money. Bitcoins left in cold storage are more like cash stashed in a safe that only you can access.
The main pillar of Cold-Storage is ensuring that address and private key generation and encryption is all done offline.
However, being offline is not well defined. For instance many Bitcoin cold-storage recipes (e.g. the one I wrote
) are based on using your home laptop/PC by disconnecting it temporarily from the internet and booting from a live CD/DVD. These measures reduce the risk of leakage, but do not remove it altogether, particularly in light of recent findings
about hardware backdoors.
The conclusion is that the only way to really cold store your bitcoins is to use a dedicated machine that is never ever connected to the internet.
However, modern PCs and laptops running modern operating systems are so complex that the physical dedicated station used for cold storage becomes itself a security risk. If an attacker gets hold of your dedicated cold storage machine it is not unreasonable to assume that some traces of your private keys may be found.
Moreover, if you are a private person interested in cold storing your bitcoins (as opposed to a company with Bitcoin holdings that moves coins in and out of cold storage all the time), it does not seem entriely reasonable to spend a few hundred dollars on a dedicated machine that will be used only a handful of times. Even if you do get such a dedicated machine, the temptation to connect it to the internet is always there (e.g. your laptop broke and you have a deadline...)
Raspberry Pi is a perfect match for cold storage because:
- It is very cheap. You can buy a Raspberry Pi for $25-$35.
- The temptation to connect it to the internet is low since after all, it is not a real substitue to a PC/laptop.
- The Raspberry Pi's hardware is simple and almost open source. In fact, nothing is kept on the Pi's hardware. The operating system and the RAM are all on the SD card. Thus, you can dispose of the SD card after creating your cold storage files and be sure that nothing was left behind.
This is a CSV file containing only the list of your cold storage bitcoin addresses, no keys.
If somebody other than yourself got hold of this list, they cannot use bitcoins sent to any of the addresses. The only information revealed by someone else knowing that this is your list of cold storage addresses is exactly that, associating these addresses with you.
Sharing this file does not endanger you funds, only associates you with the addresses.
- You can connect a usb flash drive containing the list of addresses to a computer that is connected to the internet.
- You can use your phone to scan QR codes appearing on the addresses list.
- You can upload this file to cloud storage (Google Drive, DropBox, etc..)
- You can attach this file to an email message.
This file contains the list of private keys controlling the associated Bitcoin addresses.
If somebody other than yourself got hold of this list, they can use any bitcoins sent to any of the addresses.
This is the one file you want to keep only to yourself!
- Do Not connect a usb flash drive containing this file to a computer that is connected to the internet.
- Do Not use your phone to scan QR codes appearing on this list (except at the moment you intend to spend bitcoins stored in one of the addresses).
- Do Not upload this file to cloud storage (Google Drive, DropBox, etc..)
- Do Not attach this file to an email message.
This file contain the list of private keys controlling the associated Bitcoin addresses in an encrypted form.
If somebody other than yourself get's a hold of this file, they cannot use it without the password with which it was encrypted.
Sharing this file does not endanger you funds in any way, as long as you keep your password to yourself.
- You can connect a usb flash drive containing this file to a computer that is connected to the internet.
- You can upload this file to cloud storage (Google Drive, DropBox, etc..)
- Youc can attach this file to an email message.
This file contains the password used for encrypting your cold storage file.
If somebody other than yourself got hold of this file and your encrypted keys file they can decrypt it and spend any funds sent to those addresses.
As long as you keep your encryped keys file safe, you can share this file, it reveals nothing about your private keys on its own.
No, CoinCooler works a bit differently. BIP 38 is a way to encrypt private keys. CoinCooler doesn't encrypt your private key directly. Instead we generate a CSV file with a list of addresses and private keys and encrypt that file.
Like BIP 38 encryption, CoinCooler mitigates brute force attacks by using password stretching, which adds a significant amount of time to each iteration of such an attack.
Of course. As was explained above CoinCooler is just a wrapper over the ruby implementation of OpenSSL
You can always decrypt your cold storage files using a ruby console (launch a terminal window on any PC and type irb <enter>)
Now type in the following commands:
digest = OpenSSL::Digest::SHA256.new;
cipher = OpenSSL::Cipher::AES256.new('CBC');
'quoted path to your encrypted file';
'your encryption password';
if you used your own password
encrypted = File.read(path);
data = Base64.decode64(encrypted);
salt = data[8..15];
iv = data[16..31];
data = data[32..-1];
key = OpenSSL::PKCS5.pbkdf2_hmac(password,salt,iterations,digest.digest_length,digest);
By default, CoinCooler encrypts your cold storage file with a random 256 bit key. It looks something like
A randomly chosen 256 bit key is, in some sense, as secure as any Bitcoin Address.
Passwords are a double edged sword.
The more secure they are the harder it is to remember them and vice versa. The default password generated automatically by CoinCooler is very secure, but impossible (for most people) to remember. Thus although giving the illusion of security (being resilient against brute force attacks), you also sacrifice security because a copy of this password must be kept somewhere.
A different option is to use a memorable phrase or password. This way you don't have to keep a copy of the password. However, any practically memorable phrase is also much more amenable to brute force attacks compared to a random string. CoinCooler goes the extra mile to use state of the art cryptographic standards
to minimize the risk of brute force attacks in case you do decide to use a password.
A brain wallet
uses a passphrase to directly generate the private key. The neat thing about it is that if you manage to remember it correctly and it is secure enough you don't need anything else in order to spend your funds. The passphrase in CoinCooler encrypts the cold storage file, so on top of remembering the password you will need the encrypted file in order to spend funds.
Brain wallets are usually not protected by key stretching
making it more susceptibile to brute force attacks. The reason for that is the assumption that the memorable phrase was chosen with enough entropy to make this extra step unnecessary. CoinCooler always applies key stretching in case a memorable phrase is used.
Dividing a password into shares is a neat cryptographic trick known as Shamir Secret Sharing. This is an algorithm that enables splitting a "secret" (in our case the password used to encrypt your cold storage files) into several pieces called "shares". When the splitting is done you specify a minimal number of shares required in order to reconstruct the original password.
For example, say you split your password into 5 shares and require a minimum of 3 shares for recovery. A person getting a hold of any 1 or any 2 of those 5 shares gains no information about your password. On the other hand, getting your hands on any 3 of the 5 shares allows you to reconstruct the password.
Here is a short video about it
Password Recovery: Passwords are a double edged sword. The more secure a password is, the harder it is to remember.
Splitting your password into shares and spreading the shares in different locations adds an extra layer of protection against forgetting the password.
For example, say you split your password into 5 shares, require 4 for reconstruction and give one share each to 3 good friends and keep the extra 2 to your self.
Even if all three friends conspire against you they don't have enough shares to reconstruct the password, but if you forget your password you can collect two of their shares which together with the two shares you hold are enough to reconstruct the forgotten password.
Leaving a will: A common worry amongst people cold storing bitcoins is the issue of passing their bitcoins to their proper heirs in case they are no longer able to do so (e.g. in case of death or illness) but without giving their heirs any control over the stored coins at the moment. Splitting the password used to encrypt your coins can provide an answer.
For example, say you have 2 kids and you intend for them to inherit your coins. You can split your password into 4 shares requiring 3 for recovery and give one share to each kid, one to your lawyer and the last one keep in a safe deposit box under your name. In case you are suddenly struck by a bolt of lightening your kids can still recover the coins by contacting your lawyer or getting a hold of the safe deposit box as your legal heirs. However, for them to get a hold of your coins at the moment will require them to conspire with your lawyer or get a hold of your deposit box.
Creating paper wallets
is a simple and common way of achieving bitcoin cold storage.
- Unencrypted paper wallets are often printed on a printer that is (at least usually) connected to the internet, exposing the user to the threats of software and hardware backdoors.
- If you are interested in creating multiple cold storage addresses, paper wallets can be somewhat cumbersome.
- Paper wallets are not available everywhere. Properly encrypted digital media, on the other hand, can be made securely available worldwide (e.g. via cloud storage.)
- Paper lasts longer than digital media like USB flahs drives or CDs/DVDs.
- Some hardware wallets can sign transactions. CoinCooler only creates and manages cold storage addresses, but does not sign transactions. In that sense CoinCooler is similar to a paper wallet.
- Hardware wallets usually store the private keys. CoinCooler does not. CoinCooler only helps in safely generating and encrypting cold storage wallets which are then downloaded to a set of USB flash drives, and if encrypted can then be brought in touch with the online world, either in cloud storage or as an email attachement.
- Hardware wallets come in physical touch with online computers. Such devices safety is then provisional on the engineering that protects your private keys from leaking. As we all know, no matter how smart the engineer is, software and hardware have bugs. The only way to ensure a private key doesn't leak through the internet is to never put it in touch with a computer that is connected to the internet.
At the moment, CoinCooler does not sign transactions offline. When you need to retrieve funds you need to use your private key, just like with Paper Wallets. Signing transactions offline is a logical next step. We plan to implement this feature soon.
After first hearing of Bitcoin in March of 2013
, I decided to buy a few bitcoins as a long term investment. Online resources as well as people from the Bitcoin community suggested that keeping bitcoins online was risky (and they were right
All the fingers were pointing towards "Cold Storage". However, there was no one magic recipe to cold store bitcoins. There were many.
I spent some time researching cold storage and came up with my own recipe which I then summarized in this blog post.
The problem with this procedure was that it is
- cumbersome (read the blog post if you don't believe me)
- geeky (you needed to boot from a live CD, install stuff on linux using the command line, etc..)
- not too safe
- Memorable phrases like passwords are inherently amenable to brute force attacks.
- Even if temporarily offline and booted from a live CD, a non-dedicated machine opens the door to security risks (e.g. hardware backdoors.)
CoinCooler is an attempt to build a better cold storage solution.