I have written various postings now, about Bitcoin Wallets. One of the themes which I have brought up, is that the online account, of how much money has been Sent To and From a Bitcoin Address, is more important, than the offline account of it, which can therefore sometimes be reduced to only a Private Key and a Public Key. The Public Key can be converted to and from a Bitcoin Address to Send funds To, while the Private Key can be used to authorize, that funds be Sent From the same Address.
And so one subject which I also wrote about, is that if a person has the Private Key, he or she can use some existing Bitcoin Wallet apps, to Sweep that Address, thus giving the command to the network, to Send all its funds to another Address, which is online.
There is some minor discrepancy, between what I called an ‘Offline Wallet’, and what the Internet calls an “Offline Wallet”. What I was referring to by that term, would actually be called “A Wallet In Cold Storage”. What the Internet may refer to instead, is a kind of Wallet, being accessed by a program, but on a computer which is separated from the Internet by an Air Gap.
In reality, the subject of the security of Air Gap systems, is quite beyond what I am currently willing to write about. My personal guess is, that if most of us wanted that, we might be a bit too paranoid for the mundane world. There exist some organizations and even companies, who need Air Gap Systems, but then there is a whole rigamarole, of what needs to be done, for an Air Gap system actually to receive the full benefit, one hopes to gain by using them…
But, having done some reading, I have come across a tool which even everyday users could find useful, in creating an actual Paper Wallet:
Because all that is needed for one Bitcoin Address to exist, in principle, is a correctly-formatted set of Private and Public Keys, a tool can be useful somewhat, which only does that, and which offers to print those out as QR Codes. The above Link is a Web-page, which does this.
(Edit 10/08/2016 : Actually, I had previously posted a mistake here. As it stands, if a person transfers a Bitcoin-amount to an Address that is validly-formed, that amount will remain associated with the Address, even if no attempt is made to query the Address. This Bulletin-Board Conversation seems to state so.)
I suppose that an obvious security issue, which some readers might have with this, is whether the site itself could spy on the Private Key, which it claims to be generating within our browser. If this issue is examined closely, it would seem rather untrusting indeed. Firstly, there already exist other services, which generate Key-Pairs in-browser. Secondly, the above link will generate a Key-Pair, every time it is visited. What this means is that while in principle it might be storing an online record of them, it also has no way to associate one Key-Pair with one user, because an endless series of users is accessing that site anonymously.
The only real security issue I would see with that site, is that a QR-Code as a Key, is only as secure as our connection to our printer. If our printer is a shared WiFi-printer, then merely sending a page to be printed to it, could also compromise our secrecy. So there might even be some advantage to writing down certain Keys by hand, using software that I will not name here.
But for most people, I would say that knowing such a tool exists, might be ‘good enough’. One drawback that remains, is that this approach only generates one Key-Pair, and thus only one Bitcoin-Address, while some of us are assuming an endless series of different Addresses, which can each receive one transaction, but that cannot be connected to each other.
The above approach will allow users to Send multiple transactions to the same Address, which a Wallet app also allows us to do if we so choose, but then by matching Addresses to each other, like a legitimate owner putting his own Public Address on a Watch List, some hypothetical eavesdropper could also decide to put Addresses on a Watch that do not belong to him, and then our deposits could be matched to each other.
So exactly how secure an Offline / Cold-Storage / Air-Gap / Paper system really is, requires many factors to be considered, in order to be answered seriously. Chances are, they may all be secure enough, for ordinary people to use.
(Edit 10/08/2016 : ) I suppose that the hypothetical scenario ordinary users might be defending against, is that their PCs might get hacked, and that if those were, the hacker could also gain access to all the Private, Bitcoin Keys stored there, and thereby Sweep our Wallets.
If we have a Bitcoin Wallet program on an offline computer – i.e. an Air-Gap, this might prevent that scenario. But as soon as I see YouTube videos, in which the Air-Gapped computer is also a Windows 10 machine, I lose confidence in what the YouTube author is trying to tell us. By installing an O/S on the offline computer, we are inviting whatever level of insecurity onto that computer, that is already associated with the chosen O/S. Windows 10 will want to be activated once. And then, it will want to receive Updates on a regular basis. What this suggests, is that that sort of an Air-Gap might never be truly effective, because users might feel, that periodically reconnecting that machine to the network, would
not put them at risk.
Whether it would not, I cannot vouch for.
Personally, if I wanted to go to the length of setting up an Air-Gap, I would want that offline computer to be some sort of Linux machine.
But then again, doing so supposes that we all have an extra PC to spare, to set that one up as our dedicated offline machine, but that we may become indecisive over whether we really want to keep it offline.
And in that case, keeping our Bitcoin Wallet in Cold Storage, will give us only the same amount of protection, in addition to liberating one PC, so that we may again network that one.
Further, the concept I have mentioned, of creating a different Bitcoin Address, every time we want to Receive funds, is not obligatory. We manage that as we wish. And in countries where Bitcoin is an accepted currency, the actual advice given is, To Create a Separate Address, for Each Service we are expecting to get paid for, and for Each Person To Reuse, who is expected to pay for that service repeatedly.
This makes accounting easier, and if we are being paid money by the same person repeatedly, there is no real benefit, in giving him multiple different Addresses. He will know that he is Sending his Bitcoins to the same recipient each time anyway.