Go to the profile of Jess Hines
Jess Hines
I have a passion for UX even if I don’t have all the skills that I want to (yet). I’m also into Bitcoin, BMX, cars, motorcycles, and run a warlock in Destiny.

Taking Bitcoin Offline: Brainwallet or BIP38?

As with many areas of Bitcoin, the topic of how to secure your bitcoin quickly gets complicated, and the jargon is also hard for some folks to understand. In this post, I will explain a couple of options and tradeoffs with each, when it comes to storing your bitcoin offline. Some technical terms are unavoidable, and I’ll keep them to a minimum.

First, a public service announcement: technically, nobody actually “owns” any bitcoin! What?! I know it’s a shock, but it’s true. The thing is, there’s no piece of code or digital file — such as a MP3 or .jpg file — that you can point to and say, “that’s my bitcoin.” The value of bitcoin you hold is just a balance tied to an account number (technically, an “address” or “key”), but for convenience sake we still do (and will in this post) talk about “having” so many coins. Why bring this up? Because to keep your money secure, you have to know what to protect, and since there aren’t really any coins to protect, what you need to safeguard is access to the addresses that holds your balances.

Cold vs hot storage

Okay, so with that out of the way, let’s define a couple terms. Hot storage means that the addresses are on a device connected to the internet, and with that comes all the security risks associated with being online (hackers, viruses, crashes, etc). Cold storage then is when your addresses are somewhere that are not connected to the internet, such as an offline computer, a hardware wallet like Trezor, or a paper wallet.

Which should I use?

It depends how much bitcoin you have and how much of a hardship it would be if you lost it. Cold storage takes some time and know-how to set up properly, so if you will only ever have a small amount of coins, it’s probably not worth it (unless it’s an educational exercise, which I would definitely encourage!). If it’s a significant amount, then you should learn all about cold storage, and should probably keep most of your bitcoin there, transferring to hot storage as you want to spend it.

Comparing two cold storage options

The options we’ll be looking at (the ones you’re here to find out about) are brainwallets and BIP38 (short for Bitcoin Improvement Proposal #38 — this is quite a technical read, but I link to the full text for your adventurous folk out there).

Brainwallets

These wallets are created from a passphrase, which is hashed to make your private key, which is then used to create the public address, which holds your balance and can receive bitcoin. You don’t have to worry about backups, because you can always use your passphrase to get the private key (and associated addresses) back.

If your password/phrase is easy to guess (for a computer) or if it is leaked, then your bitcoin is not safe. People can (and will) drain your address of coins. A lot of people think of this like finding money on the sidewalk; it’s “finders-keepers,” and if you left your private key out in the open it’s fair game, but ethically, if you created the address and someone else finds out your private key and drains it, it’s no different than stealing, even though technically whoever has access to the private key has the “right” to the coins in that address.

BIP38-encrypted wallets

These wallets also use a passphrase, but in a different way. Hopefully you already use two-factor authentication, but in case you don’t, it typically refers to authenticating yourself not just with a password (something you know) but also with something you have (like a phone with Google Authenticator).

BIP38 wallets provide two-factor authentication like this: your password is used to encrypt a randomly-generated private key instead of simply being hashed directly to an address. So whereas with a brainwallet the same password will always result in the same private key, with BIP38 and the same password, the key will be different every time you generate one. Now it doesn’t matter so much if the private key falls into the wrong hands, because both the private key and your secret password are needed to spend coins from that address. (And you do keep your passwords secret, right?) So an attacker would need physical access to your cold storage and also get your password.

Comparisons and cautions

It may be obvious at this point, but the brainwallet is at a disadvantage because it only uses single-factor authentication. If your password is discovered, you can consider your coins gone.

Secondly, it’s a fact that humans are bad at creating random passwords, and remembering them if they do. We use what we know: names, dates, SSNs, song lyrics, quotes from books or religious material, etc. This means that unless your password/phrase is truly random, your bitcoins are at risk because freely-available hacking software can crack passwords that you would think are pretty good, like “MomOf3g8kids” — it is easy to remember, but isn’t random. What attackers do is take an input string (the password), hash it, get the public address, then see if that address has been used anywhere on the blockchain. If it has, then they now have your private key and can spend the coins at that address. Read this for some eye-opening information on password security.

What about BIP38?

It’s much more secure because your password can be fairly simple, yet because it’s used to create an encrypted private key, an attacker would not only have to find your password using random brute-force methods, but for each password, try practically infinite combinations in order to get the same private key that you have (because remember, it was made to be random).

Conclusions

BIP38 wallets are inherently more secure, but does that mean that brainwallets are no good? Well, they’re fine if you use a long (16+ characters) random passphrase. Otherwise, your addresses will be hacked and you will lose your bitcoin. See the bitcoin wiki for instruction on how to use brainwallets properly (as well as some encouragement not to).

For security and ease-of-use, my preference is to use BIP38-encrypted wallets for storage, whether electronic or paper. To learn more about creating these, check out Bitcoin Paper Wallet (bitaddress.org is an alternative, but both can — and should — only be used offline if done to store your bitcoin).

As an added measure of security, you can use Shamir’s Secret Sharing Scheme to split your password into multiple codes that you store separately, a minimum number of which must be combined in order to get the original passphrase, decrypt the wallet, and spend coins. Some may think this borders on paranoia, but it’s your money; you have a right to protect however seems best to you.

Questions? Please leave a comment below!

Links:
[trezor]: https://www.bitcointrezor.com/
[paperwallet]: https://bitcoinpaperwallet.com/
[two-factor auth]: http://www.cnet.com/news/two-factor-authentication-what-you-need-to-know-faq/
[bitaddress]: https://www.bitaddress.org
[bitcoin-wiki]: https://en.bitcoin.it/wiki/Brainwallet
[BIP38 on Github]: https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki
[shamirs-secret-sharing-scheme]: http://passguardian.com/