[I wrote this draft a week ago and forgot about it, but in the light of the Mt. Gox news I decided to post it because someone might find it useful]
Over the past few months I’ve noticed a significant number of forum posts by people losing crypto coins due to their own mistakes. This happens because many do not understand the basic concept of Bitcoin/Altcoin ownership, and the implications when it comes to protecting coins. I’ll try to explain here.
Suppose you roll a die one hundred times and write down the results: 3, 5, 2, 6, 2, 5, 6, 5, … (90 more numbers) … 4, 2. What you have now is a very unique list of numbers. You could repeat the operation billions of times every second for trillions of years and it is extremely unlikely that you would see the same sequence again. If you hadn’t written it down, it would be lost forever. Nobody would be able to reproduce it.
The number of possible sequences of 100 die rolls is about the same order of magnitude as the number of Bitcoin keys. In fact, the procedure I just described is a secure way to generate a key and its corresponding address [there are fewer addresses than keys, so you could generate a secure key with fewer rolls; let's ignore that for now]
Here are two basic facts that you must know:
1) If you generate a Bitcoin address securely (as described above, for example), deposit money into it, and forget the key, the money is gone. Poof. Nobody can get it back.
2) If you store that key on your computer, anybody who can access your computer can steal all your coins.
The first fact should be obvious by now. Unless there is a problem with the Bitcoin protocol (in which case Bitcoin would become worthless anyway), there is no way to obtain the key for an address. The second fact is obvious too, but most people don’t realize its implications.
Until a few years ago, professional virus writers could not derive a huge amount of value from controlling a remote computer. They could create a botnet, launch distributed denial-of-service attacks, generate fake ad clicks. “Owning” a random computer wasn’t particularly valuable. That was then.
Right now there are probably thousands of computers on the internet that contain the keys to a large amount of crypto wealth. There are a few well-known formats for storing Bitcoin private keys. It is trivial for a virus writer to include a few lines of code that search for those just in case. You might think the solution is to keep your wallet encrypted, and you would be wrong. If malware is running on your computer, it could easily log your keystrokes when you type the password to your wallet. This happens all the time.
Knowing all this, many people opt to keep their bitcoins in an exchange. However, exchanges are not banks. Your money is not protected by governments. Over the past few weeks Mt. Gox (once the largest Bitcoin exchange) has been in the news because there is a significant change that they are insolvent. If they go out of business, chances are their customers will lose all their funds.
What is the solution, then?
First of all, you should not generate a Bitcoin key / address pair on an online computer. The easiest way to do this is to use a trusted, open source wallet on an offline computer, make a backup of the keys and securely erase the hard drive (or never connect tot he internet again). Perhaps the easiest way to do it is to boot a volatile Ubuntu from a USB drive (and ignore any requests to connect to a network).
Now that you know that your keys are not accessible via the internet, the question is how to store them. This is a more difficult problem because there is a conflict: on one hand you don’t want to have your keys in just one place. It’s best to have a few copies in different locations. On the other hand the more copies you have, the higher the chances that someone might find one. So far the best solution to this problem is BIP38 encryption (warning: highly technical document). The gist: instead of storing copies of the keys in a usable format, you keep them encrypted. If your passphrase is strong enough (e.g. at least four English words truly picked at random), then nobody should be able to decrypt and use your key.
There is still one more problem left: what if you lose or forget the passphrase? What if something happens to you? It does make sense to write down the passphrase, and store it separately from the keys. Perhaps you can give the passphrase to a trusted family member, and leave the location of the keys in your will. At this point there won’t be one solution that works for everyone. Once again, the key point to remember is that if any piece of information needed to restore a Bitcoin key is lost, the bitcoins are lost.
Complicated, isn’t it? My conclusion is that cryptocurrencies have a way to go before they can be as user-friendly as established payment technologies. In the meantime, don’t let this happen to you: