Bitcoin for the beginner: how to buy, store and use bitcoin
A clear algorithm for the buying and management of bitcoin is described. There are alternatives and in time you may wish to learn them but, for the moment, what you see below is all you need.
1. Go to the Coinbase website ( coinbase.com ) and buy some bitcoin - follow their instructions - very clear. ( Note: There are alternatives - Bitstamp; CoinCorner; CoinFloor; - many others - just Google "bitcoin exchange" )
2. Create a paper wallet for yourself by going to the website: www.bitaddress.org - and generating a paper wallet - easy - follow the instructions there - - - - you will at first need to swirl your mouse around to generate randomness - you will see the changes on your screen untill 100% is achieved - after which the screen clears and all will be clear - select the "paper wallet" option from the choices at the top of the window.
3. Print the paper wallet but be careful not to let anyone see the private key - keep it secret. On the paper wallet you will see two "numbers" (character strings really - consisting of letters and numbers) - the one on the left is the Public Address (like your home address - anyone can see it and people who want to send you mail must know it) and, on the right, the Private Key - this (the private key) is the one you must keep secret - it is the number you will use to access your bitcoin when the time comes. Don't lose the Private Key - without it there is no way of recovering your bitcoin. You may wish to make a few copies and store them in different places - but not where they will be found. ( Instead of making a Paper Wallet you could make a Brain Wallet - also generated from bitaddress.org - and explained there - or go to YouTube for a video explanation. With a brain wallet one remembers a string of random words and there is nothing written down )
4. Go to Coinbase and access your account wallet there and send the bitcoin (the ones you want to store) to the Public Address generated in 2. above. And that is all you do - your bitcoin are now safe - for centuries, if that is what you want - just as long as no one gets to know your Private Key.
5. If you want to check that your bitcoin have indeed been sent to the address, go to www.blockchain.info and, on the homepage, type your Public Address into the search box (about half-way down the home page and just off-centre to the right) and there you will see the details of the transaction - sent from the address that Coinbase have sent it from - to your address - with the amount and date and time of the transaction. It takes a little time for the transaction to occur - the process is undertaken by the miners around the World who look after the bitcoin blockchain in cyberspace - you will note they extract a very small fee for the service - negligible really.
How to mobilise your bitcoin in your paper wallet so that you can use / spend them
1. Download the Electrum wallet from their website - www.electrum.org
2. Open the wallet and register with them. Remember to write down the seed - this allows you to recover the contents of the wallet should you forget your password.
3. One of the options offered is to import or sweep in a private key. This function allows you to sweep the entire contents of your paper wallet into the Electrum wallet. Do this by inserting the Private Key of your paper wallet into the box when it is presented (by the Electrum wallet). It will take a little time for the sweep to occur - sometimes an hour or so - so don't worry - you have not lost your coin. Once the bitcoin are in your Electrum wallet you will be able to spend them. Remember that once you have used your paper (or brain) wallet - i.e. used the private keys - you should not use it again as you have exposed the private key and a hacker could find out what it is.
Don't leave a significant amount of bitcoin in the Electrum wallet (or any online wallet for that matter) for longer than necessary - only what you will need to spend over the next few months - only keep significant quantities of bitcoin in paper or brain wallets - or in a hardware wallet, like a Trezor - see: www.Trezor.com
So, at the risk of being boring I will re-state - the safest ways to store your bitcoin are:
* Paper wallet
* Brain wallet
Enjoy the security of bitcoin - it is liberating !
* YouTube: in the search box insert "James D'Angelo bitcoin" and you will see a number of his productions on bitcoin - - - he gives a very good talk - keeping them to a comfortable 20 to 30 minutes.
* YouTube: search for " Andreas Antonopoulos bitcoin " many excellent productions - for the neophyte an excellent one is the talk he gave to a Canadian Senate subcommittee - long but good, with a very good Q & A session for the last 45 minutes.
Apologies, in my post of 2:30 pm the Trezor website address was incorrect - it is:
Thanks for taking the time to share your knowledge and experiences with BC. My tinfoil hat is wound to tightly to allow BC purchases but I do appreciate the giving spirit brother.
Thanks for taking the time to share your knowledge about BitCoin. It still seems confusing, but I am sure if you follow your instructions one can master the process.
Really well done !
Even I can understand it.
JC, thanks for taking the time to create this forum. I'm going to start wading in to bitcoin next month and it's great to have a trusted source of information.
Coinpayments.net supports around 55 different cryptocurrencies. It might be valuable to narrow down the list and attempt to determine which ones are likely to survive and increase in the intermediate future. Obviously Bitcoin is the 800 pound gorilla, but does anyone have insight or noteworthy information about some of the others - market niches or unique situations that might drive demand and price.
Six Things Bitcoin Users Should Know about Private Keys
Private keys have been an integral component of Bitcoin since its first description in 2008. Wallet software generally protects users from the need to understand what private keys are and how they work. Even so, most users eventually come face to face with private keys, too often with unpleasant results.
A basic understanding of private keys helps prevent loss of funds and other mishaps, but it can also offer useful insights into how Bitcoin works. This guide outlines the most important private key concepts for effectively using Bitcoin.
Bitcoin: A Secure Messaging System
Although Bitcoin is best known as a payment system, underneath it all runs a secure messaging system built on the Internet. Instead of relaying emails, texts, or web pages, the Bitcoin network processes value-transfer messages called transactions. Private keys play a central role in verifying these messages, identifying senders and receivers, and in securing the network.
An example helps illustrate the problems that private keys solve. Imagine Alice wants to pay Bob 10 bitcoin (BTC). She begins by creating a transaction identifying Bob as the payee and 10 BTC as the amount to be transferred. Alice then broadcasts this transaction to all users of the Bitcoin network.
Alice‘s transaction paying Bob 10 bitcoin. As it stands, Alice has no way to identify herself or Bob, nor does she have any assurance the transaction won’t be forged or tampered with.
In using this system, Alice faces two fundamental problems. First, she needs a way to identify both herself and Bob in the transaction. Alice can‘t employ a central authority such as a government registry or email provider because that would conflict with Bitcoin’s decentralized, trustless nature. Second, Alice needs a way to prevent others from changing her transaction and forging transactions in her name.
Bitcoin solves these problems through a system called public key cryptography. This system uses two pieces of information to authenticate messages. A public key identifies a sender or recipient, and can be distributed to others. A private key is used together with the public key to create an unforgeable message signature. The private key must be kept secret. Public and private keys are mathematically linked.
Alice signs a transaction to Bob with her private key.
With this overview in mind, here are six things about private keys to keep in mind as you use Bitcoin.
1. A Private Key is Just a Number
A Bitcoin private key is simply an integer between one and about 10 to the power 77. This may not seem like much of a selection, but for practical purposes it's essentially infinite.
If you could process one trillion private keys per second, it would take more than one million times the age of the universe to count them all. Even worse, just enumerating these keys would consume more than the total energy output of the sun for 32 years. This vast keyspace plays a fundamental role in securing the Bitcoin network.
Because private keys contain many digits when expressed as decimal numbers, an alternative format called Wallet Import Format (WIF) has been devised. This format begins with the number “5” and contains a sequence of letters and numbers. For example, here's a private key represented in WIF format:
2. Transactions are Messages Signed with a Private Key
To prevent forgery, Bitcoin requires that each transaction bear a digital signature. This signature, like a private key, is just a number selected from a very large range. Wallet software generates a signature by mathematically processing a transaction together with the correct private key.
This system works because anyone with a transaction and its signature can verify the authenticity of a message. However, a transaction signature is practically impossible to fake. The only way to produce a valid signature for a particular transaction is to use the correct private key.
Two transactions from Alice to Bob. The first transfers 10 BTC, and the second transfers 2 BTC. The same private key leads to a unique, unguessable signature for each transaction.
Unlike a physical signature you might write on a check, a transaction signature changes if the transaction changes even slightly. The way the signature will change is unpredictable, ensuring that only a person in possession of a private key can provide the correct signature.
3. Anyone Who Knows Your Private Key Can Steal Your Funds
Any transaction bearing a valid signature will be accepted by the Bitcoin network. At the same time, any person in possession of a private key can create a valid transaction. These two facts taken together mean that someone knowing only your private key can steal from you.
Many avenues are open to thieves who steal private keys. Two of the most popular are storage media and communications channels. For this reason, extreme caution must be taken whenever storing or transmitting private keys.
Software wallets usually store private keys in a “wallet file” on the main hard drive. Wallets often place this file in a standard, well-known directory, making it an ideal target bitcoin-specific malware.
To counter this threat, software wallets offer an option to encrypt the wallet file. Any attacker gaining access to your wallet file would then need to decrypt it. The difficulty of doing so depends on the quality of the encryption and strength of the password being used. Wallet files can be encrypted on many software wallets by adding a password.
Encrypting Electrum's wallet file by adding a password.
Although wallet backups are a good idea, they can potentially leak private keys. For example, it may be tempting to save a backup of your software wallet to a cloud storage service such as Dropbox. However, anyone capable of viewing this backup online (which could be a surprisingly long list of people) would be in a position to steal some or all of your funds. A similar problem could arise through emailing backups to yourself or leaving a paper wallet around the house. Encryption can reduce the risk, but not eliminate it altogether.
Preventing the accidental release of private keys is the main purpose of “cold storage”. For more information, see A Gentle Introduction to Bitcoin Cold Storage.
4. Addresses are Derived from Public Keys, Which are Themselves Derived from Private Keys
A Bitcoin public key is obtained by applying a well-defined set of mathematical operations, defined through Elliptic Curve Cryptography (ECC), to a private key. Like a private key, a public key is simply a very large number.
The relationship between private keys and public keys is an example of a mathematical trapdoor - a function that‘s easy to perform in one direction, but practically impossible to perform in the opposite direction. This unidirectionality lies at the center of Bitcoin’s security model.
Just as private keys can be shortened to make them more usable with displays and keyboards, so too can public keys. An address results from applying a multi-step transformation to a public key. This produces a string of text and digits, usually starting with the number “1”.
Notice that no network is needed at any point in the generation of a private key or the corresponding address. Every computer on the Bitcoin network knows about the mathematical relationship between public and private keys. This enables each participant to select private keys and sign transactions independently of the Bitcoin network. The enormous private keyspace ensures that any properly-selected key will be unique.
5. Security Depends on Choosing a Good Private Key
Knowledge of a private key is the only verification needed to spend funds from a Bitcoin address. Private keys should therefore be kept secret. However, careless selection of a private key can lead to theft just as easily as its accidental release.
For example, imagine that we want to use a private key that's easy to remember. The number 1 is both easy to remember and a valid Bitcoin private key. But how secure would it be?
The private key 1 generates this address:
If you follow the link, you'll notice that the address has already been involved in over 1,000 transaction for a total of over 4 BTC within the last few years. If you wanted, you could easily spend any available funds at this address because the private key is known to you.
Now imagine you're a thief determined to steal bitcoin. One strategy might be to compile a list of easy-to-remember private keys. Next, generate the addresses for these keys and monitor the Bitcoin network for incoming payments to one of them. When one arrives, immediately sign a transaction moving the funds to another address you control.
Contrast the ease of this scheme with a situation in which a private key was chosen by a perfect random number generator. With no clue what the key might be, brute force iteration would be the only option. As we've already seen, carrying out this plan is physically impossible.
What would happen if the random number generator were not quite random? For example, what if all output private keys were clustered about a constant value within a narrow range?
Random private key distribution versus one that is clustered. The clustered distribution favors an attacker.
Any attacker aware of such a defect could drastically reduce the necessary search space. Under the right conditions, it would become practical to monitor all of the addresses based on the faulty random number generator and steal funds from any one of them at will.
The need to select a good private key becomes especially important with brain wallets. One method to create a brain wallet starts with a passphrase such as “to be or not to be”, then applies a mathematical function to convert this text to a private key. Applying the most popular conversion algorithm (SHA-256) to this passphrase generates the address:
“to be or not to be”
As you can see, this address was used quite recently to store funds, which were immediately withdrawn.
Unfortunately, it‘s not always easy to tell what qualifies as an insecure brain wallet passphrase and what doesn’t. Attackers can exploit this uncertainty and the inexperience of new users to steal funds. For example, a thief might compile an enormous database of common phrases and passwords. Such a database might number in the trillions of entries or more, but would still be searchable in its entirety with little computational effort.
Compare this situation to the one with website passwords. If you register for a web service using a password someone else happens to have chosen, you don't take over their account because your username must be unique. Bitcoin private keys are different in that they serve the dual role of user identification (via address generation) and authentication (via digital signatures).
Secure private keys are generated with a high degree of unpredictability so they can't be guessed before or after the fact.
6. Private Keys are (Somewhat) Portable
For the most part, wallet software hides the process of generating, using, and storing private keys. However, private keys can become visible from time to time. When this happens, understanding private keys and how they interact with your specific software becomes important.
Paper wallets present the most common route by which private keys show up outside of software wallets. Although they come in a multitude of formats, the essential feature of any paper wallet is a printed private key.
Example paper wallet. To the right is the private key, represented both as a QR code and a string of text beginning with the number “5” and written vertically.
Support for using externally-generated private keys varies greatly across wallet applications. For example, private keys imported into Electrum and Armory are not preserved in future backup recoveries using the most common and recommended procedure. Likewise, importing private keys into MultiBit changes the behavior of that wallet with respect to change addresses.
Should one wallet application begin to malfunction, its private keys can be imported into another application. This rescue procedure provides the second main route through which private keys become visible to end users. A closely-related procedure consists of restoring the state of a software wallet through a backup file.
Before losing funds due to preventable mistakes, understand how your software treats externally-created private keys - before importing them. Regardless of the specific wallet application being use, private keys kept or maintained outside of a software wallet need to be handled with care to prevent loss and theft.
Bitcoin can be thought of as an open messaging system secured by public key cryptography. In contrast to other systems protected by username and password logins, Bitcoin is secured through digital message signatures created with a unique private key. This single point of access places a very high value on the secure generation, use, and storage of private keys.
Many thanks for this thread - have gone into bitaddress and looked to generate a paper wallet but wonder why the 'default' number of addresses is 3 .. indeed this generates 3 'wallets'? i.e 3 different public and private sets of codes. Why are 3 (or more than one set ) required? Should you use a different one each time a coin is deposited??
Hope you can clarify.
James - thank you very much for posting the very helpful information on private keys. I am a Bitcoin novice and don't want to do anything stupid to lose my small stash. I linked the Coinbase app to my bank account and bought some Bitcoin. They ACHed money from my checking account and now my Bitcoin show up in my Coinbase account on the App under the title called "Bitcoin wallet". I have never set up any other sort of wallet or done anything to generate or set up a private key. I have never transferred any BTC out or used it to pay for anything. Is my Bitcoin really in a Bitcoin wallet? How do I know what my private key is? How risky is it to just accumulate BTC at Coinbase without moving it out? Do I need to do something about setting a more secure private key? I like the idea of cold/offline storage because I don't want to lose my BTC if an exchange gets hacked or goes broke like Mt. Gox. I apologize in advance. I am book smart and have looked around online for the answer but am very unsure of how to proceed and don't want to lose my investment. Thanks for all the insight you provide to the board.
Hi Blackshook - thanks for the question. You only NEED one address - but some people prefer to have a number of them.
Remember that when the time comes to spend the bitcoin in your paper wallet you will have to "sweep" (that is the term used) them into a wallet that can do this (spend the bitcoin). Now, sweeping involves taking ALL the bitcoin out of the paper wallet address (and putting them into the new wallet address). This may be more than you wish to use at that time - for this reason people tend to place sufficient bitcoin in one paper wallet address and then move on to the next when there are sufficient (bitcoin) there. Get the idea?
good luck and best wishes
Thanks for the question HY. When your bitcoin are with an exchange - e.g. Coinbase - they are under their care - i.e. you are exposed to third party risk. They have the private key, not you. Furthermore, what worries me (and I believe this partly explains this latest take-down of bitcoin - don't worry, just temporary) is that these exchanges have the opportunity to be dishonest - to SAY they have bought bitcoin for you but have not really and can manipulate - this probably be revealed in the months ahead. So, you should get your bitcoin out of any exchange (including Coinbase) and place them into your own care - do this by following these steps:
1. Generate a paper wallet: go to www.bitaddress.org and generate and print-off a paper wallet. This should be done off-line to be 100% safe, including the printing. Just unplug your ethernet before generating a new paper wallet (at bitaddress.org).
2. On that wallet you will see a public address (34 characters, on the left) and a private key (51 characters, on the right).
3. Go to your Coinbase account and withdraw your bitcoin to the public address (the 34 character one). The bitcoin are now REALLY yours.
4. Go to www.blockchain.info and place the public address (the 34 character string) into the search box on the home page - half-way down on the right - and you will be able to check that your bitcoin have arrived.
Your bitcoin are safe here for centuries - longer. Just don't give your private key to anyone you don't want to see it.
With time (and confidence) you may wish to learn about brain wallets (also via bitaddress.org) - this is where I keep 98% of my bitcoin - in my head.
Good luck - and feel free to come back if you need further advice.
Ever wonder if your computer is an open window to the Internet?
That's why we disconnect when creating paper wallets, so that possible prying eyes can't steal our Bitcoin.
When I originally learned about Bitcoin last year, I also learned how storing some paper wallets on different areas of your hard drive could be a way to discover if your computer is compromised.
Create several paper wallets while connected to the Internet. Send some Bitcoin to each paper wallet, anywhere from 50 cents to 1 Dollar. Then create an image of your paper wallet with the private key fully exposed, and save the image to your hard drive.
I created 6 paper wallets and named the image files using the private keys, and scattered them around my hard drive. This should make them easy to find and view, if someone manages to hack into my computer.
I use Blockchain.info to see if they still contain the Bitcoin I put in them.
Now, this is no guarantee that my computer isn't hacked. It could be and I simply don't know. However, if the day ever comes that those paper wallets show up empty, I will definitely know I have been hacked.
I may be living dangerously because my computer is an Mac, and I don't run virus software. If my computer was a Windows machine, I definitely would be.
Also note, I keep my Bitcoins in a hardware wallet, a Trezor.
Thanks for the answer... that makes it clear and logical.
Current issue is Coinbase... must be an issue their end? As when I get through to authenticating stage I click/ double click on 'passport' but quite literally nothing happens .. seems like a dead link. Similarly with the 2 other avenues for pictorial confirmation. Will try again today.
However have you used the Bitcoin machine? There is one very close to me in UK and I wonder if I can use this with a paper wallet? Does it scan the public address / bar code on the physical print out? Any pro/con? Is the pricing competitive?
Thanks again - you are providing a great service. Look forward to hearing from you .
Tha machine very near me is an ATM Type: General Bytes .. if that helps ! Alternatively I will just go along and see.... though whether there is anyone there that actually knows how it works is questionable... it is installed on the premises of a small private computer retailer (Computer Junction).
James-Thank you so much for taking your valuable time to reply to my question about Bitcoin. You reply generated a couple of more questions. I went to bitaddress.org. This seems to be a very generic website that has no instructions or explanations about what it does. It seems to let you choose a language and has some choices about single wallets, bulk wallets, etc, but none of this is explained. Being the natural skeptic, it would seem the website owner would have a record of all addresses and passwords generated on their site which would enable them to take my Bitcoin (which makes me leery).
i also don't understand how you can generate and print something from the website while not being connected to the internet. I know that I don't sound like it, but I am actually very intelligent....lol. I am a longtime stacker and Bitcoin is new to me and I just don't want to do anything stupid to lose the Bitcoins that I do have. Thanks again for your help.
Watch these two video tutorials - lot of information:
The first one is more practical - the second one helps one understand what is going on. Trust me, it can be done safely off line. I have an old pc which NEVER goes online - NEVER, EVER. I use this to generate my brain and paper wallets (from bitaddress.org) - as explained by James D'Angelo (in the first video referenced above).
So, to spell it out:
1. Go to your online computer - go to bitaddress.org - then save it to a thumb drive (as explained by James D'Angelo).
2. Go to your PERMANENTLY offline computer and open the bitaddress.org.html from the thumb-drive (you will need to have a browser installed on that offline computer - the same one that you saved the bitaddress.org from using your online computer). Hey presto! there you have your wallet generator. If you can't understand how this works, check the second video.
3. By the way, the printer you use should not be a WiFi enabled one - again, I use a dedicated offline one.
Any further problems, get back to me.
See my post of a few mintues ago for safe offline-generated wallets.
Sorry - only just seen your post.
I have not used a bitcoin machine before but believe they are good, if a little expensive. Generate a paper wallet (as described a few minutes ago) and then use that address at the bitcoin machine - it will scan the address for you. Then, of course, you can check that the bitcoin have arrived by going to blockchain.info.
Sorry, not sure what is going on with your Coinbase business. Could it be a firewall? Or would a different browser help? You could also try a friends' computer - or even a mobile phone (android)?
In my opinion, the fact the IRS is going after Coinbase and its customers, "proves" to me the legitimacy of bitcoin... The US gov sees future revenue in this. If they wanted to squash they would, but they want those taxes!!!!!