A "canary wallet" gives you a way to find out if your wallet's private keys have been compromised. Here is how to make one:
- Generate a public/private key pair to use as a wallet in the normal way.
- Put a very small amount of bitcoin into this wallet and store it as you normally would - on paper, brainwallet, encrypted folder, as a MultiBit/Bitcoin client wallet, whatever.
- Now use the private key of this first wallet (the "canary wallet") as a seed to deterministically generate a new public/private key pair for a new, second wallet. Don't store the second wallet's private key anywhere - always generate it from the first when you need to access it.
- This second wallet is where you actually store your bitcoins.
In this way, if your storage is ever compromised you will know because the attacker will transfer the small number of bitcoins out of the first wallet - the "canary wallet". You could monitor the first wallet's balance with a script and if it is ever spent that is your flag that the storage has been compromised and that you should move your money to a new wallet.
No comments:
Post a Comment