Topic: Creating Paperwallet with TAILS (Read 3035 times)

Great, thanks!  I'll check it out!

Hey, you may want to check out version 1.052 which we have just released, as it provides easy support for regular dice as a physical randomness source.

Also, I've just made a small Unix tarball available of it on the website, which provides a fully self-contained package, including ecdsa. 

No other packages are needed. Sorry, can't give a longer answer now, I'm running late...

Yes - does it need any other packages also?  The problem really is that on TAILS without internet access, I have to pre-download everything and install it right after booting for every time I run the system.  If it is just this one library and it can be installed by simply running a setup.py or placing a single .py file somewhere, I don't mind.  But if it depends on other non-standard packages and so on, it gets bad.

Regarding physical entropy:  That's really nice, and even though it is probably *very paranoid*, I was planning to add some just in case.  My intention is to simply generate a random file, with parts from /dev/random, parts from me hacking on the keyboard, and maybe just for fun some parts according to such a physical source of entropy, and then hashing it to produce the private key.

Thanks for looking at NoBrainr! I just want to confirm that it requires the ecdsa library indeed, which is a tiny 90Kb package from the pypi central python repository (and used by countless other bitcoin apps, including Electrum.)

Keep in mind that a great feature of NoBrainr is that it is only about 25 lines of code, making it orders of magnitude simpler than alternatives, while still producing cryptographically strong keys. Also, it will soon accept real physical entropy as input, bypassing any NSA-backdoored RNG concerns.

Ah thanks, I didn't know that.  But I just want a single private key & address pair, so I probably don't need that.  I'll try it out soon!

Regarding NoBrainr: It seems that it needs some additional Python libraries (ecdsa at least) - which I would need to also install on the TAILS system once booted up.

You can also use the "Paper wallet" tab and BIP38-encrypt the private key.

Thanks - I think I'll try to use bitaddress.org with the "brainwallet" function (but with a passphrase generated randomly from /dev/random).  As long as bitaddress.org doesn't have a bug in the logic to generate the private key from it (which I doubt), this should be fine.

I'd go with either bitaddress or NoBrainr (search the latter in the forum).

I want to create a paperwallet, and think that TAILS (https://tails.boum.org/) could be a good choice for doing so securely.  Ideally, I'm thinking of the following workflow:

1) Disable WiFi on my laptop using the hardware switch and boot into TAILS.

2) Create a private key and address, encrypt the private key with a strong passphrase (using GPG), and save it to a flash drive.

3) Shutdown TAILS without ever enabling network access, boot into the main system, and print the encrypted private key.

This ensures that, even if my main system is compromised (I hope not), the passphrase used to encrypt the private key is never accessible to malware; assuming that the TAILS image itself is not already compromised, TAILS is written to not leak any data on persistent storage, and furthermore the system on which the private key is accessible in clear text will never be connected to the internet.

Does this sound like a reasonably good way to create a (long-term storage) address?  The problem I now have is the question, which tools to use to generate the address.  TAILS unfortunately does not include any Bitcoin tools and also doesn't come with gcc (although it can probably be installed using pre-downloaded apt-packages if I try hard enough).  I see the following options:

1) Use the bitcoind binary download.  I tried this, but it seems to not start up when not connected to the internet and no blockchain data is present.  Unfortunately, TAILS doesn't give me enough storage to keep a full blockchain.  Is it possible to start up bitcoind and use it to create a wallet and export a private key without ever connecting to the internet and ever downloading a single block?

2) Vanitygen:  Here I would also need a 32-bit binary, which I would have to try to find (not sure whether one is provided, usually I use the sources - but I would have to cross-compile them to 32-bit from my main system which uses amd64).  Is this a secure method to generate addresses, considering entropy?  I think it allows to seed the random-number generator with some arbitrary file, which could be generated from /dev/random earlier.

3) Using a downloaded version of bitaddress.org.  This works, but I'm hesitant to use that because I'm not sure about the security of the generated data.  Is the entropy good enough?  Of course, I could also generate a file from /dev/random, hash it, and use the resulting hash as passphrase to a brain wallet.  Do you think this is a secure enough method that I can trust?  Is the used crypto in JS code stable enough to trust it with generating a long-term storage key?

What would you suggest?