Topic: Encrypted Paper Backups - page 2. (Read 3784 times)

You're right. I actually just read that rant, but my mistake was looking at this from my point of view rather than from a typical user's point of view. I would use it by printing an unencrypted paper backup, and then just printing out this encrypted backup as another layer of insurance in case the unencrypted backup gets lost/destroyed while I still remember my password. But as you pointed out, the typical user would probably not bother with the unencrypted backup. The other solution you offered, where you'd hand-write an additional code, would do the trick for me.

You could also display a code/sentence on the screen rather than having the user select one.  This more or less forces them to record it somewhere (and as you said, most people would record it on the paper).  If you did this then you would probably want to have the user re-enter for accuracy.

Fr those that truly want an armory brainwallet the methods are out there if they look hard enough, so they are not locked out either.

I've ranted about this before, and I'll resist the urge to ramble about it again, but the gist is:  if there is an encrypted backup option, everyone who's not thinking deeply about it will just use it because it sounds better, and they will end up with no plaintext backup anywhere.  In reality though, if you have no plaintext backup, you have a brainwallet.  Your coins go with you to the grave, or when you forget the decryption passphrase in 10 years (the first time you ever need it).  I believe that it's best for everyone to have a plaintext backup somewhere, and I don't usually support "protecting user's from themselves" (like the drug war, etc), but in this case I think it's preventing a lot of pain. Though, I could probably make some money setting up a service to help people recover their wallets after they forget it...

This is why I was excited about that M-of-N fragmented backups.  Because it really opens up the possibilities for backing up your wallet without effectively creating a brainwallet.

One thing I was thinking of doing was having a screen that says something like: "Print a paper backup with a printer-protection key: create a passphrase that is required to restore your wallet from the paper backup, so that the backup information cannot be stolen by a compromised printer.  Please write the passphrase in the specified area on the paper backup after it is done printing".  This would hide the capability as an extra protective measure, and most users would probably just follow directions and write it on the paper (along with adding extra protection for the Samsung printers with known root exploits).  But an expert user could choose not to write it on there.  That might be enough to sooth my nerves.

This is all coming with the new wallets... if I ever finish them.  It's turning out to be a complete overhaul of some previously-well-tested code, and so it might be a while before I can get them working again (and I probably have to re-write my 1,000+ lines of unit-tests, too).  But I think it will be worth it.

Wouldn't it be easier to just keep the private key in the safe instead of several printed pages?

+1

I would like encrypted backups as well.  I could leave this next to my computer and keep a plaintext backup in a safe.

I agree, but that's why I said I'd keep a plaintext backup, as well. Just not in a safety deposit box. There are always going to be tradeoffs, so it's important to have layers of security againsts both theft and loss. 2-of-3 is also my preferred solution, but this might contribute a beneficial layer of security, and it might be quicker to implement into the GUI.

Nobody does, yet it happens all the time.

Much better in my opinion is 2-of-3 paper backups: Three pieces of paper hidden three places.  You need any two of them to recover the backup, but alone they are useless.  I think they are on their way into Armory.

I know this has been discussed before, but here's why I think encrypted paper backups would be a good idea. Possibly the most realistic failure mode is that the original binary wallet will get corrupted. You could make a few copies on flash drives, but those aren't that reliable either. You could put it on the cloud, but that opens up some more risk. Of course that's why we have paper backups. But I personally wouldn't want to put an unencrypted paper backup in a safety deposit box in a bank. I do think that's a pretty good place for an encrypted paper backup, though.

I don't expect to forget my password anytime soon, so if my digital backups fail, I can always go get that paper. I'll also keep my unencrypted paper backups, in case I do forget my password, but I feel I have to be much more careful with those. Since I don't want to make multiple copies of the unencrypted paper backups, they're more susceptible to loss and damage.