Step 12.5: verify that you can fund/swipe one of your paper wallets using a small amount. On success discard the one you tested with.
Well, it's currently implied by step 14... But I don't know if I want to add it to the core list. The risk of this not working is low, and figuring out how to import the key is something most user will prefer to let their future selves worry about. 
Topic: Feedback wanted re paper wallet tutorial (Read 1534 times)
Step 12.5: verify that you can fund/swipe one of your paper wallets using a small amount. On success discard the one you tested with.
In practice, "Make sure" becomes "Hope". Which is why I advocate generating keys while booted from read-only media on a machine with zero storage.
But, like I said before, this is still a vast improvement in security for most users.
But, like I said before, this is still a vast improvement in security for most users.
And how do you burn said read-only media? Oh yes using your existing online system.
Yup. What's your point?
Step 9 is impractical.
If your box is owned already, what's to stop malware from stashing the keys somewhere, waiting for you to reconnect?
Step 9 ("Make sure the private keys are not saved anywhere on the computer") means not to purposefully keep such copies. If there's a virus that stores them and reads on reconnecting there's not much to do in this setup. But if the computer is clean and later gets infected, not keeping keys protects you (otherwise it's not a paper wallet).If your box is owned already, what's to stop malware from stashing the keys somewhere, waiting for you to reconnect?
In practice, "Make sure" becomes "Hope". Which is why I advocate generating keys while booted from read-only media on a machine with zero storage.
But, like I said before, this is still a vast improvement in security for most users.
And how do you burn said read-only media? Oh yes using your existing online system.
Step 9 is impractical.
If your box is owned already, what's to stop malware from stashing the keys somewhere, waiting for you to reconnect?
Step 9 ("Make sure the private keys are not saved anywhere on the computer") means not to purposefully keep such copies. If there's a virus that stores them and reads on reconnecting there's not much to do in this setup. But if the computer is clean and later gets infected, not keeping keys protects you (otherwise it's not a paper wallet).If your box is owned already, what's to stop malware from stashing the keys somewhere, waiting for you to reconnect?
In practice, "Make sure" becomes "Hope". Which is why I advocate generating keys while booted from read-only media on a machine with zero storage.
But, like I said before, this is still a vast improvement in security for most users.
Step 9 is impractical.
If your box is owned already, what's to stop malware from stashing the keys somewhere, waiting for you to reconnect?
Step 9 ("Make sure the private keys are not saved anywhere on the computer") means not to purposefully keep such copies. If there's a virus that stores them and reads on reconnecting there's not much to do in this setup. But if the computer is clean and later gets infected, not keeping keys protects you (otherwise it's not a paper wallet).If your box is owned already, what's to stop malware from stashing the keys somewhere, waiting for you to reconnect?
Good job!
Thanks.Pretty photos of each stage wouldn't go amiss, people like those!
Lots more work but I'll keep in mind.Secondly links to download ubuntu or whatever you're recommending to install on a USB to get this set up with so people can just click, click, click to get up and running.
Ubuntu is classified in this guide as "extra credit", people who want to do this need a guide for this in particular.Only took a quick scan but also make sure that people write down their private key at least twice, probably three times. letters like i and l look very similar.
Private keys are Base58-encoded, so I and l don't exist. But yes, it is recommended to keep multiple copies, and if printed, use a clear font.- Mandatory: Live CD reboot your real hardware (no virtual machines)
- Get the address.org.html from github: https://raw.github.com/pointbiz/bitaddress.org/master/bitaddress.org.html
- Verify file checksum,
- Single address at a time per paper wallet and entropy set,
- All that is needed is an address + wif privkey (bitaddress.org gets this wrong with too much info), choose compressed addresses,
- Print and preserve the wallet like they were $10000 bills, but ones that can have backups.
What's mandatory is that people will actually do this rather than give up on the whole thing and keep their funds in an even worse-secured wallet (which they will if you burden them with all of these).- Get the address.org.html from github: https://raw.github.com/pointbiz/bitaddress.org/master/bitaddress.org.html
- Verify file checksum,
- Single address at a time per paper wallet and entropy set,
- All that is needed is an address + wif privkey (bitaddress.org gets this wrong with too much info), choose compressed addresses,
- Print and preserve the wallet like they were $10000 bills, but ones that can have backups.
I thought I'd point out that on your site in general, the cross site requests are blocked by requestpolicy, and one of your css filenames catches default adblock rules, making it look like this:
I don't really know what this means. I'm using wordpress.com's hosted platform (paid for most features with Bitcoin) and was hoping they would take care of such things for me... If you have an idea what can be configured to solve this I'll be happy to hear.My site with no off-site requests, I could host a blog page here for you, but would probably write my own uber-paranoid version of "paper wallet":
Not much point in having you host this, of course if you're up to writing a guide for a more secure paper wallet it would be great. 
- Mandatory: Live CD reboot your real hardware (no virtual machines)
- Get the address.org.html from github: https://raw.github.com/pointbiz/bitaddress.org/master/bitaddress.org.html
- Verify file checksum,
- Single address at a time per paper wallet and entropy set,
- All that is needed is an address + wif privkey (bitaddress.org gets this wrong with too much info), choose compressed addresses,
- Print and preserve the wallet like they were $10000 bills, but ones that can have backups.
I thought I'd point out that on your site in general, the cross site requests are blocked by requestpolicy, and one of your css filenames catches default adblock rules, making it look like this:
My site with no off-site requests, I could host a blog page here for you, but would probably write my own uber-paranoid version of "paper wallet":
- Get the address.org.html from github: https://raw.github.com/pointbiz/bitaddress.org/master/bitaddress.org.html
- Verify file checksum,
- Single address at a time per paper wallet and entropy set,
- All that is needed is an address + wif privkey (bitaddress.org gets this wrong with too much info), choose compressed addresses,
- Print and preserve the wallet like they were $10000 bills, but ones that can have backups.
I thought I'd point out that on your site in general, the cross site requests are blocked by requestpolicy, and one of your css filenames catches default adblock rules, making it look like this:
My site with no off-site requests, I could host a blog page here for you, but would probably write my own uber-paranoid version of "paper wallet":
Good job! Pretty photos of each stage wouldn't go amiss, people like those!
Secondly links to download ubuntu or whatever you're recommending to install on a USB to get this set up with so people can just click, click, click to get up and running.
Only took a quick scan but also make sure that people write down their private key at least twice, probably three times. letters like i and l look very similar.
Also make sure they print out on glossy paper or other high resolution paper and later laminate it since the private keys are very hard to read when on normal paper. One smudge and it's game over.
(Actually when I did it from Chrome on an MP160 printer half of the letters are cut off (like 'w' shows as a 'v')) This is fine if they copy/paste the keys somewhere they really really trust like a USB encrypted pen using TrueCrypt or the likes.
Finally a walk through with pictures of testing and eventually using the keys would probably help too... Would be great if it can be posted in reddits 'explain like I'm 5' section.
Secondly links to download ubuntu or whatever you're recommending to install on a USB to get this set up with so people can just click, click, click to get up and running.
Only took a quick scan but also make sure that people write down their private key at least twice, probably three times. letters like i and l look very similar.
Also make sure they print out on glossy paper or other high resolution paper and later laminate it since the private keys are very hard to read when on normal paper. One smudge and it's game over.
(Actually when I did it from Chrome on an MP160 printer half of the letters are cut off (like 'w' shows as a 'v')) This is fine if they copy/paste the keys somewhere they really really trust like a USB encrypted pen using TrueCrypt or the likes.
Finally a walk through with pictures of testing and eventually using the keys would probably help too... Would be great if it can be posted in reddits 'explain like I'm 5' section.
NoBrainr (a tiny offline Python script, see my signature) could be a low-tech alternative to bitaddress.org for users comfortable with command-line tools.
Step 9 is impractical.
If your box is owned already, what's to stop malware from stashing the keys somewhere, waiting for you to reconnect?
With that in mind, this is pretty good, and probably much better than most wallets.
I've been working on an offline wallet generator that I can include in p2pcoin (my bootable p2pool distro). You can burn it to a CD, boot it on a computer with no storage, generate the keys, burn them to CDs, and reboot with fewer opportunities for malware to snoop in on the process.
If your box is owned already, what's to stop malware from stashing the keys somewhere, waiting for you to reconnect?
With that in mind, this is pretty good, and probably much better than most wallets.
I've been working on an offline wallet generator that I can include in p2pcoin (my bootable p2pool distro). You can burn it to a CD, boot it on a computer with no storage, generate the keys, burn them to CDs, and reboot with fewer opportunities for malware to snoop in on the process.
so if you download bitaddress.org how do you know that the version you have saved is correct?
A signed list of hashes:"release notes" is signed by "ninja" using PGP, and contains a SHA-1 hash of each "release":
https://www.bitaddress.org/pgpsignedmsg.txt
However, the private key for ninja is also only found on the web page, I don't see an MIT link, etc:
https://www.bitaddress.org/ninja_bitaddress.org.txt
This means that all content on the website could be diligently replaced by a hacker with no means of detection.
When you download from github to your drive and then load the file in your browser:
https://raw.github.com/pointbiz/bitaddress.org/master/bitaddress.org.html
and then verify the signature and hash provided on bitaddress.org, at least then both sites have to agree on the same SHA1 hash.
https://www.bitaddress.org/pgpsignedmsg.txt
However, the private key for ninja is also only found on the web page, I don't see an MIT link, etc:
https://www.bitaddress.org/ninja_bitaddress.org.txt
This means that all content on the website could be diligently replaced by a hacker with no means of detection.
When you download from github to your drive and then load the file in your browser:
https://raw.github.com/pointbiz/bitaddress.org/master/bitaddress.org.html
and then verify the signature and hash provided on bitaddress.org, at least then both sites have to agree on the same SHA1 hash.
it would be nice to also explain some of the reasoning, why this step is necessary.
It's necessary to be disconnected from the internet, otherwise malware on the computer could send the keys to an attacker (even if the website itself is legitimate).I don't know if it's necessary to download a local copy. This depends on the entropy model.
so if you download bitaddress.org how do you know that the version you have saved is correct? is there a sha1sum posted somewhere?
Yes.so what exactly is the point in "going offline" - if bitaddress or any MITM wanted to scam you, they'll serve your a faulty RNG that has lower entropy, and you take it offline.
That's a possible attack vector, but being connected opens additional attack vectors.how do you know you have not been MITM'd? is the ssl cert fingerprint posted somewhere?
I don't know, but there are digitally signed SHA1 checksums which can be checked by those who know how (which is not my target audience. Or me, for that matter - I tried once and failed).how do you know the printer is not storing the documents in a cache? some printers come with a built-in HDD.
some laser printers will have a residue on it's drums. it should be enough to print a second unrelated barcode.
I've addressed this in the post. Any additional information will be appreciated. some laser printers will have a residue on it's drums. it should be enough to print a second unrelated barcode.
it would be nice to also explain some of the reasoning, why this step is necessary.
so if you download bitaddress.org how do you know that the version you have saved is correct? is there a sha1sum posted somewhere?
so what exactly is the point in "going offline" - if bitaddress or any MITM wanted to scam you, they'll serve your a faulty RNG that has lower entropy, and you take it offline.
how do you know you have not been MITM'd? is the ssl cert fingerprint posted somewhere?
how do you know the printer is not storing the documents in a cache? some printers come with a built-in HDD.
some laser printers will have a residue on it's drums. it should be enough to print a second unrelated barcode.
so if you download bitaddress.org how do you know that the version you have saved is correct? is there a sha1sum posted somewhere?
so what exactly is the point in "going offline" - if bitaddress or any MITM wanted to scam you, they'll serve your a faulty RNG that has lower entropy, and you take it offline.
how do you know you have not been MITM'd? is the ssl cert fingerprint posted somewhere?
how do you know the printer is not storing the documents in a cache? some printers come with a built-in HDD.
some laser printers will have a residue on it's drums. it should be enough to print a second unrelated barcode.
When people ask me how to store their bitcoins I always recommend a paper wallet, but lacked a good tutorial to refer them to - so I decided to write one, and put it on my blog: http://fieryspinningsword.com/2013/12/01/how-to-create-a-reasonably-secure-bitcoin-paper-wallet/
Since I am not a security expert, I was hoping someone could go over it and tell me about any faults, before I announce this post.
I also have a specific question about bitaddress.org's entropy model. When the website is loaded, it asks for some mouse movements to generate entropy. But if I save the file locally and run it, it doesn't repeat the process, it picks up where it left. Is it safe to save locally, disconnect from internet and the click "Generate"? Or does something extra need to be done? (Edit: Downloading the source from github should fix that).
Since I am not a security expert, I was hoping someone could go over it and tell me about any faults, before I announce this post.
I also have a specific question about bitaddress.org's entropy model. When the website is loaded, it asks for some mouse movements to generate entropy. But if I save the file locally and run it, it doesn't repeat the process, it picks up where it left. Is it safe to save locally, disconnect from internet and the click "Generate"? Or does something extra need to be done? (Edit: Downloading the source from github should fix that).
Jump to: