Topic: Finally, a Paper Bitcoin Wallet - page 2. (Read 8564 times)

Of course.  YOu are 100% right.  But what is different here is my ass is on the line.  Thief should plan on his ass being kicked if he is giving out his real name and address like I am.  MtGox and MyBitcoin could stiff you any second, and your bitcoins could disappear if they get hacked  (as has already happened to some).  I also have enough personal assets that one could sue me for losses and actually recover them.  If you suffer a substantial loss at the hands of MtGox or MB, you're lucky to get the time of day.


Just curious, would you also say the same for MyBitcoin.com?


The closest practical thing I can think of would be something in Javascript that generates the private keys client-side, so the server side never sees them.  That would be trivial to do.  But that doesn't really solve the problem - one must then trust that the website is being honest about the behavior of the script and that one's own machine isn't compromised by malware.  The typical person interested in a paper bitcoin wallet lacks the expertise to independently determine what such a website really does.

Why not?

the problem is that it's an unprovable assertion. nobody can tell whether you've kept the private keys. all a thief would have to do in your place is keep all the data, inspect the block chain periodically for a very large balance, and strike once many years from now in an entirely untraceable way.

i actually trust you, and i doubt i could name five other members of this forum i would say that about. but sadly i would not be able to recommend a service like this.

it wouldn't be much harder to set up a website that uses the right sort of handshake to prevent you from ever knowing the private keys, and then outputs a pdf that the customer can print. why would anyone prefer the physical post here, unless they don't know how to print a document? (the post adds an additional problem, which is that the document might be inspected by a post officer or any other 'man in the middle'.)

5 BTC bounty to the maker of a convincing spoof.

I actually smudge ink on the paper to do this.  It's not as though I'm printing "fingerprint.jpg" on the document.  The print is real.


I could, but that raises the bar well above the target audience.  Lots of people without technical interest want bitcoins.  Running scripts sounds easy for me, but many people interested in Bitcoins can't be bothered to have to deal with installing the client, and are scared to swim in deep waters after hearing that hackers and viruses are after their wallet.dat's.  But most people can manage "buy now with paypal", as well as deal with a credible and provable assertion that the one guy who made their hacker proof wallet isn't going to stiff them.

but now, anyone else can include your fingerprint on their own sheets.

since trust isn't needed for a product in this niche, it's unfortunate to require it. for example, you might just package and sell an open-source version of grondilu's script (or write your own simple front-end to openssl) connected to some small additional code that generates a pdf from the output. on a system with the right tools, it's a ten-line shell script. of course, your customers might copy it to their friends without a license from you, but that risk seems easier to price than the risk that you'd retain clients' keys forever and, some time far from now, simply steal bitcoins untraceably.

alternatively, given the nature of ecdsa keys, you could let customers construct something printable on a website while provably not having access to their private keys. see gavin's 'split private keys' discussion in the development forum, from which you can extrapolate what you need. (being out of practice with the mathematical rather than the systems-related features of cryptosystems, i did not initially realise myself how easy it was to do this, but it's quite straightforward.)

I can't even begin to understand how you could think that this would be a viable business.

I have added a means to verify that my sheets are genuine, I'm stamping them with my own fingerprint.  See http://casascius.com for a reference fingerprint.

By doing so, at least I have raised the bar upon any asshole scammer.  I at least have a real life identity to put on the line!... something scammers are rarely willing to offer.

... and if it printed QR codes as well, with the ability to load them into a wallet in an automated fashion.

Trusting someone else to print you out wallet private keys is just insane - even if the OP of this thread is trustworthy, it sets a dangerous precedent allowing any asshole scammer to come along and repeat the trick.

I haven't seen a mention of that, but you only add another party to trust to the mix with it. Grandma is better off going to a (Bitcoin) bank and having nothing to do with any of the underlying technology whatsoever. If she needs to pay for something in Bitcoin, banks offer APIs to merchants for integration of the bank's own payment environment with which customers are already familiar (customer only selects bank she uses on the merchant's site). This system has been in use for half a decade, that I know of.


Good, I didn't know that. I presume that means the regular client rejects randomly typed (but well formed) addresses.


Ok, so the customer does the validation by visual comparison of the resulting address and the client rejects the private key with a confidence of 4 billion to 1. That's sufficient. My gripe for this point shrinks to it being too much hassle, still a major point for grandma I think (those with elderly family determined to learn the difference between left and right mouse button know what I'm talking about ).


The likelihood of actually having a compromised system (50%) compared to the possibility of having a compromised system ('100%') is also lower, but it doesn't mean it doesn't exist. Why 100%? The private key relies on security by obscurity, which can by definition never be fully guaranteed. If you're unlucky, some corrupt postal worker might happen upon one of your letters and scan all of your outgoing mail afterwards. This risk is not mitigated by a simple security envelope. Adding any links to the chain means lowering the chain's security.

It will be easier for grandma if the key import/export feature would finally be pushed to the main client
Then everybody can do this in a second.

Fire !!!!!!

It seems to me that the average person is not going to use Bitcoins until some large publicly-trusted entity, like Amazon or Apple, starts offering accounts.  We all have to realize how different our perspective, experience, and skills are from the average person, who can barely do email, Skype, and online shopping.  And encryption?  Fuggedaboutit.

No, as previously noted, I expect one of the major exchanges to offer a place to type these in, so Grandma doesn't have to.  Inevitably the bitcoin client will offer the same thing.  Same thing is needed for BitBills.


There is validation built in.  Just like Bitcoin addresses, 32 of the bits are a SHA256-based check code.  The odds of the client accepting a typo are 4-billion-to-one, and that's assuming the address is still well-formed after the typo.

The client doesn't have to validate the public key against the private one.  Only the private key actually needs to be entered, the bitcoin client automatically calculates the public address from the private key.


If you think that the likelihood of a letter carrier knowing your envelope contained Bitcoin keys, reading your keys through a security envelope, importing them into his bitcoin wallet, and spending them, is greater than the likelihood of you encountering malware on your system anytime soon that emails your wallet.dat, keylogs any encryption passwords you use, and provides remote control of your computer to a hacker, then you have a well-founded concern.

He said he's keeping the "remaining sheets" in his safe - i.e. the ones that haven't been sold yet.

Silly idea You expect grandmas not just to type in 160 bit random case hashes but also private keys (and patch a client). Does the client even validate these against eachother? And what if grandma makes a typo just using an address (before any validation)? Poof, balance gone.

You also replaced a) security of one system by a) security of another, b) the postal network the sheets are sent over and c) trust in a third party. Doesn't sound like an improvement to me.

interesting idea
just want to point out, there is a discrepancy in OP, at one time you said you'll destroy all tracks of private keys on the other hand you said you're keeping copy of private keys in a safe.    

I take it you don't use any trading websites, and are part of the unbanked population.  And you probably have no interest in BitBills for the same reason.  Sure, if you know nothing about me and have no reason to trust me, that's a fair assessment, but others do know enough about me and consider knowing my real identity a positive factor in favor of trusting me, and...


...please avoid calling me a thief based on this sloppy non-sequitur.  What does one-time-use have to do with your assumption that this is an attempt to steal?  How many people in this community have I done business with, and how many have I stolen from?


Ahh, the notion that I'm stealing something.  What, exactly?  By the way, Bitbills are a great product, if you are willing to wait 3 months to order some.  And Bitbills are a legit product too - I have bought some, and redeemed most of them, and can attest that every Bitbill I redeemed contains exactly the balance it said it did.  I trust Bitbills enough that I am holding a significant balance on one and not my computer (1QEk8SCapWttMxSjes5gWm3MtL3MSZcSAN).  Now how exactly am I stealing from Bitbills?  Doug (@bitbills)?  Am I stealing from you?

The only other noteworthy difference is that your cost per address is lower with my offering than on a Bitbill, which probably is related to the fact that Bitbills - given that they're meant to be durable and protect the private key from snooping - take much more to produce.

Or the modified bitcoin client.
Just seems like a half baked idea stolen from bitbills.

We're to trust you not to keep them? Nope, not going to happen. No one in their right mind would trust an unknown 3rd party with full access. No offense, but this seems like a clear money-grab since the keys are a one-time use. Furthermore, this concept is not simple-for-grandma. A grandma isn't going to know what a private key is, how to use BlockExplorer, or know how to spend the money.

This is interesting, but still too complicated and messy for the average Joe.