Topic: Generating a paper wallet securely - page 2. (Read 1070 times)

If you are using a hardware wallet, in and of itself the browser does not matter.
If you put https://wallet.trezor.io/ as one of your bookmarks then you do not have to worry about going to the wrong site.

Generating paper wallets is a different discussion, but you should not be using a PC that is online and then wiping the drive after so the browser is kind of not important.

-Dave

Does the browser make a big difference when it comes to using hardware? I’m not very tech savvy and I fear one day I will open the wrong Trezor site or something stupid like that. I’ve been reading more and more about google chromes security flaws and thinking maybe I should switch to FireFox for hardware transactions. Could this make much of a difference, or not really ?  (I don’t trust myself to make paper atm)

Why I keep old ancient laptops that people would otherwise throw away. They are still useful for some things. Also don't forget blanket over your head, but I don't do that myself.

Be your own bank? It looks like "Make your exchange your bank." After four years of "educating" the public about security and countless exchange hacks, the larger portion of the crypto space still keep their BTC in exchanges. Let's face reality here.

..generally requires someone who wants to learn. Bitcoin has a steep learning curve.. - Most don't want to learn.

I agree, hardware wallets are the obvious solutions for many who are inclined to understand the basics.

That's not how "Be your own bank" works... Asking someone else to "protect your BTC" pretty much goes against the entire ethos of Bitcoin.

It seems that you're basically suggesting "custodial" wallets as a solution for non-techies!!?!

In my mind, the solution is education, but that generally requires someone who wants to learn. Bitcoin has a steep learning curve... but there have been advances away from the complicated process of generating and using paper wallets securely or attempting to setup an air-gapped machine etc. For instance, a hardware wallet offers most of the benefits without the complicated procedures and are generally easy to use.

Likewise, there are desktop wallets available that offer the ease of use and nice GUIs of web wallets... but ensure you maintain control of your private keys/seed mnemonics and don't require full blockchain downloads.

In any case I wouldn't expect my grandma to do all this Bitcoin protection stuff. This discussion really highlights the need for professional services in protecting the BTC of the non-techie. I think solving this issue for the common man is a mini game-changer and pushes for greater adoption.

This is probably one of the best attitudes I have seen on this forum in a long time... To often, in too many parts of this forum, people dig their heels in and start arguing about fairly irrelevant stuff. I've even probably been guilty of this on some occasions!

It's a bit like ProgrammingLanguageA vs. ProgrammingLanguageB... there isn't a "one size fits all" approach to this stuff. For some people... blockchain.com or Exodus or Coinomi or Coinbase or Binance wallets make the best fit...

For others, nothing short of a paper wallet crafted using dice and a 486 laptop running a Linux live OS in a Faraday cage will suffice... and then everything else in between.

The first step, is to identify what your needs/goals and use cases are and then find the solution that best matches those, while making sure that you understand the risks of your chosen solution and how to mitigate them. Even hardware wallets and paper wallets can be "useless" if you do something dumb like putting your seed words or private keys in an email draft folder protected by SIM based 2FA

I think people should spend more time "playing" on TestNet... get a feel for how things work, experiment and learn... play with paper wallets... try manually creating transactions and learn how it all works. Personally, I think it's fun and you're not going to lose anything of value except a little bit of your time.

I aim to please :-)

I actually don't like most hardware wallets, but since I am a tech nerd I do know how to keep my systems & funds fairly secure.
I like the cold card and do use one, but mostly to stay on top of their features so I can show others who are not tech savvy.

Same with paper wallets. I do have a few I have on archival paper, in a fire proof safe.
They were generated on a laptop that I installed a new drive in before installing a clean OS, and had a copy of the wallet generator on a CD that I copied it from.
Plugged into an old HP 6 printer that had the stock drivers included in the OS.
When I was done generating the wallets I ran DBAN on the drive.

Full disclosure:
It's just a question of risk. I have funds in 3 separate hot wallets that I use for spending, but they are also unrelated to each other.

I have a full node on a PC at my house the hardware is on is worth more then the amount in the wallet
I have Electrum on my laptop with 2 wallets 1 wallet connected to the coldcard 1 just local
And I know that it's bad but I have Coinomi on my phone. I have a ton of alts on there and it's just about the only thing that does it in one place.

So, as I said above I know what *I* am getting myself into and the risks of each. We should be helping others learn that too.

-Dave

Unsure as to the usefulness of this feature... so I'm not sure I'd classify it as "neat"... it is definitely unique tho, I'll give them that! It's also nice to see innovation in a somewhat "same same" space.


Most things posted here regarding hardware wallets or paper wallets will generate a "discussion". There are some very "polarised" views on both... and your post is about BOTH 

At a guess the paper wallets are not secure is their get out of jail free card.
You have a coldcard, you generate a paper wallet that somehow gets compromised (the how really does not matter), they can say so sorry but you were warned.

As for is it better to use their method to do it or the way that CounterEntropy posted or some other way is probably about the same.

Is it easier? That is kind of an interesting question. If you are already using the coldcard to generate transactions offline and moving the SD card from it to your PC, then you probably are somewhat tech savvy. So doing it this way or that way may or may not matter.

It's kind of a loop. If you don't know what you are doing, paper wallets are not good because you stand a larger chance of messing up and generating it online or with some other security issue. If you do know what you are doing then you don't need the coldcard.

I just thought it was a neat feature and figured I would post about it here. Did not think it would generate the discussion it did.

-Dave

You can't really separate implementing "best security practices" on your local machine and having paper wallets. The paper wallets themselves could be highly secure but when your PC is infected with all kinds of malware listening in, the whole effort is wasted. Because one of these days, you will broadcast a signed transaction using whatever device you have.

Social engineering still works. User error. Human error. The 8th layer as some would joke. Problem occurs between chair and keyboard. One delta ten tango.

This is mitigated simply by checking the address on the screen with the address on the wallet screen. It requires zero technical knowledge.

As above. No knowledge of PGP, signatures, or the methods behind them is required. Just looking and comparing is enough.

Agreed, and it is impossible to completely protect against user error, but my point is it is far easier to slip up when creating a paper wallet than it is to slip up when using a hardware wallet.

there is also a fair amount of technical knowledge required to use a hardware wallet correctly. for example the user could simply have one of the most common malwares called "clipboard hijacker" that simply changes the address he copies, in which case it doesn't matter if he uses hardware wallet, he still is going to lose money.
or he could be using a malicious software to communicate with the hardware wallet, like a malicious electrum that shows one thing in GUI but signs something else and sends bitcoins to the attackers wallet as soon as user confirms it. to mitigate that he has to know PGP and verify signature,...

"technical knowledge" is always needed and there is always a lot of ways that naive users could lose funds no matter what type of wallet they use. these were just some examples off the top of my head.

The "small amounts" thing is stupid, but they are right that paper wallets carry risks, because all wallets carry risks. Some, such as web wallets, carry far more risks and risks which are impossible to mitigate against (the company in question being hacked, scamming, locking your accounts, etc.) Paper wallets carry some risks, but the risks require a fair amount of technical knowledge to mitigate against, as opposed to hardware wallets, which require very little knowledge to mitigate against (keep your PIN/Passphrase/Seed secret, keep your hardware wallet physically secure, etc.)

I don't think anyone would argue that a correctly created paper wallet is insecure. The problem is that an awful lot of people create them incorrectly, and the steps needed to create them securely (clean OS, dumb printer and clearing printer memory, permanently airgapped machine, etc.) require a degree of technical knowledge which isn't required to be able to safely use a hardware wallet, for example.

it is probably because they are SELLING an alternative to paper wallets and if they tell people that you can store your bitcoins in a paper wallet in a way that could be just as safe as their product, nobody would buy it anymore!

the fact is, if you create the paper wallet correctly (offline and encrypted) then it is a lot more secure than a hardware wallet since the hardware wallet can still contain bugs that could be exploited whereas to break the encryption of your paper wallet they have to break something like AES256

Below is a step by step way to securely generate your paper wallet...

1. Download BitAddress.org JS code from https://github.com/pointbiz/bitaddress.org.

2. Run it in an offline computer and generate Address + Private Key.

3. Copy the Address in a text file and write down the Private Key by hand in your notebook.

4. Write the Private Key from your notebook to the text file by typing and run it through BitAddress.org JS code to see whether it generates back the same Address in the text file.

5. Now remove all traces of the Private Key, save the text file with Address and wipe out the temporary cache from your browser.

6. Download Coinb.in JS code from https://github.com/OutCast3k/coinbin/ and use it to sweep fund received at the generated Address.

Why do they say that? Paper wallets are almost always offline cold storage. The risk is you can lose it. There is no risk of it getting stolen or hacked unless the actual paper wallet is stolen from you. Or there are risks which you can mitigate.

So this just came out from the ColdCard hardware wallet people More info on the device: https://coldcardwallet.com/

Their latest update allows you to generate paper wallets from their hardware device that are unrelated to your seed words

The entire blurb says:

More info on the update:

https://coldcardwallet.com/docs/upgrade

-Dave

Short Version: #windows

Long Version: Most likely, during the network setup/config, you've selected an "innocent looking" option that has had unintended consequences... Things like marking a specific network as "Private" or "Public" can do all sorts of stupid things that you neither wanted nor are informed about

This seems to be the modus operandi of Windows in general... click "allow" on something and have it do that... and other things that you probably weren't notified about

Most likely, it is simply coincidence that your "BitAddress" folder has ended up "shared" and is not the result of anything overtly nefarious.