Pages:
Author

Topic: How would you say is the most secure way to create and maintain a paper wallet? - page 3. (Read 840 times)

legendary
Activity: 3472
Merit: 10611
Any recommendations if I want to go the mnemonics route?
i'd go with Electrum but keep in mind that Electrum mnemonics are only usable in Electrum itself and one or two other wallets. it is not a big deal since the algorithm is known and pretty easy to duplicate but you should know that it is different from BIP39 (the mnemonic BIP).

6. run the result (the "tool") of step 4 in that live OS, create a new wallet export the key/mnemonic
I'm afraid I'll need a little bit more detail on this part. I'm not sure what "run the result" means. As well as "create a new wallet export the key/mnemonic"
there was a mistake in the step number (it should be 3). it means that for example if you chose Electrum, you unzip the tarball in the Linux you are running and run Electrum to create a new wallet.

Quote
I'm guessung this tool encrypts the key? Is the result of step 6 the key?
it is your choice.
for example again using Electrum you can use the mnemonic that it created for you and encrypt that, or you can simply select one of the addresses and export its private key to create a paper wallet from that single key. then encrypt that.

Quote
So it's not the key?
Create a backup...of the paper? Like make a xerox copy?
Write down the password... So is it not encrypted? What did we encrypt then?
you can print it 5 times so you have 5 copies of the encrypted result. let me give you an example:
lets say you created this menmonic
Code:
slice citizen truth work orange delay cactus curve talk include grocery group
use a strong password
Code:
%Vn4mDb2g0@Abv,3*q
encrypt using AES-256-CBC
Code:
7844bc02c50ec1b141181602e02ab2cb447924f227594ec29a650124ef83dfa860212c35cd19b6fddb13a808856b21bc8323b15eee0e36f5b08ad82e14453c91852601e27df72de82ef0a09399ef03b8

you don't need the mnemonic (slice citizen truth ...) anymore, you can throw it away. you have to print the encrypted result (7844bc....) which would be your paper wallet and you can create copies of this.
but also you have to write down the password you used because it is not possible to remember a strong password such as (%Vn4mDb2g0@Abv,3*q). but this has to be on a separate paper and kept separately otherwise the encryption would be pointless.

when you want to recover, you use the same encryption tool and enter the encrypted result (7844bc....) and your password (%Vn4mDb2g0@Abv,3*q) and it should give you the mnemonic (slice citizen truth...) which you can use in the same wallet software.

Quote
So persistence...necessary or not?
persistence will remember the changes you made. for example if you install and create the wallet it will remember the wallet and next time you boot the OS it will have it. you don't want this if you are creating a paper wallet.
that is why i suggested using a DVD since you can't add persistence to a DVD.

Quote
How is that done exactly?
take a look here: https://electrum.readthedocs.io/en/latest/coldstorage.html
member
Activity: 240
Merit: 54
Thank you Pooya. This is fantastic!

Could you clarify a few things if you don't mind?

1. choose a tool that can be trusted to create the key safely. any popular wallet that has an export option is excellent for this. this choice depends on step 0 since not all tools can create mnemonics, for example bitcoin core (only private keys) or Electrum (both private keys and mnemonic).
Any recommendations if I want to go the mnemonics route? And what exactly is an "export option"?

2. choose an encryption tool and learn how to use it correctly. this must be an open source tool that is capable of strong encryption using AES. if your step 0 choice is to use a single private key you can choose a tool that supports BIP38 encryption and skip this step.
And if I'm doing mnemonics....Recommendations? Also, what is an encryption tool?

3. build your step 1 choice from source or download the binaries and verify its signature.
OK, I'm going to need this in layman's terms..."build"? How? Download the binaries? I'm guessing this is not a download an app and install type of deal.

4. download a Linux distribution and verify its signature.
I do have a Xubuntu Live USB. How do I verify it's signature?

5. burn the Linux OS on a DVD, disconnect your network and boot up that DVD.
I'm guessing a USB would suffice, correct? Also, do I need persistance or not?

6. run the result (the "tool") of step 4 in that live OS, create a new wallet export the key/mnemonic
I'm afraid I'll need a little bit more detail on this part. I'm not sure what "run the result" means. As well as "create a new wallet export the key/mnemonic"

7. encrypt the result of step 6 with the tool chosen in step 2
I'm guessung this tool encrypts the key? Is the result of step 6 the key?

8. print the encrypted result. create backups and write down the password separately in another secure place.
So it's not the key?

Create a backup...of the paper? Like make a xerox copy?

Write down the password... So is it not encrypted? What did we encrypt then?

10. (important step) reboot the same DVD and try to recover the key you just created using your password and see if you can get the same address (this makes sure you have written things down correctly).
So persistence...necessary or not?

if step 0 choice was a mnemonic you can send some coins to the first address and spend it using an offline/online combination of master private key (on offline backup) and master public key (on the online machine) to also test spending.
How is that done exactly?

Again, thank you for the help!
legendary
Activity: 1624
Merit: 2481
Thanks! Beautiful explanation. So Linux live USB then? With persistence or without? Also how does that compare to tails in security?

Yes, a live linux distro is the way to go.

Persistence is just for storing data between different boots.
For creating a paper wallet, you don't actually need that if you are using the command line option.
When using the software wallet (a.k.a probably electrum) option, you might need it to store the electrum AppImage there prior booting the distro in offline mode.

And Tails basically just is a linux distro which is preconfigured for easier "privacy" mode, i.e. it is easier to boot it completely offline / with tor.
You can use tails, if you want to. Just as good as debian, manjaro, whatever. As long as it is a trusted distro and you verify the signature of the .iso prior installing it, you are fine.
member
Activity: 240
Merit: 54
1) How else does (should) one generate a paper wallet then?

Just like pooya87 said. Use a good wallet on a live linux distro (everything offline + signatures verified). That's the easiest way.
Another option would be to use command line tools from linux which are built in. This won't give you a mnemonic code, but you'll be able to generate a private-/public keypair and address with nothing but core functionality from your operating system.



2) Didn't get you about the not forced to use the paper as a medium to storage. Could you eleborate please?

Well, you don't need to print it on a piece of paper (which can be vulnerable to water, fire, etc..).
You could for example engrave the private key into metal.



3) Dedicated offline storage? Like a mobile that's never online? Or do you mean HW like Ledger?

A mobile which never goes online and doesn't have any other network connection (preferably with the components being removed) would be an option, yes.
That's basically dedicated cold storage. Most people use an old PC or laptop. But a mobile is fine too.


Could you rank storage methods from most secure to least?

This always depends on the user and environment.

Generally:
Dedicated Cold Storage > Paper Wallet > HW Wallet > Desktop-/Mobile Wallet > Browser-based Wallet > Web Wallet > Custodial Wallet


But you also have to know the pitfalls of each scheme. For example:
  • If you for example use a website to create your paper wallet on an online device, it suddenly is roughly as secure as a web wallet.
  • And if you create it perfectly, but at some point you need to spend from your paper wallet and use a software wallet being online, this whole setup suddenly is no longer more secure than a standard desktop wallet.


In the end, no storage method is perfect. There is no "most secure" option. It always depends on your adversary- / threat model.

Thanks! Beautiful explanation. So Linux live USB then? With persistence or without? Also how does that compare to tails in security?
legendary
Activity: 1624
Merit: 2481
1) How else does (should) one generate a paper wallet then?

Just like pooya87 said. Use a good wallet on a live linux distro (everything offline + signatures verified). That's the easiest way.
Another option would be to use command line tools from linux which are built in. This won't give you a mnemonic code, but you'll be able to generate a private-/public keypair and address with nothing but core functionality from your operating system.



2) Didn't get you about the not forced to use the paper as a medium to storage. Could you eleborate please?

Well, you don't need to print it on a piece of paper (which can be vulnerable to water, fire, etc..).
You could for example engrave the private key into metal.



3) Dedicated offline storage? Like a mobile that's never online? Or do you mean HW like Ledger?

A mobile which never goes online and doesn't have any other network connection (preferably with the components being removed) would be an option, yes.
That's basically dedicated cold storage. Most people use an old PC or laptop. But a mobile is fine too.


Could you rank storage methods from most secure to least?

This always depends on the user and environment.

Generally:
Dedicated Cold Storage > Paper Wallet > HW Wallet > Desktop-/Mobile Wallet > Browser-based Wallet > Web Wallet > Custodial Wallet


But you also have to know the pitfalls of each scheme. For example:
  • If you for example use a website to create your paper wallet on an online device, it suddenly is roughly as secure as a web wallet.
  • And if you create it perfectly, but at some point you need to spend from your paper wallet and use a software wallet being online, this whole setup suddenly is no longer more secure than a standard desktop wallet.


In the end, no storage method is perfect. There is no "most secure" option. It always depends on your adversary- / threat model.
member
Activity: 240
Merit: 54
~snip~

So what do you suggest as a 2nd best alternative to HW?

Don't listen to him.
You should never use any website to generate a paper wallet.
And neither are you forced to only use paper as the medium of storage.

To answer your question, it depends.
Generally, a dedicated offline device is the best way to store private keys in a cold wallet.

If you don't transact very often and don't want to buy a HW wallet, a paper wallet would be one of the most secure ways.




1) How else does (should) one generate a paper wallet then?

2) Didn't get you about the not forced to use the paper as a medium to storage. Could you eleborate please?

3) Dedicated offline storage? Like a mobile that's never online? Or do you mean HW like Ledger?

Could you rank storage methods from most secure to least?
legendary
Activity: 1624
Merit: 2481
~snip~

So what do you suggest as a 2nd best alternative to HW?

Don't listen to him.
You should never use any website to generate a paper wallet. And neither are you forced to only use paper as the medium of storage.

To answer your question, it depends.
Generally, a dedicated offline device is the best way to store private keys in a cold wallet.

If you don't transact very often and don't want to buy a HW wallet, a paper wallet would be one of the most secure ways.


member
Activity: 240
Merit: 54
You should not be using paper wallets anymore, there is too much risk that the paper the private keys are written on will get damaged or lost. Also when using paper wallets your security is at the mercy of the site or app you use to get the private keys. Some of these sites aren’t using enough randomness and could leak the keys.

You should be using a hardware wallet to store large sums of bitcoin. These don’t let people extract private keys, they can’t be used by thieves without knowing the PIN you set on them, and some hardware wallets self-destruct if you enter the PIN code incorrectly too many times.

So what do you suggest as a 2nd best alternative to HW?
sr. member
Activity: 770
Merit: 284
★Bitvest.io★ Play Plinko or Invest!
When I created a paper wallet with (BIP38) on a live linux distro I always print the wallets and also safe the wallets to a PDF file.

I store this PDF on an USB drive and safe this in an external place. So if the paper wallet got broken/lost I always have a copy of it.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
When you look at what is the only safe procedure, then this way of storing keys definitely is not for beginners. Of course, we should not forget that in addition to all the steps necessary to create a paper wallet, you need to know how to properly spend those same funds when the time comes. In case someone tries to spend part of the funds directly from such a wallet, without first paying attention to the change address, will be unpleasantly surprised.

WARNING: How I lost Bitcoins using a paper wallet
legendary
Activity: 1624
Merit: 2481
pooya87 already pretty much gave you a good list.
 
A little addition to step 8 (printing the paper wallet) would be, that you shouldn't use a modern printer which either 1) stores printed files in a cache or 2) is network-/internet connected.

Such printers pose a real risk. I remember reading a paper stating that roughly 50% (don't quote me on that number) of such printers can be manipulated by simply just visiting a malicious website (obviously javascript enabled, just like a regular user would browse).
You really want to use an old offline printer if you are going to print it out.

legendary
Activity: 3472
Merit: 10611
Some thought or alternative,
1,2. You can use tools which support BIP 38
4. Choosing live distro which offer offline mode or better security (such as Tails) might be useful
8. This part is vague, do you mean print from running OS on DVD? How about driver support?
1,2. it will only work if you choose single private key instead of mnemonic since BIP38 is defined for private keys only and we have no BIP for mnemonic encryption. a simple AES-256 encrytion of the string would work on anything though.
nonetheless i've updated my answer, thanks.
4. good idea.
8. it won't matter as much if it is encrypted using a strong password. worst case scenario you can print it on your online machine and then try wiping the memory. although i believe Linux distros such as Ubuntu already support a lot of printers without needing any driver installation but i may be wrong.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
I wouldn't recommend paper wallet unless you're expert and being very careful on every single steps you do to create and maintain paper wallet.

0. decide whether you want to use private key or mnemonic in your paper wallet. (the later is better since it can create as many keys as you want)
1. choose a tool that can be trusted to create the key safely. any popular wallet that has an export option is excellent for this. this choice depends on step 0 since not all tools can create mnemonics, for example bitcoin core (only private keys) or Electrum (both private keys and mnemonic).
2. choose an encryption tool and learn how to use it correctly. this must be an open source tool that is capable of strong encryption using AES
3. build your step 1 choice from source or download the binaries and verify its signature.
4. download a Linux distribution and verify its signature.
5. burn the Linux OS on a DVD, disconnect your network and boot up that DVD.
6. run the result (the "tool") of step 4 in that live OS, create a new wallet export the key/mnemonic
7. encrypt the result of step 6 with the tool chosen in step 2
8. print the encrypted result. create backups and write down the password separately in another secure place.
9. laminate the paper or use a metal plate and engrave your encrypted result on it and store it in a safe place that is not exposed to things that can damage it.
10. (important step) reboot the same DVD and try to recover the key you just created using your password and see if you can get the same address (this makes sure you have written things down correctly). if step 0 choice was a mnemonic you can send some coins to the first address and spend it using an offline/online combination of master private key (on offline backup) and master public key (on the online machine) to also test spending.

don't be afraid to create more than one paper wallet this way for testing and send money to and from that wallet before you create one final one that you end up using.

Some thought or alternative,
1,2. You can use tools which support BIP 38
4. Choosing live distro which offer offline mode or better security (such as Tails) might be useful
8. This part is vague, do you mean print from running OS on DVD? How about driver support?
legendary
Activity: 3472
Merit: 10611
0. decide whether you want to use private key or mnemonic in your paper wallet. (the later is better since it can create as many keys as you want)
1. choose a tool that can be trusted to create the key safely. any popular wallet that has an export option is excellent for this. this choice depends on step 0 since not all tools can create mnemonics, for example bitcoin core (only private keys) or Electrum (both private keys and mnemonic).
2. choose an encryption tool and learn how to use it correctly. this must be an open source tool that is capable of strong encryption using AES. if your step 0 choice is to use a single private key you can choose a tool that supports BIP38 encryption and skip this step.
3. build your step 1 choice from source or download the binaries and verify its signature.
4. download a Linux distribution and verify its signature.
5. burn the Linux OS on a DVD, disconnect your network and boot up that DVD.
6. run the result (the "tool") of step 3 in that live OS, create a new wallet export the key/mnemonic
7. encrypt the result of step 6 with the tool chosen in step 2
8. print the encrypted result. create backups and write down the password separately in another secure place.
9. laminate the paper or use a metal plate and engrave your encrypted result on it and store it in a safe place that is not exposed to things that can damage it.
10. (important step) reboot the same DVD and try to recover the key you just created using your password and see if you can get the same address (this makes sure you have written things down correctly). if step 0 choice was a mnemonic you can send some coins to the first address and spend it using an offline/online combination of master private key (on offline backup) and master public key (on the online machine) to also test spending.

don't be afraid to create more than one paper wallet this way for testing and send money to and from that wallet before you create one final one that you end up using.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
You should not be using paper wallets anymore, there is too much risk that the paper the private keys are written on will get damaged or lost. Also when using paper wallets your security is at the mercy of the site or app you use to get the private keys. Some of these sites aren’t using enough randomness and could leak the keys.

You should be using a hardware wallet to store large sums of bitcoin. These don’t let people extract private keys, they can’t be used by thieves without knowing the PIN you set on them, and some hardware wallets self-destruct if you enter the PIN code incorrectly too many times.
member
Activity: 240
Merit: 54
Care to share your knowledge?
Pages:
Jump to: