Topic: Idea for Highly Secure Paper Wallet - Using Split Keys - page 2. (Read 4942 times)

Agree 100%. They should be as randomly unrelated as feasible. Different OS even is good. They should not be ones on the same network or one that you sync from another, eg. your phone and your desktop.

I appreciate the effort to establish a protocol for creating a secure paper wallet which even works if the used systems are compromised. Know that the user needs to use two uncorrelated systems though, because if both systems are compromised, chances are they are compromised by the same entity. I propose using a home computer and then maybe go to an apple retail store or best buys and create another component there...

The point is you can print a secure paper wallet without being sure if you have a secure system. The security of the wallet will not depend on the security of the system using this method. That is the point.

Most people cannot be sure they have a secure system. And it takes a fair amount of effort to try a best effort at making sure a system is secure. So a method that doesn't require a secure system can be used by anyone. And that makes it highly attractive especially to newbie users.

Right now this is a bit fudgy as you need to know what to do. But a web page designed for this purpose could be dead simple for even newbie users with 1.2.3. steps

Step 1 - print these two QR codes #1 and #2 (and text).
Step 2 - go to another system in another location and photo/scan QR code #2.
Step 3 - print this new QR code #3(and text)

Save QR code #1 and #3. They are each half of your key.
When you scan them back in they get combined and can used.

---
How to Generate Keys and Stop Worrying...

You could do the same thing with two USB sticks as well and skip paper. The first one you save your private keys on. The second one you save your public keys on. You go to the secondary system and insert the public key one. You generate partial keys and addresses from the public keys and save them to that usb stick. Now each stick has half-keys and the keys in each stick have only ever been in one system, and hence could never have possibly been together on a compromised system.

True - the technical stuff would need to be hidden "under the hood" with your idea but what they are doing is creating "two signature" keys (which I believe is the main thing necessary for security).

Had a look but didn't immediately see what they were doing. They indicate you need to push tx the final transaction so I guess it isn't for someone who doesn't know how to do that anyway.

So you'd like to have a secure paper wallet for dummies? But you want to avoid the trouble of making sure you have access to an uncompromised system? Why doesn't that make sense to me?

This is idiotic. Why cut it up on paper if you already had the key on your compromised system. It would already have been captured and sent to someone. At that point you don't even need to bother printing it.

I guess people just aren't getting the whole point of what I wrote.  

simply store the key without a note what it is.

Wow. I can't believe you just said that. Unless you were kidding.

Can we please talk about the viability of this method rather than whatever your pet method is? There are already a hundred threads discussing the many other ways to do it.

And many users will agree that none of them are very easy for a new user, and often not even for experienced users. I'm talking about a method than can be used anywhere, even on a compromised system, and still result in a highly secure paper wallet.

I don't need you to tell me about other ways as I have already been thru many and read about dozens of others but no one so far that I have read has shown a simple as pie way to do it on a compromised system.

best bet is to not use third party services that offer you private keys..

although i have not heard anything bad about bitaddress.org or the other suggestions above. safest bet is to clean wipe /recover your computer to factory settings. use ur own client EG bitcoin D to give u a fresh address and privkey.. then write it down on a piece of paper laminate it and put it in a safety deposit box.

making websites that ask you to type in their priv keys, will make a few people think.. hmmm why would they ask.

if anyone truly wanted to split their priv key up.. think of the easy way...

1 x paper 1 x scissors = 2x paper

store each piece in separate places

Well actually it's easy. Use a Linux live CD and install a trusted copy of Armory. If you want to connect to the internet, make sure you're fire walled and do not allow remote access.

I think this is a pretty good idea - you might also want to take a look at: https://ubtcbank.com/

(it is using the same sort of approach technically)

When reading the forum today about this reported 8000 btc theft I had this idea that is a bit of a twist on usual usage patterns.

I believe a paper wallet is the closest thing to highly secure cold storage. But the problem is that you need to print the keys on a guaranteed secure computer. That's hard to be sure about.

So how about using the third-party key addition technique to print two partial keys on paper in two different places?

So you generate some keys on bitaddress.org and print them out. But you don't use these keys for your wallet. You take them to another system, somewhere else totally independent of the first one and you scan in the public key.

With the publickey you can use vanitygen (with the -P option) to generate addresses and partial keys, and print them out on that system.

Now you have addresses and two separately produced pieces of paper that only can be used for spends when both keys are scanned in and combined.

Either system could be compromised in any way and as long as the same person/group didn't compromise both then they would never be able to use the partial keys alone.

If this sounds like a good idea I may make up a simple web page that any joe-average can use in two easy steps to create split key paper wallets.