Author

Topic: Is a BIP38 secured paper wallet safe? (Read 818 times)

legendary
Activity: 1638
Merit: 1046
October 25, 2015, 04:55:27 AM
#19
For me vault of coinbase is the very secure and has 2 factor authentication sms then needs 2 email before he or she withdraw in the vault and the processing of withdraw 2 days before sending or withdraw process will be complete... so you 2 days to complete the process you can cancel the process before 2 days ends.....
legendary
Activity: 3374
Merit: 3095
Playbet.io - Crypto Casino and Sportsbook
October 25, 2015, 04:47:03 AM
#18
There are actually tools out there that will allow you to come up with a stronge nough password where you don't need to be paranoid about someone ever bruteforcing this:

http://www.passwordmeter.com/

Use this. A 10 character password with some special characters, up and lower case and you are set. No one would crack a SHA256 pass like that.
Do you think no one can crack SHA256 encryption and decryption? here in my country nothing is not imposible because some programer in my country has a professional skill for hacking sha256 they use it for hacking internet..... so do you think this is safe?
legendary
Activity: 1246
Merit: 1011
October 25, 2015, 04:44:56 AM
#17
i selected around 20 words from 3 languages with upper/lower case and some numbers that i can't remember ...

Wow, that sounds like a lot!  How did you generate the 20 words?

I struggle to remember extras like capitals, digits, and symbols.  For security reasons, I avoid them whenever I can.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
sr. member
Activity: 266
Merit: 250
Grow SMALL amount of BTC by earning it
October 25, 2015, 04:03:31 AM
#15
I am just a bit paranoid about everything, when it comes to storing large amounts of money... So I salvaged a old computer from old parts and I downloaded the whole bitaddress.org

site to that computer and disconnected it permanently. I then created loads of encrypted and BIP38 secured paper wallets and physically destroyed the computer with a hammer.

It was worth like $10 if I tried to sell it, but it's worth the total amount of coins I stored on these paper wallets, if someone managed to retrieve any information from the firmware

or harddrive or where ever they get this information from. I should say it 100% safe, if you never go online with the device you created those paper wallets on. Just keep them dry

and locked up and also in a fire protected area.  Wink
Any existing virus could have affected the generation of your address and it should have been wiped first. The HDD can easily be wiped thoroughly by using an application that writes random bytes to it for example.
legendary
Activity: 1904
Merit: 1074
October 25, 2015, 03:32:48 AM
#14
I am just a bit paranoid about everything, when it comes to storing large amounts of money... So I salvaged a old computer from old parts and I downloaded the whole bitaddress.org

site to that computer and disconnected it permanently. I then created loads of encrypted and BIP38 secured paper wallets and physically destroyed the computer with a hammer.

It was worth like $10 if I tried to sell it, but it's worth the total amount of coins I stored on these paper wallets, if someone managed to retrieve any information from the firmware

or harddrive or where ever they get this information from. I should say it 100% safe, if you never go online with the device you created those paper wallets on. Just keep them dry

and locked up and also in a fire protected area.  Wink
sr. member
Activity: 266
Merit: 250
Grow SMALL amount of BTC by earning it
October 25, 2015, 01:18:04 AM
#13
BIP32 is safe enough as long as there isn't any other loopholes which can expose the unencrypted private key. The computer used for creating transactions should not have any viruses and the private key is generated randomly. The attacker would require your encrypted key to even try to crack it.
legendary
Activity: 892
Merit: 1013
October 25, 2015, 12:50:37 AM
#12
So let's say I go to Bitaddress.org, do the offline thing (namely, download the HTML code, run it on an clean machine). I use the BIP38 encryption and I use a decent passphrase with a couple of special characters.

Is this good for cold storage?

Yes, provided your password has sufficient entropy.  The minimum entropy you'll need depends on your situation:
  • Can you easily afford to lose your cold storage?
  • Do you live among people you trust or do you travel/backpack a lot?

You'll probably want between 40 and 100 bits of entropy.

I strongly advise against thinking up your own password.  Rather than digging through your mind for existing information; generate random information and memorise it.  It's not difficulty to rack up provable entropy this way.  To give you an idea, here are some examples each of which had about about 64-bits of entropy (of course, don't use these precise examples):

A uniformly random 20-digit natural number (about 66.3 bits):
    77167661296005852823
14 uniformly random lower-case letters (about 65.8 bits):
    tefdszwmhuwyso
10 uniformly random letters (upper + lower), numbers, and 33 common symbols (about 64.1 bits):
    EVl2;C?m=[
6 uniformly random words from a list of 2048 simple words with a 2-bit checksum (64 bits, BIP0039):
    scissors artwork burger catch hospital august


I personally prefer the latter for memorability but you may disagree.

There are actually tools out there that will allow you to come up with a stronge nough password where you don't need to be paranoid about someone ever bruteforcing this:

http://www.passwordmeter.com/

A tool which should be used with some care.  Notice for example that the poor password "HelloWorld!!11" scores 100%.

Bear in mind too that these tools are targetting a different use case, one with much weaker security needs.

I should have read this before making my own Sad
i selected around 20 words from 3 languages with upper/lower case and some numbers that i can't remember ...
legendary
Activity: 2282
Merit: 1023
October 25, 2015, 12:17:06 AM
#11
Just make sure you have a offline copy of the bitaddress.org available somewhere so that you can decrypt the private key when you need to access to your bitcoin.

You may also download a copy of Bitcoin Address Utility by Casascius, which can be used to decrypt BIP38.

You want the paper wallet to be safe but must still accessible when needed.
legendary
Activity: 1246
Merit: 1011
October 24, 2015, 09:30:41 PM
#10
So let's say I go to Bitaddress.org, do the offline thing (namely, download the HTML code, run it on an clean machine). I use the BIP38 encryption and I use a decent passphrase with a couple of special characters.

Is this good for cold storage?

Yes, provided your password has sufficient entropy.  The minimum entropy you'll need depends on your situation:
  • Can you easily afford to lose your cold storage?
  • Do you live among people you trust or do you travel/backpack a lot?

You'll probably want between 40 and 100 bits of entropy.

I strongly advise against thinking up your own password.  Rather than digging through your mind for existing information; generate random information and memorise it.  It's not difficulty to rack up provable entropy this way.  To give you an idea, here are some examples each of which had about about 64-bits of entropy (of course, don't use these precise examples):

A uniformly random 20-digit natural number (about 66.3 bits):
    77167661296005852823
14 uniformly random lower-case letters (about 65.8 bits):
    tefdszwmhuwyso
10 uniformly random letters (upper + lower), numbers, and 33 common symbols (about 64.1 bits):
    EVl2;C?m=[
6 uniformly random words from a list of 2048 simple words with a 2-bit checksum (64 bits, BIP0039):
    scissors artwork burger catch hospital august

I personally prefer the latter for memorability but you may disagree.

There are actually tools out there that will allow you to come up with a stronge nough password where you don't need to be paranoid about someone ever bruteforcing this:

http://www.passwordmeter.com/

A tool which should be used with some care.  Notice for example that the poor password "HelloWorld!!11" scores 100%.

Bear in mind too that these tools are targetting a different use case, one with much weaker security needs.
legendary
Activity: 3556
Merit: 9709
#1 VIP Crypto Casino
October 24, 2015, 02:08:41 PM
#9
So let's say I go to Bitaddress.org, do the offline thing (namely, download the HTML code, run it on an clean machine). I use the BIP38 encryption and I use a decent passphrase with a couple of special characters.

Is this good for cold storage? I would like to know because if this is good to keep Bitcoins long term, I don't really see the point of hardware wallets. I would rather trust encryption backed by a good ol piece of paper (wrapped on plastic to avoid deterioration).

Following the above procedure you are highly likely to be safe. I've never had a problem & I have made many encrypted paper wallets via bitaddress.org

Even without BIP38 as long as you hide the paper wallet well nobody is going to be able to get hold of your coins.

Make a couple of copies & keep them in different, safe locations.



legendary
Activity: 1358
Merit: 1014
October 24, 2015, 01:42:03 PM
#8
There are actually tools out there that will allow you to come up with a stronge nough password where you don't need to be paranoid about someone ever bruteforcing this:

http://www.passwordmeter.com/

Use this. A 10 character password with some special characters, up and lower case and you are set. No one would crack a SHA256 pass like that.
legendary
Activity: 1806
Merit: 1164
October 24, 2015, 11:44:03 AM
#7
So let's say I go to Bitaddress.org, do the offline thing (namely, download the HTML code, run it on an clean machine). I use the BIP38 encryption and I use a decent passphrase with a couple of special characters.

Is this good for cold storage? I would like to know because if this is good to keep Bitcoins long term, I don't really see the point of hardware wallets. I would rather trust encryption backed by a good ol piece of paper (wrapped on plastic to avoid deterioration).

You want a paper wallet you can really use day to day? Get a Trezor or Ledger and write the seed down on paper as recommended, store it in a safe place. Enjoy the convenience.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
October 24, 2015, 11:39:51 AM
#6
if you are storing a big amount, i would use 2-3 different methods for that.

paper wallet
hardware wallet
Xapo Vault

...
legendary
Activity: 3542
Merit: 1352
Cashback 15%
October 24, 2015, 11:28:55 AM
#5
How many characters should a passphrase have to be considered safe? Is there an accurate way to calculate this? Also can anyone explain me what the point of hardware wallets really is when a piece of paper just should do the job as well? (and without the potential risk of device damage)

I consider anything above 20 characters with varieties of numbers, letters and symbols a good passphrase, provided that you can remember it and the parts of the phrase are not taken from a dictionary.

As for hardware wallets, some find it useful because of how easy it is to import and export private keys using them.
hero member
Activity: 770
Merit: 509
October 24, 2015, 11:23:52 AM
#4
How many characters should a passphrase have to be considered safe? Is there an accurate way to calculate this? Also can anyone explain me what the point of hardware wallets really is when a piece of paper just should do the job as well? (and without the potential risk of device damage)
hero member
Activity: 672
Merit: 502
October 24, 2015, 11:23:23 AM
#3
If you can make a good strong passphrase and remember it then yes, it's great for cold storage as even if someone gets hold of your cold wallet they won't be able to access your funds without the password but as you mentioned you have to get it laminated and keep it in a safe place to protect it from decaying.
legendary
Activity: 3542
Merit: 1352
Cashback 15%
October 24, 2015, 11:21:34 AM
#2
So let's say I go to Bitaddress.org, do the offline thing (namely, download the HTML code, run it on an clean machine). I use the BIP38 encryption and I use a decent passphrase with a couple of special characters.

Is this good for cold storage? I would like to know because if this is good to keep Bitcoins long term, I don't really see the point of hardware wallets. I would rather trust encryption backed by a good ol piece of paper (wrapped on plastic to avoid deterioration).

It is, with the proper passphrase being hard to guess, I think you'll never have a problem in terms of hacking. The only thing that you'll ever worry about is keeping that piece of paper safe all the time. Wink
hero member
Activity: 770
Merit: 509
October 24, 2015, 11:13:22 AM
#1
So let's say I go to Bitaddress.org, do the offline thing (namely, download the HTML code, run it on an clean machine). I use the BIP38 encryption and I use a decent passphrase with a couple of special characters.

Is this good for cold storage? I would like to know because if this is good to keep Bitcoins long term, I don't really see the point of hardware wallets. I would rather trust encryption backed by a good ol piece of paper (wrapped on plastic to avoid deterioration).
Jump to: