Author

Topic: Is blockchain.info paper wallet secure? (Read 1721 times)

full member
Activity: 411
Merit: 100
January 10, 2015, 01:03:41 AM
#20
I'm not sure, as I understood it Blockchain.info do NOT store your private key. I believe it's all in the client-side code. I could be wrong. Either way, you can generate paper wallets offline with BitAddress.org - don't do it online, download a copy and work offline.
Assuming you are not visiting an imposter website, when you visit blockchain.info you use use javascrypt that is executed on your local computer that generates any new private key that you want to generate.

It would not however be cold storage because it would be created by a computer that has previously "touched" the internet
AGD
legendary
Activity: 2070
Merit: 1164
Keeper of the Private Key
January 07, 2015, 09:05:31 AM
#19
You can flip a coin 160 or more times and generate (offline) a real random private key from this coinflip result when you don't trust hard-/software RNGs or this when you do trust:

No, I don't think it is safe. If you really want a paper wallet, print it on an offline machine.


by doing that:

A paper wallet is generally one of the more secure ways you can store your BTC (along with hardware wallets, already mentioned in this thread), but since the blockchain.info paper wallet is generated while you're online, at least in theory it's less safe than generating your paper wallets offline with a clean OS that's never going to touch the internet (for example, use a Linux Live CD/DVD and unplug your network cable or kill the wifi). You could have malware on your PC that captures the QR code, you could potentially have malware in your printer that does the same, blockchain.info could be compromised to serve javascript that sends your private key somewhere (or you could be on a phishing site that does the same), etc.

What I would do, and have done, goes something like this:
1) Get a good offline paper wallet generator. The one at bitaddress.org is good, personally I like the one (based on the bitaddress.org code) at bitcoinpaperwallet.com but to each his own. Smiley
2) Get a Linux Live CD/DVD distro and burn it. For this, I personally use Linux Mint 17 because it just happens to be the OS I run on my laptop so I already had the DVD burned.
3) Put your paper wallet generator on some kind of removable media. You can copy it to a flash drive or SD card, or if you're really paranoid, burn it to its own CD.
4) Boot the Live CD/DVD and load your paper wallet generator in a browser, you should know what to do from here. Smiley

Once you've printed your paper wallets offline in a secure way, you can import the address only (not the private key) into blockchain.info as a watch only wallet and be confident that nobody else has the private key to spend those funds.
hero member
Activity: 910
Merit: 1000
hero member
Activity: 910
Merit: 1000
January 07, 2015, 06:31:21 AM
#17
I'm not sure, as I understood it Blockchain.info do NOT store your private key. I believe it's all in the client-side code. I could be wrong. Either way, you can generate paper wallets offline with BitAddress.org - don't do it online, download a copy and work offline.
legendary
Activity: 1680
Merit: 1205
January 07, 2015, 06:20:14 AM
#16
A paper wallet is generally one of the more secure ways you can store your BTC (along with hardware wallets, already mentioned in this thread), but since the blockchain.info paper wallet is generated while you're online, at least in theory it's less safe than generating your paper wallets offline with a clean OS that's never going to touch the internet (for example, use a Linux Live CD/DVD and unplug your network cable or kill the wifi). You could have malware on your PC that captures the QR code, you could potentially have malware in your printer that does the same, blockchain.info could be compromised to serve javascript that sends your private key somewhere (or you could be on a phishing site that does the same), etc.

What I would do, and have done, goes something like this:
1) Get a good offline paper wallet generator. The one at bitaddress.org is good, personally I like the one (based on the bitaddress.org code) at bitcoinpaperwallet.com but to each his own. Smiley
2) Get a Linux Live CD/DVD distro and burn it. For this, I personally use Linux Mint 17 because it just happens to be the OS I run on my laptop so I already had the DVD burned.
3) Put your paper wallet generator on some kind of removable media. You can copy it to a flash drive or SD card, or if you're really paranoid, burn it to its own CD.
4) Boot the Live CD/DVD and load your paper wallet generator in a browser, you should know what to do from here. Smiley

Once you've printed your paper wallets offline in a secure way, you can import the address only (not the private key) into blockchain.info as a watch only wallet and be confident that nobody else has the private key to spend those funds.

Yes, I know this would be better Smiley
But I have old cold storage wallets who I want to keep, that's why i'm asking if, given that passed some time, these adresses could be considered " safe" forever (or already hacked by someone who is waiting for a bigger deposit, but I feel that unlikely).
full member
Activity: 137
Merit: 100
January 07, 2015, 06:13:49 AM
#15
A paper wallet is generally one of the more secure ways you can store your BTC (along with hardware wallets, already mentioned in this thread), but since the blockchain.info paper wallet is generated while you're online, at least in theory it's less safe than generating your paper wallets offline with a clean OS that's never going to touch the internet (for example, use a Linux Live CD/DVD and unplug your network cable or kill the wifi). You could have malware on your PC that captures the QR code, you could potentially have malware in your printer that does the same, blockchain.info could be compromised to serve javascript that sends your private key somewhere (or you could be on a phishing site that does the same), etc.

What I would do, and have done, goes something like this:
1) Get a good offline paper wallet generator. The one at bitaddress.org is good, personally I like the one (based on the bitaddress.org code) at bitcoinpaperwallet.com but to each his own. Smiley
2) Get a Linux Live CD/DVD distro and burn it. For this, I personally use Linux Mint 17 because it just happens to be the OS I run on my laptop so I already had the DVD burned.
3) Put your paper wallet generator on some kind of removable media. You can copy it to a flash drive or SD card, or if you're really paranoid, burn it to its own CD.
4) Boot the Live CD/DVD and load your paper wallet generator in a browser, you should know what to do from here. Smiley

Once you've printed your paper wallets offline in a secure way, you can import the address only (not the private key) into blockchain.info as a watch only wallet and be confident that nobody else has the private key to spend those funds.
legendary
Activity: 1680
Merit: 1205
January 07, 2015, 05:19:39 AM
#14
When I want to store my bitcoins, I usually go to blockchain.info, print a paper wallet and deposit into it.

Supposing that both my device and site are secure in the moment I login and print the paper wallet, are my bitcoins completely safe in the case of a future blockchain.info hack?

Like all such questions, the answer is: "It depends.".

It depends on several factors, and what you mean by "my device and site are secure".

It depends on whether you've chosen a very strong password.

It depends on whether you re-use those addresses to receive bitcoins more than once.

It depends on whether you use faulty software when you eventually try to spend the bitcoins from the paper wallet.

It depends on whether there are any bugs in the software that is generating the address at the time that it generates the address.



Stop keeping your BTC at blockchain.info! Google the massive amount of thefts from them!

Use Blockchain.info for WATCH-ONLY, never private keys!

But... if I use a paper wallet, the key is on the wallett and therefore i'm in " watch only" on blockchain...right? Even if someone tomorrow will hack my pass or the site, I was supposing to be safe because of the printed wallet... of course if i do not use it on a compromised machine. Or am I wrong?


The printed wallet (aka backup) means blockchain.info has its private key.

It is not a backup, it is called " cold storage" and it consist in an address and a private key. I do not think that bockchain.info save my private key elsewhere.

This is the process: https://blockchain.info/it/wallet/paper-wallet-tutorial-web
legendary
Activity: 3038
Merit: 1032
RIP Mommy
January 07, 2015, 05:05:57 AM
#13
When I want to store my bitcoins, I usually go to blockchain.info, print a paper wallet and deposit into it.

Supposing that both my device and site are secure in the moment I login and print the paper wallet, are my bitcoins completely safe in the case of a future blockchain.info hack?

Like all such questions, the answer is: "It depends.".

It depends on several factors, and what you mean by "my device and site are secure".

It depends on whether you've chosen a very strong password.

It depends on whether you re-use those addresses to receive bitcoins more than once.

It depends on whether you use faulty software when you eventually try to spend the bitcoins from the paper wallet.

It depends on whether there are any bugs in the software that is generating the address at the time that it generates the address.



Stop keeping your BTC at blockchain.info! Google the massive amount of thefts from them!

Use Blockchain.info for WATCH-ONLY, never private keys!

But... if I use a paper wallet, the key is on the wallett and therefore i'm in " watch only" on blockchain...right? Even if someone tomorrow will hack my pass or the site, I was supposing to be safe because of the printed wallet... of course if i do not use it on a compromised machine. Or am I wrong?


The printed wallet (aka backup) means blockchain.info has its private key.
hero member
Activity: 672
Merit: 502
January 07, 2015, 04:46:00 AM
#12
No, I don't think it is safe. If you really want a paper wallet, print it on an offline machine.
legendary
Activity: 1680
Merit: 1205
January 07, 2015, 02:20:12 AM
#11
When I want to store my bitcoins, I usually go to blockchain.info, print a paper wallet and deposit into it.

Supposing that both my device and site are secure in the moment I login and print the paper wallet, are my bitcoins completely safe in the case of a future blockchain.info hack?

Like all such questions, the answer is: "It depends.".

It depends on several factors, and what you mean by "my device and site are secure".

It depends on whether you've chosen a very strong password.

It depends on whether you re-use those addresses to receive bitcoins more than once.

It depends on whether you use faulty software when you eventually try to spend the bitcoins from the paper wallet.

It depends on whether there are any bugs in the software that is generating the address at the time that it generates the address.



Stop keeping your BTC at blockchain.info! Google the massive amount of thefts from them!

Use Blockchain.info for WATCH-ONLY, never private keys!

But... if I use a paper wallet, the key is on the wallett and therefore i'm in " watch only" on blockchain...right? Even if someone tomorrow will hack my pass or the site, I was supposing to be safe because of the printed wallet... of course if i do not use it on a compromised machine. Or am I wrong?
legendary
Activity: 3038
Merit: 1032
RIP Mommy
January 06, 2015, 09:08:55 PM
#10
Stop keeping your BTC at blockchain.info! Google the massive amount of thefts from them!

Use Blockchain.info for WATCH-ONLY, never private keys!
legendary
Activity: 3472
Merit: 4801
January 06, 2015, 08:58:04 PM
#9
When I want to store my bitcoins, I usually go to blockchain.info, print a paper wallet and deposit into it.

Supposing that both my device and site are secure in the moment I login and print the paper wallet, are my bitcoins completely safe in the case of a future blockchain.info hack?

Like all such questions, the answer is: "It depends.".

It depends on several factors, and what you mean by "my device and site are secure".

It depends on whether you've chosen a very strong password.

It depends on whether you re-use those addresses to receive bitcoins more than once.

It depends on whether you use faulty software when you eventually try to spend the bitcoins from the paper wallet.

It depends on whether there are any bugs in the software that is generating the address at the time that it generates the address.

legendary
Activity: 1401
Merit: 1008
northern exposure
January 06, 2015, 07:54:13 AM
#8
ofc paper wallet is secure, but i may suggest you to dont store all your BTC into the same way, there is lot of ways to store your BTC like trezor, offline wallets etc etc also hardware wallets dont cost so much so is a nice way to store your BTC.


dont store all your BTC this way to be sure. you can use a hardware-wallet too:

https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253


nice, i didnt know that thread, so there you got lot of nice ways to do that, ty!!

legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
January 06, 2015, 07:27:51 AM
#7
for little sums it is okay. always use more ways to store the BTC than just one and dont store all BTC in one wallet.

some hardware-wallets just cost 15 Euro (20 $). cheap in my view  Smiley

I read some reviews, thanks for your article. I hope I will buy a trezor one day, but why an usb is supposed to be more secure or pratical than a paper wallet?
I use every paper wallet only a single time, and use them with the porpouse of store my btc over the long run. I found them easy to hide and economic, my only concern is that i'm using blockchain.info for the creation.

I know there are better ways to create a paper wallet, buy I want to know if, given that my device and the site are secure in the moment I print the wallet, I can feel safe for the eternity.

a trezor is a closed system in my understanding so maleware cant be installed on it. maleware also cant access your private keys and the private keys never leave the device.
i recommend some reviews about it  Smiley . the device seems pretty good.


for a paperwallet you could also use:

www.bitaddress.org

http://www.reddit.com/r/Bitcoin/comments/295vbt/is_bitaddressorg_safe/
legendary
Activity: 1680
Merit: 1205
January 06, 2015, 07:23:08 AM
#6
for little sums it is okay. always use more ways to store the BTC than just one and dont store all BTC in one wallet.

some hardware-wallets just cost 15 Euro (20 $). cheap in my view  Smiley

I read some reviews, thanks for your article. I hope I will buy a trezor one day, but why an usb is supposed to be more secure or pratical than a paper wallet?
I use every paper wallet only a single time, and use them with the porpouse of store my btc over the long run. I found them easy to hide and economic, my only concern is that i'm using blockchain.info for the creation.

I know there are better ways to create a paper wallet, buy I want to know if, given that my device and the site are secure in the moment I print the wallet, I can feel safe for the eternity.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
January 06, 2015, 07:14:01 AM
#5
for little sums it is okay. always use more ways to store the BTC than just one and dont store all BTC in one wallet.

some hardware-wallets just cost 15 Euro (20 $). cheap in my view  Smiley
legendary
Activity: 1680
Merit: 1205
January 06, 2015, 07:09:12 AM
#4
dont store all your BTC this way to be sure. you can use a hardware-wallet too:

https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253

This is really cool, but it is an expansive wallet for my little money. Maybe if my bitcoins were @ 1000 usd, like when I bought them..

Like now, I am happy if they don't sundelly disappears, I use blockchain.info for spending little sums.
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
January 06, 2015, 07:05:33 AM
#3
dont store all your BTC this way to be sure. you can use a hardware-wallet too:

https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253
legendary
Activity: 2226
Merit: 1052
January 06, 2015, 07:04:31 AM
#2
When I want to store my bitcoins, I usually go to blockchain.info, print a paper wallet and deposit into it.

Supposing that both my device and site are secure in the moment I login and print the paper wallet, are my bitcoins completely safe in the case of a future blockchain.info hack?

In theory, it should be...
legendary
Activity: 1680
Merit: 1205
January 06, 2015, 07:02:26 AM
#1
When I want to store my bitcoins, I usually go to blockchain.info, print a paper wallet and deposit into it.

Supposing that both my device and site are secure in the moment I login and print the paper wallet, are my bitcoins completely safe in the case of a future blockchain.info hack?
Jump to: