Pages:
Author

Topic: Is it a good idea to store paper wallet digitally? (Read 1942 times)

copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Bitaddress isn't truly random. It is based on the seed (your mouse movement), which isn't random.

Its a PRNG[1] and as such considered random enough for cryptographic purposes.

Human movement always follows some pattern or purpose. Mouse movement is no different. In fact, in some ways, nothing is random. "Randomness" is the misconception of not being able to define the answer because we do not have the means to.

Randomness is defined as the lack of pattern, we as humans are essentially pattern matching and recognition machines. Just think about all the people that see the face of Elvis in vegetables. If we are unable to see a pattern we call it random. This lack of pattern is what protects a randomly generated key. IF there would be a pattern between the first and the next key you generated it would be possible to derive one from the other. Since you cant its perfectly fine to call it random, unless you want to start a philosophical debate.

[1] https://en.wikipedia.org/wiki/Pseudorandom_number_generator
full member
Activity: 183
Merit: 102
You can store it securely using PGP encryption just save it in a text file and make sure you keep the keychain on a usb stick or somewhere separate, not online and you will be safe it's all good buddy.
hero member
Activity: 574
Merit: 500
Bitaddress isn't truly random. It is based on the seed (your mouse movement), which isn't random. Human movement always follows some pattern or purpose. Mouse movement is no different. In fact, in some ways, nothing is random. "Randomness" is the misconception of not being able to define the answer because we do not have the means to.
Open MS Paint, and draw a line with your mouse. Now try to draw the exact same line again.
'True random' may not exist, but that does not mean you can reproduce it.
member
Activity: 108
Merit: 10
Bitaddress isn't truly random. It is based on the seed (your mouse movement), which isn't random. Human movement always follows some pattern or purpose. Mouse movement is no different. In fact, in some ways, nothing is random. "Randomness" is the misconception of not being able to define the answer because we do not have the means to.

People say "probably fair" gambling is totally random, but if we know the server hash, we can predict what is going to happen. It's not so random after all.
So according to you 1 address  can be generated  (or have been) twice by bitaddress.org offline version?
legendary
Activity: 938
Merit: 1002
Bitaddress isn't truly random. It is based on the seed (your mouse movement), which isn't random. Human movement always follows some pattern or purpose. Mouse movement is no different. In fact, in some ways, nothing is random. "Randomness" is the misconception of not being able to define the answer because we do not have the means to.

People say "probably fair" gambling is totally random, but if we know the server hash, we can predict what is going to happen. It's not so random after all.
newbie
Activity: 10
Merit: 0
It's just funny Smiley
hero member
Activity: 574
Merit: 500
Instead of sweeping the wallet you can use Brainwallet in offline mode to generate transaction,  copy it ( it has nothing to do with private key,  you are secure while copying),  broadcast it using blockchain or any other broadcasting service.
Brainwallets have been hacked a lot and are very risky. Read http://www.wired.com/2015/07/brainflayer-password-cracker-steals-bitcoins-brain/:
Quote
The problem, says Castellucci, is that humans don’t choose strong, random passphrases as well as they think they do. And any hacker can patiently guess millions upon millions of passphrases, converting them into private keys and trying them on every bitcoin address on the blockchain, the public ledger of all bitcoin locations. Even when a bitcoin user thinks she has chosen a sufficiently strong passphrase for her brain wallet, Castellucci says it often can’t stand up to the cracking resources of thieves motivated by an instant cash reward. “The usual bitcoin private key is long enough that no one is going to guess it before the sun burns out,” says Castellucci. “But if they just have to guess your passphrase, they’re going to do it, because people are terrible random number generators.”
hero member
Activity: 2618
Merit: 548
SecureShift.io | Crypto-Exchange
With a really strong password, that you can remember and that was made offline without any key-loggers should suffice but instead of putting the pdf in rar why not use BIP38 and encrypt the key with the pass phrase whilst making it?

Above quote indicates a general form of increasing security to the wallet. I believe having few wallets to hold our bitcoins and having two factor authorization is enough. Even if needed can go for the saving of paper wallet in digital form.
sr. member
Activity: 266
Merit: 250
One world One currency, Bitcoin.
Instead of sweeping the wallet you can use Brainwallet in offline mode to generate transaction,  copy it ( it has nothing to do with private key,  you are secure while copying),  broadcast it using blockchain or any other broadcasting service.
legendary
Activity: 1372
Merit: 1032
All I know is that I know nothing.
the whole point of paper wallet is to keep it in paper form and if you are keeping it digitally then it is not paper wallet but just a cold storage if it is never connected to internet.

the benefit of paper wallet is that it can not go online by mistake so unless someone breaks it your house they are safe from hacking
hero member
Activity: 714
Merit: 528
Say i put ubuntu on usb and boot from it and now generate 1 paper wallet using bitaddress.org gitup file locally and then instead of printing this i ssved it as pdf and then after booting back to windows i put this pdf in .rar file with secure password protection and save this file in mutliple places.Then even if i use the internet i won't be at risk right?
is bitaddress.org paper wallet generation really random?
and last question if i have say 7 bitcoins on this digitally stored paper wallet and i want to spend 2 bitcoins from it and want to have 5 bitcoins in it.Can i do so? because i have read somewhere that we need to sweep the paper wallet and why's that?Can't i just spend directly the amount i wish to spend?

P.S i don't want to print a paper wallet because i am too paranoid i may lose the paper or damage it
Saving the paper wallet digitally kinda negates the purpose of paper wallet itself lol Tongue
But yea, by saving that on winrar with a strong password should make your private keys unobtainable
and yep, you need to sweep the paper for that, because there's no change address to where the 5 bitcoin should be at
legendary
Activity: 2170
Merit: 1427
I already do this on my windows computer. I simply have several paper wallets stored in a zip file and with very strong encryption. Passphrase is a combination of 50 characters, which I find to be strong enough. And all this sits in my USB drives offline together with my wallet.dat backups.
papper wallet is already safe storage,and of course if we store it on zip file and with very strong encryption,it might the safest way to store your bitcoin,i just wondering why are people like you so afraid with bitcoin security?do you ever lost your bitcoin?os you store so many amount of bitcoin,then you think you must do this all security.

I am happy to say that I never lost any coins, and that's because I take security very serious. The coins that I have right now may end up being worth a lot in the future. So there are plenty of reasons of why I should keep the security level as tight as I have right now.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
-snip-
Thanks
I know Tails Come With Electrum
But can you tell me how can i install electrum on any linux distro not just tails?
Because i have read electrum is not easy to install on linux so can you please suggest me how to install it?

Well electrum runs on python and I dont know of any distros that dont come with python. I just download the tar.gz[1] from the sources section, extract it[2], change into the newly created folder and run it with python electrum. If you do everything from terminal, the following steps should start electrum for you on any linux distro. You will need to copy the public key[3] from ThomasV into a file named thomasv.asc first though.

Code:
mkdir electrum
cd electrum
###put thomasv.asc in this directory as well###
wget https://download.electrum.org/2.6.3/Electrum-2.6.3.tar.gz https://download.electrum.org/2.6.3/Electrum-2.6.3.tar.gz.asc
gpg2 --import thomasv.asc
gpg2 --verify Electrum-2.6.3.tar.gz.asc  ## should return 'correct signature'
tar -xvzf Electrum-2.6.3.tar.gz
cd Electrum-2.6.3
python electrum

If you already have electrum on your system it will open the last wallet. If not it will promt you to create a new one.

[1] https://electrum.org/#download
[2] tar -xvzf filename
[3] https://pgp.mit.edu/pks/lookup?op=get&search=0x2BD5824B7F9470E6
hero member
Activity: 812
Merit: 1000
With a really strong password, that you can remember and that was made offline without any key-loggers should suffice but instead of putting the pdf in rar why not use BIP38 and encrypt the key with the pass phrase whilst making it?
hero member
Activity: 742
Merit: 500
Say i put ubuntu on usb and boot from it and now generate 1 paper wallet using bitaddress.org gitup file locally and then instead of printing this i ssved it as pdf and then after booting back to windows i put this pdf in .rar file with secure password protection and save this file in mutliple places.Then even if i use the internet i won't be at risk right?

Good idea, but you must be carefull dont lose your password

and last question if i have say 7 bitcoins on this digitally stored paper wallet and i want to spend 2 bitcoins from it and want to have 5 bitcoins in it.Can i do so?

why not to generated 7 papers wallet, and make them to the one pdf, i think it could be easy to used, you wouldn't be cost by the fee if you spent the amount separately

P.S i don't want to print a paper wallet because i am too paranoid i may lose the paper or damage it
You can save it on a place where you safe your secret and important document, just saying
hero member
Activity: 630
Merit: 500
PM me to buy traffic for your site!
Of course it's not good, because the main idea of 'Paper' Wallet is to keep your wallet on a 'paper'. If you're not save it on a paper, well then you can't call it a Paper Wallet.

Terminology isn't so black and white on this topic imho, because you have "paper" wallets printed on steel and other materials due to their higher endurance, resistance
to fire and other advantages. But still, i wouldn't save it digitally as per op, because it kinda loses it's point.
hero member
Activity: 574
Merit: 500
Of course it's not good, because the main idea of 'Paper' Wallet is to keep your wallet on a 'paper'. If you're not save it on a paper, well then you can't call it a Paper Wallet.
A more general name is "cold storage", which can be in any physical form. The main importance is to keep the private key offline until you use it.
legendary
Activity: 1526
Merit: 1001
Sometimes it is better to store the paper wallet or scanned docs digitally but only if you have encrypted those and your save the password or the key to decrypt it later when you need it, but if you can store physically somewhere.
legendary
Activity: 1022
Merit: 1003
𝓗𝓞𝓓𝓛
Of course it's not good, because the main idea of 'Paper' Wallet is to keep your wallet on a 'paper'. If you're not save it on a paper, well then you can't call it a Paper Wallet.
member
Activity: 108
Merit: 10
Say i put ubuntu on usb and boot from it and now generate 1 paper wallet using bitaddress.org gitup file locally and then instead of printing this i ssved it as pdf and then after booting back to windows i put this pdf in .rar file with secure password protection and save this file in mutliple places.Then even if i use the internet i won't be at risk right?

Why not encrypt it on your throw away USB stick OS? If you move the PDF unencrypted to a different machine it make no sense to set up the USB stick OS in the first place as it offers you no additional security.

is bitaddress.org paper wallet generation really random?

Yes, even on low entropy systems (e.g. new OS on SSD/USB stick). The mouse movements required at the start provide enough entropy to make the key generation random.

and last question if i have say 7 bitcoins on this digitally stored paper wallet and i want to spend 2 bitcoins from it and want to have 5 bitcoins in it.Can i do so?

Yes, if you are careful. More below.

because i have read somewhere that we need to sweep the paper wallet and why's that?Can't i just spend directly the amount i wish to spend?

P.S i don't want to print a paper wallet because i am too paranoid i may lose the paper or damage it

The "problem" with spending paper wallet funds are the software you use to do so. If you have 7 bitcoins received to a paperwallet, these 7 bitcoins are considered one or more inputs you can spend. Lets assume for simplicity you have only one input. You can think of it like a 7BTC bill or a lump of gold (I will go with the gold for this example). If you want to spend the 7 BTC lump you have to melt it down and create pieces of lesser value. Different wallets do this differently. Some would send the 5 BTC you want to keep (assuming no fee for simplicity) back to the address you previously had the 7 BTC on. Some would create an entirely new address for this. Its best that you prepare another paperwallet and manually send the lump you want to keep to it.

E.g. you have 7 BTC and want to send 2 BTC to Alice while keeping the remaining 5 BTC. You use the funds from your old paper wallet to create a TX that sends 2 BTC to 1ALICEvanity and 4.9998 BTC to 1myNEWpaperWALLET the remaining 0.0002 is used as fee.
Ok i have read that mycellium bitcoin wallet alows spending from cold storage so if use it to spend 2  bitcoins from paper wallet will the remaining 5 btc goes back to my paper wallet?

AFAIK not, the way I understand what mycelium does in this case is that it sends the 5 BTC to a newly generated change address that is part of your mycelium wallet. I also think its a bad idea to reuse a paper wallet. The whole idea is that you have an offline key, one that was never on an online system and thus can not be affected by a virus. This is longer the case once you use the paper wallet at least once. Hence the suggestion to create a new one. On the other hand you dont store it on paper either, so maybe something like Tails[1] is better?

and why the new 5 btc that comes back to the same address do not show as new transaction?

Because its the same transaction. A transaction can send coins to many addresses at once.

And yes how do i encrypt the pdf on throw away ubuntu system that i used to create the wallet?

PGP should be available by default or you could use something like e.g. VeraCrypt (which is based on the famous TrueCrypt) sinec you need to get some software on the stick from the internet anyway.

And what if i use Electrum instead of bitaddress.org to generate the address as i think electum will be much safer.right?

I dont think it matters much. You might want to use electrum from a live OS like Tails though since this would solve your "change" problem. Instead of a private key you would secure the seed and restore the wallet from that every time you want to spend some coins. The seed would (unlike a private key) cover all future change addresses and can offer you different addresses as well. Electrum is also preinstalled on tails, so you would not need to install any software. Tails does not come with VeraCrypt yet[2], but they have different means to help you encrypt data.

[1] https://tails.boum.org/
[2] https://labs.riseup.net/code/issues/8911
Thanks
I know Tails Come With Electrum
But can you tell me how can i install electrum on any linux distro not just tails?
Because i have read electrum is not easy to install on linux so can you please suggest me how to install it?
Pages:
Jump to: