making my own HD paper wallet | Bitcointalksearch.org

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: Welsh on March 18, 2020, 10:22:24 AM

I wouldn't even trust manually creating a private key with a dice due to the easily made mistakes.

I wonder if you could elaborate on what kind of mistakes you are thinking of here? Do you mean mistakes in the human generating the entropy, or mistakes in turning the entropy in to a seed?

Lets say (hypothetically) I flip a coin 4 times, recording 1 for heads and 0 for tails, and then use a simple lookup table to convert from a 4 digit binary number to a single hexadecimal digit. I repeat that process 63 more times, and input my final result in to Ian Coleman's site running on a permanently airgapped machine to generate a seed. I can examine the code to ensure my entropy has been truthfully converted to a seed, or I can even group my coin flips in to groups of 11 and manully check that they match the generated seed. I can then input that seed in to Electrum on the same airgapped device to create a permanently offline cold wallet, and check the addresses generated by Electrum match the addresses generated by Ian Coleman.

Provided I double/triple check all my conversions and inputs, what other mistakes could you envisage? Not trying to be antagonistic here - I'm always on the look out for potential security flaws I may not have considered.

Welsh

staff

Activity: 3304

Merit: 4115

Quote from: seoincorporation on March 17, 2020, 04:07:36 PM

To make your address online isn't a good idea. I have seen some services in the past who allow you to generate brain wallets and then stole the coins. And that's the risk about someone making the address for you, in some point, they have access to your private keys.

The most secure way to generate an address is by making in yourself. For that, you could use a service called vanitygen.

If you want to read more about that software i will leave the link for you: https://en.bitcoin.it/wiki/Vanitygen

There was also a service which got their private key generation wrong which resulted in private keys being compromised. I can't remember the specifics or whether it was accidental or the server was compromised. At the end of the day, I wouldn't trust anything which relies on connecting to the internet to generate, and wouldn't trust any software that you haven't verified isn't compromised. I wouldn't even trust manually creating a private key with a dice due to the easily made mistakes. Paper wallets are good, but I would probably still rely on using a offline computer to generate those private keys.

seoincorporation

legendary

Activity: 3346

Merit: 3125

Quote from: fred21 on February 22, 2020, 04:25:56 AM

Hello,

I would like to create my own hierarchical deterministic wallet like a paper wallet. Mainly because I want a new address for every transaction and I want to be totally in control of the wallet (so no hard ware wallet or app wallet)

Here are my questions :

1)For example, I have used https://coinb.in/#newHDaddress. Are there other places to do this?

2) on https://coinb.in/#newHDaddress :
By clicking GENERATE I get

xPub Address :

xpub661MyMwAqRbcGUuv17GHY2HyJYV73nTpvTandSM1sfGwMoLwt4vyPyvTUHfmpC31KypDxhRa5D3 QMFbnGkWVvGNz3Y9eoGwzj91r1QmpDi1

xPrv Address :

xprv9s21ZrQH143K3zqSu5jHAtMEkWeceKjyZEfBq3wQKKjxV11oLXcirBbyd2QZCyPjxbdYQtQGP6E JR3iXuZNBiSw8jaBRs6NdWF1kTSnMJCV

Is it this really done randomly like in https://www.bitaddress.org/ with no risk of being bruteforced or compromized?

2) in below "Address Options", "Custom Seed or Brain Wallet", I can type whatever I want? what is the use-case for this field?

I have other questions but let's first answer those above.

Thanks,

fred

To make your address online isn't a good idea. I have seen some services in the past who allow you to generate brain wallets and then stole the coins. And that's the risk about someone making the address for you, in some point, they have access to your private keys.

The most secure way to generate an address is by making in yourself. For that, you could use a service called vanitygen.

If you want to read more about that software i will leave the link for you: https://en.bitcoin.it/wiki/Vanitygen

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: fred21 on March 17, 2020, 10:51:06 AM

I will store those words physically using the BIP39 Split Mnemonic in 2 separate places.

This is risky without also creating additional back ups. Splitting your seed phrase in to two means that if either piece is lost/stolen/destroyed/degraded/unreadable/whatever, then your coins are lost and the other half is useless on its own. I would always advocate for multiple back ups - if storing your seed phrase whole then that means two separate back ups. If splitting in to two then that means four separate back ups - two of each half.

Quote from: fred21 on March 17, 2020, 10:51:06 AM

I wanted to encrypt the 24 words string using AES 256 bits and then print the encrypted string, but I haven't found a good tool to do this.

If you do this, you will need to also back up your encryption key, again on paper and in a separate location to your encrypted seed phrase. Although rather than encrypt the seed, why not leave the seed as plain text and use an additional BIP39 passphrase instead? It has the same desired outcome, in that an attacker must find both your seed phrase and your passphrase to access your funds, with the added advantages that it takes longer to brute force a passphrase as for each attempt an attacker also has to derive at least one address and perform a look-up to see if that address has a transaction history, as well as allowing for plausible deniability.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: fred21 on March 17, 2020, 10:51:06 AM

to generate my HD wallet, I will choose 24 words because, I will store those words physically using the BIP39 Split Mnemonic in 2 separate places. Because It says that it takes 3830854 years to hack one split card.

since it is not clear how this tool came up with the constants used in calculation of this number (3830854 years) i wouldn't rely on it to be true.

Quote

I wanted to encrypt the 24 words string using AES 256 bits and then print the encrypted string, but I haven't found a good tool to do this.

you should be able to use command line with OpenSSL to encrypt it.

Code:

openssl enc -nosalt -aes-256-cbc

Quote

what do you thinks is the best protocol to choose from BIP44, BIP49, BIP84, BIP141 ?

these proposals are only proposing a certain path. there is no different between them. it is more for standardizing the path selection.

fred21

member

Activity: 154

Merit: 29

Ok I see.

to generate my HD wallet, I will choose 24 words because, I will store those words physically using the BIP39 Split Mnemonic in 2 separate places. Because It says that it takes 3830854 years to hack one split card.

I wanted to encrypt the 24 words string using AES 256 bits and then print the encrypted string, but I haven't found a good tool to do this.

what do you thinks is the best protocol to choose from BIP44, BIP49, BIP84, BIP141 ?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: fred21 on March 17, 2020, 06:49:57 AM

If I come back with same BIP39 Mnemonic, the addresses will exactly display in the same order??

Yes. Provided you use the same derivation path as you did before (the derivation path is the m/44'/... part), then you will generate the same addresses in the same order.

Quote from: fred21 on March 17, 2020, 06:49:57 AM

So I guess, every time I receive a new payment I take the next address in the display order after the last one I used and this way I will be able to keep track of all the addresses on which I have BTC.

Yes.

Quote from: fred21 on March 17, 2020, 06:49:57 AM

Is this the right way to perform if I just want to rely on a offline javascript Mnemonic Code Converter (no wallet app or web-based wallet)?

This is one way you could do it. Another way would be to export your seed's master public key, and create a watch only wallet using it in a client such as Electrum. It would show all your addresses, all their balances, a total balance, but can't be used to spend coins and can't be hacked, as it is built only using the public key and not the private key.

fred21

member

Activity: 154

Merit: 29

Thanks for your reply. I agree this is very secure.

I would like to know how I can check the balance of all the addresses I generate with BIP39 Mnemonic and remember on which I have actually BTC.

Do those addresses always display in the same order when putting the BIP39 Mnemonic?

For example, with BIP39 Mnemonic "frame violin future list pupil resemble cake remove latin test feel volume enjoy thought mix" , the addresses displays in this order in "Ian Coleman's Mnemonic Code Converter" :

m/44'/0'/0'/0/0    14z8YQ2qQ4rrvaAAFcg9PS436yo1wzGi9c
m/44'/0'/0'/0/1    121e9TqR1CE2ZYycH6VD61QoDq9VvhEchn
m/44'/0'/0'/0/2    1Gn1kHxzW96W7CyMxbyRxZcJG8p1jkNWUb
.....

If I come back with same BIP39 Mnemonic, the addresses will exactly display in the same order??

So I guess, every time I receive a new payment I take the next address in the display order after the last one I used and this way I will be able to keep track of all the addresses on which I have BTC.

I order to check the balance of my BIP39 Mnemonic wallet, I will have to check every address on a blockchain explorer and make a SUM.

Is this the right way to perform if I just want to rely on a offline javascript Mnemonic Code Converter (no wallet app or web-based wallet)?

thanks

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: fred21 on February 25, 2020, 08:05:31 AM

Is it not then easy to check every 15 words conbination available to get at the end, the btc that are in the derived addresses?

No, it is impossible. There are 2048¹⁵ = 4.68*10⁴⁹ combinations. This number is beyond human comprehension. Even if it was possible to check a trillion combinations per second, and every single person on the planet checked a trillion keys per second every second since the birth of the universe 13.7 billion years ago with no duplicates, we would still only have checked 0.000000006% of all possible combinations. If you choose 24 words instead of 15, the numbers become even more comical.

Furthermore, if it was possible, then every bitcoin in existence would be at risk.

Quote from: fred21 on February 25, 2020, 08:05:31 AM

I store my btc on paper wallets generated in bitaddress.Org since 2017. Of course, I have done everything offline, and I store the keys in several location and format. my private keys are encrypted with bip38 password.

As long as they were generated securely and you keep them safe, then yes that is safe. Make sure you also have your decryption key backed up separately from your wallets.

fred21

member

Activity: 154

Merit: 29

Thanks for your reply.

1) What worries me is that just by making a combination of 15 words available in bip39 list, you make HD wallet extended public and private keys.

Is it not then easy to check every 15 words conbination available to get at the end, the btc that are in the derived addresses?

Or this is too much computer work with 2048 English words?

2) I store my btc on paper wallets generated in bitaddress.Org since 2017. Of course, I have done everything offline, and I store the keys in several location and format. my private keys are encrypted with bip38 password.
Is it safe?

Thanks.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

To expand on nc50lc's answer, most brain wallet generators like coinb.in simply take whatever text you have entered (in this case, your 15 words), and perform some fairly simply hashing algorithm on it, usually SHA256, to turn it in to a private key. They are incredibly insecure and should never be used.

If you want to use another service to "confirm" that Ian Coleman's site is correct, then I would use Electrum to create a new wallet, select "Standard wallet", select "I already have a seed", paste in your 15 words from Ian Coleman, open "Options" and check "BIP39 seed", select "legacy (p2pkh)". Once you've followed these steps and created the new wallet, click View -> Show console, and then in the Console tab enter wallet.keystore.xpub or wallet.keystore.xprv to display the relevant keys.

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

Quote from: fred21 on February 24, 2020, 06:08:39 AM

I have used "Ian Coleman's Mnemonic Code Converter" to try to generate BIP39 Mnemonic and I used the 15 words in coinb.in but it didn't find the same Xpub and Xpriv key that in "Ian Coleman's Mnemonic Code Converter"

Coinb.in's "custom seed" is not a BIP39 mnemonic seed and wont use the same process as BIP39 when deriving the root key.
In fact, you can type anything to coinb while BIP39 have a standard word-list.

fred21

member

Activity: 154

Merit: 29

I have used "Ian Coleman's Mnemonic Code Converter" to try to generate BIP39 Mnemonic and I used the 15 words in coinb.in but it didn't find the same Xpub and Xpriv key that in "Ian Coleman's Mnemonic Code Converter"

"Ian Coleman's Mnemonic Code Converter"

BIP39 Mnemonic :

frame violin future list pupil resemble cake remove latin test feel volume enjoy thought mix

Account Extended Private Key

xprv9zFTx1NJVSGKtzSYjaRhthyj3QdeU2fKjf2MHPM8cBKmHRSwS65U4MXb3W1CMjXMpiAZ5dAJW9p cShMuBicjyjBKhUVY4zdy79HjmwKBfwe

Account Extended Public Key

xpub6DEpMWuCKopd7UX1qbxiFqvTbSU8sVPB6swx5mkkAWrkADn5ydPic9r4tkqHCnhG2uBQvZQGqXL c2wkh3zSy3UmjMuVZuFuZeTrUU8YRBr3

coinb.in

xPub Address :

xpub661MyMwAqRbcH65pd6SEu2uVKvUmhzRNmvaLYrLsSHuC5GBNPPJdsYUL5tnYmSNDGKANhQF8djZ Av6f5bRPGdtYKKWuj4rMKzLkF9Lh7edq

xPrv Address :

xprv9s21ZrQH143K4c1MX4uEXtxkmteHJXhXQhejkTwFsxNDCTrDqqzPKk9rEeuukcqqHNcBwbF325o NQjWZ8HNTDWJVQKcKUacfNjS6mJtXMhj

Can someone explain this ?

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: fred21 on February 22, 2020, 04:25:56 AM

Mainly because I want a new address for every transaction and I want to be totally in control of the wallet (so no hard ware wallet or app wallet)

What do you mean by "totally in control of the wallet"? What vector of attack do you have in mind here that you are trying to protect against?

You specifically mention that you do not wish to use a hardware wallet. Why do you think that generating keys using a website and printing them on to paper is going to be safer? You expose yourself to multiple more risks using your method (non-random generating website, using a machine with a compromised OS or malware, exposing the keys when you try to spend from them, accidentally sending coins to a change address you don't control, and so forth) than you would by using a hardware wallet. If you are concerned that a hardware wallet is not generating a random seed, then you can generate one yourself by flipping a coin, convert it in to a 24 word seed phrase, and import that in to a hardware wallet.

Since you want to generate new addresses for each transaction, and it sounds like you will be spending from these addresses not-infrequently, then I think the better set up for you would be to have a wallet on an airgapped machine and a watch-only wallet on a live machine if you really want to avoid a hardware wallet.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: DireWolfM14 on February 22, 2020, 10:19:27 AM

The Ian Coleman tool suggest by LoyceV can be downloaded, initiated right from your hard drive, and run on a computer that isn't connected to the internet. That's a much more secure way of generating a new private key.

To be fair: you can use Coinb.in offline too (and that's of course recommended).

Quote

but if you want to spend one of those transactions you'll have to import the private key. That means exposing your seed or Xpriv key, and again I would only do that on an off-line machine. It can be done, but it's going to be a pain.

It's actually quite easy: install Electrum, import the address, create a transaction, copy the transaction, import the private key in another instance of Electrum which you installed on an off-line computer in your basement without windows, sign the RAW transaction, copy the raw transaction, and broadcast it from your online read-only Electrum wallet.
Before broadcasting, for the truely paranoid, you can use coinb.in (once again on an off-line PC) to decode the signed RAW transaction and see if it does exactly what you want before broadcasting it.

Quote

If you do want to transact with coins regularly, then I suggest a hardware wallet is more practical for your needs.

My main concern has always been how to store and backup the seed phrase. I recently came up with an idea, but that's something for another topic.

DireWolfM14

copper member

Activity: 2338

Merit: 4543

Join the world-leading crypto sportsbook NOW!

Don't trust any keys that are generated on a website. I'm not claiming Coinb.in is a malicious site that will steal you coins, but there's no way to confirm if they are storing the information, along with IP address logging, and who knows what else.

The Ian Coleman tool suggest by LoyceV can be downloaded, initiated right from your hard drive, and run on a computer that isn't connected to the internet. That's a much more secure way of generating a new private key.

But, unless you want to hodl all your coins, a paper wallet is really impractical. It can be used to generate new addresses if you use the Xpub to create a watch only wallet with software like Electrum, but if you want to spend one of those transactions you'll have to import the private key. That means exposing your seed or Xpriv key, and again I would only do that on an off-line machine. It can be done, but it's going to be a pain.

If you do want to transact with coins regularly, then I suggest a hardware wallet is more practical for your needs.

ranochigo

legendary

Activity: 3038

Merit: 4418

Crypto Swap Exchange

You really wouldn't want to use a hierarchical deterministic wallet as your cold wallet. Paper wallets are designed for a one-use case for which a paper wallet should not be used again after a transaction is made from it (which will empty out its entire wallet). If you're looking for a secure wallet, you can try using a Ledger. It's much easier to use and its pretty much as secure as a paper wallet.

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

Quote from: fred21 on February 22, 2020, 04:25:56 AM

I would like to create my own hierarchical deterministic wallet like a paper wallet. Mainly because I want a new address for every transaction and I want to be totally in control of the wallet (so no hard ware wallet or app wallet)

You want to be totally in control yet you have decided to use an online wallet?
Yes, coinb.in isn't custodial but it's a step-down from a non-custodial software client or hardware wallet.

Anyways, for your questions:
[1] You can automatically do the same using Bitcoin Core (requires a lot of bandwith and disk space) or just install a "real" wallet or buy a hardware wallet... seriously.

It seem to be a "BIP32 root key" but I don't recognize the default derivation path (m/i?)

[2] The result is impossible to bruteforce but for the "risk of being compromised" query: I can't vouch for coinb.in since I'm haven't used it for mainnet transactions nor planning to use it.

[the other 2] It works like a "BrainWallet", but instead of a private key & address pair, you'll get a xprv/xpub keys.
The use-case is the same, you can type a long phrase or words that you can remember (Brain~) and it will be derived into a "key" (~Wallet)
You can type anything and it will generate the key based from your input and like brainwallet, it's not recommended because it's easier to guess than a randomly-generated one.

Additionally, paper wallet isn't really the type of wallet that you need since it's for cold-storage,
and Coinb.in's "HD address" isn't designed for paper wallet generation.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: fred21 on February 22, 2020, 04:25:56 AM

1)For example, I have used https://coinb.in/#newHDaddress. Are there other places to do this?

I think Ian Coleman's Mnemonic Code Converter is what you're looking for. Take security precautions before using it (be paranoid, use it offline from a Linux LIVE DVD, close the curtains, and the tricky part: ensure yourself the software isn't compromised).

fred21

member

Activity: 154

Merit: 29

Hello,

I would like to create my own hierarchical deterministic wallet like a paper wallet. Mainly because I want a new address for every transaction and I want to be totally in control of the wallet (so no hard ware wallet or app wallet)

Here are my questions :

1)For example, I have used https://coinb.in/#newHDaddress. Are there other places to do this?

2) on https://coinb.in/#newHDaddress :
By clicking GENERATE I get

xPub Address :

xpub661MyMwAqRbcGUuv17GHY2HyJYV73nTpvTandSM1sfGwMoLwt4vyPyvTUHfmpC31KypDxhRa5D3 QMFbnGkWVvGNz3Y9eoGwzj91r1QmpDi1

xPrv Address :

xprv9s21ZrQH143K3zqSu5jHAtMEkWeceKjyZEfBq3wQKKjxV11oLXcirBbyd2QZCyPjxbdYQtQGP6E JR3iXuZNBiSw8jaBRs6NdWF1kTSnMJCV

Is it this really done randomly like in https://www.bitaddress.org/ with no risk of being bruteforced or compromized?

2) in below "Address Options", "Custom Seed or Brain Wallet", I can type whatever I want? what is the use-case for this field?

I have other questions but let's first answer those above.

Thanks,

fred

Topic: making my own HD paper wallet (Read 397 times)