Pages:
Author

Topic: paper wallet - security concerns - best way to create one. (Read 990 times)

hero member
Activity: 812
Merit: 1000
I use electrum cold storage now (on a separate machine which stays offline), it is much easier to maintain an electrum wallet then printing and keeping of paper wallets, all you have to do is to make sure to keep back up of your seed/password somewhere safe, so even if for some reason the wallet gets corrupted, all you have to do is just restore another using the seed/password.
full member
Activity: 206
Merit: 100
I used bitcoinpaperwallet.com because the wallets are much prettier  Kiss

While you're at it, print a whole bunch, because they should be used only once.

I used Revlar plastic paper, which is waterproof, and very sturdy. I used a color laser printer because inkjet ink is not waterproof.

I store the wallets in a safe, along with my jewelry and gold.

I used a color laser printer we have at the office, which I know is not the most secure choice because it's on the LAN, but while printing the wallets, I had it off the net, connected to a laptop that was booted from a CD-ROM with a Linux and the web site. After I was done, I power cycled the printer, then put it back on the LAN, and then my coworkers started sending jobs to it, which should erase its memory sufficiently.
legendary
Activity: 1498
Merit: 1117
found usb drive with tails OS.
worked like a charm. i made a test paper wallet and then sent 0.001 to this address. after that i went back to my standard OS, installed electreum and used the seed words. et voila




legendary
Activity: 1498
Merit: 1117


I think Tails (the OS that Edward Snowden uses) is very easy to boot, you just open it and create your wallet with internet off and that's all.

yes, thats it.  Shocked i could have thought about that by myself. i hope that i can find the usb-drive with the installation.
legendary
Activity: 1904
Merit: 1074
Take a old outdated computer and printer, disconnect it from the internet. Download the source from GitHub or just save the site in html on a memory stick and copy it to the offline computer. Then

generate as many paper wallets as you like and print and laminate them. Destroy the computer and printer or keep them offline and you will be fine. Who would want to go through all the trouble of

hunting down your paper wallets, if the coins are spread over multiple paper wallets. Remember to store a copy of the private key at a separate location... if the first location burns down or a flood

destroy your first copy, you can fall back on the backup copies. That is pretty much it...  Grin ... If you store big amounts... the spending on a old computer and printer, will not break your bank.  Wink
legendary
Activity: 1358
Merit: 1014
hi

i read about paper wallets here: https://en.bitcoin.it/wiki/Paper_wallet

this part is the most important for me:
Quote
Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation.

i don't want to make things more insecure than without a paper wallet.

there are some websites that claim to help you with paper wallets.
e.g https://bitcoinpaperwallet.com or  https://www.bitaddress.org
why should i trust them?

so please help me find a secure way to create a paper wallet. and please consider that i don't want to spend hours to achieve my goal.

thanks.


The most secure workflow:
  • download the sourcecode of bitaddress.org straight from github https://github.com/pointbiz/bitaddress.org
  • put it on a thumbdrive
  • boot a linux live cd WITHOUT INTERNET CONNECTION, insert the thumbdrive, check the md5 hash of the zip you downloaded
  • unzip the zip, run the website locally without internet connection
  • generate a paper wallet, use BIP38 encryption with a strong password of passphrase
  • either connect a printer directly to the offline PC (make sure the printer isn't online) or print the paper wallet as pdf and put it on the thumbdrive, use an offline printer that allows input from a thumbdrive, and print your wallet directly from the thumbdrive
  • in case you used a thumbdrive, overwrite the thumbdrive with random characters several times after you're done(there are guides on how to do this TL;DR: dd if=/dev/urandom > /dev/sd*** -> replace with correct device)
  • reboot your pc, send a couple big printjobs to your printer, reboot your printer

Maybe somebody will see some addendums here, but i think it's pretty complete...
It goes without saying: don't make pictures of your workflow, don't do this in public, make sure nobody you don't trust is watching (filming, photographing) your private key...

Also, it's a good idear to laminate your key and store it in a physical secure location (with a bank or notary in a special safe) or make copys (but be carefull as to where you'll store them)

One step that is often overlooked is the integrity of the OS that you are using. If your OS is compromised, your Bitcoins will be compromised. So beside BIP38 and all that, you must and I repeat, you MUST boot with an OS that can't be modified, in other words in read only, in other words, you must boot your OS from the ram memory.

I think Tails (the OS that Edward Snowden uses) is very easy to boot, you just open it and create your wallet with internet off and that's all.
legendary
Activity: 1806
Merit: 1164
Just bypass paper wallets and go straight to using a Trezor. You have to be very careful about change addresses and exposing your private keys when spending from a paper wallet.
hero member
Activity: 1106
Merit: 521
hi

i read about paper wallets here: https://en.bitcoin.it/wiki/Paper_wallet

this part is the most important for me:
Quote
Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation.

i don't want to make things more insecure than without a paper wallet.

there are some websites that claim to help you with paper wallets.
e.g https://bitcoinpaperwallet.com or  https://www.bitaddress.org
why should i trust them?

so please help me find a secure way to create a paper wallet. and please consider that i don't want to spend hours to achieve my goal.

thanks.


Bitaddress has been around for years and has been tested by some very experienced people.  I have used it for my own paperwallets.  have a look at vanitygen where you can create your own vanity addresess or just an address with priv key.
sr. member
Activity: 350
Merit: 251
Shit, did I leave the stove on?
I think the Linux live distro cd is the best approach as you won't need to format any HDD on a second computer and reinstall the OS to make a secure environment. Also make sure that you are offline while generating the paper wallet. If you don't have a printer just buy the cheapest one around with no fancy features and print it at home because I don't trust public ones. Also laminating the paper wallet and putting it in a safe deposit box will make it last forever while hardware wallets may break.
legendary
Activity: 2282
Merit: 1023
Download bitaddress.org into thumbdrive --> disconnect all network cables/wifi --> Format the computer everything
--> reinstall OS --> run the downloaded bitaddress.org --> print using offline printer --> Keep you paper wallet secure
--> format all the drives (hard drive and thumbdrive) --> secure!

... or maybe not. The formatting part is important as some people maybe able to recover data from formatted harddisk...
legendary
Activity: 1498
Merit: 1117

Ledger HW wallets are deterministic. When you initialise them, you get 24? seed words, which you have to write down.
If you ever break your HW wallet, you can order a new one and restore it from the seed words you've written down Smiley
The cheapest ones are $18, and i think they're well worth the investment.


mhh, then i think it should be possible like this too:

install a software wallet  (e.g. multibit_hd) on a clean os, disconnected from internet. generate an address and write down the wallet words. afterwords erase the sdd.

hero member
Activity: 938
Merit: 501
I downloaded the bitaddress.org html file off github and then ran it and printed out my paper wallets in offline mode
newbie
Activity: 56
Merit: 0
The most secure workflow:
Download the source code of bitaddress.org straight from github https://github.com/pointbiz/bitaddress.org
Put it on a thumbdrive and then boot a Linux live CD WITHOUT INTERNET CONNECTION, insert the thumbdrive, check the md5 hash of the zip you downloaded and unzip the zip, run the website locally without internet connection and generate a paper wallet, use BIP38 encryption with a strong password of pass phrase and either connect a printer directly to the offline PC (make sure the printer isn't online) or print the paper wallet as pdf and put it on the thumbdrive, use an offline printer that allows input from a thumbdrive, and print your wallet directly from the thumbdrive
in case you used a thumbdrive, overwrite the thumbdrive with random characters several times after you're done(there are guides on how to do this TL;DR: dd if=/dev/urandom > /dev/sd*** -> replace with correct device)
reboot your pc, send a couple big printjobs to your printer, reboot your printer

Maybe somebody will see some addendums here, but i think it's pretty complete...
It goes without saying: don't make pictures of your workflow, don't do this in public, make sure nobody you don't trust is watching (filming, photographing) your private key...

Also, it's a good idea to laminate your key and store it in a physical secure location (with a bank or notary in a special safe) or make copys (but be carefull as to where you'll store them)
legendary
Activity: 2422
Merit: 1451
Leading Crypto Sports Betting & Casino Platform
hi

i read about paper wallets here: https://en.bitcoin.it/wiki/Paper_wallet

this part is the most important for me:
Quote
Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation.

i don't want to make things more insecure than without a paper wallet.

there are some websites that claim to help you with paper wallets.
e.g https://bitcoinpaperwallet.com or  https://www.bitaddress.org
why should i trust them?

so please help me find a secure way to create a paper wallet. and please consider that i don't want to spend hours to achieve my goal.

thanks.


The most secure workflow:
  • download the sourcecode of bitaddress.org straight from github https://github.com/pointbiz/bitaddress.org
  • put it on a thumbdrive
  • boot a linux live cd WITHOUT INTERNET CONNECTION, insert the thumbdrive, check the md5 hash of the zip you downloaded
  • unzip the zip, run the website locally without internet connection
  • generate a paper wallet, use BIP38 encryption with a strong password of passphrase
  • either connect a printer directly to the offline PC (make sure the printer isn't online) or print the paper wallet as pdf and put it on the thumbdrive, use an offline printer that allows input from a thumbdrive, and print your wallet directly from the thumbdrive
  • in case you used a thumbdrive, overwrite the thumbdrive with random characters several times after you're done(there are guides on how to do this TL;DR: dd if=/dev/urandom > /dev/sd*** -> replace with correct device)
  • reboot your pc, send a couple big printjobs to your printer, reboot your printer

Maybe somebody will see some addendums here, but i think it's pretty complete...
It goes without saying: don't make pictures of your workflow, don't do this in public, make sure nobody you don't trust is watching (filming, photographing) your private key...

Also, it's a good idear to laminate your key and store it in a physical secure location (with a bank or notary in a special safe) or make copys (but be carefull as to where you'll store them)

To add to that, certain printers contain hard drives. So try and check for that if you care.
legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
Vlom judging from your rank, I think you have enough bitcoins that you want to store in a secure place. Paper wallet is secure enough but needs some jobs to be done by you, if you are comfortable with the very nice explanation here then it is ok, but if you want you can buy a Ledger Nano for just 20 USD 0.045 BTC price and store them securely there. Just my suggestion.


i have been thinking about hw-wallets. but how can i backup these things. in case of a hw failure? but this i an other topic....

Ledger HW wallets are deterministic. When you initialise them, you get 24? seed words, which you have to write down.
If you ever break your HW wallet, you can order a new one and restore it from the seed words you've written down Smiley
The cheapest ones are $18, and i think they're well worth the investment.

However, i personally do not believe them to be more secure than a well-prepped paper wallet... Offcourse, i also think they leave less room for error than generating a paper wallet, which makes them ideal for people that don't want to invest a lot of time into generating paper wallets, or are in doubt about the correct procedure.
copper member
Activity: 1442
Merit: 529
Vlom judging from your rank, I think you have enough bitcoins that you want to store in a secure place. Paper wallet is secure enough but needs some jobs to be done by you, if you are comfortable with the very nice explanation here then it is ok, but if you want you can buy a Ledger Nano for just 20 USD 0.045 BTC price and store them securely there. Just my suggestion.


i have been thinking about hw-wallets. but how can i backup these things. in case of a hw failure? but this i an other topic....

You can't but the percentage of a hw wallet failing is pretty low, basically the same as if your house get hit by fire and you lose your paper wallet Smiley .
You can try putting the hardware wallet in a safe place of yours and use it as rarely as you can, this way chances of it getting failure are pretty pretty low.
legendary
Activity: 1498
Merit: 1117
Vlom judging from your rank, I think you have enough bitcoins that you want to store in a secure place. Paper wallet is secure enough but needs some jobs to be done by you, if you are comfortable with the very nice explanation here then it is ok, but if you want you can buy a Ledger Nano for just 20 USD 0.045 BTC price and store them securely there. Just my suggestion.


i have been thinking about hw-wallets. but how can i backup these things. in case of a hw failure? but this i an other topic....
copper member
Activity: 1442
Merit: 529
Vlom judging from your rank, I think you have enough bitcoins that you want to store in a secure place. Paper wallet is secure enough but needs some jobs to be done by you, if you are comfortable with the very nice explanation here then it is ok, but if you want you can buy a Ledger Nano for just 20 USD 0.045 BTC price and store them securely there. Just my suggestion.
legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
thank you for this how-to.
it really sounds like working for 5 hours.

i will think about it and in the meantime i will try to check the trustworthiness of bitaddress.org.

You're welcome  Grin
Actually, it looks like a really big task, but in reality it only takes about an hour (the biggest timeconsumer is downloading a livecd... I personally used lubuntu, but you can pick one here: https://en.wikipedia.org/wiki/List_of_live_CDs
If you have a livecd (preferably linux) laying around, it should be ok, it doesn't matter which version, since you're not using it to go online anyways.

bitaddress.org is pretty trusted, but it's always a good idear to check out those thing for yourself, after all, it's about money Wink
legendary
Activity: 1498
Merit: 1117
thank you for this how-to.
it really sounds like working for 5 hours.

i will think about it and in the meantime i will try to check the trustworthiness of bitaddress.org.
Pages:
Jump to: