Topic: Paper Wallets (Read 540 times)

He wasn't saying crypto user, as in someone who uses cryptocurrencies... he was saying "cryptographer"... as in an expert in cryptography:



In any case, pooya87's advice is sound... if you want to secure your paper wallet, then there is no point in reinventing the wheel. BIP38 is a tried and proven method to do so. Just make sure that you're not compromising the security of your wallets by using easily guessable password(s)!

Thank you Pooya87. 
I consider myself a middle of the road crypto user.  Not a complete expert but certainly not a complete newbie either.
I was not fully aware of the BIP38 method that you gave me a link to.  It does seem like a good solution.  I will read up on it further and experiment with it.
Thanks again for bringing my attention to it.
The Digital Man

why are you trying to come up with your own unique way? are you an experienced cryptographer? if not then it is always a better idea to use the already tested encryption methods that have been proposed and are in use such as BIP38 (https://github.com/bitcoin/bips/blob/master/bip-0038.mediawiki) the result would look like this:
and since the encoding is the same Base58 (same characters) you could use crypto-steel to store it. but it will be a lot more secure since it is using strong encryption techniques (AES-256 using a stretched key).

I hear you.  And I appreciate the feedback and critical thinking.  However, if it is my intention to keep this private key secure then I don't see a problem.  I'm simply looking at adding another thin layer of protection to the secure method in which I intend to store the key in the first place.  Maybe suggesting it would be in my top desk drawer was a misnomer.  I'm going to sleep on this and think some more about it.  I have a trezor but I don't like keeping all my eggs in one basket so I've been thinking about putting some of it into paper wallets. Just trying to think of how to mitigate any weaknesses the paper wallet has.

The Digital Man

Nothing in particular. But if someone was snooping around for your private key and found it, but then discovered it was invalid, it would be reasonable for them to assume that the string of characters they had was somehow related to your key. You have to assume they would try brute forcing various combinations, including character swaps, character substitutions, basic substitution and transposition ciphers, and so forth.

If you were to encrypt your key using a secure encryption method, then that would be very secure. However, you are now just moving the problem one step down the line: How and where are you going to securely store your decryption key?

Thanks Hero Member.

RE: "No. If someone was to try swapping every 2 character combination in a 52 digit WIF key, that is only in the region of 1300 possibilities. That could be brute forced in seconds."

I get that trying all the combinations of a 2-Character swap would be fairly easy.  And I'll accept your judgement of it not being a secure method.  But if the person did not know it was a 2 character swap what makes anyone think that they would try all those combinations?

Perhaps not only are the characters swapped but then the entire string is run through a Key Encryption Cypher to change all the characters to something else.

I'll have to give this some more thought.  I'm just trying to think of ways to make the wallet more secure without having to rent out a bank vault.  I don't intend to leave them laying around on the coffee table.  But I also do not want the private key just written out there in plain sight if someone were to find one of my wallets.

The Digital Man

No.

Assuming your key is in Base58 Wallet Import Format, swapping two characters around will almost certainly generate an invalid key. The chance of the checksum still being valid after you change the address is 1 in 4.3 billion.

He might realize you have scrambled the key in some way, but that will provide zero clues on how to unscramble it. All he can do is brute force a variety of combinations.

No.

No. If someone was to try swapping every 2 character combination in a 52 digit WIF key, that is only in the region of 1300 possibilities. That could be brute forced in seconds.

Adding more swaps makes it harder, but still not hard enough to not be able to be brute forced relatively quickly. This is a very insecure method of storing your coins.

Correct.

You do not need both the private key and the address to steal the coins. Having just the private key on its own is enough to control all the coins. The public address is derived from the private key, so importing the private key in to a wallet will automatically show you the relevant public address.

If you are this concerned about someone else being able to gain physical access to your private key, then storing it in plain text is not the method you should be choosing. Either store it somewhere secure that other people cannot access it, or look in to using an encrypted airgapped machine or hardware wallet.

I follow the process you have outlined above but correct me if I'm wrong.  The private key exists in your notebook written down correctly so that if anybody is able to copy it they will be able to steal your bitcoin (assuming they get a copy of the address as well).  Which I understand you are saving in a separate place.  So that's one method.  Keeping the two items separate.  I'm interested in obscuring the Private Key by jumbling it up.  My question was would it be obvious to anyone if I jumbled it?

I was simply trying to understand how secure a private key would be if two of it's characters were swapped so that it was no longer correct.  And if "what was done to the key would be obvious?". i.e. would it be obvious that the key was "almost" correct and just needed a couple of it's characters swapped back into place.  I am banking on the fact that this will not be the case.  That when the private key fails it will be anybody's guess as to why?  Other then the fact that it is NOT the CORRECT private key.  I'm simply wanting to confirm this.

Thanks

The Digital Man

There is absolutely no problem in using paper wallets, if you know how to use it. Follow this...

1. Download BitAddress.org JS code from https://github.com/pointbiz/bitaddress.org.

2. Run it in an offline computer and generate Address + Private Key.

3. Copy the Address in a text file and write down the Private Key by hand in your notebook.

4. Write the Private Key from your notebook to the text file by typing and run it through BitAddress.org JS code to see whether it generates back the same Address in the text file.

5. Now remove all traces of the Private Key, save the text file with Address and wipe out the temporary cache from your browser.

6. Download Coinb.in JS code from https://github.com/OutCast3k/coinbin/ and use it to sweep fund received at the generated Address.

Chris...  I appreciate your replies.  And you seem to have a good handle on this subject.  So I am now at a point where I want to ask another question.  This is regarding the private key.
Is there any discernable pattern in a private key?  I am assuming no based on what I know about them.

So my question is.  Would it be obvious to a person if a couple of the characters in a private key were swapped?  Let's say for example that I create my paper wallet.  I have nosy relatives that I don't trust.  So I swap the 13th and 27th characters around.  A simple swap.  I then pound the characters into my crypto steel plate and put it into my top desk drawer for safe keeping.  Fast forward to Thanksgiving and one of my nosy relatives sneaks into my study and finds the plate.  He photographs it with his smart phone and later after getting back home attempts to sweep the public address into his own wallet.  The problem is he get's an error message (I'm assuming he would either get an error message or the notification that there is no bitcoins to be swept) saying wrong private key or maybe he just gets a message saying there are no bitcoins.  Of course he sees them in the public address so he knows they are there.  Could he at that point realizing I mixed up the private key figure out how to unscramble it?  Would there be a way for a good hacker to do that?  It is my understanding that it would not be possible.  But I want to be sure.  Would there be a way for them to determine that the key is good up through the first 12 characters?  Then realizing Character 13 is bad could they somehow run some kind of key hacking software to figure out what Character 13 should be?  Is swapping just 2 characters around in a private key enough?  Or should I swap 4 or 6?  Obviously the more I mix it up the harder it would be to hack it but I don't want to make it impossible for me to unscramble either.  I'm assuming a thief wouldn't really have a clue what to do if the private key does not work.  They wouldn't even know that it was almost correct would they? My original intent was to save the addresses separately from the keys and have a system for marrying them up.  But I like this idea better.  Partly because it looks like a normal paper wallet.  And I myself can certainly sweep the contents of it whenever I please.  I might leave a paragraph in my will on how to decode these for my children on the off chance I don't spend all of them before I die.

Anyway, I appreciate your time in reading this and would like your thoughts on it.

Thanks Chris!

The Digital Man

If you'd like to see objections and debunking re: paper wallets I've been having a good time at https://bitcointalksearch.org/topic/m.51734098. In hindsight, maybe dissing hardware wallets in a part of the forum that everyone uses hardware wallets wasn't the best choice, but hey, I'm not here to pat people on the back and tell them what a great job they did buying a $100 glorified USB. I'm here to help educate the next wave of bitcoiners.

You might also want to read this:

How to Write, Store, and Preserve Your Cryptocurrency Wallet Seed on Paper

Isn't that wiki article just horrible? I've always used a "paper" wallet, stored it properly and never had any issues. I do agree that the name should be retired. It's just an offline backup or air-gap generated private key.

You never have to worry about some kid hacking your device with offline private keys. The only risk is physical access or your house burning down. There are many materials out there that won't burn in a house fire. Get creative.


I wonder why a company selling hardware wallets wouldn't want people storing their funds more securely, and for free . Strange /s

OP, you might want to check this article out by Trezor: https://blog.trezor.io/paper-wallets-a-relic-of-the-past-1f711ba82b8c

Thanks pooya87.  You point out some sound ways of doing it.  And I agree with the testing as far as testing the methodology goes.  I won't try to re-use the tested address.

just FYI you don't have to use any of these paper wallet specific generators to create a paper wallet! you can use literary any wallet that allows you to export your private keys. so for example you can install bitcoin-core on an offline computer and generate a new private key, encrypt that and print it. (you may need another tool for encryption though.

also make sure to test your method first before sending actual bitcoins to that wallet. for example restart the offline OS and try to recover what you created, or you can even create one paper wallet and send a small amount like $1 worth of bitcoin to it and then spend it right away to both learn how things work and also test if your setup was correct.

Thanks!  I will avoid that one!

Paper wallets are equally safe like the hardware wallets like Trezor. Storing something which is fragile like a paper wallet is never an easy task for anyone.  Fortunately,  most of the traditional banks across the globe have the capacity to protect such important documents from any harm. So for people who cannot be careful with paper wallets can save them at the bank.

Please be warned about WalletGenerator[dot]net though, please check my thread here, Disclosure: Key generation vulnerability found on WalletGenerator.net.

Thanks everyone for your replies.  I feel much better now.    I intend to encrypt the private keys.  No worries there. I also don't intend to print on actual paper.  One of you had great ideas in regard to that.  I might add some of them to my own.  Anyway, I just wanted to be sure I wasn't missing something fundamental.