Pages:
Author

Topic: Paper wallets best practices (Read 434 times)

jr. member
Activity: 184
Merit: 1
July 31, 2019, 01:09:06 PM
#31
I've heard of people saving a copy of  their paper wallet in their bank's vault. Maybe a hidden tattoo is a legit idea?
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
July 31, 2019, 12:26:48 PM
#30
If you have a phone from many years ago that dosnt even have a GPS antenna then it probably doesnt have anything that can be used to communicate with it... Its hard to work this out though. If you're still particularly worried, you could get something like a raspberry pi and a monitor that will stay offline (the models 1 and 2 don't even have inbuilt WiFi chips).

There are various raspi like devices without wifi, even x86. I like those from PC-Engines, where you get to pick and choose wifi radio if you want it (or none). Put linux, openbsd, whatever you trust in them and manage your wallets, offline or online, with absolute control.

Of course you could do that with any old fashioned PC without connectivity of any kind as well.
hero member
Activity: 1918
Merit: 564
July 31, 2019, 10:48:33 AM
#29
I actually wouldn't use a paper wallet. I'd get a small USB stick and create a text file. Then add the private keys to the text file and put the text file on the USB stick.

Throw the USB stick in the safest place you can imagine and you've got yourself secure holding.
I guess this is a good practice since USB is one of the most portable devices that we can have. Then we can also duplicate those copies on multiple USBs. We just need to store it in the safest place that we can remember. If we forgot it and if anyone can steal it then it is not safe anymore. There are safe that are double-locked, digital or manual, as long as it serves its purpose to keep the wallets safe.
newbie
Activity: 3
Merit: 2
July 19, 2019, 09:27:00 PM
#28
Generate your wallet in Electrum on an air gap computer. Save your public key to a usb to transfer to online computer to monitor your balances.

Etch or stamp your seed words on military style dog tag (Amazon.com) and put it in a safe place. (Now, the hardest thing you have to do is determine the safe place.)
jr. member
Activity: 89
Merit: 2
July 13, 2019, 11:16:05 PM
#27
Make sure you keep the private key hidden and discreet. You can also get your paper wallet laminated so it won’t fade or tear. Keep it inside a safe or a location that no one can have access to. You can even use a tool like Cryptosteel to make it disaster proof.
hero member
Activity: 1890
Merit: 831
July 06, 2019, 02:51:25 PM
#26
Hey

Let me just start by saying this :-

*What infact is money made of ?*

It's not a fire resistance, water resistant material , it's infact paper , extremely vulnerable to everything .

Now what would you do if you had like 1 billion dollars in cash ?

You would probably keep it safe in bank or even in accounts, that's the best thing there is , the same is with a paper wallet , consider it a paper Currency.

How you usually handle your money is how you should handle it.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
July 06, 2019, 02:16:05 PM
#25
Most hardware storage drives are often made a bit poorly sometimes.
Essentially, the good data companies went out of business because they did to we and people stopped buying from them because usb sticks lasted so long... I'd suggest usb sticks are probably best but you can get sd cards in bulk more easily (go with Kingston or Toshiba unless you know of a better company, don't look for the cheapest)...




If you have a phone from many years ago that dosnt even have a GPS antenna then it probably doesnt have anything that can be used to communicate with it... Its hard to work this out though. If you're still particularly worried, you could get something like a raspberry pi and a monitor that will stay offline (the models 1 and 2 don't even have inbuilt WiFi chips).



Yeah as soon as you import a paper wallet, by design it should be considered as compromised if the computer is online.

And yes that's how paper wallet storage should be done. I'd suggest printing a qr code too and printing a couple of copies. The computer it is generated on and the printer it is printed out one shouldn't touch the internet again though...

newbie
Activity: 12
Merit: 0
July 06, 2019, 01:03:38 PM
#24
You have to generate the paper wallet somewhere unless you use dice throws and do it purely mathematical.

An SD card can still be compromised when you plug it in, unless to an air-gap. Same with USB drive. Are SD cards' memory more reliable than USBs? I am trying to think of something better than just encrypting a text file with the key pairs and sticking that on a memory card or stick of some kind.

You have to generate the paper wallet somewhere unless you use dice throws and do it purely mathematical.

IF you have to go the paper wallet route (remember, HD seeds are not supported and all the paper wallet websites don't support my coin) what is the best way to go about it? As far as I can tell it is:

1. Generate and text strings/QR codes on air-gapped machine.

2. Print paper wallets from this machine.

3. Properly secure the resulting paper wallets from natural hazards (fire, water etc.) and prying eyes.

4. Encrypt private key before printing via BIP38 ASC256 or something else.

Problem I see is as soon as you scan private key QR from paper wallet into internet-connected machine to spend that coin, it must now be considered in the wild (same is true of memory cards/stick though). The way around this is to use the air-gapped machine to sign txs instead of generating private keys, using QR's to shuttle info back and forth between connected and air-gapped machines. While QR's could be printed by both, probably easier to use cheap smart phone with all network connectivity disabled since you can use's camera to scan and screen to display QR's. This should be its only means of communication to the outside world.

Based on this, how can I be sure a phone's network connectivity (cellular, wifi, bluetooth) is COMPLETELY disabled? I've heard it is possible to remotely access a phone even if all network are turned off in settings? Its not like you can just rip out the relevant hardware from inside it.

Now my wallet doesn't have a mobile version, only a desktop one, so this idea is out. So my options are:

1. An air-gapped desktop printing QRs back and forth
2. A paper wallet of some method
3. Trusting in memory cards/sticks with encrypted text files of key pairs. Based on what has already been said I guess I need multiple cards/sticks to ensure data integrity.

As reluctant as I am to say it the later seems like where I'm probably headed.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
July 06, 2019, 12:13:59 PM
#23

Actually, I totally agree with your main idea. But it doesn't sound wise for me to save all the information on a $ 100 device. I guess you didn't follow the latest developments about Electrum wallets. Unfortunately, there are many problems with the Electrum wallet. I have doubts about trusting such devices and apps.

In fact the best option might be the paper wallet. As you said, taking extra security measures for those who have invested a significant amount.

I've had no issues with electrum? The issues were people that fall for phishing scams.... There were connectivity issues but if you're not in a rush to spend, it doesn't matter and if you are you can put your signed transaction into the network with online tools.

There was a json rpc injection thing also which wasn't as bad as I thought and you could get past that with merely a password which you should use anyway.

None of these issues (other than connectivity ones) have faced android electrum as it doesn't show errors anyway in detail...



An sd card can withstand more than paper can...

You have to generate the paper wallet somewhere unless you use dice throws and do it purely mathematical.
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
July 06, 2019, 11:24:53 AM
#22
Hi all. What are considered "best practices" to ensure a paper wallet is as secure as can be for cold storage? I realize the paper itself is vulnerable to fire, water etc. And to be sure to guard your private key from view of people and cameras. But I've also heard about needing a special printer because most modern printers have memory in them that saves what you print and that can be compromised. Also an "air gapped" computer using something called "iceberg protocol" or something like that. Can someone tell me what is the best way to set up a paper wallet?

Don't print. Make a paper wallet by using seed words, people shouldn't be messing with private keys directly anymore. These words, you write in a piece of paper using your own hands. Then using the same hands copy them to another piece of paper. Secure both in separate physical places, that should be it.

If anything, you'd want to print/copy/email whatever some of the addresses to deposit funds to.

Procedure to make the cold wallets vary but i tend to favor booting a linux iso from usb (like TailsOS), install Electrum, create the wallet and shutdown. There are ways to monitor a cold wallets using Electrum or the other wallets (Electrum just happens to do it quick because SPV, but you depend on others).

If Paranoid run your own bitcoin node first, then you can either use core or your own Electrum server. Don't worry, after the wallet is made you don't need either afterwards, but its nice to have.

Yes you can technically make the wallet with a computer unplugged to the network, and then move some non compromising data to a computer plugged to broadcast.

I like booting TailsOS in the plugged computer because it uses Tor by default, and you want your Electrum wallet to use tor as well (and/or your own server).

The chances of someone catching your seed words when you boot something like TailsOS to make your wallet are minimal. Since the OS wasn't installed in the first place, there was no chance to install a keylogger, and sniffing the network won't do much, unless there is some exploit in that particular version that could be used in the small amount of time it takes you to make the wallet and copy the seed words by hand (which is why some people like to do that part in a computer unplugged to the network).
sr. member
Activity: 1134
Merit: 342
July 06, 2019, 11:14:54 AM
#21


The best practices for paper wallets IMO would be:
1. Put the paper in a fireproof safe if your bitcoins are worth enough for them to be protected (this can also be helpful for dumping the airgapped laptop also so no one tries to check their social media through it)...
2. Air gapped computers are extremely secure on their own (with a password) and are probably better than a paper wallet. But if you're wanting to use a paper wallet (i.e to not put all your eggs in one basket) then air gapping the computer and the printer is the best option.
If you can avoid printing entirely, then try writing out the address or using a QR code (you should encrypt the information you are printing anyway).
A better alternative to writing down your key or printing it off is to use some software like electrum which generates seeds for you to use and these are 12-24 words depending on the security you are after and are much easier to write down and store as you don't have to question "if that's a 5 or an S?".
3. Try finding a way to verify that what you have downloaded to make a seed has given you an accurate address and private keys by putting it into two devices not connected to the internet (or the same device with different operating systems).


Some alternatives to paper wallets:
1. Buy a cheap android phone/tablet for a maximum of $100 (preferably an old one that's still sold) and install electrum on it. Then take it completely offline and put it in a safe and secure place.
2. If you can go a bit higher, you can buy a phone and a trezor (or another hardware wallet) and try using that to store your funds (or use the hardware with a computer instead of a phone, this can also be done in an airgapped way once all firmware is installed).

Actually, I totally agree with your main idea. But it doesn't sound wise for me to save all the information on a $ 100 device. I guess you didn't follow the latest developments about Electrum wallets. Unfortunately, there are many problems with the Electrum wallet. I have doubts about trusting such devices and apps.

In fact the best option might be the paper wallet. As you said, taking extra security measures for those who have invested a significant amount.
legendary
Activity: 2646
Merit: 1106
Enterapp Pre-Sale Live - bit.ly/3UrMCWI
July 06, 2019, 11:05:07 AM
#20
If you really think you are at a lot of risk  at paper wallet then try another kind of storage.

I used electrum and I have the seeds in a small paper. (3 copies) One I always bring and another at my stash which is secured from fire and water.
Oh I literally used a paper and a pen. Just so you know.

Another is just the private keys. Wrote it down in a piece of paper again.
If you want security, go old school. Remember, we have more of privacy before than now. Android, IP's, computers, sim cards, all of them can be used to trace you but not with a pen.
When we find our holdings to be much worth, then we should take the necessary steps to keep it secure. As suggested having few copies of the paper wallet and keeping them secure on different places will ensure the holdings to be more secure.

Another thing is to have a ledger wallet. When you have $1500 worth cryptocurrency holdings, spending 10% value to keep the holdings more secure buying a ledger wallet is the best choice along with having paper wallets.
hero member
Activity: 3052
Merit: 651
July 06, 2019, 10:52:53 AM
#19
If you really think you are at a lot of risk  at paper wallet then try another kind of storage.

I used electrum and I have the seeds in a small paper. (3 copies) One I always bring and another at my stash which is secured from fire and water.
Oh I literally used a paper and a pen. Just so you know.

Another is just the private keys. Wrote it down in a piece of paper again.
If you want security, go old school. Remember, we have more of privacy before than now. Android, IP's, computers, sim cards, all of them can be used to trace you but not with a pen.
member
Activity: 921
Merit: 10
July 06, 2019, 10:06:00 AM
#18
Another way to encrypt your wallet is to come up with a specific algorithm. For example, increase each digit in the wallet address by one and record the result. Thus, even if it is stolen, the scammers will still not be able to steal your funds.
full member
Activity: 924
Merit: 221
July 06, 2019, 09:24:13 AM
#17
There are many paper wallets online that are free to download. But, it could be difficult to trust since many online platforms now had integrated to the system by daby assisting groups m
legendary
Activity: 2758
Merit: 6830
July 06, 2019, 09:06:17 AM
#16
For my own understanding and experience so far, paper wallet is more risk usage, because anytime your device clash or lost from the owner, paper wallet is more difficult to recover, than blockchain wallet.
That's the price you gotta pay if you want to be the true owner of your coins. What happens if Blockchain wallet vanishes? Don't be dependent to other people/services.
member
Activity: 588
Merit: 18
July 06, 2019, 08:51:35 AM
#15
For my own understanding and experience so far, paper wallet is more risk usage, because anytime your device clash or lost from the owner, paper wallet is more difficult to recover, than blockchain wallet.
legendary
Activity: 3472
Merit: 10611
July 06, 2019, 07:56:51 AM
#14
between steps 3-5: is copying the tx through these steps a possible compromising vector?
there is no compromising information inside a raw transaction (unless your wallet is broken and does something that is not normally done in a crazy scenario, and since you are apparently talking about an altcoin you might want to double check this) so transferring it will not have any risk.
although if you are doing the transfer using something like USB disk and connecting that disk to the online computer, then it can be infected there and then "infection" can be transferred to the cold storage.
a way to mitigate is is using QR codes for transactions!

if your wallet doesn't support it, then your only option is finding another application on the internet (hopefully an open source one) and generate the QR code using that tool and using a phone you can scan that and do the transfer back and forth.

Quote
is the private-key part of steps 1-5 an air-gapped computer vs. the public-key/internet-connected part a node?
yes the private key is kept on the air-gaped offline computer never connecting to the internet.
the public keys are kept on the online computer connected to the internet and the P2P network one way or another.

Quote
how do they communicate? QR codes? usb drives?
it can be anything as i explained above. QR codes being the safer option.

Quote
I can see how you'd do all that with electrum but there isn't an electrum version for my coin.
usually other wallets offer some sort of command line tool that has additional "expert" lever options. you might have to look into that.
usually these user friendly options are added since there is a demand for it. but if nobody wants it for some altcoin, obviously nobody creates them.

Quote
I see the BIP38 encryption thing at bitaddress, but that works only for BTC addr's.
your wallet must offer some sort of encryption (they all do), see if there is an option to encrypt/decrypt private keys using that. if not there are popular tools for encrypting messages (raw data) you can simply use one of them, convert your private key to hexadecimal (base-16) format and encrypt it using one of those tools and AES-256 encryption technique which they must support.
hero member
Activity: 2156
Merit: 803
Top Crypto Casino
July 06, 2019, 12:53:18 AM
#13
A paper wallet is considered a primitive way of storing your Bitcoin in 2019. 10 years back technology was not so advanced as it is now.

If you want to store any cryptocurrency safely and securely then the best option available in the market is a Hardware wallet. A good wallet like Ledger Nano X can cost up to $100. They do have other models that cost you less than $100.

It would be wise to spend some money to store your assets than using a paper wallet by a third party website. A paper wallet is not a secure way of storing Bitcoin wallet seeds.

newbie
Activity: 12
Merit: 0
July 06, 2019, 12:13:31 AM
#12
bitaddress.org and walletgenerator.net don't support my coin. my wallet will make QR's for public addresses, but not private keys.

between steps 3-5: is copying the tx through these steps a possible compromising vector?

is the private-key part of steps 1-5 an air-gapped computer vs. the public-key/internet-connected part a node?

how do they communicate? QR codes? usb drives?

I can see how you'd do all that with electrum but there isn't an electrum version for my coin.

I see the BIP38 encryption thing at bitaddress, but that works only for BTC addr's.
Pages:
Jump to: