Author

Topic: Personal 2-factor storing of private keys (10 BTC bounty) (Read 2884 times)

newbie
Activity: 3
Merit: 10
This has been implemented. Thanks!
newbie
Activity: 3
Merit: 10
I will give 10 BTC bounty for someone to create a pull request to modify bitaddress.org to give me an option to create an encrypted paper wallet using BIP 38.
newbie
Activity: 3
Merit: 10
Actually this is my plan:
  • use my chromebook in guest mode to access the bitaddress.org
  • generate the encrypted paper wallet
  • print 3 copies out
  • put a copy each in 3 different bank safes
  • save the passphrase in LastPass
  • save the passphrase somewhere encrypted on Google Drive
  • use deadmansswitch.net to send the passphrase (and instructions) out in case something happens to me

3 physical locations and 3 electronic locations. If someone manages to hack my computer and get access to the passphrase, it's useless without the encrypted paper wallet. If someone breaks into my bank safe and steals the encrypted paper wallet, it's useless without my passphrase. And if anything happens to me, my family will know how to recover the bitcoins.
sr. member
Activity: 330
Merit: 397
Here's a script that lets you split a private key into N parts, of which any K can be used to reconstitute the original, where you pick the N and K when splitting.

https://github.com/vbuterin/btckeysplit
member
Activity: 85
Merit: 10
1h79nc
I will give 10 BTC bounty for someone to create a pull request to modify bitaddress.org to give me an option to create an encrypted paper wallet using BIP 38.
You should contact the winner of the bounty of the other thread, I know there were some other competing entries as well so you should have a good shot at getting this implemented.
Oops, didn't check the other thread first. Good luck!
member
Activity: 85
Merit: 10
1h79nc
Thanks BIP38 seems like what I want. But there doesn't seem to be an easy tool to do the encryption or decryption yet. I don't run Windows. Smiley
And here's my dead man's switch: http://www.deadmansswitch.net/

There was a BIP38 bounty that Casascius posted a few days ago to implement it in javascript. There is now an implementation you can run here: http://scintill.github.com/bitaddress.org-bip38.html (go to wallet details)

Also see this thread for more info: https://bitcointalksearch.org/topic/20-btc-bounty-javascript-implementation-of-bip-38-claimed-136651
hero member
Activity: 955
Merit: 1002
A simple non-techie approach, which I use, is to print out a paper wallet and then use this private key as the first factor.
Paste this into http://brainwallet.org/ passphrase field and then add your password as the second factor creating a new private key/address - send all your bitcoins to this address.
You can allow some access to the original paper wallet, so you can safely store it in many places, with family members etc

example.
paper wallet address 1JwSSubhmg6iPtRjtyqhUYYH7bZg3Lfy1T
private key 5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hS

passphrase for brainwallet:

5KJvsngHeMpm884wtkJNzQGaCErckhHJBGFsvd3VyK5qMZXj3hSthisismydifficulttoguesspass word

producing address 1GuJmVpp4x1bhNoj67ngViEyk6Aa1yadVB - to which you can send all your stored wealth.

Goes without saying that this should all be done offline on a fresh os install.



legendary
Activity: 2506
Merit: 1010
I'm trying to come up with a safe way to store my bitcoins where you would need 2-factor to spend the coins. The simple approach I can come up with is to store my private keys in a bank safe, but make sure that the private keys are encrypted with a strong password that only I know. I would then set up a dead man's switch to send that password out in case anything happens to me. This way, you would need to have access to my bank safe and know my password in order to spend the coins. That seems pretty safe to me. Thoughts?

Now the question is, what is a simple way to encrypt my private keys? I need something that's secure but also easy to use to decrypt. Since I have to describe how to decrypt the keys in my dead man's switch email.

Some related threads:

Dead Man's Switch?
 - https://bitcointalksearch.org/topic/dead-mans-switch-110353

Casascius "accidentally" creates a 2-party escrow GUI.
 - http://www.reddit.com/r/Bitcoin/comments/14j7wx

pybtcsplit - m-of-n Private Key Splitting made easy in one simple python utility
 - https://bitcointalksearch.org/topic/pybtcsplit-m-of-n-private-key-splitting-made-easy-in-one-simple-python-utility-104086

To generate a split key there is a new feature (v2.1) in the Vanity Wallet on bitaddress.org
- https://bitcointalksearch.org/topic/m.1421075


That or how about just a password-protected PDF?  That has the benefit of being completely usable by a layperson given only the file and the password.  This also uses AES under the hood.
- https://bitcointalksearch.org/topic/how-do-i-encrypt-a-paper-wallet-from-bitaddressorg-92374

Lately I have been working on an iPhone app to implement a BIP 38 tool for the end user.
 - https://bitcointalksearch.org/topic/m.1430037
newbie
Activity: 3
Merit: 10
I'm trying to come up with a safe way to store my bitcoins where you would need 2-factor to spend the coins. The simple approach I can come up with is to store my private keys in a bank safe, but make sure that the private keys are encrypted with a strong password that only I know. I would then set up a dead man's switch to send that password out in case anything happens to me. This way, you would need to have access to my bank safe and know my password in order to spend the coins. That seems pretty safe to me. Thoughts?

Now the question is, what is a simple way to encrypt my private keys? I need something that's secure but also easy to use to decrypt. Since I have to describe how to decrypt the keys in my dead man's switch email.

I will give 10 BTC bounty for someone to create a pull request to modify bitaddress.org to give me an option to create an encrypted paper wallet using BIP 38. Claimed!
Jump to: