Pages:
Author

Topic: Piper Paper Wallet - Why are there no replies??? - page 2. (Read 4241 times)

hero member
Activity: 896
Merit: 532
Former curator of The Bitcoin Museum
The project is quite cool, but it is flawed.

The printer uses thermal paper. Thermal paper fades VERY quickly. Now that's a pretty big flaw.

If it was part of a throwaway quick use system (designed to be used imidiately) it could be useful.

If the designer changed it to your old style dot matrix printing I'd buy 2 of these right now.
full member
Activity: 168
Merit: 100
https://bitcointalksearch.org/topic/self-made-offline-paper-wallets-using-latex-213946

That's not my project but I'm going to do something similar.

My plan is to make a bootable linux DVD with a minimal gui environment, TeXLive install, and a gui app that then creates paper wallets in similar fashion to what is at that link.

Output will be PDF, copy PDF to a thumb drive and then print on your regular printer.

With US Letter you can get 3 wallets per page that when cut will fit nicely into a standard security envelope.

What I'm actually thinking of doing is having it create 2 PDF files - one with the private keys (3 per page) and one using a standard label template that public keys can be printed on.

So you print your private keys (public also on it), put the label stock into your printer and print the public keys.

Put private key into security envelope, seal it, and put public key sticker on the outside.

The boot DVD does not need to bring any network interfaces up. Only security risk is the PDF files that you copy to the thumb drive and possibly printer buffer (or wireless network to printer) but if you have a linux friendly printer direct connected not even that issue exists as you can just print from the boot DVD.

LaTeX has cake QR code generation - (pst-barcode package) - and using something like python could easily generate the .tex files to feed it.

As far as a hardware device, there's no need for it.
A boot DVD is all you need.
legendary
Activity: 1050
Merit: 1002
With Armory you don't need a printer, just a pen and paper. It's more secure as well as you don't have to trust the buffer of the printer and your paper wallet looks far less generic.

Hmm, looking at Piper's FAQ page it's actually a full computer (Linux distro) allowing you to hook up peripherals like a different printer. You can also customize the wallets or just use pen and paper with it too. Copying addresses out by hand introduces human error and time into the equation, but yeah that's an option. There are lots of options with Bitcoin, however, Trezor seems most well rounded.
legendary
Activity: 1050
Merit: 1002
How does this improve over the paper wallet functionality in Armory (on a permanently offline computer with a fresh OS of course)?

I guess it doesn't, really. The Armory version will give you a more stable printout, but you have to have an offline computer and printer and get all the software set up. With Piper you just press a button. Of course then you have to take better care of the printouts as discussed.

There is no single killer solution yet. Every option has pros and cons and can work better for some users depending on their specific use case. However, I think the Trezor for now provides the best combination of ease of use, unbeatable security, and range of functionality for coin management. It will be the silver bullet solution I think for a long while.
legendary
Activity: 2324
Merit: 1125
How does this improve over the paper wallet functionality in Armory (on a permanently offline computer with a fresh OS of course)?
legendary
Activity: 1050
Merit: 1002
The killer flaw IMHO is the printer is a heat transfer printer.  As anyone who has seen a paper receipt fade knows those are horribly unreliable for stability.  Expose them to too much light or heat and you will ruin the image.  

That is true. I'd rather see a different kind of printer in this thing but for that problem there are existing (easy) solutions (see above).


Well I don't consider those solutions either easy or good.   Someone who has an offline computer and scanner could simply use that computer for storing coins.  Someone who puts private keys in a digital camera is very likely to accidentally upload them to a computer.  Worse more and more for many people the cellphone is the most common digital camera.  I doubt many people will use their instant-one-button secure printer and then go find a copy machine to make a lasting copy.

No the most common scenario is someone prints out a keypair, puts it away and when they check months or years later the key has faded and all coins are lost.

If you think about the target audience it is going to result in lost coins.

I agree those printouts may not work well in practice... However people might also be more careful with them. Store them in a ziplock bag to protect from moisture and in a safe place, for example. I'd definitely make a USB stick copy too. Also, from what I understand the Piper stores all the keys in memory unless you tell it to forget them.
donator
Activity: 1218
Merit: 1079
Gerald Davis
The killer flaw IMHO is the printer is a heat transfer printer.  As anyone who has seen a paper receipt fade knows those are horribly unreliable for stability.  Expose them to too much light or heat and you will ruin the image. 

That is true. I'd rather see a different kind of printer in this thing but for that problem there are existing (easy) solutions (see above).


Well I don't consider those solutions either easy or good.   Someone who has an offline computer and scanner could simply use that computer for storing coins.  Someone who puts private keys in a digital camera is very likely to accidentally upload them to a computer.  Worse more and more for many people the cellphone is the most common digital camera.  I doubt many people will use their instant-one-button secure printer and then go find a copy machine to make a lasting copy.

No the most common scenario is someone prints out a keypair, puts it away and when they check months or years later the key has faded and all coins are lost.

If you think about the target audience it is going to result in lost coins.
sr. member
Activity: 261
Merit: 285
PS: There seem to be two models: type A and type B - type B has an ethernet port...what's with that?

I believe this has to do with whether a Raspberry Pi Model A vs Model B is being used under the hood. See:

http://www.element14.com/community/docs/DOC-51668/l/raspberry-pi-model-a-versus-model-b-chart
legendary
Activity: 1050
Merit: 1002
Quote
The second problem is a paper wallet doesn't mean full security. If you enter a private key onto a compromised computer your bitcoins can be stolen in a fraction of a second. A paper wallet only keeps coins secure so long as they only exist with the paper wallet.

In theory that is true but I don't think it is very likely. I imagine after storing a portion of my coins for several months or even years I visit blockinfo.com, open my online wallet (2 factor auth.) and Import the keys in a few seconds. What are the odds that exactly that instant an attacker breaches my system?

The odds could be good actually.

The nature of bitcoins make them unbelievably attractive to hackers that are immoral. Their increasing adoption and value will only increase attempts to steal them.

If your computer or phone has bitcoin targeting malware then it can wait for the second you enter the private key to transfer bitcoins, assuming an Internet connection is available. The malware can make the transfer in fractions of a second, faster than you can block it. Two factor authentication means nothing if your bitcoins are transferred before you even access them.

Computers don't have the physical limits of humans. Waiting days, months or years to steal coins means nothing.

To increase security: a) several paper wallets only holding a fraction of your total b) always 'spending' the whole balance by using the aforementioned method.

The way you describe it above you enter the private key with the majority balance before sending the unspent balance back to a paper wallet. If your system is compromised the majority balance can be stolen before reaching the new wallet.

To me that seems pretty safe.

Security is only as strong as the weakest link in the chain. If you have good habits in general for avoiding malware, then yes you probably have little worry. The problem is unless you're pretty much a security expert you can't be sure how likely you are to have obtained malware.

About Trezor:

a) doesn't ship yet
b) like it in general but it still needs more technical skills and understanding than piper
c) you still have to connect trezor to your online device and how would I know that some future malware can't crack/infect it?
d) can only handle one wallet as far as I know
e) if so - I think it's to expensive at the moment

a) I imagine it will eventually
b) it provides a fuller security solution and so warrants the time to learn it, which is not much
c) malware can't infect it because it doesn't use an operating system; it's function specific
d) it can handle any bitcoin balance, small or large, securely
e) I think that depends
cp1
hero member
Activity: 616
Merit: 500
Stop using branwallets
A majority of people on this site have the expertise to generate paper wallets themselves and thus don't need it.  Those who can't do it themselves probably don't understand why they need a paper wallet.

Overall I like the ability to spend my coins so I use an armory offline wallet.
full member
Activity: 182
Merit: 100
Quote
The second problem is a paper wallet doesn't mean full security. If you enter a private key onto a compromised computer your bitcoins can be stolen in a fraction of a second. A paper wallet only keeps coins secure so long as they only exist with the paper wallet.

In theory that is true but I don't think it is very likely. I imagine after storing a portion of my coins for several months or even years I visit blockinfo.com, open my online wallet (2 factor auth.) and Import the keys in a few seconds. What are the odds that exactly that instant an attacker breaches my system?

To increase security: a) several paper wallets only holding a fraction of your total b) always 'spending' the whole balance by using the aforementioned method.

To me that seems pretty safe.

About Trezor:

a) doesn't ship yet
b) like it in general but it still needs more technical skills and understanding than piper
c) you still have to connect trezor to your online device and how would I know that some future malware can't crack/infect it?
d) can only handle one wallet as far as I know
e) if so - I think it's to expensive at the moment
legendary
Activity: 1050
Merit: 1002

I think there isn't more enthusiasm because it's not a full solution. It doesn't address the coin spending side too.


The private keys can be imported to several interfaces, can't they?
So I imagine what you do is this:

a) take your bitcoin paper wallet (w1) from which you want to spend some coins

b) create a new paper wallet (w2)

c) import the whole balance to a client/an online wallet

d) keep what you want to spend there and send the remaining balance to your new paper wallet (w2)

Done.
Am I missing something?

What do you mean by 'it's not a full solution'?

There are still two problems.

First, is the complexity of manually managing the private keys. If someone is investing in a wallet option they will want it to take care of most of their needs. If the use case is mostly storing and not spending coins, then Piper may be a great no brainer route to go. As you say most everyone can relate to securing physical things.

The second problem is a paper wallet doesn't mean full security. If you enter a private key onto a compromised computer your bitcoins can be stolen in a fraction of a second. A paper wallet only keeps coins secure so long as they only exist with the paper wallet.

Trezor, for example, addresses both problems and is a full solution.
full member
Activity: 182
Merit: 100
The killer flaw IMHO is the printer is a heat transfer printer.  As anyone who has seen a paper receipt fade knows those are horribly unreliable for stability.  Expose them to too much light or heat and you will ruin the image. 

That is true. I'd rather see a different kind of printer in this thing but for that problem there are existing (easy) solutions (see above).
full member
Activity: 182
Merit: 100
Quote

grandama still has to buy the coins and send them to the wallet and import them from the wallet to spend them.

Touché.

Getting the coins and importing the keys could be job for the grandson Wink
(in order to keep her money safe she just needs to remember to only give her grandson the upper part of the 'receipt')
donator
Activity: 1218
Merit: 1079
Gerald Davis
The killer flaw IMHO is the printer is a heat transfer printer.  As anyone who has seen a paper receipt fade knows those are horribly unreliable for stability.  Expose them to too much light or heat and you will ruin the image. 
legendary
Activity: 1722
Merit: 1217
Can you imagine your grandma installing a new system all by herself?
Can you imagine her thinking about shutting down wifi for that period of time?
Can you imagine her being aware that her new smart printer might be unprotected/store the printed data in its buffer?

I can't.

Can you imagine her pressing a single illuminated button on a little black box and ripping of the piece of paper which comes out of it?

I can.



grandama still has to buy the coins and send them to the wallet and import them from the wallet to spend them.
full member
Activity: 182
Merit: 100
Can you imagine your grandma installing a new system all by herself?
Can you imagine her thinking about shutting down wifi for that period of time?
Can you imagine her being aware that her new smart printer might be unprotected/store the printed data in its buffer?

I can't.

Can you imagine her pressing a single illuminated button on a little black box and ripping of the piece of paper which comes out of it?

I can.

legendary
Activity: 1722
Merit: 1217
generating paper wallets offline is a bit of a hassle. however its not as much of a hassle as ordering that thing and having it sit around and take up space and ordering special paper. not to mention paying for the thing.

trezor is the way to go if you want more security than you get with a standard client
full member
Activity: 182
Merit: 100

I think there isn't more enthusiasm because it's not a full solution. It doesn't address the coin spending side too.


The private keys can be imported to several interfaces, can't they?
So I imagine what you do is this:

a) take your bitcoin paper wallet (w1) from which you want to spend some coins

b) create a new paper wallet (w2)

c) import the whole balance to a client/an online wallet

d) keep what you want to spend there and send the remaining balance to your new paper wallet (w2)

Done.
Am I missing something?

What do you mean by 'it's not a full solution'?


full member
Activity: 182
Merit: 100
First of all: thanks everyone for your replies!

I think that paper wallets which have been created completely offline are a very good thing (especially for people who can't secure a wallet otherwise).

Can you loose paper - YES. Can paper become unreadable - YES.

But still taking care of a piece of paper is a concept most people (also non tech-savvy people) are familiar with.
Furthermore paper can be laminated / copied (with an old fashioned Xerox) / scanned with an offline computer or even photographed.

I was more worried that there might be some hidden dangers (other than the paper degrading problem) with this device.
Usually a whole bunch of people asks for security specifications or points out what is / might be wrong with it.

So far I couldn't find anything (and therefore are inclined to get one).

So thank you for your replies once again.
Should you think of any problems this device could have I'd really appreciated your opinions.


PS: There seem to be two models: type A and type B - type B has an ethernet port...what's with that?

Pages:
Jump to: