I've made my truly random-seeded paper wallets.
Topic: Regarding brain paper wallet passwords and secure storage.... (Read 1100 times)
Thanks for all the replies, guys!!
I've made my truly random-seeded paper wallets.
I've made my truly random-seeded paper wallets.
February 17, 2014, 05:12:25 PM
Do you need to remember/record your passphrase??
The short answer is "no" (assuming you've printed out the paper wallet that corresponds with your passphrase.)
My recent update to the generator at bitcoinpaperwallet.com has a unified interface for making brain wallets or rolling dice or shuffling cards, since they're essentially the same thing. The only difference is whether you *choose* to remember the pre-SHA256'd data source.
BTW if you're looking to have a good random source, I think card shuffling is faster and "more" random. See these instructions for details:
February 15, 2014, 08:17:05 PM
I have a few brain wallets setup. Despite the doom and gloom naysayers I am confident the method I use is secure.
First off, I have a two part generation password. The first part is a password that I know followed with a 2 digit sequence number. The second part is generated by a yubikey in static password mode. That puts my brain wallet generation around 75 characters long. I don't see how that could possibly be hacked.
There is a document on the yubico.com website that is a tutorial on how to setup a yubikey for use with truecrypt. The same tutorial works as a guide for how to do what I'm talking about.
Even if the yubikey gets confiscated the password is still required to generate the wallet information. There is information in the document on how to backup the information for the yubikey if it gets lost. Again, password + yubikey is required.
Easy for me to access wallets, hard for anyone else.
First off, I have a two part generation password. The first part is a password that I know followed with a 2 digit sequence number. The second part is generated by a yubikey in static password mode. That puts my brain wallet generation around 75 characters long. I don't see how that could possibly be hacked.
There is a document on the yubico.com website that is a tutorial on how to setup a yubikey for use with truecrypt. The same tutorial works as a guide for how to do what I'm talking about.
Even if the yubikey gets confiscated the password is still required to generate the wallet information. There is information in the document on how to backup the information for the yubikey if it gets lost. Again, password + yubikey is required.
Easy for me to access wallets, hard for anyone else.
February 15, 2014, 07:55:06 PM
Do you need to remember/record your passphrase?? I assume the answer is no, but would like some confirmation on this since the advice given when making a brain wallet is to write down or remember your passphrase.
Ie. If I roll a dice x number of times to generate entropy and generate a brain wallet off the results (on a secure, offline computer), then print the generated private and public key/address, would I ever need to recall the seed if I kept the printed the private key & stored it in a safe deposit box?? That way, the seed is purely random, and no one could ever generate the private key from it since the seed would be destroyed forever.
Also, regarding testing private key validity: I assume running a wallet client offline will be a good way to test the private keys to make sure they are valid and also correspond to the correct public address by inputting the privkey and seeing what public address is created from it (this would be tested in the secure permanently offline PC of course).
Ie. If I roll a dice x number of times to generate entropy and generate a brain wallet off the results (on a secure, offline computer), then print the generated private and public key/address, would I ever need to recall the seed if I kept the printed the private key & stored it in a safe deposit box?? That way, the seed is purely random, and no one could ever generate the private key from it since the seed would be destroyed forever.
Also, regarding testing private key validity: I assume running a wallet client offline will be a good way to test the private keys to make sure they are valid and also correspond to the correct public address by inputting the privkey and seeing what public address is created from it (this would be tested in the secure permanently offline PC of course).
Nice
February 15, 2014, 09:22:30 AM
Got it. So a brain wallet is just a passphrase that is generated into a private key. If I print that key, it's technically the same thing as a paper wallet.
I'd rather do the paper wallet since it can recovered if I die/forget the key/go into a coma etc... I'm just looking for as much entropy as possible whilst still making it easy for a relative to recover the BTC if any of the above should happen.
I'd rather do the paper wallet since it can recovered if I die/forget the key/go into a coma etc... I'm just looking for as much entropy as possible whilst still making it easy for a relative to recover the BTC if any of the above should happen.
February 15, 2014, 12:16:38 AM
Do you need to remember/record your passphrase?? I assume the answer is no, but would like some confirmation on this since the advice given when making a brain wallet is to write down or remember your passphrase.
You must memorize the passphrase because the definition of a "brain wallet" is a wallet with a private key that you memorize. A brain wallet prevents anyone from obtaining your private key, since it only exists in your brain. If you write down the private key then it is called a "paper wallet". Paper wallets must be stored in a secure place.
February 14, 2014, 09:12:00 PM
According to this, I only need to roll 62 times: http://www.reddit.com/r/BitcoinWallet/comments/1p6y5c/secure_paper_wallet_tutorial/
Just generate a private/public key using a random number generator, you're not going to roll enough dice to do it right.
You used the seed or the private key? I will disregard the seed since it is just another step and anther point of reliance involved when I want to restore the wallet.
I just want to be able to enter the private key and spend the totality of the funds contained therein like I have done with the regular address generator.
Sorry if this is an obvious or n00b question, but hours of searching didn't yield an answer and ....how else is one to learn?
I just want to be able to enter the private key and spend the totality of the funds contained therein like I have done with the regular address generator.
Sorry if this is an obvious or n00b question, but hours of searching didn't yield an answer and ....how else is one to learn?
Okay, but provided I had sufficient backup(s) of the private key, I could disregard the original seed forever, right?
Yes.That said I once had issues remembering a password on an Electrum wallet. The seed let me restore the wallet without the password. So, depending on your implementation, it's not a terrible idea to have both securely backed-up somewhere.
Okay, but provided I had sufficient backup(s) of the private key, I could disregard the original seed forever, right?
Do you need to remember/record your passphrase?? I assume the answer is no, but would like some confirmation on this since the advice given when making a brain wallet is to write down or remember your passphrase.
Ie. If I roll a dice x number of times to generate entropy and generate a brain wallet off the results (on a secure, offline computer), then print the generated private and public key/address, would I ever need to recall the seed if I kept the printed the private key & stored it in a safe deposit box?? That way, the seed is purely random, and no one could ever generate the private key from it since the seed would be destroyed forever.
Also, regarding testing private key validity: I assume running a wallet client offline will be a good way to test the private keys to make sure they are valid and also correspond to the correct public address by inputting the privkey and seeing what public address is created from it (this would be tested in the secure permanently offline PC of course).
Ie. If I roll a dice x number of times to generate entropy and generate a brain wallet off the results (on a secure, offline computer), then print the generated private and public key/address, would I ever need to recall the seed if I kept the printed the private key & stored it in a safe deposit box?? That way, the seed is purely random, and no one could ever generate the private key from it since the seed would be destroyed forever.
Also, regarding testing private key validity: I assume running a wallet client offline will be a good way to test the private keys to make sure they are valid and also correspond to the correct public address by inputting the privkey and seeing what public address is created from it (this would be tested in the secure permanently offline PC of course).
I'd keep two+ sets of backups if the value is high enough - I had papers in a safety deposit box in one of the WTC Towers on 9/11 through my bank which were gone as one would expect. Nothing major for me! compared to the loss of life and destruction then. But what if it was a lot of coins? Still nothing compared to the lives lost, but better to have a backup.
Anyway, You could always do that and then use a bip38 encrypted paper wallet.
Yes, dice generated private keys or seeds are fine. But it will take quite a few rolls. My suggestion is looking into how to generate a 128bit number using dice. You can then convert that into an offline electrum wallet (run electrum, choose restore wallet, enter the number in hex as the seed) that will give you all the goodies that come with a wallet like unlimited addresses, transaction signing etc.
C'mon....
Seems like I should have titled this thread, "BITCOIN DOOMED FOR FAILURE EVERYONE SELL SELL SELL." That way, I would have at least gotten a reply 
Do you need to remember/record your passphrase?? I assume the answer is no, but would like some confirmation on this since the advice given when making a brain wallet is to write down or remember your passphrase.
Ie. If I roll a dice x number of times to generate entropy and generate a brain wallet off the results (on a secure, offline computer), then print the generated private and public key/address, would I ever need to recall the seed if I kept the printed the private key & stored it in a safe deposit box?? That way, the seed is purely random, and no one could ever generate the private key from it since the seed would be destroyed forever.
Also, regarding testing private key validity: I assume running a wallet client offline will be a good way to test the private keys to make sure they are valid and also correspond to the correct public address by inputting the privkey and seeing what public address is created from it (this would be tested in the secure permanently offline PC of course).
Ie. If I roll a dice x number of times to generate entropy and generate a brain wallet off the results (on a secure, offline computer), then print the generated private and public key/address, would I ever need to recall the seed if I kept the printed the private key & stored it in a safe deposit box?? That way, the seed is purely random, and no one could ever generate the private key from it since the seed would be destroyed forever.
Also, regarding testing private key validity: I assume running a wallet client offline will be a good way to test the private keys to make sure they are valid and also correspond to the correct public address by inputting the privkey and seeing what public address is created from it (this would be tested in the secure permanently offline PC of course).
Jump to: