Topic: Securely Generating Paper Wallets (Looking for advice/opinion) (Read 143 times)
Moving my BTC off of my paper wallets and into my Ledger Nano S was one of the happiest days of my life. Easy to spend, easy to backup, and secure. Buy one, load it and throw it in a safety deposit box. Etch the 24 word key somewhere safe. Profit.
two things that were not clear here are
- "Bitcoin key generation libraries", you never mentioned what these libraries are and that can be a very important matter as you want to use a code that is reviewed so that it doesn't have any bugs. you shouldn't use just any code that you find on github or elesehwere
- "Using dice rolls and 2048 word dictionary" you never explained this method. are you selecting these words randomly based on your dice roll result or are you just generating an entropy from dice roll and then using it to derive the mnemonic with the "library"? if it is the later, it can be safe as long as you choose a large enough entropy
- "Bitcoin key generation libraries", you never mentioned what these libraries are and that can be a very important matter as you want to use a code that is reviewed so that it doesn't have any bugs. you shouldn't use just any code that you find on github or elesehwere
- "Using dice rolls and 2048 word dictionary" you never explained this method. are you selecting these words randomly based on your dice roll result or are you just generating an entropy from dice roll and then using it to derive the mnemonic with the "library"? if it is the later, it can be safe as long as you choose a large enough entropy
I see, ok. So I guess I could just stick to using the hardware wallet as the base level generator and store multiple hardware generated mnemonic seed sets as paper wallets?
Not quite sure what you mean by this. If you don't have the addresses derived from the seed, not sure how you are going to use your paper wallet even if you recorded your seed on the paper wallet.
Think what you mean is that you want to store multiple hardware wallet generated addresses (instead of mnemonic) sets as paper wallets? If so, don't think you are using hardware wallets the way they were intended to. The point of hardware wallets is to keep your private keys separate from your other devices (eg. your computer).
I see, ok. So I guess I could just stick to using the hardware wallet as the base level generator and store multiple hardware generated mnemonic seed sets as paper wallets?
hey there, discussed this with another member on another thread. Have removed several parts irrelevant to our discussion here.
However, also felt that you should read this prior to proceeding with the setup.
https://twitter.com/aantonop/status/978279050438299650?lang=en
And this as well.
https://en.bitcoin.it/wiki/Paper_wallet
I think that this would be pretty good(*, **) https://99bitcoins.com/bitcoin-wallet/paper-wallet/ and it's the first result Google has returned.
You have to scroll down to part 3. Creating a paper wallet (advanced method, ultra secure)
Disclaimer: while I did use paper wallets, I've never was extreme about their security (not so big funds), so I didn't actually do all the steps myself.
You have to scroll down to part 3. Creating a paper wallet (advanced method, ultra secure)
Disclaimer: while I did use paper wallets, I've never was extreme about their security (not so big funds), so I didn't actually do all the steps myself.
However, also felt that you should read this prior to proceeding with the setup.
https://twitter.com/aantonop/status/978279050438299650?lang=en
And this as well.
https://en.bitcoin.it/wiki/Paper_wallet
To start off, I'm not looking at Glacier Protocol level security but something I can be fairly confident in. The paper wallet is designed for long term cold storage.
My current proposed method:
SETUP
- Buy a Raspberry Pi Zero
- Boot up Tails OS on separate PC and download Raspian and relevant Bitcoin key generation libraries.
- Mount Raspbian onto Micro SD.
- Move Bitcoin libraries to external USB.
- Boot Raspbian on Pi Zero, load bitcoin libraries from external USB on Pi Zero.
PRIVATE KEY GENERATION
- Using dice rolls and 2048 word dictionary, generate 24 word mnemonic seed. (with optional BIP38 passphrase).
- Write the mnemonic seed down on paper.
PUBLIC ADDRESS GENERATION
- Import seed and run relevant bitcoin libraries to generate public address.
- Write down this public address on the same paper.
The seed and public address now form one paper wallet. The idea is generate several paper wallets to distribute funds into chunks.
To spend funds (all at once, never re-using the seed), import the seed onto a hardware wallet or air-gapped PC to sweep all and generate an offline tx and broadcast accordingly.
I'm considering performing this process on two different Raspberry Pi's and sourcing the files from different locations using Qubes/Ubuntu instead of Tails and then compare each key generation.
I'd like to hear your opinion on my proposed method, any shortcomings, considerations/advice.
**In case you were wondering, the Raspberry Pi Zero has no wireless communications adapters. It's completely offline.**
My current proposed method:
SETUP
- Buy a Raspberry Pi Zero
- Boot up Tails OS on separate PC and download Raspian and relevant Bitcoin key generation libraries.
- Mount Raspbian onto Micro SD.
- Move Bitcoin libraries to external USB.
- Boot Raspbian on Pi Zero, load bitcoin libraries from external USB on Pi Zero.
PRIVATE KEY GENERATION
- Using dice rolls and 2048 word dictionary, generate 24 word mnemonic seed. (with optional BIP38 passphrase).
- Write the mnemonic seed down on paper.
PUBLIC ADDRESS GENERATION
- Import seed and run relevant bitcoin libraries to generate public address.
- Write down this public address on the same paper.
The seed and public address now form one paper wallet. The idea is generate several paper wallets to distribute funds into chunks.
To spend funds (all at once, never re-using the seed), import the seed onto a hardware wallet or air-gapped PC to sweep all and generate an offline tx and broadcast accordingly.
I'm considering performing this process on two different Raspberry Pi's and sourcing the files from different locations using Qubes/Ubuntu instead of Tails and then compare each key generation.
I'd like to hear your opinion on my proposed method, any shortcomings, considerations/advice.
**In case you were wondering, the Raspberry Pi Zero has no wireless communications adapters. It's completely offline.**
Jump to: