Topic: Security of Paper Wallets (Read 3094 times)

Thanks. I guess we have to make the exceptions, that some people might be trustworthy, and by default, almost everyone is not, as a sort of rule. In this world, it all boils down to reputation and identity or persona, and how valuable it is perceived to be compared to what is going to be secured or deposited.

The question turns into, how much bitcoins will you entrust in this service? With this particular operator?

Your alternative turns into a local service. Which means the paper wallet is stored at the owners location. They just need help to withdraw their secured bitcoins. That could work. They can go to you, or the ones near me can go to me (although I find that unlikely, but hey, I do know some people with money who don't know a thing about computers.)

Everyone else around the world can come to me and others like me who might be offering a similar service. I see this as something like the localbitcoins thing, where a bunch of individuals located all over will be offering something like this.

Again, it boils down to how much you'd trust that person.

Thanks for the feedback. I'd like to poke as much holes as possible, and then see if this can actually work. My guess is that people in the US will want an "offshore" bitcoin paper wallet service or something along those lines.

And of course, everyone else who knows what they are doing don't need this service.

I'm just saying: There is not a person in the world I find that trustworthy that it outweighs the long shot chance of any of the other eventualities occurring. Of course, this is a estimation made by me, but I'm highly confident I'm correct.

Let me note I'm just replying to try and help you. That's why I gave constructive feedback for an alternative for which I do see added value (and therefore a business opportunity).

Of course, we have to make some assumptions, that anyone offering such a kind of service is not the type of person to steal it and disappear.

I can only state that for my case, personally. I don't know about anyone else, although it's likely that the top escrows (John K.?), and securities people (bitfunder?) and investment gambling people (just-dice), and even the hosted wallet providers (inputs.io, blockchain) are candidates.

If you can't trust the provider - whether that's due to lack of integrity or to incompetence -, do not send them your bitcoins; goes without saying.

The above are all a lot less likely than the person you are paying to keep your money safe, ending up stealing it.

It was just an idea thrown at me a couple of days ago. What with the FBI being able to seize wallets and anything that is physically located within the United States.

Bad guys, or governments can't torture the password or private key out of you if you don't know it.

I think the idea is to offer the key generation and safe at an off-shore location.

But, that does not prevent bad guys from holding your family ransom while they demand that you withdraw your offline bitcoins from me. (I think that scenario is also applicable to whatever off-shore secret swiss bank account you may have.)

If people offer this to you it's their call, but why would anyone trust you with that?

I'd offer the service personally. So I go to their house, create the paper wallet on their HW, sell them a safe and put the paper wallet in there. If they need to money (and need my help) they need to make an appointment and I'll come around and help them. That is at least something I'd consider purchasing if I was "bad with computers" (w/e that means exactly).

Someone proposed that I offer a service where I generate paper wallets and keep them stored for you under lock and key, and guarded. You get the bitcoin addresses, I keep the private keys secure, offline.

Because there are people out there with hundreds or thousands of bitcoins but aren't good with computers. (or they are drug dealers and practice poor OPSEC.)

Dunno if that's viable, but hey, it's an idea.

It's not the metal that degrades.

wouldn't paper degrade faster then metal?

Digital media (especially flash) degrade relatively quickly and can be stolen when connected to a device which has an active internet connection.

I honestly don't understand what is going on in this thread.  I've been away from bitcoins for awhile.  Why not just receive the bitcoins in a new wallet, save the wallet.dat in several places, and delete your wallet.dat from computer?

I have used this before and it's great:

https://github.com/grondilu/bitcoin-bash-tools

All you need is a linux installation. No Internet access required. But I don't know how safe it is. Anyone here who is experienced in Bash wants to take a look and review the code?

Nice looking piece of kit, though a bit on the pricey side, but at least its an all-in-one solution for the non-technically minded.

You're using vanitygen to generate the keys (wrapped in a python script). I was unaware that the raspi had a hardware RNG, but it appears that the kernel drivers have only just been released (its not enabled in my raspi by default) http://vk5tu.livejournal.com/43059.html

Best of luck (and say hi to the cat )

No worries.  I didn't think you were.  It is extremely difficult to offend or upset me.  I simply don't invest enough emotional energy into the opinions of complete strangers on the internet.  It is entirely an intellectual pursuit for me.  Anyone who has read more than a few of my posts must be able to tell that I always enjoy a spirited intellectual debate.


Certainly, and your alternative seems to fit the needs of many who are looking for a reasonable way to protect their private keys from many avenues of attack.


Quite easy for a reasonably capable programmer, but perhaps not for the average user.


Agreed.  Which explains my suggestion to:


Which I suppose is one of the few sources of truly random data.  Of course you'd have to find a way to shield your radio active material such that someone external to the room you are working in can't remotely make useful measurements.

Yes, and I agree with everything you've said (you're quite right as usual). I wasn't having a pop at you earlier, just putting forward an alternative to a full hard disk install (which has its own security implications for one-off key generation).

The private key to address conversion is actually quite easy (pywallet has some very readable code for the ECDSA algorithm, and converting the resulting public key to an address is straightforward). The thing that is difficult to be certain of is the random number generation for the 256 bit private key, and I would baulk at coding this (you're generally relying on the OS for a good implementation of /dev/random). For a professional setup a hardware RNG is to be preferred.

And now we see why I stated:


It really comes down to just how paranoid you are and exactly what you are trying to protect against.

Really, the "best" method would probably be to write your own program that takes a private key as input and generates a bitcoin address as output.  Then run that on the computer that never has been and never will be connected to the internet.

Use measurements of radioactive decay to generate your private keys.

Hand write the private keys and bitcoin addresses on paper.

Make sure you use a single sheet, and that whatever surface you are writing on will not hold an impression of the writing.

Make sure there are no windows, or cameras in the room that can see any of what you are doing.

But really, we're getting a bit excessive here.

That's sort of my point.  When someone asks for:


They rarely mean what they've said, and they've almost never given enough information to determine exactly what they actually mean.

This is somewhat off topic to the OP, but since the question has been asked...

To recap: Danny Hamilton is concerned about "unoffical" privatekey/address generators and prefers bitcoin-qt installed on the hard disk of an offline PC. I suggested that a livecd would do the job perfectly well without the need for a hard disk install, but my suggested method requires an internet connection to install. So I took a further look.

I concluded that this is unavoidable for the casual user. The ubuntu installation needs an internet connection to install the official sources of bitcoin-qt plus their dependencies (whether installing to a livecd or a hard disk).

While an expert user may be able to download the various packages online via a separate computer, then copy them onto the offline PC for installation via sneakernet, its not a simple procedure (and I'm not even going to try as I'm not that expert).

Interestingly a windows installation to hard disk may be possible completely offline, but then you have the issue of activating the license without an internet connection (plus the cost of said license).

So I went with the official bitcoin-qt from http://bitcoin.org/en/download
Selecting Ubuntu PPA goes to https://launchpad.net/~bitcoin/+archive/bitcoin

And technical details about this PPA ...
Choose your Ubuntu version offers ...
Raring(13.04), Quantal(12.10), Precise(12.04), Lucid 10.04

Looking at the ubuntu http://www.ubuntu.com/download/desktop ...
this offers 12.04 LTS and 13.10 (others are available via previous version link)

So lets go with 12.04 LTS (32 bit) a 707MB download

For testing I installed it onto a VirtualBox VM with 2048GB Ram (no hard disk)
Since we'll need it for the installation I left the network option enabled.

Once it boots select "Try Ubuntu"
We're going to need a terminal shell, which Ubuntu unhelpfully hides, so click on the top left icon "dash home" and type terminal" in the search box, select the first option, which opens a terminal and adds an icon for it. Its useful to have more than one, so right click on the icon and open a few more.

Now type:
sudo apt-get-repository ppa:bitcoin/bitcoin
Press enter to accept, and note that the key 8842CE5E has been imported.

Type (perhaps in the other terminal so we don't lose the previous message):
sudo apt-get update

Its not at all obvious what to do next, so lets try:
sudo apt-get install bitcoin-qt

And we get a bunch of errors about dependencies. This is fixed as follows...
We want "software sources" which used to be in "system settings", but its missing in this version of ubuntu, so go to "dash home" and search for "update manager" and start it. Click on settings, uncheck the updates (unless you really want them), then on the Ubuntu Software tab select all of the checkbox options. Now we can do:

sudo apt-get update
sudo apt-get install bitcoin-qt

Right click on the network icon (next to the clock on top right) and disable otherwise it will download the blockchain and fill up the ramdisk (this is a livecd).

Go to "dash home" and search for "bitcoin", and run it.

Press ALT, help then debug window, console tab
getaccountaddress ""
dumpprivkey ADDRESS

Now I prefer to use bitcoind, so exit bitcoin-qt, reenable the network and...

sudo apt-get install bitcoind

Disconnect from the network again.

cd .bitcoin (it already exists since we ran bitcoin-qt, note the "dot" prefix before bitcoin)

nano bitcoin.conf (I prefer vi myself, but that's definitely not for novices)
server=1
daemon=1
listen=1
rpcuser=username
rpcpassword=password
CTRL-O (enter)
CTRL-X

bitcoind (starts the server)
bitcoind getinfo (check its working)
bitcoind getnewaddress
dumpprivkey ADDRESS

This can easily be automated via a simple shell script, eg
for i in $(seq 1 100);
do
ADDR=$(bitcoind getnewaddress)
KEY=$(bitcoind dumpprivkey $ADDR)
echo $ADDR $KEY >> keyfile.txt
done

Enjoy (and if I've made any mistakes here, just let me know)

I would very much advise you use Armory for paper wallets. For true security use the offline method. I was going to link you but etotheipi has changed the site and the wonderful tutorials are gone....

I'm messaging him now.

Edit:

Here it is: http://bitcoinarmory.com/about/using-our-wallet/#offlinewallet

Thanks

Indeed, this was somewhat of a quirk of the task I was attempting to accomplish (to whit compiling blakecoin-qt from github).

Its less of a problem with bitcoin as the installation procedure on ubuntu would appear less painful (and I'm not the expert here as I haven't actually done one). So it appears you download the ubuntu PPA from http://bitcoin.org/en/download (though even that looks pretty scary at first sight), then copy that onto your offline livecd ubuntu PC (via USB stick I guess, or burn it to a CD). Pretty much the same task as if you're installing to hard disk. Does it have all the dependencies sorted out? I'll have to try it out to see.

Anyway, the reason for disconnecting from the internet before running bitcoind/bitcoin-qt was to eliminate any back-channel. Of course if the OS has already been compromised due to the internet connection used during the installation, then the private keys generated may have been pre-compromised in some way (say a hacked RNG), but that's is a risk however you source your OS/bitcoin.

I'll have a play with it tomorrow (getting past my bedtime here), and add some links to the howtos (I was mainly following the instructions in https://github.com/bitcoin/bitcoin/blob/0.8.5/doc/readme-qt.rst which don't actually work on ubuntu 11.10 as libdb4.8++-dev is not available and you need libdb5.1++-dev instead)