Pages:
Author

Topic: The official BitcoinPaperWallet.com thread -- updates and news. - page 11. (Read 55974 times)

newbie
Activity: 39
Merit: 0
Very cool project
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
Danger Will Robinson!

The instructions on the back talk about sending part of the balance. Doing this presents a very  real chance of losing coins. The user must explicitly send the tx change back to the note's address (theone on the front)    . Otherwise the change is lost to an unknown  public key.       

       

Yes, you can only spend the entire balance associated with a private key. The difference between this and the actual payment is so-called "change" sent to another address (presumably the one that the client controls). Most wallets/clients do not make this apparent to the user - you only see your total balance. By the way: if you are concerned with privacy, you should not send round numbers as payments. Otherwise it is clear which one is the payment, and which one is the change (associated with the new address that now we know you control).

On the related (wording) note  - the exposed qr code is the public address, not public key. To avoid confusion down the line, it is wise to be strict about this distinction.
hero member
Activity: 499
Merit: 500
Danger Will Robinson!

The instructions on the back talk about sending part of the balance. Doing this presents a very  real chance of losing coins. The user must explicitly send the tx change back to the note's address (theone on the front)    . Otherwise the change is lost to an unknown  public key.       

       
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
It's on!

Indeed! Your victim wallet just went out to the mailbox. If anyone reading this wants to sweeten the pot for Niko, feel free to chip a few pennies into the wallet @ 1LMKzdqhQ4LhHy5GGhT8BcG3HHpBTqAqbt. Niko, I have total faith in our respective country's postage services so the wallet has already been funded: https://blockchain.info/address/1LMKzdqhQ4LhHy5GGhT8BcG3HHpBTqAqbt
Most excellent! I'll try out a few non-destructive methods, and if I fail to extract the key I'll add the same amount of bitcents canton has already loaded, and it all belongs to him.
I find it important to determine if paper-only wallets can be made as tamper-proof as Casascius coins.
sr. member
Activity: 462
Merit: 250
When I’ve got enough feedback and a final design, I’ll publish a web page that will generate these wallets with just a couple of clicks. (No photoshop required, as the foundation will be based on the excellent wallet generator at bitaddress.org which as you probably already know uses a secure javascript page you can run even while offline.)

Hey, just want to say thanks in advance.

I was looking around for a service that would allow me to "print money" like this in a secure and easy to use manner which I could give to people.
sr. member
Activity: 261
Merit: 285
It's on!

Indeed! Your victim wallet just went out to the mailbox. If anyone reading this wants to sweeten the pot for Niko, feel free to chip a few pennies into the wallet @ 1LMKzdqhQ4LhHy5GGhT8BcG3HHpBTqAqbt. Niko, I have total faith in our respective country's postage services so the wallet has already been funded: https://blockchain.info/address/1LMKzdqhQ4LhHy5GGhT8BcG3HHpBTqAqbt


hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
... but would you like to wager on this, just for fun?
It's on!  Not just for fun, but also because I like what you are trying to do. I suggest you don't load the value until I let you know I've received the mail. You'd have to trust me I won't first try, then claim I've never received the letter if I can't figure it out. Wink
legendary
Activity: 2506
Merit: 1010
When I’ve got enough feedback and a final design, I’ll publish a web page that will generate these wallets with just a couple of clicks.

Will you also be providing a method for redeeming them?   e.g., a page that takes two fields:  Withdraw  (for scanning the private key) and the Send To (for the Bitcoin address to pay).   That way I can simply do two scans, first the private key from the paper wallet, and the second I show my QR code for my mobile wallet.

Also, will this work with only a black and white printer?
sr. member
Activity: 261
Merit: 285
One problem is that the mask is a regular pattern - it's trivial to shine light through the folds and subtract this pattern. I simply include a piece of aluminum foil as a mask in my wallets...

I've been fooling around with bright lights and lasers and such I'm feeling pretty confident that transparency won't be a problem...

... but would you like to wager on this, just for fun? I'll mail you a wallet loaded with the equivalent of $5 USD (lord knows what that will be in BTC as of tomorrow) and if you can read the private key without opening the tri-fold you can swipe the funds with my blessing. (In return I'd appreciate you telling me how you succeeded so I can improve the design.) If you fail, you can load the same amount into that wallet's public key and I'll trust you to destroy the wallet afterwards. Wink Send your snailmail to [email protected] if you'd like to have a go at it.

With regards to the bill being obvious and bulky, I agree that secretive wallets should be obtuse, memorized, etc. However there's a legitimate need for providing idiot-proof wallets to friends & family. Additionally, if I die and my wife finds a few paper wallets in my desk, I'd like her to be able to easily recognize the wallets as having value (as opposed to being scraps of random gibberish.)
sr. member
Activity: 261
Merit: 285
I mean so the folded parts aren't touching each other kinda like () instead of ||

Oh I totally get it now. Thanks for the ASCII art. Smiley

You're the second person to comment on this possible weakness. (The other person was on reddit.) So I just now [did a test], squishing the bill and then shining an extremely bright laser through the now 2 instead of 3 folds. Result? The QR code is still totally obfuscated because of the security pattern printed on the opposite panel. However I could easily read *some* of the characters in the alphanumeric private key. Probably not enough to be a risk but I'll redesign to make sure there's a good security stripe that gets folded over the alphanumeric private key as well.

Thanks for the advice!

hero member
Activity: 484
Merit: 500
You did a really good job. Keep up the good work!
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
One problem is that the mask is a regular pattern - it's trivial to shine light through the folds and subtract this pattern. I simply include a piece of aluminum foil as a mask in my wallets..

Another issue is that this wallet advertises what it is. My wallets are stripped-down version of bitaddress - just two QR codes, and Al foil mask folded around the priv key. Then I laminate these - works as well as security sticker (I'd know if someone had cut the wallet to reveal the priv key).

Finally, this thing is huge. Too much wasted real estate.
hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
I mean so the folded parts aren't touching each other kinda like () instead of ||

sr. member
Activity: 261
Merit: 285
Have you tested it both with different lights, different printers, different types of paper, lit at different angles, trying to curve it so the layers of paper separate a bit etc?

Only one printer so far, and my biggest concern is about the volatility of inkjet printers. I don't think the ink fading significantly would be a big deal but I am trying to figure out some ways to try to protect against moisture which is a huge issue. (One ounce of water and the whole bill turns to soup.) Some success with packing tape but I wonder if there's a better fixative...

What do you mean re: "layers of paper separate a bit"? If your question is about trying to read the private key via backlight, it's hard to imagine any combination of supplies/lights would bear fruit. Very, very opaque. I've played around with a high intensity laser even, and though you can get a couple of letters of the key it's neigh impossible to get anything close to a complete cipher.

BTW here's a couple of photos -- I realized I'd only posted the video so far.


hero member
Activity: 616
Merit: 500
Firstbits.com/1fg4i :)
Have you tested it both with different lights, different printers, different types of paper, lit at different angles, trying to curve it so the layers of paper separate a bit etc?
newbie
Activity: 14
Merit: 0
Something else you could do if you don't think your printer is up to snuff, is to go get a bunch of blank ones printed in high quality, and then just run them through your printer with only the address part of the template showing.
hero member
Activity: 499
Merit: 500
If you're making it for yourself, what do you care about design/tamper-proof/etc?

It doesn't offer much in terms of security - if someone did find your bill they'd probably just take the whole bill with them and sweep the address quickly, leaving neither evidence nor much to do about it.

But the tamper proof tape does offer peace of mind. It's the knowledge that if you did get robbed you'd know it at once, and not discover it much later when you perform a routine check of you balance.

It's not just for myself -- once the design is reviewed/revised, it will be available as a clientside javascript wallet generator based on the code from bitaddress.org. The idea is just to incrementally improve on the paper wallet generator already there, especially for people who want to do things like give their family members and friends a more attractive and idiot-proof wallet. Also I think a wallet should look valuable so that if I die, someone stumbling on my belongings will think, "Oh, this looks valuable. Maybe we should keep it!"  Wink

I like the design - well done.

If I'm not mistaken, inkjet printer ink can fade relatively quickly (a couple of years?).  I am not sure about laser printers.  

If I were you I would put some warnings up when using the software to that effect.
sr. member
Activity: 261
Merit: 285
If you're making it for yourself, what do you care about design/tamper-proof/etc?

It doesn't offer much in terms of security - if someone did find your bill they'd probably just take the whole bill with them and sweep the address quickly, leaving neither evidence nor much to do about it.

But the tamper proof tape does offer peace of mind. It's the knowledge that if you did get robbed you'd know it at once, and not discover it much later when you perform a routine check of you balance.

It's not just for myself -- once the design is reviewed/revised, it will be available as a clientside javascript wallet generator based on the code from bitaddress.org. The idea is just to incrementally improve on the paper wallet generator already there, especially for people who want to do things like give their family members and friends a more attractive and idiot-proof wallet. Also I think a wallet should look valuable so that if I die, someone stumbling on my belongings will think, "Oh, this looks valuable. Maybe we should keep it!"  Wink
sr. member
Activity: 261
Merit: 285
Quote
The old one on bitaddress.org is too low resolution for printing, plus the private key is right there in the open necessitating that each bill is put into an envelope for security. Your bill solves those problems beautifully.

Thanks -- in fact I'm already having good success modifying the bitaddress.org code so it works exactly like it did before, but with this new design at 300dpi.

Quote
Where did you buy the tamper proof tape?

Ebay! $7 for 100 stickers, delivered. These are the 2 inch wide strips.
full member
Activity: 124
Merit: 101
If you're making it for yourself, what do you care about design/tamper-proof/etc?

It doesn't offer much in terms of security - if someone did find your bill they'd probably just take the whole bill with them and sweep the address quickly, leaving neither evidence nor much to do about it.

But the tamper proof tape does offer peace of mind. It's the knowledge that if you did get robbed you'd know it at once, and not discover it much later when you perform a routine check of you balance.
Pages:
Jump to: