Topic: The official BitcoinPaperWallet.com thread -- updates and news. - page 4. (Read 55957 times)
August 21, 2013, 11:17:38 PM
That's the best design i've ever seen for a paper wallet
August 21, 2013, 11:56:53 AM
Quote from: niko
If somebody can get to your paper wallet, and wish to steal the funds, they would be much smarter to just steal the damn thing, than to tamper with stickers, solvents, photo flashes, laser scanners, optical coherence tomographs, and neutron beams just so they can scan the priv key while leaving the wallet seemingly intact.
You forgot to mention unicorn breath, which is known to render all muggle technology fully transparent.
Your point is a good one though. What I'm aiming for is "casual" tamper-resistance -- for example, what would be especially useful for a paper wallet given as a gift. Myself, each time I give away 1 BTC to a friend or family member, I'm satisfied knowing that my design ensures that the recipient wont inadvertently lose their balance by letting someone post a photograph of the pretty wallet on Facebook, or to a sneaky bad roommate or ex girl/boyfriend.
August 13, 2013, 04:25:22 PM
This is indeed a very nice design, and canton is an awesome guy to talk with.
An idea I was contemplating, how about if you make a striped line in the middle, and a corresponding unique number per paper wallet on both of the halves.
This would allow to put the private key slip in a bank box, and keeping the public key slip in your wallet.
This way you could keep track of which public slip corresponds to which private slip.
Illustration, now I am no designer, but you get my point
An idea I was contemplating, how about if you make a striped line in the middle, and a corresponding unique number per paper wallet on both of the halves.
This would allow to put the private key slip in a bank box, and keeping the public key slip in your wallet.
This way you could keep track of which public slip corresponds to which private slip.
Illustration, now I am no designer, but you get my point
August 13, 2013, 03:30:16 PM
That one worked without folding by using those grey rub-off stickers
August 13, 2013, 08:34:43 AM
You did a really good job. Keep up the good work
August 12, 2013, 04:42:41 PM
I think the concern applies mostly to wallets that are passed on, when you might trust the original creator but not the individual that gave you the wallet (or anyone else in the chain of ownership).
August 09, 2013, 04:26:27 PM
You can also use some liquid to see it properly.
Hmm... have you tried?
Ultimately, what's the actual problem here? If somebody can get to your paper wallet, and wish to steal the funds, they would be much smarter to just steal the damn thing, than to tamper with stickers, solvents, photo flashes, laser scanners, optical coherence tomographs, and neutron beams just so they can scan the priv key while leaving the wallet seemingly intact. Extracting the key without damaging the paper wallet is more of a prank than a crime.
If I am ever to accept a casascius coin or a paper wallet as payment, I'll gladly rip it open and spend it into my address. If it's more than a couple of hundreds of dollars worth, I'll check it for unconfirmed spends. If it's more that a couple of thousands of dollars worth, I'll wait for a confirmation or two. That's all.
August 09, 2013, 02:42:01 PM
You can also use some liquid to see it properly.
Hmm... have you tried?
August 09, 2013, 10:06:13 AM
You can also use some liquid to see it properly.
August 09, 2013, 09:49:07 AM
Hey there!
Someone's posted what might be a pretty good exploit on reddit, using a camera speedflash, see:
http://www.reddit.com/r/Bitcoin/comments/1jqmzv/dont_blindly_trust_bitcoinpaperwalletcom_you_can/
However I'm having a devil of a time trying to reproduce his results. See my attempts here:
http://imgur.com/a/FzPB0
Can anyone else see if they can use a flash to expose a readable QR code off of a properly printed/folded/sealed wallet? I'll gladly put up a token bounty just for fun, say .10BTC (or I'll send you a nice batch of free stickers & sealing bags, your choice.)
This is the best I could manage:
Make sure the layers are pressed together, perhaps between two plates of glass. This minimizes the blurring related to scattered light. Someone's posted what might be a pretty good exploit on reddit, using a camera speedflash, see:
http://www.reddit.com/r/Bitcoin/comments/1jqmzv/dont_blindly_trust_bitcoinpaperwalletcom_you_can/
However I'm having a devil of a time trying to reproduce his results. See my attempts here:
http://imgur.com/a/FzPB0
Can anyone else see if they can use a flash to expose a readable QR code off of a properly printed/folded/sealed wallet? I'll gladly put up a token bounty just for fun, say .10BTC (or I'll send you a nice batch of free stickers & sealing bags, your choice.)
This is the best I could manage:
August 09, 2013, 09:01:21 AM
Hey there!
Someone's posted what might be a pretty good exploit on reddit, using a camera speedflash, see:
http://www.reddit.com/r/Bitcoin/comments/1jqmzv/dont_blindly_trust_bitcoinpaperwalletcom_you_can/
However I'm having a devil of a time trying to reproduce his results. See my attempts here:
http://imgur.com/a/FzPB0
Can anyone else see if they can use a flash to expose a readable QR code off of a properly printed/folded/sealed wallet? I'll gladly put up a token bounty just for fun, say .10BTC (or I'll send you a nice batch of free stickers & sealing bags, your choice.)
This is the best I could manage:
Someone's posted what might be a pretty good exploit on reddit, using a camera speedflash, see:
http://www.reddit.com/r/Bitcoin/comments/1jqmzv/dont_blindly_trust_bitcoinpaperwalletcom_you_can/
However I'm having a devil of a time trying to reproduce his results. See my attempts here:
http://imgur.com/a/FzPB0
Can anyone else see if they can use a flash to expose a readable QR code off of a properly printed/folded/sealed wallet? I'll gladly put up a token bounty just for fun, say .10BTC (or I'll send you a nice batch of free stickers & sealing bags, your choice.)
This is the best I could manage:
Where tamper resistance is warranted -
A) If the person is a guest in your house when it vanishes, you know who likely did it. So stealing the key to later extract funds is a better move than stealing it.
B) If there isn't much value on it, thief can wait until it has more value.
A) If the person is a guest in your house when it vanishes, you know who likely did it. So stealing the key to later extract funds is a better move than stealing it.
B) If there isn't much value on it, thief can wait until it has more value.
Out of curiosity... I take it this physical wallet isn't intended to be exchanged like currency? But rather, it's designed to be a wallet to store incoming funds until such time as you wish to transfer these funds into a secure address?
In which case what's the point of it being tamper proof? You can't use it as a medium of exchange anyways so there's no point in a tamper-proof private key. If someone steals the wallet they can just steal the funds in it by opening the wallet anyways. I guess this protects against someone finding it and writing down the key and leaving it where they found it, or photographic it, then? But you can just leave the private key at home in a safety deposit box and carry around the QR code for the public address.
I can't imagine a scenario where the average person would need a wallet that can accept an unlimited number of coins until such time as you want to buy something with it, which you can only do once and only with certain technical knowledge (I'm thinking of the change, here) after which it's useless and you need a new one.
A tamper-proof private key is only useful when you want to use it as a medium of exchange, which this thing can't be used as since anyone can print off any nonsense private key they want to on the private key slot before they seal it off.
In which case what's the point of it being tamper proof? You can't use it as a medium of exchange anyways so there's no point in a tamper-proof private key. If someone steals the wallet they can just steal the funds in it by opening the wallet anyways. I guess this protects against someone finding it and writing down the key and leaving it where they found it, or photographic it, then? But you can just leave the private key at home in a safety deposit box and carry around the QR code for the public address.
I can't imagine a scenario where the average person would need a wallet that can accept an unlimited number of coins until such time as you want to buy something with it, which you can only do once and only with certain technical knowledge (I'm thinking of the change, here) after which it's useless and you need a new one.
A tamper-proof private key is only useful when you want to use it as a medium of exchange, which this thing can't be used as since anyone can print off any nonsense private key they want to on the private key slot before they seal it off.
This might be a stupid question, but why can't I just sandwhich a paper wallet between two pieces of dark construction paper and put it in a sealed envelope?
Seems like a KISS solution that avoids the light thing.
Seems like a KISS solution that avoids the light thing.
Hi canton,
Just to let you know I used Bitcoinpaperwallet to offer bitcoins to a friend, for his birthday. It's fantastic, very easy to use, and the design of the wallet is really gorgeous. Sadly, I printed it in black and white (on a laser printer), but it was still really cool and he loved my gift.
Mind if I suggest you only one thing? To be able to use our own public addresses/private keys. I guess it wouldn't be very secure, but since it was a gift, I thought it could be funny if the public address was a vanity one that I generated before. Thus, I used your great tool but had to generate the QR codes somewhere else, and replace them along with the keys using the Chrome Inspector.
I don't know if you'd like to implement a feature like that, but hey, maybe you'll consider it.
Thanks!
Just to let you know I used Bitcoinpaperwallet to offer bitcoins to a friend, for his birthday. It's fantastic, very easy to use, and the design of the wallet is really gorgeous. Sadly, I printed it in black and white (on a laser printer), but it was still really cool and he loved my gift.
Mind if I suggest you only one thing? To be able to use our own public addresses/private keys. I guess it wouldn't be very secure, but since it was a gift, I thought it could be funny if the public address was a vanity one that I generated before. Thus, I used your great tool but had to generate the QR codes somewhere else, and replace them along with the keys using the Chrome Inspector.
I don't know if you'd like to implement a feature like that, but hey, maybe you'll consider it.
Thanks!
I'm also really interested in using my own addy's and keys from vanitygen. Unfortunately, I have zero coding experience. I was able to use chrome inspector to change the private and public keys, but after making my own QR codes, I got lost trying to figure out where the qr code image files are referenced in inspector. Any help would be appreciated
you can make paper wallets more secure with Visual Cryptography.
https://bitcointalk.org/index.php?topic=226671.new#new
https://bitcointalk.org/index.php?topic=226671.new#new
Hi bluemeanie1,
This is a neat idea, and something I'll consider if BIP38 doesn't come to full fruition for some reason. (As I understand it, visual encryption would effectively do the same thing as https://en.bitcoin.it/wiki/BIP_0038 )
As for the wallet sent to Niko not being secure because I knew the private key, it was even less secure than that because I subsequently inclued the private key in a mockup on an unrelated forum post by accident, and some clever person stole the funds while the wallet was still in transit.
But to answer your concern directly -- the purpose of this wallet isn't to simulate physical cash, it's meant for (1) storing your own coins, or (2) giving coins to people who implicitly trust you, e.g. friends, family.
For a full overview / explanation of the intent (and to try out the working code) please check out https://bitcoinpaperwallet.com
- Canton
Hi Canton,
it's possible right now to make password protected coins using Transaction Scripts. Thus you could make such 2-factor protected coins, but not necessarily an entire address, but there are probably ways to simulate the functionality you are looking for.
-bm
you can make paper wallets more secure with Visual Cryptography.
https://bitcointalk.org/index.php?topic=226671.new#new
https://bitcointalk.org/index.php?topic=226671.new#new
Hi bluemeanie1,
This is a neat idea, and something I'll consider if BIP38 doesn't come to full fruition for some reason. (As I understand it, visual encryption would effectively do the same thing as https://en.bitcoin.it/wiki/BIP_0038 )
As for the wallet sent to Niko not being secure because I knew the private key, it was even less secure than that because I subsequently inclued the private key in a mockup on an unrelated forum post by accident, and some clever person stole the funds while the wallet was still in transit.
But to answer your concern directly -- the purpose of this wallet isn't to simulate physical cash, it's meant for (1) storing your own coins, or (2) giving coins to people who implicitly trust you, e.g. friends, family.
For a full overview / explanation of the intent (and to try out the working code) please check out https://bitcoinpaperwallet.com
- Canton
you can make paper wallets more secure with Visual Cryptography.
https://bitcointalk.org/index.php?topic=226671.new#new
It's on!
Indeed! Your victim wallet just went out to the mailbox. If anyone reading this wants to sweeten the pot for Niko, feel free to chip a few pennies into the wallet @ 1LMKzdqhQ4LhHy5GGhT8BcG3HHpBTqAqbt. Niko, I have total faith in our respective country's postage services so the wallet has already been funded: https://blockchain.info/address/1LMKzdqhQ4LhHy5GGhT8BcG3HHpBTqAqbt
how is this secure? you have the private key to his account!
I had lots of fun this weekend working on my own design for a two-sided tri-fold tamper-resistant paper Bitcoin wallet. Thanks for any and ALL criticism / comments -- whether it's about the look & feel, functionality, security features, etc. See:
http://youtu.be/V4H1VE3EAtI
This video is also a treasure hunt in which I happily invite you to “steal” 0.1 BTC . Finders keepers, so race on!
Design features:
When I’ve got enough feedback and a final design, I’ll publish a web page that will generate these wallets with just a couple of clicks. (No photoshop required, as the foundation will be based on the excellent wallet generator at bitaddress.org which as you probably already know uses a secure javascript page you can run even while offline.)
If you'd like to print out a sample for yourself, see PDF links here: http://cantonbecker.com/projects/2013/bitcoin-paper-wallet-design-video/.
http://youtu.be/V4H1VE3EAtI
This video is also a treasure hunt in which I happily invite you to “steal” 0.1 BTC . Finders keepers, so race on!
Design features:
- Private key is hidden behind folds, so your wallet content is still safe if left out in the open or photographed.
- Tamper-proof tape indicates when you (or someone else!) has revealed the private key.
- Folding design obfuscates private keys so they’re hidden even when holding wallet up to a bright light.
- Reverse side has basic wallet operation instructions and a register for writing down deposits / balance.
- Private and public keys are replicated (and rotated) in triplicate to maximize chances of recovering keys if paper is damaged / crumpled.
When I’ve got enough feedback and a final design, I’ll publish a web page that will generate these wallets with just a couple of clicks. (No photoshop required, as the foundation will be based on the excellent wallet generator at bitaddress.org which as you probably already know uses a secure javascript page you can run even while offline.)
If you'd like to print out a sample for yourself, see PDF links here: http://cantonbecker.com/projects/2013/bitcoin-paper-wallet-design-video/.
are these things meant to be exchangeable?
Jump to: