The official BitcoinPaperWallet.com thread -- updates and news. - page 7.

canton

sr. member

Activity: 261

Merit: 285

Quote from: niko on May 01, 2013, 01:27:47 PM

I was able to read the key in about two minutes, without any apparent damage.

I wanted to confirm for anyone following this thread (or following the bet Niko and I had re: his efforts to try to bypass the tamper-evidence features of this wallet) that Niko did in fact come up with a very smart way to reveal the private key without damaging the tape.

Once he sends me his public address I'll send him a few beers BTC to honor our bet.

For the time being, since I don't (yet) have a solution for Niko's hack, I appreciate that he's not making it public here. I'm no believer in security through obscurity, but at the same time I figure there's no especially good reason to post instructions for circumventing the tamper-evidence so long as I publicly declare: YES there are definitely ways to reveal the private key without anyone knowing it, and you don't need superconducting quantum NASA laserbeam technology or anything like that.

fluffypony

donator

Activity: 1274

Merit: 1060

GetMonero.org / MyMonero.com

My stickers just arrived today (thanks Canton, shipping to South Africa was FAST!) - I'm not going to post an unboxing, it's a frikkin envelope:)

I printed a wallet (1PJegEonLNGqxgtk1dva6sJze9F1HwraMn) in grayscale and decided to try candle it. For my experiment I'm using a Fenix TK41 U2, which produces 860 Lumens of blinding white brightness.

Setup:

15 Lumens test:

120 Lumens test:

365 Lumens test:

860 Lumens test:

I know it may be a little hard to see clearly, but even at 860 Lumens there was sufficient blur to make the QR code unreadable and impossible to clean up. The stickers obliterated any chance at reading the code. If I was extra paranoid I could stick an extra sticker to cover the QR code:) I'm confident that even at 860 Lumens, printed with relatively light toner on a grayscale laser printer, that it is safe to use. I'll be printing out a new permanent one in colour to be extra safe:)

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Things usually work out much better when you don't try too hard. After officially giving up, and paying up the dues, I could finally have some fun with the sample wallet. I was able to read the key in about two minutes, without any apparent damage.
Canton, I emailed you with the details.

canton

sr. member

Activity: 261

Merit: 285

Quote from: niko on April 30, 2013, 02:08:05 AM

I give up! Since this private key was inadvertently revealed elsewhere by canton, I will not be sending my dues there; canton, PM me a new address!

Nice work with the partial reveal, Niko!

I'll PM you an address for the .0255 BTC bet, but only if you let me send you a batch of these new holograms for your own use.

Do you want silver, gold, or both?

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

I finally got a couple of hours to play with the early prototype. Here is what I was able to get by simply shining light through the wallet:

Now, as much as I am satisfied that I was able to read most of the letters, the level of satisfaction will not increase significantly if I spend time doing this until I am able to read all of the letters. If it was a 100-coin wallet, maybe.

Furthermore, canton included a sample sticker (that he did not apply to the wallet he sent it with) that would pretty much render my attempts completely futile: the sticker substrate appears to be metallic. No way we'll be able to read through that any more that we can read through Casascius coins.

I give up! Since this private key was inadvertently revealed elsewhere by canton, I will not be sending my dues there; canton, PM me a new address!

This was fun. Again, if you do make your own paper wallets, and you store any significant value in them, do not take tamper-proofness lightly.

canton

sr. member

Activity: 261

Merit: 285

The latest revision to this wallet design is fairly minor. But pretty! I had gold and silver tamper-evident hologram stickers custom printed with white "bitcoin" text that exactly matches the pseudo "watermark" design on the reverse of the folding wallet.

Rainbows are wicked hard to photograph, so this video shows the silver vs. gold holograms best: http://youtu.be/gZBXhFT_GKo

Although I haven't officially launched this design yet, the stickers and the latest folding design are all both available at http://bitcoinpaperwallet.com

ShireSilver

sr. member

Activity: 382

Merit: 253

Quote from: canton on April 25, 2013, 03:15:23 PM

For professionally printed notes, I was thinking the process might go like this:

customer uses a secure generator (like bitaddress.org)...

That's already too complicated.

Quote from: canton on April 25, 2013, 03:15:23 PM

...

customer sends the list of keys to the professional printer
printer prints out fully-filled in ready-to-load notes and sends them back.

I'm still not 100% sure I understand how BIP38 is supposed to be used so please correct me if my assumptions are wrong here.

IMHO it should be more like:

Customer visits site
Customer clicks "Buy a paper wallet"
Client side script generates two pass phrases, only showing one to the customer
Clear and concise instructions tell the customer to write down or print their pass phrase
Client side script then sends the other pass phrase and the public address to the server
Client side then says "to complete your order send XXX BTC to 1?... and also presents a QR code
Server alerts production that a new wallet is ordered
Production prints out and ships the wallet

The customer shouldn't have to know about BIP38 or any of that, although if they want to learn about it good links should be available.

The wallet should have the codes to verify that the pass phrase in the wallet will generate the half of the private key. The website should have a client side script page that will take both pass phrases and use them to determine the real private key.

I made a test wallet using my Shire Silver equipment, putting a piece of aluminum foil between two pieces of 100# cardstock and laminating them (private key on the inside of one of the pieces of cardstock). It sure seemed to be pretty well guarded against casual prying, and only when the laminate was cut on three sides was the private key portion visible.

You can also save the pass phrase that the customer didn't get in a database, so if they ever lose the card they can always ask for another (for a price).

canton

sr. member

Activity: 261

Merit: 285

Quote from: ShireSilver on April 25, 2013, 08:54:25 AM

Wouldn't the best use of BIP38 be to have the manufacturer print half the private key while the customer writes down the other half? You can print a really nice note for them and they know that you don't have access to the funds, but they can verify that the half of the code you printed is correct.

For professionally printed notes, I was thinking the process might go like this:

customer uses a secure generator (like bitaddress.org) to produce 100 pairs of BIP38 encrypted keys and public addresses.
customer sends the list of keys to the professional printer
printer prints out fully-filled in ready-to-load notes and sends them back.

I'm still not 100% sure I understand how BIP38 is supposed to be used so please correct me if my assumptions are wrong here.

canton

sr. member

Activity: 261

Merit: 285

Quote from: charleshoskinson on April 24, 2013, 01:16:52 PM

Canton, do you do all the graphics art yourself?

Yup! Programming web stuff is my mainstay but I do a fair amount of design for fun and work as well.

ShireSilver

sr. member

Activity: 382

Merit: 253

Wouldn't the best use of BIP38 be to have the manufacturer print half the private key while the customer writes down the other half? You can print a really nice note for them and they know that you don't have access to the funds, but they can verify that the half of the code you printed is correct.

charleshoskinson

legendary

Activity: 1134

Merit: 1008

CEO of IOHK

Canton, do you do all the graphics art yourself?

canton

sr. member

Activity: 261

Merit: 285

Does anyone have any ideas about how a paper wallet design should look & work when the private key has been encrypted with a password? I'm talking about https://en.bitcoin.it/wiki/BIP_0038 implementation.

Folding, tamper-evidence, all that seems unimportant if you can show off your encrypted private key to the world with (relative) safety. On the other hand, what I like about an unencrypted wallet is that -- for example -- if you die, your spouse can recover your funds from a wallet stored in a safety deposit box without knowing your passphrase.

One idea I'm kicking around is a design that prints out a wallet plus a backup wallet stub (like on the open paper wallet project elsewhere on bitcointalk) -- but in this case a mixed encrypted / unencrypted private key wallet. Something like this:

If not this, then what do YOU think would be a good way to implement BIP38 on a paper wallet?

charleshoskinson

legendary

Activity: 1134

Merit: 1008

CEO of IOHK

Quote

No (good) reason at all! My generator is based on GitHub fork of bitaddress.org from about 2 weeks ago, so whatever bitaddress.org was using back then I'm still using now. I haven't folded in any recent developments (including BIP38 which I'm considering implementing.) I'll have to ask if pointbiz/bitaddress.org are using the older crypto for compatibility reasons or if it just needs refreshing.

The only reason I mentioned is that Jeff worked pretty hard to speed up the code in version 3.0.

Quote

I've also been thinking about building in some very human random input other than mouse movement... like an option to flip coins or throw dice or something...

Mouse movements are likely to be a more random express than such inputs. JS-Crypt's implementation has not been vetted as a CSPRNG, but it seems sufficiently good. You could always implement a proof of work style random generation and then hash the solution and select the first few bits of output as your seed. All hardware will have different solution time and the randomness of network latency would also add a slight stochasticism even on the same configuration. Combined with a hash, you would have a totally random seed.

Quote

I'm enormously grateful for any source code checking anyone wants to do, especially for a forthcoming live bootable CD I intend to distribute. (Someone generously ported my design to their own linux-based command line generator which uses an in-memory filesystem and PDF generation to circumvent issues with cached print files ending up on the hard drive, etc.)

If I can find the time, then I'd be happy to help. Shoot me an email. And any course suggestions you would recommend, I'd greatly appreciate.

canton

sr. member

Activity: 261

Merit: 285

Quote from: charleshoskinson on April 23, 2013, 11:43:04 PM

Canton any reason you didn't use the newer implementation?

No (good) reason at all! My generator is based on GitHub fork of bitaddress.org from about 2 weeks ago, so whatever bitaddress.org was using back then I'm still using now. I haven't folded in any recent developments (including BIP38 which I'm considering implementing.) I'll have to ask if pointbiz/bitaddress.org are using the older crypto for compatibility reasons or if it just needs refreshing.

I've also been thinking about building in some very human random input other than mouse movement... like an option to flip coins or throw dice or something...

I'm enormously grateful for any source code checking anyone wants to do, especially for a forthcoming live bootable CD I intend to distribute. (Someone generously ported my design to their own linux-based command line generator which uses an in-memory filesystem and PDF generation to circumvent issues with cached print files ending up on the hard drive, etc.)

canton

sr. member

Activity: 261

Merit: 285

Quote from: charleshoskinson on April 23, 2013, 10:46:28 PM

Canton I did a lecture today on your wallet. I recommended it to my students seeking a paper backup:

https://www.udemy.com/bitcoin-or-how-i-learned-to-stop-worrying-and-love-crypto/

Hi Charles,
Lecture looks *great* I skimmed it. Really glad to see a detailed straightforward explanation in such depth.

canton

sr. member

Activity: 261

Merit: 285

Quote from: Rodyland on April 23, 2013, 10:22:57 PM

Be wary - inject printer ink has a finite and relatively short life (can be as short as a few years).

I've been experimenting with spraying the finished printouts with Krylon "Preserve It" before folding up. Stinky as hell, but I think it's going to make a difference as long as their marketing info is accurate:

Digital photo and paper protectant more than doubles the life of documents and photos.
Ideal for protecting digital photos, address labels, greeting cards, scrapbook materials, artwork and more
Acid-free/Archival-safe

charleshoskinson

legendary

Activity: 1134

Merit: 1008

CEO of IOHK

He is using crypto-js https://code.google.com/p/crypto-js/downloads/detail?name=Crypto-JS%20v2.5.4.zip&can=2&q= Simon Greatrix and Jeff Mott. Yes the implementation looks fine.

Canton any reason you didn't use the newer implementation?

https://code.google.com/p/crypto-js/

charleshoskinson

legendary

Activity: 1134

Merit: 1008

CEO of IOHK

Quote

Insert Quote
Excuse me if this seems unappreciative (I think your design is awesome and have printed out 3 wallets for my family). But has anyone verified the Javascript in the Zip download? I'm just wanting to make sure that the random mouse movements are actually seeding the RNG and we aren't all just making the largest Bitcoin donation in history. ;-)

If someone is paranoid and is going to go through the extra effort of doing this completely offline, it would help to have 100% confidence in the RNG.

I looked through the javascript and it seems to be legit; however, I have not invested a huge amount of time verifying this claim. The random movements are seeding the PRG; however, I have not verified that he has implemented a CSPRNG.

dhenson

legendary

Activity: 994

Merit: 1000

Excuse me if this seems unappreciative (I think your design is awesome and have printed out 3 wallets for my family). But has anyone verified the Javascript in the Zip download? I'm just wanting to make sure that the random mouse movements are actually seeding the RNG and we aren't all just making the largest Bitcoin donation in history. ;-)

If someone is paranoid and is going to go through the extra effort of doing this completely offline, it would help to have 100% confidence in the RNG.

charleshoskinson

legendary

Activity: 1134

Merit: 1008

CEO of IOHK

Canton I did a lecture today on your wallet. I recommended it to my students seeking a paper backup:

https://www.udemy.com/bitcoin-or-how-i-learned-to-stop-worrying-and-love-crypto/

Topic: The official BitcoinPaperWallet.com thread -- updates and news. - page 7. (Read 55957 times)