Topic: The official BitcoinPaperWallet.com thread -- updates and news. - page 9. (Read 55957 times)

Definitely still works with regular tape, especially if you're mostly concerned about casual tampering (wallet on the table) as opposed to dedicated fooling around with liquid solvents and heat guns.

To this end:

#1: Today I soft-launched https://bitcoinpaperwallet.com which not only provides the wallet generator (in-browser two-sided printing) but also features security tips, and allows you to purchase custom holograms using bitcoin. Wallet generator is open-source and can run entirely offline as it's based on bitaddress.org.

#2: Somewhat unrelated, but I entered a variation of my design for a *non-folding* project organized on bitcointalk.org. These paper wallets will be professionally printed (any you'll only home-print the keys/QR codes.) Have a look and vote for whichever design appeals most to you: https://tricider.com/en/brainstorming/poxx

I love this idea and what you've done with it. It's nice to have the private key hidden when carrying it in your wallet and being reasonably sure it hasn't been tampered with when you put your wallet on a table. They can be carried with you so not all your BTC is on your mobile phone (online). And you can use them to transfer BTC to other trusted parties who will know they should sweep the funds within a short time span.

Here is a link to a similar concept I proposed:
https://bitcointalksearch.org/topic/rough-idea-pocket-paper-wallet-feedback-please-51978

I wonder if your method can be tweaked by just using tape instead of tamper resistant stickers. Obviously it's less secure but might be good enough for lower BTC amounts.

IDK if it was still a question, but I would like to confirm that all of your QR codes worked for me. Secondly I think this is really cool, keep up the good work man.

Time to send another one to Karl Marx for testing?

Thanks, and again thanks for your extremely useful feedback.

For anyone who doesn't quite see how the new design addresses yellowcoin's "pull out the fold with stickytape" hack, here's how the new design folds up In Real Life



Now the two strips of tamper-evident tape stick to all 3 panels of the fold, preventing it from being snuck out.

New design looks great!
I tend to think outside of the box and that was like the first thing that pop up on my head.  I'll poke around the new format when I get the chance to see if I can break it.

For what it's worth, I was able to instantly scan all of the codes from this page without issue.

I wonder if the lower resolution coupled with a lower quality scanner was the problem...? I used a Galaxy S3, but I have no idea how that camera compares to anything else.

Couldn't get that one to read garbled even when I tried vile things with it ( rotating the camera, off-axis, etc... ) so was probably the blurriness.

Hmm, I hope this is just a blurring/resolution issue from taking a screenshot and then shrinking the size and applying JPG. I'm using the same code and QR generator as bitaddress.org -- the only fundamental difference is the web interface, CSS/HTML and the background art.

Here's a non-downscaled sample. Would you see if the sample below reads correctly 10/10 for you? The QR codes when printed are quite sharp. Significantly sharper than this JPG.

I wonder what QR code generator you use, because I didn't think it was possible to get QR codes to misread [ either they'll scan, or it'll fail ]. Because, out of like 8 tries, I've read "1264FsZE5Fkc7TcsP1qg4PTcVi3^VYMgrA" off that QR code twice.

I do think that new design is a good compromise between cutting difficulty and the issue with sneaking the panel out, though.

I've been busy on other fronts, but here is a preview of a simple attempt:

Clearly, some letters of the private key can be read, through all the folds and the safety sticker.
While I wasn't able to extract the complete key yet, this is a warning to anyone creating paper wallets. Canton takes this seriously, and from our private communication it seems that he has already implemented further improvements to the tamper-proofness (sic!) of his design.

While public information about techniques of non-destructive readout of hidden print is limited, everyone should bear in mind that we can see oil paintings that have been painted over, the insides of living creatures, insides of bags and people's pockets and underwear at the airports, obliterated serial numbers from hand guns, etc.

I'll try to find time to keep having fun with the paper wallet canton has sent me. Besides through-illumination and image processing, other simple methods involve volatile liquids that make paper temporarily translucent.

Finally, I'll share what I've been doing for many months: print a paper wallet, and place a piece of aluminum fold (folded in V-shape) around the fold with private key. I then laminate the whole thing. It would be extremely hard to read what's on the paper between two layers of Al foil. Added benefit - private key survives baking in the oven that completely destroys the exposed public key.
Án example, before laminating:

Whats wrong with using a third sticker? Or a foil sticker on the inside?

I worked on about 5 or 6 variations last night before I hit on this one which isn't significantly more difficult to cut out with scissors. In my own tests, this new shape overcomes this exploit while still using the original design that calls for two strips of 2" x .625" tamper-evident tape. (When you fold this new design up, the tape now sticks to all three "panels" in the folded area so the innermost panel can't be snuck out.)

Thanks again yellowcoin for the excellent experiment.



PS: Yes, those are live keys, but there's nothing stored in them this time. Yet.

May I suggest that while you have this nice dollar bill size paper wallet, you can also make a nice A4 or Letter size full page paper wallet. Easier for people to use a printer, as they just put the whole page in.

Also, you can put more newbie type instructions on the full page paper wallet, the QR codes can be larger, and you have more design artwork space, and maybe more space for additional fund deposit information.

I personally have tried two cheap paper wallets:
1. one page that contains 50+ private keys / public keys / pairs. No QR code.
2. one page that contains only 1 public / private key pair. Giant text. Giant QR code.

Your size = fits in a real wallet like any other fiat money.
My full size = fits in an envelope, looks like a stock certificate or bearer bond or something really valuable.

How's this for an updated reverse?

Very nice work cantor!

I can't wait till you launch the site.

A million percent agreed. Here's the current back of the wallet, though I wonder if the point should be amplified...




And here's the related bit of instructions as they'll appear on the web. Note the tip in the middle. Especially that typo. Oops.



The link to "lose your balance forever" goes to this excellent thread:
http://www.reddit.com/r/Bitcoin/comments/1c9xr7/psa_using_paper_wallets_understanding_change/

I welcome any edits/ideas/additions to making this hugely important point as clear as possible.

The one concern I still have about paper wallets, which a lot of people seem to forget. (seeing this here too on the instructions on the front)

You should put the clear instruction on the wallet that it is for ONE TIME USE ONLY the moment you used the private key to transfer (some) of the BTC, the paper wallet is technically no longer safe. Best is to transfer them all to a normal wallet, take what you need and create a new paper wallet for the remaining funds.

Hence also why its better to have 50 paper wallets with 20 BTC each, than 1 with 1000 BTC.

THAT IS FRIGGING AWESOME. I didn't think it was possible reading your post, but then I tried it myself on a test wallet and was able to reveal the inner flap without disturbing the tape. That's a superb low-tech work-around, nice job.

I could add a third sticker requirement to cover the open fold - could even be a nice circular hologram of a BTC or something. Or, I could change the design so it includes an extra cut in the middle like so:



This way the tape holds down the innermost flap as well.

I can't quite decide whether it's better to have more stickers plastered on the thing, or require that users make an additional (farily deft) set of cuts. Opinions?


Good idea. I'll have to experiment with dry heat (if Niko hasn't already) to see if these tamper-evident stickers are susceptible.

Thanks for the excellent feedback. Just sent you a beers-worth of BTC to your address.
https://blockchain.info/address/15kFAbgWsSM28N7x5ZbWAehABkGnp9dPPT

Well I found out a couple hours after Niko first noticed the balance was missing. I've just been too embarrassed to fess up to what happened. Here's the skinny:

Back when I generated Niko's test wallet I was still using a photoshop template to make these wallets. (Now I'm using a fork of bitaddress.org / javascript.) The same day that I printed out his wallet, I also did some work in photoshop on a different (non-folding) bitcoin template for another project on bitcointalk.org. I used my photoshop template as a starting point (which still had Niko's codes on it) and I accidentally included the QR code from Niko's test wallet in a couple of design templates over here:

https://bitcointalk.org/index.php?topic=155847.100

Someone apparently tried out the codes, realized there was a balance, and swiped the wallet. That person was kind enough to contact me anonymously and let me know that s/he had swiped the bounty. If Niko wins the bet I'll just have to send him his BTC the "old fashioned" way.

tl/dr: I screwed up and posted an image containing the private key QR code to bitcointalk.org.