Time to bust a myth. Paper wallets are less secure than normal encrypted wallets - page 2.

Panthers52

hero member

Activity: 675

Merit: 502

#SuperBowl50 #NFCchamps

Quote from: Klestin on June 11, 2015, 02:19:35 PM

Quote from: Klestin on June 11, 2015, 02:12:04 PM

Do you have a vulnerability in mind that invalidates my proposal, or is "psychiatric lockup" the best you can do?

Quote from: Panthers52 on June 11, 2015, 02:16:24 PM

Try describing even part of that process to someone in RL, tell them you are doing those steps to secure your money and see what they think about your mental state.

I'll take that as "yes, that's the best I can do."

I will difer to the expert in computer security (blazr) to look for other vulnerabilities.

One risk would be that you make a mistake in copying the private keys and/or the code as humans are notorious for making copy mistakes and it would be difficult to check for such mistakes without adding potential additional chances for your private key to leak.

I am not lazy with securing my money. I only take reasonable precautions that balance various risks of loss and theft with what would end up lost (how much I would lose) and the chances of various attacks of succeeding.

spazzdla

legendary

Activity: 1722

Merit: 1000

Quote from: Panthers52 on June 11, 2015, 02:16:24 PM

Quote from: Klestin on June 11, 2015, 02:12:04 PM

Quote from: Panthers52 on June 11, 2015, 02:05:47 PM

You would suffer the loss of your freedom and privacy in exchange for keeping your Bitcoin safe from theft. I don't think this is a very good trade off when Bitcoin is suppose to represent additional freedom and privacy.

It would also result in you loosing access to your Bitcoin which would be a loss to you because you would be unable to spend it if you wished to do so. It would be similar to you using an encrypted wallet and then having all of your backups get corrupted

Um... you seriously believe someone who securely creates a paper wallet per my listed steps deserves to be locked up in a psychiatric facility? Nah, you must be trollin'. Good one dude!

Someone who takes that level of precautions are most likely going to display other symptoms of paranoid schizophrenia. Some may even argue that doing what you described would be an indication of schizophrenia.

Try describing even part of that process to someone in RL, tell them you are doing those steps to secure your money and see what they think about your mental state.

Mental illness LMAO what a joke. A group of random fucks decide if you have x traits you are mentally ill. You should see some of the panels of these bastards.

"But I do that"

"Oh okay lets not put that in there then"

It's a fucking joke.

The fact you are so lazy with your wealth I think is a mental illness. The illness of extreme lazyness SO LAZY you attempt to make others think they have a problem as they are not as lazy as you.

Klestin

hero member

Activity: 493

Merit: 500

Quote from: Klestin on June 11, 2015, 02:12:04 PM

Do you have a vulnerability in mind that invalidates my proposal, or is "psychiatric lockup" the best you can do?

Quote from: Panthers52 on June 11, 2015, 02:16:24 PM

Try describing even part of that process to someone in RL, tell them you are doing those steps to secure your money and see what they think about your mental state.

I'll take that as "yes, that's the best I can do."

Panthers52

hero member

Activity: 675

Merit: 502

#SuperBowl50 #NFCchamps

Quote from: Klestin on June 11, 2015, 02:12:04 PM

Quote from: Panthers52 on June 11, 2015, 02:05:47 PM

You would suffer the loss of your freedom and privacy in exchange for keeping your Bitcoin safe from theft. I don't think this is a very good trade off when Bitcoin is suppose to represent additional freedom and privacy.

It would also result in you loosing access to your Bitcoin which would be a loss to you because you would be unable to spend it if you wished to do so. It would be similar to you using an encrypted wallet and then having all of your backups get corrupted

Um... you seriously believe someone who securely creates a paper wallet per my listed steps deserves to be locked up in a psychiatric facility? Nah, you must be trollin'. Good one dude!

Someone who takes that level of precautions are most likely going to display other symptoms of paranoid schizophrenia. Some may even argue that doing what you described would be an indication of schizophrenia.

Try describing even part of that process to someone in RL, tell them you are doing those steps to secure your money and see what they think about your mental state.

Klestin

hero member

Activity: 493

Merit: 500

Quote from: Panthers52 on June 11, 2015, 02:05:47 PM

You would suffer the loss of your freedom and privacy in exchange for keeping your Bitcoin safe from theft. I don't think this is a very good trade off when Bitcoin is suppose to represent additional freedom and privacy.

It would also result in you loosing access to your Bitcoin which would be a loss to you because you would be unable to spend it if you wished to do so. It would be similar to you using an encrypted wallet and then having all of your backups get corrupted

Um... you seriously believe someone who securely creates a paper wallet per my listed steps deserves to be locked up in a psychiatric facility? Nah, you must be trollin'. Good one dude!

In any event, the challenge was to describe a set of steps to create a paper wallet that is more secure than an encrypted wallet on a connected desktop. Do you have a vulnerability in mind that invalidates my proposal, or is "psychiatric lockup" the best you can do?

Panthers52

hero member

Activity: 675

Merit: 502

#SuperBowl50 #NFCchamps

Quote from: Klestin on June 11, 2015, 01:57:32 PM

Quote from: Panthers52 on June 11, 2015, 01:37:52 PM

If you are this paranoid about creating a paper wallet then there is probably a pretty high chance that you will end up in a psychiatric institution. You would then be unable to ever spend the money you send to the associated address.

Psychiatric institutions generally don't allow Internet access. My 0.013 BTC are secure forevers!

You would suffer the loss of your freedom and privacy in exchange for keeping your Bitcoin safe from theft. I don't think this is a very good trade off when Bitcoin is suppose to represent additional freedom and privacy.

It would also result in you loosing access to your Bitcoin which would be a loss to you because you would be unable to spend it if you wished to do so. It would be similar to you using an encrypted wallet and then having all of your backups get corrupted

Klestin

hero member

Activity: 493

Merit: 500

Quote from: Panthers52 on June 11, 2015, 01:37:52 PM

If you are this paranoid about creating a paper wallet then there is probably a pretty high chance that you will end up in a psychiatric institution. You would then be unable to ever spend the money you send to the associated address.

Psychiatric institutions generally don't allow Internet access. My 0.013 BTC are secure forevers!

Panthers52

hero member

Activity: 675

Merit: 502

#SuperBowl50 #NFCchamps

Quote from: Klestin on June 11, 2015, 01:11:54 PM

Quote from: Blazr on June 11, 2015, 12:04:59 PM

The easiest way for me to explain that is, you tell me how you create your paper wallet, do you use a live OS, airgapped PC etc what other precautions you take, and I'll explain based on that scenario how an encrypted wallet would be safer.

I'll bite. Within a faraday cage, assemble a PC from parts purchased and held in storage for the last several years. OS installed from DVD (let's say Windows XP, original discs). Wallet generator software source code printed code-reviewed, and re-entered by hand and compiled on the PC. Wallet initial entropy via dice, rolled in a darkened room in the dead of the night (sensitive fingertips required for dice reading). M of N paper wallet created and written by hand. Remainder of notepad incinerated. Pages stored in geographically disparate secure localities. PC degaussed, then incinerated.

If coins are to be spent, M parts of wallet gathered, then repeat most of the above, sign the transaction, transfer the signature via handwritten pad, and enter on the connected PC of your choice.

You didn't say it had to be practical.

If you are this paranoid about creating a paper wallet then there is probably a pretty high chance that you will end up in a psychiatric institution. You would then be unable to ever spend the money you send to the associated address.

odolvlobo

legendary

Activity: 4466

Merit: 3391

Anyone that want's to make a paper wallet should buy a Mycelium Entropy. It is the most convenient and most secure way to make a paper wallet.

The combination of maximum security and maximum convenience is rare, but Entropy achieves it. You just plug it in, press a button and print. There is no need for an air-gapped computer, bootable CDs, formatting disks, etc.

Klestin

hero member

Activity: 493

Merit: 500

Quote from: Blazr on June 11, 2015, 12:04:59 PM

The easiest way for me to explain that is, you tell me how you create your paper wallet, do you use a live OS, airgapped PC etc what other precautions you take, and I'll explain based on that scenario how an encrypted wallet would be safer.

I'll bite. Within a faraday cage, assemble a PC from parts purchased and held in storage for the last several years. OS installed from DVD (let's say Windows XP, original discs). Wallet generator software source code printed code-reviewed, and re-entered by hand and compiled on the PC. Wallet initial entropy via dice, rolled in a darkened room in the dead of the night (sensitive fingertips required for dice reading). M of N paper wallet created and written by hand. Remainder of notepad incinerated. Pages stored in geographically disparate secure localities. PC degaussed, then incinerated.

If coins are to be spent, M parts of wallet gathered, then repeat most of the above, sign the transaction, transfer the signature via handwritten pad, and enter on the connected PC of your choice.

You didn't say it had to be practical.

Blazr

hero member

Activity: 882

Merit: 1006

The easiest way for me to explain that is, you tell me how you create your paper wallet, do you use a live OS, airgapped PC etc what other precautions you take, and I'll explain based on that scenario how an encrypted wallet would be safer.

Klestin

hero member

Activity: 493

Merit: 500

Quote from: Blazr on June 11, 2015, 11:27:46 AM

Quote from: Klestin on June 10, 2015, 01:38:04 PM

How does an air-gapped machine contract malware? It can sign transactions with zero Internet (or LAN for that matter) connectivity. Additionally, M of N paper wallets mitigate physical theft.

OP has missed the entire point of a paper wallet.

Many ways. Read up on Stuxnet. The most likely scenario would be via USB sticks when you are transferring files (which many people do with airgapped machines even though it's a big no-no), but you could also be infected if your airgapped PC's OS or other software was tampered with in some way when you were installing it, such as malware on the computer you burned the boot CD/USB tampering with the image. These are pretty advanced attacks, but they are certainly not so difficult to execute and not unheard of and thy will probably happen to some Bitcoiners eventually so people should be aware of them so that they can defend themselves if they deem it necessary.

I should add "without absolute user ineptitude, or an attackers reliance on zero-day vulnerabilities targeted to your specific hardware".

I fail to see how these extremely unlikely scenarios make "paper wallets less secure than normal encrypted wallets". Do you?

Blazr

hero member

Activity: 882

Merit: 1006

Quote from: Panthers52 on June 10, 2015, 02:45:59 PM

The to;dr version is that both encrypted wallets and paper wallets have certain vulnerabilities. Encrypted wallets have a subset of vulnerabilities and paper wallets have the same subset of vulnerabilities and then a greater subset of vulnerabilities.

I like this tl;dr a lot, does a great job at summing it up.

Blazr

hero member

Activity: 882

Merit: 1006

Quote from: Klestin on June 10, 2015, 01:38:04 PM

How does an air-gapped machine contract malware? It can sign transactions with zero Internet (or LAN for that matter) connectivity. Additionally, M of N paper wallets mitigate physical theft.

OP has missed the entire point of a paper wallet.

Many ways. Read up on Stuxnet. The most likely scenario would be via USB sticks when you are transferring files (which many people do with airgapped machines even though it's a big no-no), but you could also be infected if your airgapped PC's OS or other software was tampered with in some way when you were installing it, such as malware on the computer you burned the boot CD/USB tampering with the image. These are pretty advanced attacks, but they are certainly not so difficult to execute and not unheard of and thy will probably happen to some Bitcoiners eventually so people should be aware of them so that they can defend themselves if they deem it necessary.

Panthers52

hero member

Activity: 675

Merit: 502

#SuperBowl50 #NFCchamps

Quote from: ragi on June 09, 2015, 03:24:24 PM

I have never had a problem with a paper wallet. Why is this fear-mongering starting now? I even created them on live pc. Maybe I am just lucky... idk...

The first post in this thread actually did a pretty good job of explaining why paper wallets are more susceptible to theft/loss. Both are going to be fairly secure while more can go wrong with paper wallets, primarily physical theft of the paper wallet.

The to;dr version is that both encrypted wallets and paper wallets have certain vulnerabilities. Encrypted wallets have a subset of vulnerabilities and paper wallets have the same subset of vulnerabilities and then a greater subset of vulnerabilities.

Klestin

hero member

Activity: 493

Merit: 500

How does an air-gapped machine contract malware? It can sign transactions with zero Internet (or LAN for that matter) connectivity. Additionally, M of N paper wallets mitigate physical theft.

OP has missed the entire point of a paper wallet.

spazzdla

legendary

Activity: 1722

Merit: 1000

Quote from: odolvlobo on June 10, 2015, 11:56:22 AM

Quote from: spazzdla on June 10, 2015, 08:51:22 AM

How do I know..
Sweet mother of god have you guys ever read a news paper?

Why is Snowden in Russian than big boy?

LFC_Bitcoin

legendary

Activity: 3556

Merit: 9709

#1 VIP Crypto Casino

Quote from: AtheistAKASaneBrain on June 10, 2015, 07:09:48 AM

If someone busts inside your house they'll see you have Bitcoins if they find the paperwallet, but on the other hand with an encrypted hidden file inside a USB they would never figure out that you are a owner of Bitcoins. This is a plus against paper wallets.

Most dumb ass thieves/robbers wouldn't have a clue what bitcoin is let alone know how to put a private key into an online wallet to swipe the paper one.
When somebody robs a house they normally look for cash, electronics etc, I doubt they'll be looking inside an old book or a filing cabinet for a piece of paper with a combination of random numbers and letters on.

odolvlobo

legendary

Activity: 4466

Merit: 3391

Quote from: spazzdla on June 10, 2015, 08:51:22 AM

How do I know..
Sweet mother of god have you guys ever read a news paper?

spazzdla

legendary

Activity: 1722

Merit: 1000

How do I know..

Sweet mother of god have you guys ever read a news paper?

I find it quite hilarious everyone goes on about security yet slacks on security measures.. THEN long be hold once a week "HELP ALL MY COINS ARE GONE"..

Why are you being lazy on security........ I hear The Bank Of America will take care of security for you if you are to lazy.

Topic: Time to bust a myth. Paper wallets are less secure than normal encrypted wallets - page 2. (Read 12393 times)