Time to bust a myth. Paper wallets are less secure than normal encrypted wallets - page 5.

Blazr

hero member

Activity: 882

Merit: 1006

Quote from: ACCTseller on April 06, 2015, 02:52:36 PM

Quote from: Blazr on April 06, 2015, 02:08:50 PM

Quote from: ACCTseller on April 06, 2015, 01:15:52 PM

I didn't say it is hard to backup. It is just that people don't care to do so. I don't like the idea of storing your seed in plaintext though, I would encrypt it with a weak PGP password (instead of a private PGP key) that way someone that hacks your cloud storage with social engineering cannot have immediate access to your private keys and you should have time to move your funds once you discover your cloud storage service is hacked. Plus if your computer is hacked then there is a good chance your cloud storage service account would get hacked as well.

You can do a very similar procedure with electrum as well.

When you do file>save copy in Electrum, the copy will be encrypted if the original was. Of course any wallet you put in the cloud should be encrypted, a few years ago dropbox had a security issue that allowed anyone to log in to anyone else account without a password. The issue remained for a few hours.

Only the hand-written seed should be unencrypted, I would not recommend encrypting it as if you forget your password you'll have no way of accessing your funds, you should always have the means to access your wallet in the event you've forgotten your password.

you could tell it to display the seed and then save the text of the seed in a PGP encrypted file.

This would be essentially the same thing you would do with armory, except that armory is much more encouraging for you to back it up this way.

The problem is though, if you happen to get diagnosed with amnesia, you won't be able to access your Bitcoins to pay for treatment as you'll have forgotten all your passwords, so you should always have a way in to your wallet without a password in case you forget your passwords, which is why I recommend an unencrypted handwritten seed. If you absolutely must encrypt the seed, then you should at least store a password hint with it and you shouldn't use a really high iteration count so if you forget a character or two you'll be able to bruteforce your way in. Obviously such a seed should be kept in a very safe location if physical theft is an issue.

Armory also tries to force you to make at least one unencrypted backup for this reason. Without a way of getting into your wallet without a password your wallet essentially becomes a brain wallet.

ACCTseller

hero member

Activity: 532

Merit: 500

no longer selling accounts

Quote from: Blazr on April 06, 2015, 02:08:50 PM

Quote from: ACCTseller on April 06, 2015, 01:15:52 PM

I didn't say it is hard to backup. It is just that people don't care to do so. I don't like the idea of storing your seed in plaintext though, I would encrypt it with a weak PGP password (instead of a private PGP key) that way someone that hacks your cloud storage with social engineering cannot have immediate access to your private keys and you should have time to move your funds once you discover your cloud storage service is hacked. Plus if your computer is hacked then there is a good chance your cloud storage service account would get hacked as well.

You can do a very similar procedure with electrum as well.

When you do file>save copy in Electrum, the copy will be encrypted if the original was. Of course any wallet you put in the cloud should be encrypted, a few years ago dropbox had a security issue that allowed anyone to log in to anyone else account without a password. The issue remained for a few hours.

Only the hand-written seed should be unencrypted, I would not recommend encrypting it as if you forget your password you'll have no way of accessing your funds, you should always have the means to access your wallet in the event you've forgotten your password.

you could tell it to display the seed and then save the text of the seed in a PGP encrypted file.

This would be essentially the same thing you would do with armory, except that armory is much more encouraging for you to back it up this way.

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: Blazr on April 06, 2015, 02:38:26 PM

I think an audiomodem is the best way to transmit the transaction data in the end of the day.

I think it probably depends upon the software being used - but assuming it doesn't allow for "executable code" (or scripts) then either QR or audio should be okay.

Blazr

hero member

Activity: 882

Merit: 1006

Quote from: CIYAM on April 06, 2015, 02:30:16 PM

My problem with Armory has always been that they don't do QR codes (instead rely upon USB devices that could be hacked) simply because they try to be a "wallet" rather than just a "cold storage" solution (so CIYAM Safe is actually *safer* than Armory).

Yes of course. There are a WHOLE lotta problems with USB sticks. QR codes are much much better. I personally like using an audiomodem to transmit the transaction data via sound card over a 3.5mm audio cable. Qr codes have an advantage over an audiomodem in that an audiomodem can transmit data both ways which is a security risk, but the audiomodem is much more convenient, I always had trouble scanning the QR codes with the camera as my laptop only has a front-facing camera. I think an audiomodem is the best way to transmit the transaction data in the end of the day.

Blazr

hero member

Activity: 882

Merit: 1006

Quote from: bitebits on April 06, 2015, 02:30:25 PM

You are aware that the remaining bitcoins go to a new change address?

You should always sweep the complete balance, as it's not safe to try to partially spend directly from the paper wallet itself.

It doesn't really matter because the hacker still could've just had the malware send all the funds to his wallet once the second the private key was typed in. In this case the hacker was lazy and just did it manually a few hours later, but the next hacker won't be so lazy.

Using change addresses with paper wallets requires using a new paper wallet each time you make a transaction, which you obviously should do, but very few people actually do that as it's not very convenient.

bitebits

legendary

Activity: 2242

Merit: 3523

Flippin' burgers since 1163.

Quote from: Blazr on April 06, 2015, 12:41:11 PM

However I had a friend who had his paper wallet hacked recently, which is why I decided to make this thread. He typed the private key into his computer to send some bitcoins out of it and a few hours later the rest of the funds on the paper wallet were stolen. We're still looking into what exactly what happened [...]

You are aware that the remaining bitcoins go to a new change address?

You should always sweep the complete balance, as it's not safe to try to partially spend directly from the paper wallet itself.

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: Blazr on April 06, 2015, 02:27:28 PM

I believe Armory is only testing them right now, hopefully they can improve the situation.

My problem with Armory has always been that they don't do QR codes (instead rely upon USB devices that could be hacked) simply because they try to be a "wallet" rather than just a "cold storage" solution (so CIYAM Safe is actually *safer* than Armory).

Pietjebel

newbie

Activity: 21

Merit: 2

Quote from: ACCTseller on April 06, 2015, 02:03:44 PM

Quote from: Pietjebel on April 06, 2015, 01:43:21 PM

Quote

He typed the private key into his computer to send some bitcoins out of it and a few hours later the rest of the funds on the paper wallet were stolen.

How is this even possible, the funds belonging to a private key needs to be spend all at once right?

No. You need to "spend" all the funds in each input that you are sending however it is possible to make the chance go back to the address that originaly had the funds as is encouraged by the use of paper wallets.

It would be possible to have multiple inputs to an address and only spend one or some of them.

Thanks for explaining, didn't know.

Blazr

hero member

Activity: 882

Merit: 1006

Quote from: CIYAM on April 06, 2015, 02:25:07 PM

Quote from: Blazr on April 06, 2015, 02:23:10 PM

Yep a good step, however as you know there is the whole R value issue, and the method used to transmit the transaction data. I believe your system uses QR codes to transmit the transaction data, which is good, but I don't think your solution can prevent against the R value issue, can it?

I'd need to change the signature system to use deterministic values to be certain against that (if vanitygen would add that then it would be relatively easy to incorporate).

I have been reading about this, I don't know enough about deterministic values, they aren't widely used yet, I believe Armory is only testing them right now, hopefully they can improve the situation.

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: Blazr on April 06, 2015, 02:23:10 PM

Yep a good step, however as you know there is the whole R value issue, and the method used to transmit the transaction data. I believe your system uses QR codes to transmit the transaction data, which is good, but I don't think your solution can prevent against the R value issue, can it?

I'd need to change the signature system to use deterministic values to be certain against that (if vanitygen would add that then it would be relatively easy to incorporate).

Blazr

hero member

Activity: 882

Merit: 1006

Quote from: CIYAM on April 06, 2015, 02:18:35 PM

My cold storage laptop is over 10 years old (which actually made it very cheap to buy).

And it *cannot* connect to the internet (apart from getting its WiFi card removed I ruined its plugs to prevent anyone plugging in anything to connect it).

Yep a good step, however as you know there is the whole R value issue, and the method used to transmit the transaction data. I believe your system uses QR codes to transmit the transaction data, which is good.

One issue is if there was malware on both cold PC and online PC then the QR code could simply be replace by the malware with the actual private key and when you scan the QR the online PC sweeps it into the hackers wallet. Also I don't think your solution can prevent against the R value issue, can it?

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

Quote from: Blazr on April 06, 2015, 02:17:22 PM

Also their malware is at least 6 years old, so you'll need some REALLY old hardware.

My cold storage laptop is around 10 years old (which actually made it very cheap to buy).

And it *cannot* connect to the internet (apart from getting its WiFi card removed I ruined its plugs to prevent anyone plugging in anything to connect it).

Blazr

hero member

Activity: 882

Merit: 1006

Quote from: CIYAM on April 06, 2015, 02:14:03 PM

I create the CIYAM Safe (https://susestudio.com/a/kp8B3G/ciyam-safe) for the purpose of making safe offline "cold storage".

To be really secure I would advise buying an *old computer" that predates any of the NSA attacks upon hard-drive firmware, etc. (yes it is a pity that the US has made all modern hardware now suspect).

The NSA hard drive firmware malware used browser exploits and other techniques to gain access to the device and then reflash the hard drive firmware in order to hide it's existence from the operating system and survive a reformat. Also their malware is at least 6 years old, so you'll need some REALLY old hardware.

I would recommend just walking into a computer shop and picking up a sealed computer off the shelf from a manufacturer you trust. You need to trust the manufacturer hasn't inserted any backdoors, which can be difficult. Picking up one at random from a store prevents against targetted attacks, for example the NSA are known to intercept computer hardware in the mail and insert backdoors into it (the infamous Cisco router).

CIYAM

legendary

Activity: 1890

Merit: 1086

Ian Knowles - CIYAM Lead Developer

I created the CIYAM Safe (https://susestudio.com/a/kp8B3G/ciyam-safe) for the purpose of making safe offline "cold storage".

To be really secure I would advise buying an *old computer" that predates any of the NSA attacks upon hard-drive firmware, etc. (yes it is a pity that they have made all modern hardware now suspect).

Like it or not we are in the middle of a "war' against privacy (which the major governments of this world hope we will lose).

Blazr

hero member

Activity: 882

Merit: 1006

Quote from: kpitti on April 06, 2015, 01:10:17 PM

Thank you, I am taking this very seriously. I would welcome any information or guidance how to avoid such scenario. Reading your answer I see another problem in Not following basic rule to spend whole amount of BTC stored in Paper Wallet. When you once use your Private key is not "private" any more. I will follow your thread for sure. Thanks.

I'm working on a guide right now that will show you step-by-step how to setup a secure and relatively simple hot/cold storage system using electrum that will provide significant protection. Keep an eye out for it.

Blazr

hero member

Activity: 882

Merit: 1006

Quote from: ACCTseller on April 06, 2015, 01:15:52 PM

I didn't say it is hard to backup. It is just that people don't care to do so. I don't like the idea of storing your seed in plaintext though, I would encrypt it with a weak PGP password (instead of a private PGP key) that way someone that hacks your cloud storage with social engineering cannot have immediate access to your private keys and you should have time to move your funds once you discover your cloud storage service is hacked. Plus if your computer is hacked then there is a good chance your cloud storage service account would get hacked as well.

You can do a very similar procedure with electrum as well.

When you do file>save copy in Electrum, the copy will be encrypted if the original was. Of course any wallet you put in the cloud should be encrypted, a few years ago dropbox had a security issue that allowed anyone to log in to anyone else account without a password. The issue remained for a few hours.

Only the hand-written seed should be unencrypted, I would not recommend encrypting it as if you forget your password you'll have no way of accessing your funds, you should always have the means to access your wallet in the event you've forgotten your password.

ACCTseller

hero member

Activity: 532

Merit: 500

no longer selling accounts

Quote from: Pietjebel on April 06, 2015, 01:43:21 PM

Quote

He typed the private key into his computer to send some bitcoins out of it and a few hours later the rest of the funds on the paper wallet were stolen.

How is this even possible, the funds belonging to a private key needs to be spend all at once right?

No. You need to "spend" all the funds in each input that you are sending however it is possible to make the chance go back to the address that originaly had the funds as is encouraged by the use of paper wallets.

It would be possible to have multiple inputs to an address and only spend one or some of them.

Febo

legendary

Activity: 2730

Merit: 1288

If you dont do it right no procedure will be ever safe. If you do it right both ways can be quite safe.

Pietjebel

newbie

Activity: 21

Merit: 2

Quote

He typed the private key into his computer to send some bitcoins out of it and a few hours later the rest of the funds on the paper wallet were stolen.

How is this even possible, the funds belonging to a private key needs to be spend all at once right?

ACCTseller

hero member

Activity: 532

Merit: 500

no longer selling accounts

Quote from: Blazr on April 06, 2015, 12:41:11 PM

Quote from: ACCTseller on April 06, 2015, 11:44:41 AM

right. I think it is somewhat of an unrealistic expectation for everyone to backup their wallets in multiple locations and mediums as this level of security is foreign to most people, especially with the advent of cloud storage that allows their documents to be automatically backed up to their cloud service. I am not saying that I engage in this lack of security environment or that it is a valid excuse however it is unfortunately a reality for a lot of people.

It's not that difficult to backup your wallet. To do it with electrum, simply create a wallet, write down the seed on paper with a pen (no printers), then do file>save copy and save it in cloud storage. Now you have 3 copies, 2 different mediums and 1 offsite. Electrum backups are forever (except for the labels, you can use the label sync feature if you want to back those up). The seed is at risk of physical theft however, and I wouldn't recommend encrypting it in case you forget your password.

I didn't say it is hard to backup. It is just that people don't care to do so. I don't like the idea of storing your seed in plaintext though, I would encrypt it with a weak PGP password (instead of a private PGP key) that way someone that hacks your cloud storage with social engineering cannot have immediate access to your private keys and you should have time to move your funds once you discover your cloud storage service is hacked. Plus if your computer is hacked then there is a good chance your cloud storage service account would get hacked as well.

You can do a very similar procedure with electrum as well.

Topic: Time to bust a myth. Paper wallets are less secure than normal encrypted wallets - page 5. (Read 12393 times)