Bitcoin Forum
April 27, 2017, 05:04:10 PM *
News: If the forum does not load normally for you, please send me a traceroute.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 »  All
  Print  
Author Topic: The official BitcoinPaperWallet.com thread -- updates and news.  (Read 51441 times)
canton
Sr. Member
****
Offline Offline

Activity: 259



View Profile WWW
April 30, 2013, 05:45:30 AM
 #101

The latest revision to this wallet design is fairly minor. But pretty! I had gold and silver tamper-evident hologram stickers custom printed with white "bitcoin" text that exactly matches the pseudo "watermark" design on the reverse of the folding wallet.



Rainbows are wicked hard to photograph, so this video shows the silver vs. gold holograms best: http://youtu.be/gZBXhFT_GKo

Although I haven't officially launched this design yet, the stickers and the latest folding design are all both available at http://bitcoinpaperwallet.com


https://bitcoinpaperwallet.com - Gorgeous 2-sided tri-fold paper wallets with tamper-evident features. *** Now with BIP38 & dice generator ***

My RSA Key ID & Fingerprint: 36E1D9B6 / AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B
1493312650
Hero Member
*
Offline Offline

Posts: 1493312650

View Profile Personal Message (Offline)

Ignore
1493312650
Reply with quote  #2

1493312650
Report to moderator
1493312650
Hero Member
*
Offline Offline

Posts: 1493312650

View Profile Personal Message (Offline)

Ignore
1493312650
Reply with quote  #2

1493312650
Report to moderator
1493312650
Hero Member
*
Offline Offline

Posts: 1493312650

View Profile Personal Message (Offline)

Ignore
1493312650
Reply with quote  #2

1493312650
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1493312650
Hero Member
*
Offline Offline

Posts: 1493312650

View Profile Personal Message (Offline)

Ignore
1493312650
Reply with quote  #2

1493312650
Report to moderator
1493312650
Hero Member
*
Offline Offline

Posts: 1493312650

View Profile Personal Message (Offline)

Ignore
1493312650
Reply with quote  #2

1493312650
Report to moderator
1493312650
Hero Member
*
Offline Offline

Posts: 1493312650

View Profile Personal Message (Offline)

Ignore
1493312650
Reply with quote  #2

1493312650
Report to moderator
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
April 30, 2013, 07:08:05 AM
 #102

I finally got a couple of hours to play with the early prototype. Here is what I was able to get by simply shining light through the wallet:


Now, as much as I am satisfied that I was able to read most of the letters, the level of satisfaction will not increase significantly if I spend time doing this until I am able to read all of the letters. If it was a 100-coin wallet, maybe.

Furthermore, canton included a sample sticker (that he did not apply to the wallet he sent it with) that would pretty much render my attempts completely futile: the sticker substrate appears to be metallic. No way we'll be able to read through that any more that we can read through Casascius coins.

I give up! Since this private key was inadvertently revealed elsewhere by canton, I will not be sending my dues there; canton, PM me a new address!

This was fun. Again, if you do make your own paper wallets, and you store any significant value in them, do not take tamper-proofness lightly.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
canton
Sr. Member
****
Offline Offline

Activity: 259



View Profile WWW
April 30, 2013, 02:31:14 PM
 #103

I give up! Since this private key was inadvertently revealed elsewhere by canton, I will not be sending my dues there; canton, PM me a new address!

Nice work with the partial reveal, Niko!

I'll PM you an address for the .0255 BTC bet, but only if you let me send you a batch of these new holograms for your own use. Smiley Do you want silver, gold, or both?

https://bitcoinpaperwallet.com - Gorgeous 2-sided tri-fold paper wallets with tamper-evident features. *** Now with BIP38 & dice generator ***

My RSA Key ID & Fingerprint: 36E1D9B6 / AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
May 01, 2013, 06:27:47 PM
 #104

Things usually work out much better when you don't try too hard. After officially giving up, and paying up the dues, I could finally have some fun with the sample wallet. I was able to read the key in about two minutes, without any apparent damage.
Canton, I emailed you with the details.

They're there, in their room.
Your mining rig is on fire, yet you're very calm.
fluffypony
Donator
Legendary
*
Offline Offline

Activity: 1190


GetMonero.org / MyMonero.com


View Profile WWW
May 04, 2013, 04:31:32 PM
 #105

My stickers just arrived today (thanks Canton, shipping to South Africa was FAST!) - I'm not going to post an unboxing, it's a frikkin envelope:)

I printed a wallet (1PJegEonLNGqxgtk1dva6sJze9F1HwraMn) in grayscale and decided to try candle it. For my experiment I'm using a Fenix TK41 U2, which produces 860 Lumens of blinding white brightness.

Setup:


15 Lumens test:


120 Lumens test:


365 Lumens test:


860 Lumens test:


I know it may be a little hard to see clearly, but even at 860 Lumens there was sufficient blur to make the QR code unreadable and impossible to clean up. The stickers obliterated any chance at reading the code. If I was extra paranoid I could stick an extra sticker to cover the QR code:) I'm confident that even at 860 Lumens, printed with relatively light toner on a grayscale laser printer, that it is safe to use. I'll be printing out a new permanent one in colour to be extra safe:)

canton
Sr. Member
****
Offline Offline

Activity: 259



View Profile WWW
May 05, 2013, 01:26:50 AM
 #106

I was able to read the key in about two minutes, without any apparent damage.

I wanted to confirm for anyone following this thread (or following the bet Niko and I had re: his efforts to try to bypass the tamper-evidence features of this wallet) that Niko did in fact come up with a very smart way to reveal the private key without damaging the tape.

Once he sends me his public address I'll send him a few beers BTC to honor our bet.

For the time being, since I don't (yet) have a solution for Niko's hack, I appreciate that he's not making it public here. I'm no believer in security through obscurity, but at the same time I figure there's no especially good reason to post instructions for circumventing the tamper-evidence so long as I publicly declare: YES there are definitely ways to reveal the private key without anyone knowing it, and you don't need superconducting quantum NASA laserbeam technology or anything like that. Smiley

https://bitcoinpaperwallet.com - Gorgeous 2-sided tri-fold paper wallets with tamper-evident features. *** Now with BIP38 & dice generator ***

My RSA Key ID & Fingerprint: 36E1D9B6 / AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B
canton
Sr. Member
****
Offline Offline

Activity: 259



View Profile WWW
May 05, 2013, 01:32:21 AM
 #107

I'm using a Fenix TK41 U2 which produces 860 Lumens of blinding white brightness

Fluffypony -- thanks both for ordering those stickers and for testing them out with what appears to be a Jedi lightsaber.

Glad the stickers arrived to you intact. Your order was one of the first 30 or 40 orders in which I was using an attractive/descriptive "bitcoinpaperwallet.com" return address. Two of those orders (both to Canada, interestingly) were sliced open before arrival. Stickers intact, but someone tampered with the envelope on the way for sure, possibly someone high up in the CA postal route.

"It's not paranoia if they really are out to get you."

I've since made the return address more obscure, less likely to draw attention.



https://bitcoinpaperwallet.com - Gorgeous 2-sided tri-fold paper wallets with tamper-evident features. *** Now with BIP38 & dice generator ***

My RSA Key ID & Fingerprint: 36E1D9B6 / AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B
R2D221
Hero Member
*****
Offline Offline

Activity: 658



View Profile
May 05, 2013, 04:17:10 AM
 #108

For the time being, I don't (yet) have a solution for Niko's hack
So, will you inform us when you do have a solution? I would like to be sure it's the most secure possible before starting to use it.

An economy based on endless growth is unsustainable.
dhenson
Legendary
*
Offline Offline

Activity: 994



View Profile
May 05, 2013, 04:48:21 AM
 #109

I don't see the point in stressing about the 'hack'.  Keep your wallet physically secured and you won't have to worry about it.
fluffypony
Donator
Legendary
*
Offline Offline

Activity: 1190


GetMonero.org / MyMonero.com


View Profile WWW
May 05, 2013, 06:24:04 AM
 #110

I don't see the point in stressing about the 'hack'.  Keep your wallet physically secured and you won't have to worry about it.

This exactly. I don't think that this is designed to be kept loose in your wallet, there are other solutions for that. This is meant to be stored somewhere safe, and is designed in a way that tampering will be evident.

Terk
Hero Member
*****
Offline Offline

Activity: 616



View Profile
May 05, 2013, 12:05:15 PM
 #111

For the time being, since I don't (yet) have a solution for Niko's hack, I appreciate that he's not making it public here. I'm no believer in security through obscurity, but at the same time I figure there's no especially good reason to post instructions for circumventing the tamper-evidence so long as I publicly declare: YES there are definitely ways to reveal the private key without anyone knowing it, and you don't need superconducting quantum NASA laserbeam technology or anything like that. Smiley

1. These wallets aren't designed to be kept in your open space office desk drawer. You should keep it secure and unavailable for others' physical access.
2. More probable attack vector of someone who accessed that wallet physically is to rip it open and withdraw coins. All users should be aware that if someone can access the wallet, they're screwed.

Considering this, I think it's safe to assume that everybody sane will keep their paper wallet secured. And considering this, I think it's better to openly describe the hack, because crowdsourced solution might come much faster.

Terk
Hero Member
*****
Offline Offline

Activity: 616



View Profile
May 05, 2013, 12:17:57 PM
 #112

Also, if there is someone who you know deposits regularly into his cold paper wallet and you really want to see the private key without him knowing, there's better attack vector than that.

You quickly take a picture of his wallet when you first have a chance (to have the public address). Then you go back home and print a copy using your website. On the outside, everything looks like the original with the same public key. On the inside, there is some random string instead of the private key.

You fold the wallet and use the original stickers purchased from https://bitcoinpaperwallet.com/. Now the wallet looks exactly like the original. You go back and switch wallets (or you do everything in one go with some portable printer). You open the original wallets without any tricks.

Now you can sit and enjoy balance increasing over time. He won't know the wallet is stolen until he opens it. And when he opens it, it's probably because he wants to withdraw. So as a bonus, you are secured in case that the owner would like to withdraw money. When he opens the wallet two years later he won't have access to the private key. You won't get that if you only read the private key and leave the original wallet.

So: reading private key and leaving it back in place isn't good. You never know when the owner is going to withdraw. You should either steal the whole wallet and withdraw or switch the wallet with a forged one. Both of these attacks are not only easier but more effective than trying to read the wallet and leave it intact.

fluffypony
Donator
Legendary
*
Offline Offline

Activity: 1190


GetMonero.org / MyMonero.com


View Profile WWW
May 06, 2013, 05:29:00 AM
 #113

Also, if there is someone who you know deposits regularly into his cold paper wallet and you really want to see the private key without him knowing, there's better attack vector than that.

You quickly take a picture of his wallet when you first have a chance (to have the public address). Then you go back home and print a copy using your website. On the outside, everything looks like the original with the same public key. On the inside, there is some random string instead of the private key.

You fold the wallet and use the original stickers purchased from https://bitcoinpaperwallet.com/. Now the wallet looks exactly like the original. You go back and switch wallets (or you do everything in one go with some portable printer). You open the original wallets without any tricks.

Now you can sit and enjoy balance increasing over time. He won't know the wallet is stolen until he opens it. And when he opens it, it's probably because he wants to withdraw. So as a bonus, you are secured in case that the owner would like to withdraw money. When he opens the wallet two years later he won't have access to the private key. You won't get that if you only read the private key and leave the original wallet.

So: reading private key and leaving it back in place isn't good. You never know when the owner is going to withdraw. You should either steal the whole wallet and withdraw or switch the wallet with a forged one. Both of these attacks are not only easier but more effective than trying to read the wallet and leave it intact.

That is ingenious - very clever attack vector! The only way to mitigate it somewhat, I suppose, is to handwrite something on the wallet. That way, unless they go to the extraordinary length of getting a really good handwriting forger, you will recognise someone else's handwriting.

Rodyland
Hero Member
*****
Offline Offline

Activity: 499


View Profile
May 06, 2013, 06:47:48 AM
 #114

Also, if there is someone who you know deposits regularly into his cold paper wallet and you really want to see the private key without him knowing, there's better attack vector than that.

You quickly take a picture of his wallet when you first have a chance (to have the public address). Then you go back home and print a copy using your website. On the outside, everything looks like the original with the same public key. On the inside, there is some random string instead of the private key.

You fold the wallet and use the original stickers purchased from https://bitcoinpaperwallet.com/. Now the wallet looks exactly like the original. You go back and switch wallets (or you do everything in one go with some portable printer). You open the original wallets without any tricks.

Now you can sit and enjoy balance increasing over time. He won't know the wallet is stolen until he opens it. And when he opens it, it's probably because he wants to withdraw. So as a bonus, you are secured in case that the owner would like to withdraw money. When he opens the wallet two years later he won't have access to the private key. You won't get that if you only read the private key and leave the original wallet.

So: reading private key and leaving it back in place isn't good. You never know when the owner is going to withdraw. You should either steal the whole wallet and withdraw or switch the wallet with a forged one. Both of these attacks are not only easier but more effective than trying to read the wallet and leave it intact.

That is ingenious - very clever attack vector! The only way to mitigate it somewhat, I suppose, is to handwrite something on the wallet. That way, unless they go to the extraordinary length of getting a really good handwriting forger, you will recognise someone else's handwriting.

Handwriting the deposit information on the back would lead to early detection.

I am wondering if a two factor wallet would be a better option for the paranoid and/or large amounts.

Beware the weak hands!
1NcL6Mjm4qeiYYi2rpoCtQopPrH4PyKfUC
GPG ID: E3AA41E3
fluffypony
Donator
Legendary
*
Offline Offline

Activity: 1190


GetMonero.org / MyMonero.com


View Profile WWW
May 06, 2013, 09:39:53 AM
 #115

Handwriting the deposit information on the back would lead to early detection.

I am wondering if a two factor wallet would be a better option for the paranoid and/or large amounts.

Well, I've suggested this before, but it seems none of the paper wallet systems out there support it: why can't the private key be encoded/encrypted with a passphrase? When importing, the passphrase would be required to decode/decrypt the private key, thus mitigating most physical attacks.

Terk
Hero Member
*****
Offline Offline

Activity: 616



View Profile
May 06, 2013, 11:41:36 AM
 #116

Truly paranoid could also deposit using multi signature transactions. You send the deposit to two or three recipients (addresses of your own paper wallets). Then when you want to withdraw, there are two private keys required from two of your wallets. Of course you store these paper wallets in different physical locations.

canton
Sr. Member
****
Offline Offline

Activity: 259



View Profile WWW
May 06, 2013, 06:03:52 PM
 #117

Well, I've suggested this before, but it seems none of the paper wallet systems out there support it: why can't the private key be encoded/encrypted with a passphrase?

(BTW I love your evil scenario for replacing wallets with look-alikes. Very clever.) I think the next round of holographic tape I order might (1) feature a totally custom hologram (expensive to forge) plus (2) stickers with unique serial numbers printed in pairs to discourage wallet swapping / sticker replacing.

Regarding encrypted private keys, I'm working on implementing BIP38 as a different design less suited for gift-giving and more suited for long-term storage, something like this:



Finally, for anyone dying to know what Niko's subterfuge was, it was about soaking the wallet in a liquid to remove the stickers without detection. At some point he thought a heatgun/blowdrier might work as well. I haven't tested.


https://bitcoinpaperwallet.com - Gorgeous 2-sided tri-fold paper wallets with tamper-evident features. *** Now with BIP38 & dice generator ***

My RSA Key ID & Fingerprint: 36E1D9B6 / AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B
niko
Hero Member
*****
Offline Offline

Activity: 742


There is more to Bitcoin than bitcoins.


View Profile
May 06, 2013, 07:57:02 PM
 #118

For the time being, since I don't (yet) have a solution for Niko's hack, I appreciate that he's not making it public here. I'm no believer in security through obscurity, but at the same time I figure there's no especially good reason to post instructions for circumventing the tamper-evidence so long as I publicly declare: YES there are definitely ways to reveal the private key without anyone knowing it, and you don't need superconducting quantum NASA laserbeam technology or anything like that. Smiley

1. These wallets aren't designed to be kept in your open space office desk drawer. You should keep it secure and unavailable for others' physical access.
2. More probable attack vector of someone who accessed that wallet physically is to rip it open and withdraw coins. All users should be aware that if someone can access the wallet, they're screwed.

Considering this, I think it's safe to assume that everybody sane will keep their paper wallet secured. And considering this, I think it's better to openly describe the hack, because crowdsourced solution might come much faster.
Good points, Terk. Furthermore, the slight-of-hand attack you described in yor next post is great. BIP38 addresses these kinds of problems, and canton is working on implementing it.


They're there, in their room.
Your mining rig is on fire, yet you're very calm.
jabberwok
Newbie
*
Offline Offline

Activity: 25



View Profile
May 07, 2013, 11:08:58 PM
 #119

Good work, Canton!

I love the design and am definitely going to start using these.

I don't see the point in stressing about the 'hack'.  Keep your wallet physically secured and you won't have to worry about it.
I agree completely, but I am very much enjoying the friendly battle with Niko.

Is there any way you could post the base design without keys and QR codes so that I could stick in a vanity address just for fun?  Or maybe you could find a way to incorporate vanitygen, though that sounds like it might be a bit difficult.  It might also be nice if other address formats could be used.  I would love to use this for Litecoins, too.
canton
Sr. Member
****
Offline Offline

Activity: 259



View Profile WWW
May 08, 2013, 02:21:06 AM
 #120

Is there any way you could post the base design without keys and QR codes so that I could stick in a vanity address just for fun?  Or maybe you could find a way to incorporate vanitygen, though that sounds like it might be a bit difficult.  It might also be nice if other address formats could be used.  I would love to use this for Litecoins, too.

Hi Jabberwok,

I sure will post the PSDs/PDFs for editing/adjusting. Also someone else has generously worked on a shell script (live CD!) based version that uses vanitygen and outputs PDF files of my design as an alternative to the current bitaddress.org-based method I'm using now. Distributing this might be a few weeks out. It's a wicked bit of code: uses a RAM drive during wallet generation and then shreds the memory space afterwards -- less worrying about printer cache files and such.

https://bitcoinpaperwallet.com - Gorgeous 2-sided tri-fold paper wallets with tamper-evident features. *** Now with BIP38 & dice generator ***

My RSA Key ID & Fingerprint: 36E1D9B6 / AB12 6777 451C 7A18 C172 3297 C525 F065 0B16 DF4B
Pages: « 1 2 3 4 5 [6] 7 8 9 10 11 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!