Bitcoin Forum

Correct me if I am wrong, but the differences between a normal printed paper wallet and a BIP-38 printed paper wallet is:

Normal Paper Wallet = You have to hide these like diamonds in your house. If a robber breaks into your house and still manages to break into your safe and take the paper wallet, well you're fucked. He has access to your private key.

BIP-38 Encrypted Paper Wallet = You can have 100 printed out if you wanted to. You can hide one in every room of your house, the bank deposit boxes, in your backyard underground, in your work office, or again in your personal safe at home. The difference is, even if a robber breaks in and steals it, or a coworker takes it, they won't be able to access it since the private key is encrypted.

Are there any downsides to BIP-38? Is it just as easy to transfer funds to and from the encrypted paper wallet or is more work involved than a normal paper wallet?

Just wanted to add, the same thing would apply to a 2nd Cold offline computer right?

1) Install Bitcoin on your future cold computer
2) Generate a wallet/address on your future cold computer
3) Disconnect your computer from the internet and keep it disconnected permanently.
4) Using Blockchain, your Hot Computer, or whatever computer that has funds, send Bitcoins to your cold computer's address
5) Check/Watch the balance on the blockchain to see that you have the funds on the new address for your cold computer
6) Encrypt the cold computer wallet, make backups flash drives/paper copies with BIP-38, and/or hide the computer for more security

Miss anything or is that about right for the cold storage for 2nd computer?

What if something happens to you and the password is lost?

The BIP0038 password should also be stored redundantly, and ideally, in an encrypted form.

If I am not mistake, Shamir's Shared Secret algorithm is the appropriate method to store the password such that m-of-n trusted parties would need to collaborate to reconstruct the password.

So to steal your bitcoin, an attacker would need to have possessed (or photographed) the BIP0038 wallet, and then would also either need to coerce you into revealing your password, or would need to find m-of-n of your trusted parties and get them to reveal their secret, so that the attacker could reconstruct the password.

Use http://bitaddress.org (a saved version, offline) to generate the BIP0038 paper wallet and use http://passguardian.com (a saved version, offline) for the m-of-n Shamir's Secret Sharing.

Your heirs will need instructions on how to reconstruct the BIP0038 password.

I used BIP38 when I made paper wallets, but this talk by Alan Reiner has me reconsidering. The argument is that we're pretty good with physical security and don't need to encrypt in most cases. This will also make it easy if anything were to happen to you for your family or friends to be able to access the BTC on the paper wallets, versus it being lost forever to a password in your mind.

https://www.youtube.com/watch?v=qd9C9TQ3pWY

(Full disclosure - I published this video, but it's still a great talk for all users of BTC)

I think any security idea which requires you to write down a password in plain text on paper is a pretty bad idea. Much prefer a brain wallet.

A brain wallet and an encrypted paper wallet have the same problem. If you die and no one knows your password, the BTC are lost forever. Unencrypted wallets stored securely in your home are adequate for 99% of people. We're usually pretty good at securing things physically.

i don't plan on dying sir,

GOT REGENERATOR-G1 AWWWYEAH

Just look at Schumacher's accident (https://bitcointalk.org/index.php?topic=391713.0), which is potentially a life changing event for him and his family. Having his key only in his brain may mean his BTC are lost for ever. But having a plain copy in the safe is a different story.

I agree, plain keys in a physical security is going to be just as safe and much more reliable.

A BIP-38 encrypted private key embedded in metal is the most secure.  (Disclosure: I am biased, but I really do believe in and use my own product.  :) )  http://bitcoinfiresafe.com/ (http://bitcoinfiresafe.com/)

That's cool. Thanks for the link.

What's the cost of one?

Our Classic Safe 934 costs $50 worth of BTC at current Coinbase price (so .05389 this minute), plus $5 shipping in US, or $10 international.  Mention "mskryxz thread" in your order and we'll give a 15% discount through January 2014.  :-)

Are you saying Schumacher has bitcoins?

It depends what your purpose is... If some of you guys are putting life savings into Bitcoins and your family is ok with that, then sure you probably want them to access it when you die. However, there are others out there like miners who invested little or nothing and are just holding Bitcoins or for those casual Bitcoin investors who have < $2k in there, it might not matter.

For those who use Bitcoin because it's decentralized and you can keep the money yours forever even if the government seizes every asset you can possibly own, then perhaps this is why you DON'T want your private key ever disclosed. This is where the true power of a Brainwallet dies. The government can lock me up for 20 years, take every dime I own, but when I get out, as long as I remember that Brainwallet passphrase or can recover it somehow, the funds are mine.

I think you meant "where the true power of a Brainwallet lies" not "where the true power of a Brainwallet dies"? ;)

If anything, that should provide my scheming wife/kids with more motivation to keep me alive because if I die they'll get nothing.

If it's in the family safe however ...

/not married.

If you die do you really give a shit what happens to your BTC?

Nah

M of N encryption and solid physical security.


BIP 38 runs too much risk of being lost due to the owner dying, becoming injured, forgetting the pass code etc.

Encrypted paper wallet always were good idea. I only wonder what would next advancement from here

remember if you will go too much security, you are going to have more chance of loosing it without adding additional security
for ex. u are using BIP to paper wallet and have it in 10 places to not lost it, but u forgot password.... coins lost.

Paper always sound more stable then this damn hard drives ;P

I knew about bitaddress (very useful) but thanks for mentionning http://passguardian.com and kudos to the developper: this is an awesome javascript utility (much easier than installing the ssss command line software on one's PC).

You can install wallet software from a USB drive, so there's no need for the cold computer to ever be connected to the internet. Buy a cheap laptop, format it, install a free Linux-based O/S from USB, install Armory from USB, create a wallet, export it as a "watching" wallet (ie, without private keys), import it into a wallet on a second, online, computer. You can check the balance from the online computer. There's no need to use Blockchain.

You can even spend the funds without the offline computer going online. You have the online computer generate unsigned transactions, move them across the air gap to the offline computer, sign them there, move the transactions back, publish them from the online computer. Armory generates new addresses in a deterministic way, so you avoid reusing addresses and the offline wallet still only needs to be backed up once.

This is what Armory is all about.

I'm not sure what BIP-38 gains you in this scenario, over just encrypting the wallet and then making copies of that. I trust my encryption enough to store a copy on DropBox.

Of course you have to make sure your heirs can get the necessary passphrase after your death, but nowadays most of us have a lot of passphrases so this is nothing new or special. I use a password manager. If my heir can get into that, they can find all the others, and the procedure can be documented once in my will.