|
Title: Paper wallet without printing (Writing it down by hand) Post by: JoeMetro on January 06, 2014, 06:23:18 PM Hi, I'm looking to store bitcoins securely for the long term (hoping they'll one day be worth $5000 haha)
Please tell me if this is a secure way: boot from Ubuntu Live CD ---> Bitaddress.org ---> Disconnect from internet ---> Generate address & private key (how do these two get input into the bitcoin system if I am disconnected from the internet?)---> Write these two down with hand on paper ---> Shutdown. Also, when using the Brain Wallet function, I should type in something ridiculously long and complicated and I won't need to remember the passphrase nor write it down as long as I have the private key correct? Title: Re: Paper wallet without printing (Writing it down by hand) Post by: QuestionAuthority on January 06, 2014, 06:51:59 PM Hi, I'm looking to store bitcoins securely for the long term (hoping they'll one day be worth $5000 haha) Please tell me if this is a secure way: boot from Ubuntu Live CD ---> Bitaddress.org ---> Disconnect from internet ---> Generate address & private key (how do these two get input into the bitcoin system if I am disconnected from the internet?)---> Write these two down with hand on paper ---> Shutdown. Also, when using the Brain Wallet function, I should type in something ridiculously long and complicated and I won't need to remember the passphrase nor write it down as long as I have the private key correct? I use a similar method. I use Puppy to store a key to a USB stick and dupe it several times. If you're encrypting the key you will need the passphrase. For an effective brain wallet try using firstbits.com. All you need to remember is the first 6-8 characters. My favorite way is one I developed myself. I store the key in my phone and backed up to my computer as a collection of contacts in my contact list. I have 50 contacts stored with fake email addresses where the beginning of the email is a part of the key. I memorize the first four characters and store the remainder as a sequence in the list of contacts that only I know. 1JwS memorized With Johns contact email Subhm@aol.com And Janet's email g6iPtR@gmail.com And Ted's email jtyqhUY@live.com And so on. Only I know which emails go together and in what order. Just picking the correct sequence of 6 numbers considering one of the emails could be used twice your chance of picking the correct order would be 1 in 175,711,536 and you still wouldn't have the first 4. Title: Re: Paper wallet without printing (Writing it down by hand) Post by: andye on January 06, 2014, 06:58:14 PM Only I know which emails go together and in what order. If you die unexpectedly then how will your heirs be able to inherit your BTC? Title: Re: Paper wallet without printing (Writing it down by hand) Post by: QuestionAuthority on January 06, 2014, 07:05:48 PM Only I know which emails go together and in what order. If you die unexpectedly then how will your heirs be able to inherit your BTC? There are two other people that know the system. They could get the key. My first four are really easy to remember for someone close to me. The pattern of names is easy too but you would need to know my entire life's relationship history to know it. Title: Re: Paper wallet without printing (Writing it down by hand) Post by: JoeMetro on January 06, 2014, 07:17:27 PM Err I wanted to keep it simple -- is my method secure?
Title: Re: Paper wallet without printing (Writing it down by hand) Post by: guybrushthreepwood on January 06, 2014, 07:19:12 PM Hi, I'm looking to store bitcoins securely for the long term (hoping they'll one day be worth $5000 haha) Please tell me if this is a secure way: boot from Ubuntu Live CD ---> Bitaddress.org ---> Disconnect from internet ---> Generate address & private key (how do these two get input into the bitcoin system if I am disconnected from the internet?)---> Write these two down with hand on paper ---> Shutdown. That's fine. Obviously just make sure you write the keys down correctly :D. Title: Re: Paper wallet without printing (Writing it down by hand) Post by: empoweoqwj on January 07, 2014, 04:34:02 AM Err I wanted to keep it simple -- is my method secure? Nothing is 100% secure but you have a good method. Live long and prosper :) Title: Re: Paper wallet without printing (Writing it down by hand) Post by: jonanon on January 08, 2014, 10:07:13 AM This is pretty similar to the method I use - don't want anything ridiculously complicated but want to be as secure as possible!
;) Title: Re: Paper wallet without printing (Writing it down by hand) Post by: davida on January 08, 2014, 10:27:48 AM I would suggest to download the offline version of bitaddress.org and burn onto your live cd, so you never need to connect your offline computer to the internet.
If you write your private key down by hand, I would recommend to always write it at least twice, just in case you make a mistake or your handwriting may be easily misinterpreted in a few years time.... Another thing I tend to do is underline all the capital letters and also draw a line above the numbers, just to add clarity (if your hand writing is very neat then perhaps this isn't necessary.) Also, the brain wallet idea you suggested isn't a great idea... If you are going to use a chosen passphrase to generate the private key, and then not even store the passphrase but only the private key, i would argue that you are vastly lowering the security of your wallet without even advantaging from the only reason brain wallets exist in the first place...Just forget about brainwallets entirely is my suggestion, they aren't worth the trouble. Title: Re: Paper wallet without printing (Writing it down by hand) Post by: medUSA on January 08, 2014, 11:18:13 AM I just save the keys in a plain text file and compress using 7zip using SHA256 with a long password. Then write down the clues something like this:
myfirstcar+myfirstmobilenumber+homevillage+firstpetname+mumbirthyear+dadbirthmonth+favouriteband Yes, zip is not secure and someone can guess the password, but this is the whole point. I don't want to make my coins completely inaccessible when I leave this world. If my wife or son finds this, they can work them out and retrieve my coins! Title: Re: Paper wallet without printing (Writing it down by hand) Post by: empoweoqwj on January 08, 2014, 02:03:17 PM I just save the keys in a plain text file and compress using 7zip using SHA256 with a long password. Then write down the clues something like this: myfirstcar+myfirstmobilenumber+homevillage+firstpetname+mumbirthyear+dadbirthmonth+favouriteband Yes, zip is not secure and someone can guess the password, but this is the whole point. I don't want to make my coins completely inaccessible when I leave this world. If my wife or son finds this, they can work them out and retrieve my coins! That sounds a bit "mixed" between "secure" and "not secure". If you want to pass your bitcoins on, go and stick the password in a bank vault or with a solicitor Title: Re: Paper wallet without printing (Writing it down by hand) Post by: coinpr0n on January 08, 2014, 02:50:48 PM Hi, I'm looking to store bitcoins securely for the long term (hoping they'll one day be worth $5000 haha) Please tell me if this is a secure way: boot from Ubuntu Live CD ---> Bitaddress.org ---> Disconnect from internet ---> Generate address & private key (how do these two get input into the bitcoin system if I am disconnected from the internet?)---> Write these two down with hand on paper ---> Shutdown. Also, when using the Brain Wallet function, I should type in something ridiculously long and complicated and I won't need to remember the passphrase nor write it down as long as I have the private key correct? They appear and are seen on the network the first time they are used. Title: Re: Paper wallet without printing (Writing it down by hand) Post by: empoweoqwj on January 09, 2014, 02:44:01 AM Hi, I'm looking to store bitcoins securely for the long term (hoping they'll one day be worth $5000 haha) Please tell me if this is a secure way: boot from Ubuntu Live CD ---> Bitaddress.org ---> Disconnect from internet ---> Generate address & private key (how do these two get input into the bitcoin system if I am disconnected from the internet?)---> Write these two down with hand on paper ---> Shutdown. Also, when using the Brain Wallet function, I should type in something ridiculously long and complicated and I won't need to remember the passphrase nor write it down as long as I have the private key correct? As discussed in many places, a brain wallet does *not* need to be long and complicated to have massive entropy. Eight to twelve random dictionary words is all that is needed. Title: Re: Paper wallet without printing (Writing it down by hand) Post by: medUSA on January 09, 2014, 07:48:52 AM That sounds a bit "mixed" between "secure" and "not secure". I know, my idea is to be "guess-friendly" for those who know me but relatively secure to those who doesn't. Given my clues (not the ones I disclosed above), I don't think one single person (except me of course) know all the answers. Even if they do, they would need to try multiple times to get every format right (example, "june" or "6", detailed car make and model...) If you want to pass your bitcoins on, go and stick the password in a bank vault or with a solicitor I make new addresses quite often, it would be difficult to update keys if they were in a remote location. I don't have that much bitcoins to justify these types of security anyway :D Actually, I have heard SO many users back up their keys/wallet.dat on USB drives. I don't know whether mine are cheap ones or the way I use them, these USB sticks do die! I have lost photos on them before. So, if you use them for storage, make duplicates on 2 or 3 USB drives/SDCard. Title: Re: Paper wallet without printing (Writing it down by hand) Post by: empoweoqwj on January 09, 2014, 11:02:58 AM That sounds a bit "mixed" between "secure" and "not secure". I know, my idea is to be "guess-friendly" for those who know me but relatively secure to those who doesn't. Given my clues (not the ones I disclosed above), I don't think one single person (except me of course) know all the answers. Even if they do, they would need to try multiple times to get every format right (example, "june" or "6", detailed car make and model...) If you want to pass your bitcoins on, go and stick the password in a bank vault or with a solicitor I make new addresses quite often, it would be difficult to update keys if they were in a remote location. I don't have that much bitcoins to justify these types of security anyway :D Actually, I have heard SO many users back up their keys/wallet.dat on USB drives. I don't know whether mine are cheap ones or the way I use them, these USB sticks do die! I have lost photos on them before. So, if you use them for storage, make duplicates on 2 or 3 USB drives/SDCard. Just make sure you give clear instructions to whoever you want to pass the coins onto ..... most of us techies struggle with some of this stuff. Imagine what a "normal" person would think. Title: Re: Paper wallet without printing (Writing it down by hand) Post by: medUSA on January 09, 2014, 11:19:13 AM Just make sure you give clear instructions to whoever you want to pass the coins onto ..... most of us techies struggle with some of this stuff. Imagine what a "normal" person would think. Yes, I will. Thanks for reminder (I am actually a "normal" person, technologies get the better of me ;D) Title: Re: Paper wallet without printing (Writing it down by hand) Post by: crazy_rabbit on January 09, 2014, 04:35:59 PM Hi, I'm looking to store bitcoins securely for the long term (hoping they'll one day be worth $5000 haha) Please tell me if this is a secure way: boot from Ubuntu Live CD ---> Bitaddress.org ---> Disconnect from internet ---> Generate address & private key (how do these two get input into the bitcoin system if I am disconnected from the internet?)---> Write these two down with hand on paper ---> Shutdown. Also, when using the Brain Wallet function, I should type in something ridiculously long and complicated and I won't need to remember the passphrase nor write it down as long as I have the private key correct? I use a similar method. I use Puppy to store a key to a USB stick and dupe it several times. If you're encrypting the key you will need the passphrase. For an effective brain wallet try using firstbits.com. All you need to remember is the first 6-8 characters. My favorite way is one I developed myself. I store the key in my phone and backed up to my computer as a collection of contacts in my contact list. I have 50 contacts stored with fake email addresses where the beginning of the email is a part of the key. I memorize the first four characters and store the remainder as a sequence in the list of contacts that only I know. 1JwS memorized With Johns contact email Subhm@aol.com And Janet's email g6iPtR@gmail.com And Ted's email jtyqhUY@live.com And so on. Only I know which emails go together and in what order. Just picking the correct sequence of 6 numbers considering one of the emails could be used twice your chance of picking the correct order would be 1 in 175,711,536 and you still wouldn't have the first 4. It's a good idea considering the niche of the idea, but if someone were to go after you in particular, you've already given someones brute-force mechanism a pretty good start. Title: Re: Paper wallet without printing (Writing it down by hand) Post by: QuestionAuthority on January 09, 2014, 05:39:23 PM Hi, I'm looking to store bitcoins securely for the long term (hoping they'll one day be worth $5000 haha) Please tell me if this is a secure way: boot from Ubuntu Live CD ---> Bitaddress.org ---> Disconnect from internet ---> Generate address & private key (how do these two get input into the bitcoin system if I am disconnected from the internet?)---> Write these two down with hand on paper ---> Shutdown. Also, when using the Brain Wallet function, I should type in something ridiculously long and complicated and I won't need to remember the passphrase nor write it down as long as I have the private key correct? I use a similar method. I use Puppy to store a key to a USB stick and dupe it several times. If you're encrypting the key you will need the passphrase. For an effective brain wallet try using firstbits.com. All you need to remember is the first 6-8 characters. My favorite way is one I developed myself. I store the key in my phone and backed up to my computer as a collection of contacts in my contact list. I have 50 contacts stored with fake email addresses where the beginning of the email is a part of the key. I memorize the first four characters and store the remainder as a sequence in the list of contacts that only I know. 1JwS memorized With Johns contact email Subhm@aol.com And Janet's email g6iPtR@gmail.com And Ted's email jtyqhUY@live.com And so on. Only I know which emails go together and in what order. Just picking the correct sequence of 6 numbers considering one of the emails could be used twice your chance of picking the correct order would be 1 in 175,711,536 and you still wouldn't have the first 4. It's a good idea considering the niche of the idea, but if someone were to go after you in particular, you've already given someones brute-force mechanism a pretty good start. True, if I gave you the correct number of first bits and I didn't reverse the sequence of characters in one of the email addresses etc. The permutations of this combination are endless. It's easy to make this your own. The best part is you don't need to rely on anyone or any program and always have your key with you. Title: Re: Paper wallet without printing (Writing it down by hand) Post by: DeboraMeeks on January 09, 2014, 07:30:27 PM Hah I think that is safer than moving it into an electronic method but only if you could save it correctly with no mistakes. otherwise using a flash driver might be better.
Title: Re: Paper wallet without printing (Writing it down by hand) Post by: lnternet on January 09, 2014, 07:48:08 PM True, if I gave you the correct number of first bits and I didn't reverse the sequence of characters in one of the email addresses etc. The permutations of this combination are endless. It's easy to make this your own. The best part is you don't need to rely on anyone or any program and always have your key with you. In the end you are not getting around storing the necessary bits of entropy, although smart methods may make it seem like less to memorize.Title: Re: Paper wallet without printing (Writing it down by hand) Post by: frank754 on January 09, 2014, 07:57:50 PM I know it's not too secure, but I just use the "my wallet" extension on Firefox which stores the wallet on Blockchain. The I have the Identifier (in text) backed up to my saved emails as well as the hard drive and a cloud storage site, as well as the wallet file in both places. Still have to remember not to forget the password, but it's quite long and should be un-guessable.
Title: Re: Paper wallet without printing (Writing it down by hand) Post by: nmersulypnem on January 09, 2014, 08:43:33 PM One last step.... Destroy the computer. Do not reconnect it to the internet - ever.
Title: Re: Paper wallet without printing (Writing it down by hand) Post by: deepceleron on January 09, 2014, 10:51:04 PM As discussed in many places, a brain wallet does *not* need to be long and complicated to have massive entropy. Eight to twelve random dictionary words is all that is needed. I cannot confirm that this is true. "Massive" entropy to me would equal the same strength as a randomly-generated private key. We must therefore first derive a random full-strength key and then discover a method of encoding that into "brain wallet words". In my search for a libre standard-word dictionary, I found GNU Collaborative International Dictionary of English (http://gcide.gnu.org.ua/download). From it, I extracted 131559 words, just a bit more than 2^17. At least half are not suitable, as they are multiple words or very obscure: <p><ent>Drymoglossum</ent><br/ <p><ent>Drynaria</ent><br/ <p><ent>Dryness</ent><br/ <p><ent>Dry nurse</ent><br/ <p><ent>dry-nurse</ent><br/ <ent>Drynurse</ent><br/ <p><ent>Dryobalanops</ent><br/ <p><ent>drypis</ent><br/ <p><ent>Dry-rub</ent><br/ If we eliminate all but single words, the dictionary is ~2^16. If we give users the option of changing individual unmemorable words to at least three other words with the same identity, we are down to 2^14; 14 bits. A Bitcoin private key is 256 bits in size. Therefore encoding 256 bits in 14 bit words = 19 words. ECC key strength is commonly quoted as equivalent to half-length symmetric key algorithms. So, for example, a 256-bit ECC key would have roughly the same strength as a 128-bit symmetric key. However, the conjectured strength of secp256k1 may be as low as 50 bits in certain attacks. http://perso.univ-rennes1.fr/reynald.lercier/file/FLRV08.pdf. Therefore it is important that the first requirement of EC, full-strength random numbers for both key generation and signing, actually be used. The reason Electrum words seeds appear shorter is they are half the length of a Bitcoin private key. "constant forest adore false green weave stop guy fur freeze giggle clock" = 431a62f1c86555d3c45e5c4d9e10c8c7 = 128 bits All Electrum addresses are deterministically based on something 340,282,366,920,938,463,463,374,607,431,768,211,456 times smaller than a Bitcoin address. Other Brainwallet schemes are even worse. In conclusion, I'll just leave this here: https://bitcointalk.org/index.php?topic=361092.0 |