An SD card can still be compromised when you plug it in, unless to an air-gap. Same with USB drive. Are SD cards' memory more reliable than USBs? I am trying to think of something better than just encrypting a text file with the key pairs and sticking that on a memory card or stick of some kind.


IF you have to go the paper wallet route (remember, HD seeds are not supported and all the paper wallet websites don't support my coin) what is the best way to go about it? As far as I can tell it is:

1. Generate and text strings/QR codes on air-gapped machine.

2. Print paper wallets from this machine.

3. Properly secure the resulting paper wallets from natural hazards (fire, water etc.) and prying eyes.

4. Encrypt private key before printing via BIP38 ASC256 or something else.

Problem I see is as soon as you scan private key QR from paper wallet into internet-connected machine to spend that coin, it must now be considered in the wild (same is true of memory cards/stick though). The way around this is to use the air-gapped machine to sign txs instead of generating private keys, using QR's to shuttle info back and forth between connected and air-gapped machines. While QR's could be printed by both, probably easier to use cheap smart phone with all network connectivity disabled since you can use's camera to scan and screen to display QR's. This should be its only means of communication to the outside world.

Based on this, how can I be sure a phone's network connectivity (cellular, wifi, bluetooth) is COMPLETELY disabled? I've heard it is possible to remotely access a phone even if all network are turned off in settings? Its not like you can just rip out the relevant hardware from inside it.

Now my wallet doesn't have a mobile version, only a desktop one, so this idea is out. So my options are:

1. An air-gapped desktop printing QRs back and forth
2. A paper wallet of some method
3. Trusting in memory cards/sticks with encrypted text files of key pairs. Based on what has already been said I guess I need multiple cards/sticks to ensure data integrity.

As reluctant as I am to say it the later seems like where I'm probably headed.

bitaddress.org and walletgenerator.net don't support my coin. my wallet will make QR's for public addresses, but not private keys.

between steps 3-5: is copying the tx through these steps a possible compromising vector?

is the private-key part of steps 1-5 an air-gapped computer vs. the public-key/internet-connected part a node?

how do they communicate? QR codes? usb drives?

I can see how you'd do all that with electrum but there isn't an electrum version for my coin.

I see the BIP38 encryption thing at bitaddress, but that works only for BTC addr's.

I am considering only a single key, seeds are not an option for my application. My wallet generates them and allows me to export private keys as a text string. I then want copy-paste these into a QR code generator to make QR codes and print the codes + text strings as public/private key pairs. Is this simply too compromised? What can I do to improve this short of abandoning this approach entirely?


The generator of my keys is a wallet, so while it can be temporarily physically disconnected, it cannot be permanently so to broadcast tx's to the world. Ideally internet-facing elements have only public read-only keys and private keys are kept back in paper wallets (the purpose of this thread). Since my goal is to input keys into this wallet via QR codes, including private keys, there will have to be a camera which is a source of compromise at some point. Should the wallet be air gapped completely and the tx text be transmitted somehow to a node for broadcast? This is where it gets tricky for me.


As I said, seeds are out, full stop. I fully appreciate the value of seeds, but not this time. I see walletgenerator.net allows BIP38 and ASC256 encryption of keys but I don't see any means to decrypt them later. Again I am using keys generated from my wallet and not walletgenerator.net or elsewhere. I am trying to secure these keys beyond them just sitting on a HD pretty much in the clear.

I concur on everything in sections 3 and 4. I am trying to find a way to properly secure keys not using seeds or a hardware wallet. If those are off the table, what are my "best practices?"

That is what I mean. Can I just buy an old PC and use it as an air-gap? Or should DIY one? How do I know what printer saves my print jobs vs. one that doesn't? Are there recommended products? Protocols? What is the preferred "set up?"

So an air-gapped computer+printer is best, and then protect the paper + computer from access and fire/water etc. No special stuff beyond that?

I ask because I want to store some keys that don't use BIP39/HD seeds to generate them.

Hi all. What are considered "best practices" to ensure a paper wallet is as secure as can be for cold storage? I realize the paper itself is vulnerable to fire, water etc. And to be sure to guard your private key from view of people and cameras. But I've also heard about needing a special printer because most modern printers have memory in them that saves what you print and that can be compromised. Also an "air gapped" computer using something called "iceberg protocol" or something like that. Can someone tell me what is the best way to set up a paper wallet?

I've heard something about electrum having their own servers the electrum wallet talks to instead of directly to nodes or whatever that other wallets talk to and that this has some theoretical privacy implications. Is this true? Is there a way to configure electrum to use other servers or gateways? Is this better or worse than any other wallet? Sorry for the noob language when describing this.

Is there a way to have a passphrase in addition to the seed in electrum? I know you can do it with an a hardware wallet in combination with electrum, but didn't know if there is a way to do it without one and just electrum.

I realize this is an old thread but this comes up early in any search for "wall of coins review" along with other reviews claiming WOC is scammy. I would like to add my 2c for the record.

I only got involved in bitcoin this year and my only association with WOC is as a satisfied customer. I feel the need to defend them against all the, I feel false, accusations. I have had several transactions with them go well and am satisfied with their service. I have been buying smallish (100-300 USD) amounts of BTC and Dash once or twice a month. One snag I ran into was that when depositing to a Wells Fargo, Chase or BoA personal account you must do so as a money order and not cash (I like USPS MO's as they are cheap and PO's are everywhere) and have had trouble dealing with stupid/know-nothing tellers (here's looking at you Wells!), though every deposit did go through. This fact however is nowhere mentioned on the WOC website and I only found out about it by contacting customer support and canceling one transaction (no BTC received but nothing deposited so no "they took my money!" complaints). I find their customer service quite good to contact, though their website as shown above is a bit light on some important information to fully utilize their service. This issue is however not a problem with any other bank I am told.

Personally I have found the USPS Cash By Mail option the easiest. This is where you literally mail cash to the seller (and yes, for the record, it is perfectly legal to mail cash in the mail in the US). The cash must be sent with a tracking number (another thing they don't mention on the website), so only really Priority Mail (which is admittedly $7.20 these days) is an option and you must wait a few days for package to arrive before your BTC is released (at the exchange rate at the time you initiated the transaction). Though I have used WOC for this yet, this seems to be a good way to sell crypto as well; literally cash in the mail!

As for transaction verification: my understand from speaking to WOC CS is this is not strictly necessary but will expedite receiving your coins. They mention on their website the need to take two pictures, one with and one without writing on it, of your bank receipt as of my starting to do business with them (USPS CBM requires the tracker for transaction verification). Make sure to write EXACTLY what they want on the receipt.

As for ID verification: I have been told this only happens when a problem occurs. Having never had a problem transaction I have never had first-hand experience with this. One way to avoid is to buy only smaller amounts of crypto at a time like I do and not dump all your life savings into a single big buy. If anything goes wrong you lose less if you want to go by the "I'll never give up my ID!" approach (though a lot of LBC'ers want ID these days until you've had lots of verified transactions).

I have found WOC fairly easy to use (CS always comes through when there was a hickup *cough* (wells) *cough*) and has a greater selection of sellers than bisq or LBC (of which there is only one seller in my area; good guy, but a monopoly/monopsony nonetheless) and often with a lower markup than LBC. I like WOC, I have had a good experience with them so far and will do business with them again. I am sorry for all those who have lost money and not gotten BTC dealing with WOC but all the "its' a scam!"/horror stories I find not to be true for all, at least not for me. I hope my little review here will help anyone who finds this thread in future understand that WOC is not just a scam site or whatever.

Cheers mates.

Dang! That was sitting under my nose this whole time but didn't get it! Well that works! Problem solved! Thanks a bunches!

One more question: Accessing (beta)-wallet.trezor.io from any device or computer on chrome or a chrome-like browser (firefox, brave) will allow me to use trezor?

How do I enable webusb?

Hi all. I have a trezor I've been using with mycellium for a while, but want to use altcoins and mycellium is BTC only. What is the best choice for a android mobile multi-coin wallet that will sync with my trezor? Also I've read about using webusb on the trezor wiki in order to directly use wallet(dot)trezor(dot)io but can't figure it out. Any help there would be appreciated as well.