Paper wallets best practices

[funchiestz]

The best practices for paper wallets IMO would be:
1. Put the paper in a fireproof safe if your bitcoins are worth enough for them to be protected (this can also be helpful for dumping the airgapped laptop also so no one tries to check their social media through it)...
2. Air gapped computers are extremely secure on their own (with a password) and are probably better than a paper wallet. But if you're wanting to use a paper wallet (i.e to not put all your eggs in one basket) then air gapping the computer and the printer is the best option.
If you can avoid printing entirely, then try writing out the address or using a QR code (you should encrypt the information you are printing anyway).
A better alternative to writing down your key or printing it off is to use some software like electrum which generates seeds for you to use and these are 12-24 words depending on the security you are after and are much easier to write down and store as you don't have to question "if that's a 5 or an S?".
3. Try finding a way to verify that what you have downloaded to make a seed has given you an accurate address and private keys by putting it into two devices not connected to the internet (or the same device with different operating systems).

Some alternatives to paper wallets:
1. Buy a cheap android phone/tablet for a maximum of $100 (preferably an old one that's still sold) and install electrum on it. Then take it completely offline and put it in a safe and secure place.
2. If you can go a bit higher, you can buy a phone and a trezor (or another hardware wallet) and try using that to store your funds (or use the hardware with a computer instead of a phone, this can also be done in an airgapped way once all firmware is installed).

Actually, I totally agree with your main idea. But it doesn't sound wise for me to save all the information on a $ 100 device. I guess you didn't follow the latest developments about Electrum wallets. Unfortunately, there are many problems with the Electrum wallet. I have doubts about trusting such devices and apps.

In fact the best option might be the paper wallet. As you said, taking extra security measures for those who have invested a significant amount.

[Artemis3]

Hi all. What are considered "best practices" to ensure a paper wallet is as secure as can be for cold storage? I realize the paper itself is vulnerable to fire, water etc. And to be sure to guard your private key from view of people and cameras. But I've also heard about needing a special printer because most modern printers have memory in them that saves what you print and that can be compromised. Also an "air gapped" computer using something called "iceberg protocol" or something like that. Can someone tell me what is the best way to set up a paper wallet?

Don't print. Make a paper wallet by using seed words, people shouldn't be messing with private keys directly anymore. These words, you write in a piece of paper using your own hands. Then using the same hands copy them to another piece of paper. Secure both in separate physical places, that should be it.

If anything, you'd want to print/copy/email whatever some of the addresses to deposit funds to.

Procedure to make the cold wallets vary but i tend to favor booting a linux iso from usb (like TailsOS), install Electrum, create the wallet and shutdown. There are ways to monitor a cold wallets using Electrum or the other wallets (Electrum just happens to do it quick because SPV, but you depend on others).

If Paranoid run your own bitcoin node first, then you can either use core or your own Electrum server. Don't worry, after the wallet is made you don't need either afterwards, but its nice to have.

Yes you can technically make the wallet with a computer unplugged to the network, and then move some non compromising data to a computer plugged to broadcast.

I like booting TailsOS in the plugged computer because it uses Tor by default, and you want your Electrum wallet to use tor as well (and/or your own server).

The chances of someone catching your seed words when you boot something like TailsOS to make your wallet are minimal. Since the OS wasn't installed in the first place, there was no chance to install a keylogger, and sniffing the network won't do much, unless there is some exploit in that particular version that could be used in the small amount of time it takes you to make the wallet and copy the seed words by hand (which is why some people like to do that part in a computer unplugged to the network).

[jackg]

Actually, I totally agree with your main idea. But it doesn't sound wise for me to save all the information on a $ 100 device. I guess you didn't follow the latest developments about Electrum wallets. Unfortunately, there are many problems with the Electrum wallet. I have doubts about trusting such devices and apps.

In fact the best option might be the paper wallet. As you said, taking extra security measures for those who have invested a significant amount.

I've had no issues with electrum? The issues were people that fall for phishing scams.... There were connectivity issues but if you're not in a rush to spend, it doesn't matter and if you are you can put your signed transaction into the network with online tools.

There was a json rpc injection thing also which wasn't as bad as I thought and you could get past that with merely a password which you should use anyway.

None of these issues (other than connectivity ones) have faced android electrum as it doesn't show errors anyway in detail...


An sd card can withstand more than paper can...

You have to generate the paper wallet somewhere unless you use dice throws and do it purely mathematical.

[Walley303]

You have to generate the paper wallet somewhere unless you use dice throws and do it purely mathematical.

An SD card can still be compromised when you plug it in, unless to an air-gap. Same with USB drive. Are SD cards' memory more reliable than USBs? I am trying to think of something better than just encrypting a text file with the key pairs and sticking that on a memory card or stick of some kind.

You have to generate the paper wallet somewhere unless you use dice throws and do it purely mathematical.

IF you have to go the paper wallet route (remember, HD seeds are not supported and all the paper wallet websites don't support my coin) what is the best way to go about it? As far as I can tell it is:

1. Generate and text strings/QR codes on air-gapped machine.

2. Print paper wallets from this machine.

3. Properly secure the resulting paper wallets from natural hazards (fire, water etc.) and prying eyes.

4. Encrypt private key before printing via BIP38 ASC256 or something else.

Problem I see is as soon as you scan private key QR from paper wallet into internet-connected machine to spend that coin, it must now be considered in the wild (same is true of memory cards/stick though). The way around this is to use the air-gapped machine to sign txs instead of generating private keys, using QR's to shuttle info back and forth between connected and air-gapped machines. While QR's could be printed by both, probably easier to use cheap smart phone with all network connectivity disabled since you can use's camera to scan and screen to display QR's. This should be its only means of communication to the outside world.

Based on this, how can I be sure a phone's network connectivity (cellular, wifi, bluetooth) is COMPLETELY disabled? I've heard it is possible to remotely access a phone even if all network are turned off in settings? Its not like you can just rip out the relevant hardware from inside it.

Now my wallet doesn't have a mobile version, only a desktop one, so this idea is out. So my options are:

1. An air-gapped desktop printing QRs back and forth
2. A paper wallet of some method
3. Trusting in memory cards/sticks with encrypted text files of key pairs. Based on what has already been said I guess I need multiple cards/sticks to ensure data integrity.

As reluctant as I am to say it the later seems like where I'm probably headed.

[jackg]

Most hardware storage drives are often made a bit poorly sometimes.
Essentially, the good data companies went out of business because they did to we and people stopped buying from them because usb sticks lasted so long... I'd suggest usb sticks are probably best but you can get sd cards in bulk more easily (go with Kingston or Toshiba unless you know of a better company, don't look for the cheapest)...



If you have a phone from many years ago that dosnt even have a GPS antenna then it probably doesnt have anything that can be used to communicate with it... Its hard to work this out though. If you're still particularly worried, you could get something like a raspberry pi and a monitor that will stay offline (the models 1 and 2 don't even have inbuilt WiFi chips).


Yeah as soon as you import a paper wallet, by design it should be considered as compromised if the computer is online.

And yes that's how paper wallet storage should be done. I'd suggest printing a qr code too and printing a couple of copies. The computer it is generated on and the printer it is printed out one shouldn't touch the internet again though...

[fiulpro]

Hey

Let me just start by saying this :-

*What infact is money made of ?*

It's not a fire resistance, water resistant material , it's infact paper , extremely vulnerable to everything .

Now what would you do if you had like 1 billion dollars in cash ?

You would probably keep it safe in bank or even in accounts, that's the best thing there is , the same is with a paper wallet , consider it a paper Currency.

How you usually handle your money is how you should handle it.

[tiedcoin]

Make sure you keep the private key hidden and discreet. You can also get your paper wallet laminated so it won’t fade or tear. Keep it inside a safe or a location that no one can have access to. You can even use a tool like Cryptosteel to make it disaster proof.

[flabroker]

Generate your wallet in Electrum on an air gap computer. Save your public key to a usb to transfer to online computer to monitor your balances.

Etch or stamp your seed words on military style dog tag (Amazon.com) and put it in a safe place. (Now, the hardest thing you have to do is determine the safe place.)

[BitcoinPanther]

I actually wouldn't use a paper wallet. I'd get a small USB stick and create a text file. Then add the private keys to the text file and put the text file on the USB stick.

Throw the USB stick in the safest place you can imagine and you've got yourself secure holding.

I guess this is a good practice since USB is one of the most portable devices that we can have. Then we can also duplicate those copies on multiple USBs. We just need to store it in the safest place that we can remember. If we forgot it and if anyone can steal it then it is not safe anymore. There are safe that are double-locked, digital or manual, as long as it serves its purpose to keep the wallets safe.

[Artemis3]

If you have a phone from many years ago that dosnt even have a GPS antenna then it probably doesnt have anything that can be used to communicate with it... Its hard to work this out though. If you're still particularly worried, you could get something like a raspberry pi and a monitor that will stay offline (the models 1 and 2 don't even have inbuilt WiFi chips).

There are various raspi like devices without wifi, even x86. I like those from PC-Engines, where you get to pick and choose wifi radio if you want it (or none). Put linux, openbsd, whatever you trust in them and manage your wallets, offline or online, with absolute control.

Of course you could do that with any old fashioned PC without connectivity of any kind as well.

[darylalban]

I've heard of people saving a copy of  their paper wallet in their bank's vault. Maybe a hidden tattoo is a legit idea?