Time to bust a myth. Paper wallets are less secure than normal encrypted wallets

[Kprawn]

I hope this thread, will be followed by a thread on how to create a "hack-proof" address. 

I created 100s of Paper wallets on a old computer {Low level formatted HDD and fresh OS from original disks} and then I did not connect to the internet, after it was installed.

I then generated the wallets offline with BIP38, and I printed them on a old printer. I then destroyed the computer and the printer. {It's in small pieces now}

How safe are this method in your opinion? {What method will be the most secure to sweep them?} Not planning to re-use them after they were sweeped.

Thanks for the info...

[1714033275]

1714033275

[1714033275]

1714033275

[1714033275]

1714033275

[Borisz]

Nice thread and info on paper wallets.

I'm not using paper wallets, I trust an encrypted one much more. However I find it unlikely that someone will break into my house to extract information from my printer's memory or listen to my network communication with my printer. Depends on the location and environment as well I guess.

Question though. I have recently imported around some private keys which had to be done in unencrypted format as was stored in an txt file for a short while (multibit client). Now even if I delete the temporary file from my PC, because the keys were stored unencrypted for a while should these be considered as "compromised"? I think I'll move my coins to a new wallet.

Other question. If I create a new wallet, it has a private key initially unencrypted. A malware could grab this before I could encrypt it right at the start and then it's game over. isn't it?

[bryant.coleman]

WTF? I have stored at least 90% of my BTC holdings in to paper wallets. I thought that they were safe and secure. Now I have to find another way to store them. 

[Q7]

Which is why right now I'm moving towards hardware wallet. Unlike a paper wallet which eventually needs a software, hardware wallet has its own internal program so you can be sure you are safe and secure over there. Plus all the communication and keystroke during the whole generation process is basically encrypted or put it in another way, it is less immune to viruses and malware.

[unamis76]

Blazr, thank you for this thread. Very useful and informative. I've been saying some of these things to friends on casual talks about securing Bitcoins. I realized some of these things early on when I created my first (and last) paper wallet, back when I was learning about Bitcoin.

Everyone talks about paper wallets as if they're the number one protection method, the most secure one. It does seem to be a myth between Bitcoin users, especially new users... But I hope threads like these start making people think a bit more and maybe opt for better ways to protect their funds

[spazzdla]

What is I create a paper wallet on a harddrive that has never and will never touch the web?

An encrypted paper wallet.

[dserrano5]

While Sending Bitcoins:
Paper wallet:
disconnecting from the internet or using a live OS won't help much as Bitcoin transaction has a random number called a K value, which the malware can backdoor to steal your Bitcoins even if you are offline.

How would this work with a private key that has never been used to sign until now? I understand this is only a problem when reusing keys, right? (yes, I know paper wallets encourage reusing but, what if I'm not reusing?)

[bryant.coleman]

Which is why right now I'm moving towards hardware wallet. Unlike a paper wallet which eventually needs a software, hardware wallet has its own internal program so you can be sure you are safe and secure over there. Plus all the communication and keystroke during the whole generation process is basically encrypted or put it in another way, it is less immune to viruses and malware.

Can we trust the hardware wallets? Do they offer 100% protection from wallet hacks and robberies? Also, is there a risk of losing all of our coins if the hardware becomes corrupt.

[Blazr]

Can we trust the hardware wallets? Do they offer 100% protection from wallet hacks and robberies? Also, is there a risk of losing all of our coins if the hardware becomes corrupt.

I think they need more time to mature, they are new and not very well tested or studied. The code could have bugs that allow an attacker to steal from them (some of the hardware wallets out now are VERY buggy). Give them some more time to work things out, things will be clearer in the future IMO.

Some kinds of hardware wallets are pretty secure in theory. More specifically the ones that have a screen and show you the transaction details on the device and make you approve that transaction on the device itself and not the computer. Any hardware wallet that doesn't do this is a waste of time.

Most hardware wallets will give you a seed, so if the device breaks or is stolen you can use the seed to recover your funds.

[inBitweTrust]

WTF? I have stored at least 90% of my BTC holdings in to paper wallets. I thought that they were safe and secure. Now I have to find another way to store them.  

Don't panic. While the OP does bring up some valid concerns he isn't reflecting the probabilistic risks from the various ways of securing your bitcoins. There are right ways and wrong ways of generating paper wallets and all have various risks.

One of the easiest and most secure way to generate paper wallets right now is:

Entropy with Shamir’s 2-of-3 Secret Sharing Scheme
http://asicminer-shop.de/Mycelium-Entropy
https://mycelium.com/assets/entropy/me.html

Where you enter in one of the shards into your encrypted password manager and physically destroy it afterwards, place the second in a safe or hidden in your house, and the third in a offsite time capsule or relatives house.

The concerns about the printer can be alleviated by knowing about the printer (avoiding commercial models that have hard drives), disabling the LAN, disconnect your printer from your computer and network before use, and printing a few regular documents from your thumb after wards to remove any possibility of your keys being stored in memory within the printer.

Slightly complicated, but you only have to do it  right once and generate many wallets in one shot for privacy reasons.

I initially created paperwallets with a careful process of testing and verifying the source of armory and a clean version of linux and using a live mode session from usb stick. (yes, my bios could have been compromised by the NSA , but that is highly unlikely) ... entropy makes this all much easier.

[Blazr]

WTF? I have stored at least 90% of my BTC holdings in to paper wallets. I thought that they were safe and secure. Now I have to find another way to store them.  

Don't panic. While the OP does bring up some valid concerns he isn't reflecting the probabilistic risks from the various ways of securing your bitcoins. There are right ways and wrong ways of generating paper wallets and all have various risks.

One of the easiest and most secure way to generate paper wallets right now is:

Entropy with Shamir’s 2-of-3 Secret Sharing Scheme
http://asicminer-shop.de/Mycelium-Entropy
https://mycelium.com/assets/entropy/me.html

Where you enter in one of the shards into your encrypted password manager and physically destroy it afterwards, place the second in a safe or hidden in your house, and the third in a offsite time capsule or relatives house.

The concerns about the printer can be alleviated by knowing about the printer (avoiding commercial models that have hard drives), disabling the LAN, disconnect your printer from your computer and network before use, and printing a few regular documents from your thumb after wards to remove any possibility of your keys being stored in memory within the printer.

Slightly complicated, but you only have to do it  right once and generate many wallets in one shot for privacy reasons.

Or... instead of going through all of that you could just use a normal encrypted wallet, and have the same level of security. You can still do multisig if you wish.

Also my printer is a cheapo $50 one and it has a built-in memory that saves documents to print out later if it runs out of paper. You would not know it had built-in memory. A printer is not a leak-free environment, in the business world people use expensive printers to print out secure documents.

[inBitweTrust]

Or, you could just use a normal encrypred wallet, and have the same level of security. You can still do multisig if you wish.

No, my 2 of 3 paper wallet is much more secure than a normal encrypted wallet. Just because I run a potential risk at the time of importing the keys on an computer doesn't mean that my coins aren't secure before I attempt the import and doesn't mean I cannot choose to import the keys in a waallet from a fresh install or live OS. Additionally, I don't have to store all my cold storage in one paper wallet but can split it to many so I am only importing a fraction of my savings when needed thus mitigating more risk and privacy concerns.

[Blazr]

Or, you could just use a normal encrypred wallet, and have the same level of security. You can still do multisig if you wish.

No, my 2 of 3 paper wallet is much more secure than a normal encrypted wallet. Just because I run a potential risk at the time of importing the keys on an computer doesn't mean that my coins aren't secure before I attempt the import and doesn't mean I cannot choose to import the keys in a waallet from a fresh install or live OS. Additionally, I don't have to store all my cold storage in one paper wallet but can split it to many so I am only importing a fraction of my savings when needed thus mitigating more risk and privacy concerns.

But you can do multisig with a normal encrypted wallet if you really want to. electrum supports it out of the box. An encrypted wallet secured with a strong password is also just as secure as a paper one while at rest.

Also another risk is that if you are always using a live OS or fresh install an attacker may be able to predict the state of your random number generator and steal your coins. This is because random number generators collect random information from your PC to create randomness, such as messages from your hardware, your mouse movements, network activity and time between keypresses. When you are using a live OS or fresh install the state is reset at every boot, making it easier for a hacker to predict it's output. While this is very difficult to do, note this is an untargetted attack, like bruteforcing a private key. Additionally if you are not connecting to the internet there is no network activity to collect.

[inBitweTrust]

But you can do multisig with a normal encrypted wallet if you really want to. electrum supports it out of the box. An encrypted wallet secured with a stong password is also just as secure as a paper one while at rest.

You are correct if you can trust the computer that has electrum and trust electrum and trust the electrum version you downloaded, and than generate the multisig keys separately.. there are many potential weaknesses to this...that is why entropy was developed.

Also my printer is a cheapo $50 one and it has a built-in memory that saves documents to print out later if it runs out of paper. You would not know it had built-in memory. A printer is not a leak-free environment, in the business world people use expensive printers to print out secure documents.

All modern printers have a bit of built in memory to cache documents. This can quickly be exhausted by printing a few documents after. Avoid any expensive commercial printer as they have large hard drives.

I have to go so will continue this conversation later/.

[BIG Tyrese]

a paper wallet made by dice rolls can't be hacked unless someone rolls the dice and gets the exact same results

[Blazr]

a paper wallet made by dice rolls can't be hacked unless someone rolls the dice and gets the exact same results

Yes it can. Read the OP. It can be logged once you type it into your computer to spend it.

[inBitweTrust]

Yes it can. Read the OP. It can be logged once you type it into your computer to spend it.

Yes, but I don't have to import my whole life savings. Additionally, If I'm especially paranoid I can import it into a live boot OS that has been verified where the practical only risk is an infected bios(highly unlikely).

[Blazr]

You are correct if you can trust the computer that has electrum and trust electrum and trust the electrum version you downloaded, and than generate the multisig keys separately.. there are many potential weaknesses to this...that is why entropy was developed.

You still need to trust entropy, and due to it being an actual device it is much easier to hide a backdoor in Entropy than electrum. There are added risks of my computer hardware being hacked, but IMO it's more likely that someone will try to insert Bitcoin-stealing backdoors into Entropy then they will try to insert Bitcoin-stealing backdoors into some random-brand laptop. It is also easier to make a backdoor for Entropy because Entropy is a much simpler device and there are thousands of types of BIOS, they would need to write one for my exact type of BIOS, they only need to write one that will work on all Entropy devices.

Yes, but I don't have to import my whole life savings. Additionally, If I'm especially paranoid I can import it into a live boot OS that has been verified where the practical only risk is an infected bios(highly unlikely).

https://en.wikipedia.org/?title=/dev/random

Gutterman, Pinkas, & Reinman in March 2006 published a detailed cryptographic analysis of the Linux random number generator[6] in which they describe several weaknesses. Perhaps the most severe issue they report is with embedded or Live CD systems, such as routers and diskless clients, for which the bootup state is predictable and the available supply of entropy from the environment may be limited.

Live OS's have poor entropy.

[Pietjebel]

When reading all this I ask myself how can the average non-technical user ever store bitcoin safely ?
You would almost crawl to the necessity of a trusted party to store your keys.

[Blazr]

When reading all this I ask myself how can the average non-technical user ever store bitcoin safely ?
You would almost crawl to the necessity of a trusted party to store your keys.

Simply create a normal encrypted wallet with Bitcoin Core, Electrum or Armory and don't go messing around with private keys or paper wallets. Back it up and use a strong unique password.

I'm going to post a guide that will explain how to set up a very secure and very simple hot/cold storage system. It's not hard at all.