Time to bust a myth. Paper wallets are less secure than normal encrypted wallets

[Blazr]

The to;dr version is that both encrypted wallets and paper wallets have certain vulnerabilities. Encrypted wallets have a subset of vulnerabilities and paper wallets have the same subset of vulnerabilities and then a greater subset of vulnerabilities.

I like this tl;dr a lot, does a great job at summing it up.

[1713573663]

1713573663

[1713573663]

1713573663

[1713573663]

1713573663

[1713573663]

1713573663

[Klestin]

How does an air-gapped machine contract malware?  It can sign transactions with zero Internet (or LAN for that matter) connectivity. Additionally, M of N paper wallets mitigate physical theft.

OP has missed the entire point of a paper wallet. 

Many ways. Read up on Stuxnet. The most likely scenario would be via USB sticks when you are transferring files (which many people do with airgapped machines even though it's a big no-no), but you could also be infected if your airgapped PC's OS or other software was tampered with in some way when you were installing it, such as malware on the computer you burned the boot CD/USB tampering with the image. These are pretty advanced attacks, but they are certainly not so difficult to execute and not unheard of and thy will probably happen to some Bitcoiners eventually so people should be aware of them so that they can defend themselves if they deem it necessary.

I should add "without absolute user ineptitude, or an attackers reliance on zero-day vulnerabilities targeted to your specific hardware".

I fail to see how these extremely unlikely scenarios make "paper wallets less secure than normal encrypted wallets".  Do you?

[Blazr]

The easiest way for me to explain that is, you tell me how you create your paper wallet, do you use a live OS, airgapped PC etc what other precautions you take, and I'll explain based on that scenario how an encrypted wallet would be safer.

[Klestin]

The easiest way for me to explain that is, you tell me how you create your paper wallet, do you use a live OS, airgapped PC etc what other precautions you take, and I'll explain based on that scenario how an encrypted wallet would be safer.

I'll bite. Within a faraday cage, assemble a PC from parts purchased and held in storage for the last several years.  OS installed from DVD (let's say Windows XP, original discs).  Wallet generator software source code printed code-reviewed, and re-entered by hand and compiled on the PC.  Wallet initial entropy via dice, rolled in a darkened room in the dead of the night (sensitive fingertips required for dice reading).  M of N paper wallet created and written by hand.  Remainder of notepad incinerated.  Pages stored in geographically disparate secure localities.  PC degaussed, then incinerated.

If coins are to be spent, M parts of wallet gathered, then repeat most of the above, sign the transaction, transfer the signature via handwritten pad, and enter on the connected PC of your choice.

You didn't say it had to be practical.

[odolvlobo]

Anyone that want's to make a paper wallet should buy a Mycelium Entropy. It is the most convenient and most secure way to make a paper wallet.

The combination of maximum security and maximum convenience is rare, but Entropy achieves it. You just plug it in, press a button and print. There is no need for an air-gapped computer, bootable CDs, formatting disks, etc.

[Panthers52]

The easiest way for me to explain that is, you tell me how you create your paper wallet, do you use a live OS, airgapped PC etc what other precautions you take, and I'll explain based on that scenario how an encrypted wallet would be safer.

I'll bite. Within a faraday cage, assemble a PC from parts purchased and held in storage for the last several years.  OS installed from DVD (let's say Windows XP, original discs).  Wallet generator software source code printed code-reviewed, and re-entered by hand and compiled on the PC.  Wallet initial entropy via dice, rolled in a darkened room in the dead of the night (sensitive fingertips required for dice reading).  M of N paper wallet created and written by hand.  Remainder of notepad incinerated.  Pages stored in geographically disparate secure localities.  PC degaussed, then incinerated.

If coins are to be spent, M parts of wallet gathered, then repeat most of the above, sign the transaction, transfer the signature via handwritten pad, and enter on the connected PC of your choice.

You didn't say it had to be practical.

If you are this paranoid about creating a paper wallet then there is probably a pretty high chance that you will end up in a psychiatric institution. You would then be unable to ever spend the money you send to the associated address.

[Klestin]

If you are this paranoid about creating a paper wallet then there is probably a pretty high chance that you will end up in a psychiatric institution. You would then be unable to ever spend the money you send to the associated address.

Psychiatric institutions generally don't allow Internet access.  My 0.013 BTC are secure forevers!

[Panthers52]

If you are this paranoid about creating a paper wallet then there is probably a pretty high chance that you will end up in a psychiatric institution. You would then be unable to ever spend the money you send to the associated address.

Psychiatric institutions generally don't allow Internet access.  My 0.013 BTC are secure forevers!

You would suffer the loss of your freedom and privacy in exchange for keeping your Bitcoin safe from theft. I don't think this is a very good trade off when Bitcoin is suppose to represent additional freedom and privacy.

It would also result in you loosing access to your Bitcoin which would be a loss to you because you would be unable to spend it if you wished to do so. It would be similar to you using an encrypted wallet and then having all of your backups get corrupted

[Klestin]

You would suffer the loss of your freedom and privacy in exchange for keeping your Bitcoin safe from theft. I don't think this is a very good trade off when Bitcoin is suppose to represent additional freedom and privacy.

It would also result in you loosing access to your Bitcoin which would be a loss to you because you would be unable to spend it if you wished to do so. It would be similar to you using an encrypted wallet and then having all of your backups get corrupted

Um...  you seriously believe someone who securely creates a paper wallet per my listed steps deserves to be locked up in a psychiatric facility?  Nah, you must be trollin'.  Good one dude!

In any event, the challenge was to describe a set of steps to create a paper wallet that is more secure than an encrypted wallet on a connected desktop.  Do you have a vulnerability in mind that invalidates my proposal, or is "psychiatric lockup" the best you can do?

[Panthers52]

You would suffer the loss of your freedom and privacy in exchange for keeping your Bitcoin safe from theft. I don't think this is a very good trade off when Bitcoin is suppose to represent additional freedom and privacy.

It would also result in you loosing access to your Bitcoin which would be a loss to you because you would be unable to spend it if you wished to do so. It would be similar to you using an encrypted wallet and then having all of your backups get corrupted

Um...  you seriously believe someone who securely creates a paper wallet per my listed steps deserves to be locked up in a psychiatric facility?  Nah, you must be trollin'.  Good one dude!

Someone who takes that level of precautions are most likely going to display other symptoms of paranoid schizophrenia. Some may even argue that doing what you described would be an indication of schizophrenia.

Try describing even part of that process to someone in RL, tell them you are doing those steps to secure your money and see what they think about your mental state.

[Klestin]

Do you have a vulnerability in mind that invalidates my proposal, or is "psychiatric lockup" the best you can do?

Try describing even part of that process to someone in RL, tell them you are doing those steps to secure your money and see what they think about your mental state.

I'll take that as "yes, that's the best I can do."

[spazzdla]

You would suffer the loss of your freedom and privacy in exchange for keeping your Bitcoin safe from theft. I don't think this is a very good trade off when Bitcoin is suppose to represent additional freedom and privacy.

It would also result in you loosing access to your Bitcoin which would be a loss to you because you would be unable to spend it if you wished to do so. It would be similar to you using an encrypted wallet and then having all of your backups get corrupted

Um...  you seriously believe someone who securely creates a paper wallet per my listed steps deserves to be locked up in a psychiatric facility?  Nah, you must be trollin'.  Good one dude!

Someone who takes that level of precautions are most likely going to display other symptoms of paranoid schizophrenia. Some may even argue that doing what you described would be an indication of schizophrenia.

Try describing even part of that process to someone in RL, tell them you are doing those steps to secure your money and see what they think about your mental state.

Mental illness LMAO what a joke.  A group of random fucks decide if you have x traits you are mentally ill.  You should see some of the panels of these bastards.  

"But I do that"

"Oh okay lets not put that in there then"

It's a fucking joke.




The fact you are so lazy with your wealth I think is a mental illness.  The illness of extreme lazyness SO LAZY you attempt to make others think they have a problem as they are not as lazy as you.

[Panthers52]

Do you have a vulnerability in mind that invalidates my proposal, or is "psychiatric lockup" the best you can do?

Try describing even part of that process to someone in RL, tell them you are doing those steps to secure your money and see what they think about your mental state.

I'll take that as "yes, that's the best I can do."

I will difer to the expert in computer security (blazr) to look for other vulnerabilities.

One risk would be that you make a mistake in copying the private keys and/or the code as humans are notorious for making copy mistakes and it would be difficult to check for such mistakes without adding potential additional chances for your private key to leak.

I am not lazy with securing my money. I only take reasonable precautions that balance various risks of loss and theft with what would end up lost (how much I would lose) and the chances of various attacks of succeeding.

[Blazr]

The easiest way for me to explain that is, you tell me how you create your paper wallet, do you use a live OS, airgapped PC etc what other precautions you take, and I'll explain based on that scenario how an encrypted wallet would be safer.

I'll bite. Within a faraday cage, assemble a PC from parts purchased and held in storage for the last several years.  OS installed from DVD (let's say Windows XP, original discs).  Wallet generator software source code printed code-reviewed, and re-entered by hand and compiled on the PC.  Wallet initial entropy via dice, rolled in a darkened room in the dead of the night (sensitive fingertips required for dice reading).  M of N paper wallet created and written by hand.  Remainder of notepad incinerated.  Pages stored in geographically disparate secure localities.  PC degaussed, then incinerated.

If coins are to be spent, M parts of wallet gathered, then repeat most of the above, sign the transaction, transfer the signature via handwritten pad, and enter on the connected PC of your choice.

You didn't say it had to be practical.

Sounds great, though that only covers one part of the setup, the generation process. How are you going to spend those Bitcoins? You're going to need some kind of computer right? so I guess destroying the secure computer like you did seems counter-intuitive as you'll need atleast one secure computer to join up the m of n paper wallets to spend them. If you're a fan of destroying and buying computers each time you make a transaction, that would work. But instead of doing that, you could create another wallet using a similar process except make it an M of N encrypted wallet stored on multiple different computers stored in different locations. Same level of security, makes more sense than rebuying computers, why print out the keys at all?

My point is, all paper wallets eventually have to touch a PC and while they are touching the PC they are just as vulnerable as a normal encrypted wallet that has been unlocked, however unlike a locked encrypted wallet which is "non-trivial" to crack, paper wallets have other security risks you need to take into account such as the printer memory issue, which you do not need to even worry about with an encrypted wallet. Additionally wallets are only unlocked for milliseconds if even, some users of paper wallets who are tying in private keys etc may leave the private key in memory for quite some time exposing it to risk. It really does make much more sense to just use a normal encrypted wallet rather than a paper one. I prefer strength in numbers rather than strength in "paper", I am already tired of "paper" money

[Klestin]

Sounds great, though that only covers one part of the setup, the generation process. How are you going to spend those Bitcoins?

Keep reading, it's covered.

As admitted, my example isn't easy, or even practical.  In the real world, we have to balance security and ease of use.  Personally, I use a Trezor.

[Blazr]

Sounds great, though that only covers one part of the setup, the generation process. How are you going to spend those Bitcoins?

Keep reading, it's covered.

You're "manually" signing the transaction? Do that with the encrypted wallet too, it'll save you the ink and will give you the same security.

[Klestin]

You're "manually" signing the transaction? Do that with the encrypted wallet too, it'll save you the ink and will give you the same security.

It really won't.  Connected computers can be compromised with a keylogger.  My described scenario cannot.

[Blazr]

You're "manually" signing the transaction? Do that with the encrypted wallet too, it'll save you the ink and will give you the same security.

It really won't.  Connected computers can be compromised with a keylogger.  My described scenario cannot.

I am sorry I reread your scenario but how are you signing the transaction for your paper wallet, are you signing it on a secure PC or "by hand"? I got the impression you said you were doing it "by-hand" IE pen and paper EC math but now I'm not sure.

[Klestin]

I am sorry I reread your scenario but how are you signing the transaction for your paper wallet, are you signing it on a secure PC or "by hand"? I got the impression you said you were doing it "by-hand" IE pen and paper EC math but now I'm not sure.

In my (admittedly costly and time-consuming) example, the PC is rebuilt, the wallet primed from the M portions of the paper wallet, and the transaction information entered.  The signature is generated on the disconnected PC, manually transcribed, then the PC is again decommissioned.

[blossbloss]

Serious comment: brainwallet for long term storag, Trezor for mid term, and Mycelium app for pocket change.
Comments?