Handle a Wasp and you will not get stung! Practice Safe Bitcoin

[casascius]

Bitcoins Stolen From Me In My Lifetime: 0

Let me explain one difference between ME and most of YOU:  For the low price of $319 (http://www.theposwarehouse.com/wasp-wdi4500-2d-barcode-scanner-usb/), I own one of these, and you don't.



Because of this, I can practice safe Bitcoin without going out of my way.  Seriously, if you handle other people's money, you should invest in one of these.  The way this scanner works is, if I point it at a QR code and squeeze the trigger, it types whatever's in that code on my computer by pretending to be a USB keyboard.  As a result, moving coins to and from paper wallets is ridiculously easy.

When scanning QR codes is easy as aiming and pulling a trigger, it seems like so much less of a hassle to just throw that online bitcoin balance to a paper wallet before leaving or going to bed.

Whenever you make a purchase on Casascius.com, you are paying an offline wallet.  The concept is simple - I generated a large number of addresses, but only put the bitcoin addresses on the server, not the private keys.  Such wallets can be generated via BitAddress.org, or via my free open-source Casascius Bitcoin Address utility.  When I need to access the money you sent me, I pull out the paper wallet and start scanning.

For what it's worth, if you make a particularly large order, you get served an address that's even colder: an encrypted one kept partially in a safety deposit box.

I could still get hacked, but my losses would be limited to what the attacker could do with my website until I noticed it, such as making it serve his own bitcoin addresses instead of ones belonging to my offline wallet.  Bottom line, there is rarely a moment in my life where I have large numbers of BTC (of my own or anybody else's) anywhere it could be stolen from me.

If you MUST accept deposits into a hot wallet, consider only accepting your smaller deposits/incoming payments into the hot wallet, and having your largest ones go straight to paper.  If you have a way to know when you expect a large incoming deposit/payment, you could program your server to serve an address from your coldest paper wallet, so it never goes online.  For example, if you're an exchange that gives bigger limits to some customers, they will probably be the biggest depositors, so have the limit-raised customers always receive addresses belonging to cold storage and use the hot wallet for the rest.

Why am I hyping this today?  Because if more people followed these easy steps and invested in a $319 barcode scanner, we wouldn't be seeing so many big thefts.

[1715035866]

1715035866

[1715035866]

1715035866

[Stephen Gornick]

The way this scanner works is, if I point it at a QR code and squeeze the trigger, it types whatever's in that code on my computer by pretending to be a USB keyboard.

The Requirements on the site you linked to describes only Windows systems.

Just to ensure that I am understanding this correctly.  This works no different from a USB keyboard.  So this should work from any computer, tablet, etc, that can handle a USB keyboard and this simply works like there is a second keyboard that is plugged in.  There are no drivers necessary for nearly any operating system released in the past decade or so.  All that is needed is an open USB port on the computing device (or port on a USB hub connected to the device).

Does that accurately describe how this is used?

[casascius]

The way this scanner works is, if I point it at a QR code and squeeze the trigger, it types whatever's in that code on my computer by pretending to be a USB keyboard.

The Requirements on the site you linked to describes only Windows systems.

Just to ensure that I am understanding this correctly.  This works no different from a USB keyboard.  So this should work from any computer, tablet, etc, that can handle a USB keyboard and this simply works like there is a second keyboard that is plugged in.  There are no drivers necessary for nearly any operating system released in the past decade or so.  All that is needed is an open USB port on the computing device (or port on a USB hub connected to the device).

Does that accurately describe how this is used?

Yes, it will scan into Linux and Mac OS natively (I have tested it) as long as the scanner is in keyboard emulation mode (set by scanning a special configuration barcode out of the manual).  They may have special features or integration API's that only work with Windows, but the keyboard emulation I use is OS agnostic.  There are no drivers when in keyboard emulation mode - the host machine thinks it is truly a keyboard.

[greyhawk]

Why does this thing cost a bajillion dollars, when I can get the exact same functionality from a Motorola DS4208 for half that price?

[casascius]

Why does this thing cost a bajillion dollars, when I can get the exact same functionality from a Motorola DS4208 for half that price?

Probably to pay for their retail marketing budget and to help them make their Lexus payment.  If you can get one for half the price, by all means, do it.  The Wasp one is by no means the best, and the ability to read QR codes and pretend to be a keyboard is commonplace.  (Of course, a critical requirement is to read 2D barcodes like QR Code, am pointing this out solely lest anyone buy a 1D barcode scanner and expect it to work)

[justusranvier]

I think I still have a CueCat or two laying around somewhere. I wonder if it could be repurposed to read QR codes?

[casascius]

I think I still have a CueCat or two laying around somewhere. I wonder if it could be repurposed to read QR codes?

No, CueCat is strictly a 1D scanner

[mufa23]

Great concept. I need to start doing this. Or at least, start using Paper Wallets

[Nyhm]

Enlightening tutorial! Do you use bitcoind importprivkey to retrieve your paper balances (when scanning in the private keys)?

[casascius]

Enlightening tutorial! Do you use bitcoind importprivkey to retrieve your paper balances (when scanning in the private keys)?

Yes, I patched it to remove the rescan after each key so I can import many keys without such a long wait.  (I must do a manual -rescan however).

BlockChain.info allows fast import of private keys and can even import QR private keys through a web cam (though it doesn't scan anywhere near as quickly as the handheld scanner)

[swissmate]

Why is that barcode scanner so expensive?
Am I missing something?

[Nyhm]

Enlightening tutorial! Do you use bitcoind importprivkey to retrieve your paper balances (when scanning in the private keys)?

Yes, I patched it to remove the rescan after each key so I can import many keys without such a long wait.  (I must do a manual -rescan however).

BlockChain.info allows fast import of private keys and can even import QR private keys through a web cam (though it doesn't scan anywhere near as quickly as the handheld scanner)

Multi-import is a good idea. This would be good to get into the Satoshi client (import several keys, _then_ initiate a rescan). I wrote a simple command-line sweep program to send private key balances to a specified address, but it has to download/crawl the entire chain (saves nothing to disk).

I like your process a lot. I'm going to look for a Linux QR scanning application that can snap the picture from a webcam (I don't have the BTC or USD for the Wasp), so I can feed it to my sweeper. I'll check out your paper wallet QR generator tool, too.

Then again, if I lost all the bitcoins I have in the world, I'd only be out 3.5btc!

[ribuck]

How do you make sure you don't have a trojan that's reading the scanned keystrokes?

[Domrada]

Everyone should use cold storage, but you don't need a $319 scanner. Smartphone works just as well. Or take the 10 secs to type in the key.

[justusranvier]

How do you make sure you don't have a trojan that's reading the scanned keystrokes?

If the QR code is used to transfer an entire transaction instead of just an address then the transaction can be generated on a computer with absolutely no network access.

Then someone would need physical access to the computer containing the cold wallet in order to steal bitcoins.

[Elwar]

We have one of those Wasp scanners here at work for inventory management.

The gal that does all of that was pretty excited to see the scanner come in. Apparently it does a lot.

[casascius]

Why is that barcode scanner so expensive?
Am I missing something?

Barcode scanners like anything else come in a wide range of quality and durability and performance and you usually get what you pay for.  That happens to be the model I bought, but you might very well find a cheaper option if you look for it.

The concept sounds good but how do I generate a paper wallet without using a 3rd party cloud service?
Is there software I can run on my Windows PC (that works without a network connection) to generate a paper wallet?

Yes, https://casascius.com/btcaddress.zip - binary and source included.  Also, bitaddress.org's entire site is a single self-contained javascript html file you can copy locally and run offline.

How do you make sure you don't have a trojan that's reading the scanned keystrokes?

Spend all the money immediately, sending any unneeded change to a new paper wallet.  If the money went where you intended for it to go, you know didn't get stolen.  And if it got stolen, at least you have limited your losses to the value of that single address, not your whole purse, and you'll know to clean or reformat your machine before scanning any more.

Everyone should use cold storage, but you don't need a $319 scanner. Smartphone works just as well. Or take the 10 secs to type in the key.

If you have lots of somebody else's money, then you need everything reasonable that helps you not get it stolen, including a $319 barcode scanner if it helps lessen the odds of that happening.

[casascius]

We have one of those Wasp scanners here at work for inventory management.

The gal that does all of that was pretty excited to see the scanner come in. Apparently it does a lot.

Apparently you can take pictures through its camera/sensor if you use its low-level API, so indeed it can do a lot, though I'll bet the camera is very near-sighted.  Otherwise, it can mainly only read barcodes - though it will read nearly any bar code you can throw at it.  It's sure nice for things like "thanks for your order, your tracking number is " ... *beep* (scan the package so the tracking number gets typed into the e-mail).  It does a fairly good job of reading QR codes directly off my screen too.

[Domrada]

Everyone should use cold storage, but you don't need a $319 scanner. Smartphone works just as well. Or take the 10 secs to type in the key.

If you have lots of somebody else's money, then you need everything reasonable that helps you not get it stolen, including a $319 barcode scanner if it helps lessen the odds of that happening.

Point conceded.

[Nyhm]

Found instructions on installing (Ubuntu/Linux) software QR readers, one of which can snap a pic from a webcam. Not as convenient as the Wasp.

Summarizing from above (and general Bitcoin practice), it sounds like the ultimate process is:

• Download entire block chain into a file (copy the Satoshi client block chain file)
• Transfer chain (via air gap) to offline computer
• On offline computer, Scan QR into an app that can read the chain, sign a tx, and save tx to file (for all/part of the balance, to some other hot wallet address)
• Transfer tx file (via air gap) back to an online computer, and use an app that can send it to the Bitcoin network

Sorry for the newbish question, but can the Satoshi client do offline transactions yet? I'm not seeing it in the bitcoind help list.

[justusranvier]

I think I still have a CueCat or two laying around somewhere. I wonder if it could be repurposed to read QR codes?

No, CueCat is strictly a 1D scanner

In theory this is not an insurmountable problem (hand-held document scanners are also 1D) but in practice it's probably not worth the trouble. The only reason I ever had one of those things is because Radio Shack gave them away for free.

[dunand]

Found instructions on installing (Ubuntu/Linux) software QR readers, one of which can snap a pic from a webcam. Not as convenient as the Wasp.

Summarizing from above (and general Bitcoin practice), it sounds like the ultimate process is:

• Download entire block chain into a file (copy the Satoshi client block chain file)
• Transfer chain (via air gap) to offline computer
• On offline computer, Scan QR into an app that can read the chain, sign a tx, and save tx to file (for all/part of the balance, to some other hot wallet address)
• Transfer tx file (via air gap) back to an online computer, and use an app that can send it to the Bitcoin network

Sorry for the newbish question, but can the Satoshi client do offline transactions yet? I'm not seeing it in the bitcoind help list.

You beat me to it. I was using QtQr to scan qr codes with a webcam on ubuntu. Not a Wasp but it's ok if you need to scan something once in a while on a PC.

[cypherdoc]

casascius:  how do you secure your printer?

[Nyhm]

You beat me to it. I was using QtQr to scan qr codes with a webcam on ubuntu. Not a Wasp but it's ok if you need to scan something once in a while on a PC.

Great! I hadn't actually tried it yet, but I'm glad to hear that it does work. Thanks for the input.

[Seal]

Hey casascius, did you write any guides on the paper wallet methods you follow?

I still need to test this out as my cold storage is effectively usb keys with their own wallets.

[etotheipi]

This might be an expensive but effective way to execute offline transactions with Armory, but you would need two of them.  Since you need to send the offline computer the transaction, and then send the signature back.  (but it's not really different than the manual ways that people attempt to synchronize the blockchain with the offline computer...)   

The only problem is that there will be the few transactions that will require dozens of bar codes... could be annoying.

Perhaps the best thing to do is get a USB key with a write-protect switch.  Use that to transfer offline-transactions to the offline computer, and then use this device to send the signatures back to the online computer.  The signatures are almost guaranteed to fit in a single bar-code, though the original transaction will not.  This would remove a large portion of the attack surface, since most attacks on Armory cold storage would be through USB drivers of some sort.  A virus can't write your private keys to the USB if it's write-protected...

[casascius]

This might be an expensive but effective way to execute offline transactions with Armory, but you would need two of them.  Since you need to send the offline computer the transaction, and then send the signature back.  (but it's not really different than the manual ways that people attempt to synchronize the blockchain with the offline computer...)  

The only problem is that there will be the few transactions that will require dozens of bar codes... could be annoying.

Perhaps the best thing to do is get a USB key with a write-protect switch.  Use that to transfer offline-transactions to the offline computer, and then use this device to send the signatures back to the online computer.  The signatures are almost guaranteed to fit in a single bar-code, though the original transaction will not.  This would remove a large portion of the attack surface, since most attacks on Armory cold storage would be through USB drivers of some sort.  A virus can't write your private keys to the USB if it's write-protected...

I am not sure write-protected USB keys are very common.  I have never seen one.  I've seen write-protect slide switches on SD cards but they are isolated from the onboard components and seem to work "on the honor system", enforced only by the reader if it's able to read it.

But if you (or anyone else) looking for a nifty and unique feature idea for Armory, you ought to consider making Armory offer a wallet interface service that talks to a serial port or a class of things like it (which could include named pipes, telnet/ssh/sockets, character devices).  The computer running Armory would be the "trusted" computer, and whatever is on the other end could ask Armory to sign transactions, at which point Armory would get the user's permission through the UI before doing so, perhaps letting transactions meeting specific criteria (in terms of amount per unit time, or to known/trusted addresses) go through automatically.

[etotheipi]

I am not sure write-protected USB keys are very common.  I have never seen one.

Admittedly, there aren't many brands that have a write-protect switch: we use them at work all the time (a requirement on some systems).  So it's possible, but I don't know how much it would improve security...

But if you (or anyone else) looking for a nifty and unique feature idea for Armory, you ought to consider making Armory offer a wallet interface service that talks to a serial port or a class of things like it (which could include named pipes, telnet/ssh/sockets, character devices).  The computer running Armory would be the "trusted" computer, and whatever is on the other end could ask Armory to sign transactions, at which point Armory would get the user's permission through the UI before doing so, perhaps letting transactions meeting specific criteria (in terms of amount per unit time, or to known/trusted addresses) go through automatically.

Admittedly, I considered this idea seriously before determining that there was increased risk for many users, instead of decreased.  The ubiquity of drivers and subsystems that automatically run on serial ports on many systems is scary.  I was surprised to find out that some flavors of linux will allow telnet/ssh sessions by default over serial, even an IR link!  Obviously, things can be done to avoid this, but I don't know if it's the best idea to recommend to the general user that may not take the appropriate precautions to prevent it.

My ultimate goal will be to team up with someone and make a dedicated device that only receives transactions, shows confirmation on a little screen and waits for a button press, and spits out signatures.  No way to pull the keys out of it.  It would basically be a handheld TPM.  However, I'm a long way off from that.  Until then, I might look into the audio-coupling idea jim618 proposed. 

In the meantime, this device may provide those with a lot of money to spend on protecting their coins, some improvement.  I just have to have Armory display a QR code containing the necessary signatures once it is signed.

[casascius]

Admittedly, I considered this idea seriously before determining that there was increased risk for many users, instead of decreased.  The ubiquity of drivers and subsystems that automatically run on serial ports on many systems is scary.  I was surprised to find out that some flavors of linux will allow telnet/ssh sessions by default over serial, even an IR link!  Obviously, things can be done to avoid this, but I don't know if it's the best idea to recommend to the general user that may not take the appropriate precautions to prevent it.

I assume you mean the risk is that the serial ports have a getty or equivalent process on them, since of course telnet/ssh sessions imply there's TCP/IP which isn't present on a serial port by default.

Wouldn't this be geared more toward the expert user / web developer rather than the general user?  The kind of person who's going to interface with this would be in a position to notice their serial port spitting out "myblackbox login:" ... "Login incorrect" and do something about it that is not likely to be reversed by accident.  Presumably the system process would be swallowing some or all of their communications as though they were login or password attempts, and it should be quickly obvious that something is wrong.

And even if there was a wide open getty process, trying to crack even a medium-strength password against one over a serial connection is an extremely arduous process comparable to watching weeds grow (sort of like watching paint dry, but much slower)...

If this is the only reason you're considering an audio link, are you really sure it's worth the hassle?  You're talking re-implementing codecs from scratch, dealing with differences in audio hardware, sampling rates, ground loops, a potentially CPU-intensive Fourier transformation to decode wave data... for all that hassle, you could just as soon write a scout that scans the running processes, detects errant getty processes and throws a fit once found.

[ralree]

So... my phone can do this with the free QR code app, Mt. Gox app, etc.  This seems like a waste of $319 to me, but to each their own!  Why is this better than using your phone?

[casascius]

So... my phone can do this with the free QR code app, Mt. Gox app, etc.  This seems like a waste of $319 to me, but to each their own!  Why is this better than using your phone?

If you're handling thousands or tens of thousands of somebody else's bitcoins, an amount you can't afford to lose, you're already negligent if you're doing so on your mobile phone in the first place.  This advice isn't for everybody to spend $319 to manage their $100 worth of bitcoins, this is for people running exchanges and web shops and those entrusted with significant sums of money, like the 30K BTC that got hacked out of an exchange recently.

[Transisto]

+1 No solution is too far fetch when it come to securing bitcoins.

[CIYAM]

Hi Mike,

I used the imporprivkey command a bit with some vanitygen addresses (that were new so obviously had no existing balance) recently and the automatic rescan that bitcoind does was a real pain for me as it takes around 15 minutes on my laptop (so it ended up taking me an hour to import four addresses).

If you (or anyone else reading this that is able to build Bitcoin) has any time to test this patch then provided there is no issue with it I will make a pull request for this option (sorry I don't have time to test it myself as I use VC++ on my laptop, a very old Linux OS on my server and am flat out coding on my own project).

https://github.com/ciyam/bitcoin/tree/importprivkey_rescan_opt


Cheers,

Ian.

[Transisto]

I'm not sure how that compare to a dedicated netbook with encrypted volume. Netbooks are ~200$, have a camera, and can optionally be connected to the network through a very limited connection.

If someone pop up behind your back, how are you going to protect those paper wallets ?

Securing the PC by hitting a button, or attaching you foot to the power cord could provide a fast exit from intruders.

This thing look no different than typing codes manually or having a webcam/software read it. (both relatively cheaper / free)

[Realpra]

Paper wallets, hear hear!

Maybe put the addresses on 1 dollar bills so that the day your house is robbed the thieves will buy bubblegum whilst unknowingly paying a thousand dollars or so... you know for the lulz.


In all seriousness do you have a dedicated offline computer and printer to print the paper wallets? I hear printers are surprisingly hackable.. though of course the risk of such attacks are quite a bit smaller than unencrypted wallets on online PCs.

(Wasp looks cool)

[greyhawk]

If someone pop up behind your back, how are you going to protect those paper wallets ?

I'm reasonably sure the number of persons who manage to remember a QR code is quite limited.

[Transisto]

If someone pop up behind your back, how are you going to protect those paper wallets ?

I'm reasonably sure the number of persons who manage to remember a QR code is quite limited.

I didn't say "someone sneaking over your shoulder", I meant protecting those pieces of paper against home invasion type hit on the head / runaway.

[smoothie]

This thread deserves a sticky somewhere on this forum or another subforum.

[casascius]

If someone pop up behind your back, how are you going to protect those paper wallets ?

By never possessing them - at least not any high value ones.  I do think of the possibility that someone could kick down my door and shout "give me the god damn paper wallets", and they definitely wouldn't get much.

I wrote a feature in my Casascius Bitcoin Address utility that allows m-of-n private keys, similar in concept to the one Vitalik Buterin wrote.  It's probably not the version that is ever going to make it as a standard, but it functions for my purposes.  Using it, I can implement safeguards against robbery as well as death/incapacitation.  One of the controls I use is a mandatory visit to multiple places, one of which is a safety deposit box whenever I need to access large amounts of coins, for example, if somebody goes on my website and orders a gold coin etc., and I need to access their payment.  If someone orders a gold coin or anything above a certain threshold, I don't sweat it, because they get a payment address from a different batch of addresses that are kept this way.  I already have to do a scheme like this anyway just so I don't ever possess gold coins any longer than I have to, so doing this with paper wallets isn't that much more difficult.

Visiting the safety deposit box is relatively painless, I just go in there knowing what address I want the private key for, and scan one QR code with my phone, and the paper wallet booklet never leaves their vault.  Once scanned this enables me to do the transaction, elsewhere of course.  Since it's m-of-n, I don't have to worry about the bank personnel having their own key and getting in there and being able to redeem the paper wallet out from under me, nor do I worry about whether the QR app's developer will be able to benefit from the code.

This is the right way to handle somebody else's money, or at least much closer to it than having a giant hotwallet!  Mark at MtGox has alluded they do something similar.

[Uglux]

You beat me to it. I was using QtQr to scan qr codes with a webcam on ubuntu. Not a Wasp but it's ok if you need to scan something once in a while on a PC.

I tried to install QtQr on Ubuntu 12.04 yesterday, but with no success. I'm using "zbar-tools" now and it works great

[Blinken]

Three guesses who gets hacked next.

[bullioner]

I wrote a feature in my Casascius Bitcoin Address utility that allows m-of-n private keys, similar in concept to the one Vitalik Buterin wrote.

I'm running the latest version of your Bitcoin Address Utility from github, and am unable to find the m-of-n functionality.  Please could you let me know whether you've pushed this feature to master on github, and, if so, give me a hint on how to do it.

I'm currently trying to get sorted with a 2-of-3 scheme for my long term holdings.

Thanks.