Bitaddress.org

[Light]

Bitaddress.org is really secure imo.
As long as you disconnect from the internet when you create your randomness & then generate the wallet is should be fine.
Use a cheap, shitty printer that doesn't have internet capabilities.
I'd split up your stash into smaller amounts on different paper wallets too.
Use BIP38 encryption too.
Write your passwords on the paper wallet too, laminate it & hide it somewhere safe.
Maybe print 2 copies.

Agreed, running it offline seems secure. I stored a decent amount on a paper wallet from bitaddress.org for a year before moving the coins to another address. The only possible issue was RNG, and that was solved when they added the cursor movement for entropy, even a tiny 600x400 screen would have plenty of entropy to be random enough to avoid any collisions.

Well aside from RNG weaknesses - the other main issue is the potential for someone to hack the site and upload a version that has predetermined private keys. That way when it's used the private keys produced will be the same and thus the hacker can steal without ever having to have a direct internet connection or break through encryption. Albeit it would be rare, and the best way around it would be validating the source code for yourself and checking GPG signatures.

[1715235965]

1715235965

[1715235965]

1715235965

[thebenjamincode]

if you would like, try using multibit, i think an offline wallet is more secure than an online one

[coinableS]

Bitaddress.org is really secure imo.
As long as you disconnect from the internet when you create your randomness & then generate the wallet is should be fine.
Use a cheap, shitty printer that doesn't have internet capabilities.
I'd split up your stash into smaller amounts on different paper wallets too.
Use BIP38 encryption too.
Write your passwords on the paper wallet too, laminate it & hide it somewhere safe.
Maybe print 2 copies.

Agreed, running it offline seems secure. I stored a decent amount on a paper wallet from bitaddress.org for a year before moving the coins to another address. The only possible issue was RNG, and that was solved when they added the cursor movement for entropy, even a tiny 600x400 screen would have plenty of entropy to be random enough to avoid any collisions.

Well aside from RNG weaknesses - the other main issue is the potential for someone to hack the site and upload a version that has predetermined private keys. That way when it's used the private keys produced will be the same and thus the hacker can steal without ever having to have a direct internet connection or break through encryption. Albeit it would be rare, and the best way around it would be validating the source code for yourself and checking GPG signatures.

So their weakness is they might get hacked? So can any other website. The code is available as a zip on github so you can run it offline.
Also you should review the code yourself when you have time. I have and it's well put together IMO.

[Light]

So their weakness is they might get hacked? So can any other website. The code is available as a zip on github so you can run it offline.
Also you should review the code yourself when you have time. I have and it's well put together IMO.

I'm not saying it's a unique weakness - just pointing out that such a weakness does exist and so it is important to at least check signatures and match hashes if you can't/aren't bothered to check the source yourself. I have a basic proficiency in programming so I'd doubt I personally would be able to go over the whole code without at least a couple of days of research into JS. Some people just can't at all - and that's understandable - it's simply important to provide easy access to safeguards and precautionary measures.

[MakingMoneyHoney]

Would you trust that encryption to protect your coins?  Basically if you had 1000 BTC on the paper wallet and a +20 char passphrase should one be confident that crackin your actual private key is not possible?

Why just Bitaddress.org, what about bitcoinpaperwallet.com?

[minimalB]

Why just Bitaddress.org, what about bitcoinpaperwallet.com?

AFAIK bitcoinpaperwallet.com is fork of bitaddress.org with some extra features, for example... on bitcoinpaperwallet.com you can create BIP38 private key from previously existing non BIP38 private key (starting with 5).

Regarding OP: bitaddress.org is well known site and has been reviewed by many well known developers. There are no known errors / malfunctions after version v2.2.

Also check this little BIP38 private key test of mine:
https://bitcointalk.org/index.php?topic=1014202.0

I gave BIP38 private keys away and specifically explain what passwords look like. If those would be encrypted 7z or zip or rar files... all of them would be cracked in a matter of seconds.  In our case... wallet no.3 bounty is still available... and password is only 6 characters long! I wonder how long will it take...  : )

And another important note: If you create your paper wallet properly (virgin clean OS booted from CD, air-gapped comp, checking file signature, no internet connection, private place while doing this, using dice and mouse movements for random seed, etc...), two things have to happen in order to "hack" your paper wallet:

1. attacker has to FIRST physically find your paper wallet
2. at the moment 1. is true, attacker is able to start cracking your BIP38 password

And cracking BIP38 passwords is very slow... if you have super cool cracking rig, maybe 100-1000 tries per second  (compared to many millions for encrypted 7z, zip, rar, etc files)

I find this paper wallet guide pretty decent...
http://bitzuma.com/posts/bitcoin-paper-wallets-from-scratch/

Hope this helps...

[LFC_Bitcoin]

What are the chances of the public & private key generated not matching up?
Any way of checking (safely) before you send coins to the address?

[johnyj]

I think mouse cursor + checking the sha value of the page should be enough

When minimal code inspection is wanted, you can cast dice and use this page

http://www.swansontec.com/bitcoin-dice.html

"The beautiful thing about this script is that it is only 150 lines of relatively straightforward code, so it is easy to audit. Trusting this code is easier than trusting a long, complicated web page filled with Javascript, which would be the alternative to using this script."

[Muhammed Zakir]

Just don't run it online and don't upgrade. Last version is verified and I didn't find any problem.

[MakingMoneyHoney]

What are the chances of the public & private key generated not matching up?
Any way of checking (safely) before you send coins to the address?

Both Bitaddress and Bitcoinpaperwallet have pages to decrypt the private key into the public key to see if they go back and forth. It's always important to do that. Bitcoinpaperwallet with bitcoin has never had problems, but I did have one dogecoin address that didn't match up (private to public).

[spazzdla]

Copied the site to a CD, ran it on a harddrive that has never / will never touch the internet.
Created a few wallets, encrypted with BIP38.
Passwords have been written down.

How do you decrypt the private key when you need to import it? Use the offline copy of the site?

This looks to be a safe method of generating a paper wallet. I am using electrum and the seed is 12 English words. I think it is more user friendly that way.

I decrypt it on the offline computer first to ensure the passphrase IS correct..

Then, I do import on an online wallet but instantly send the BTC I want to keep safe to a different wallet I have created in this fasion.  Usually I use the android phone bitcoin app to bring my BTC onto an online wallet. 

If I was going to import a large value of BTC I would probably import it via the bitcoin core on a harddrive that has just had a fresh install of windows. I know windows isn't the best but.. I figure there is a very small time frame for my stuff to get taken.

I don't understand how to do the siging of transactions from an offline wallet. I just assume one I've importated the paper wallet it is I consider that wallet hacked and no longer safe.  I know it requires me to make a bunch of different wallets on an offline computer but.. I like being as safe as I can be.  I was running the BTC core on an offline computer and doing it that way for a bit but I really like the bitaddress paper wallet layout and use, hence my curiousity for how safe it is.

[Muhammed Zakir]

-snip-
I don't understand how to do the siging of transactions from an offline wallet. I just assume one I've importated the paper wallet it is I consider that wallet hacked and no longer safe.  I know it requires me to make a bunch of different wallets on an offline computer but.. I like being as safe as I can be.  I was running the BTC core on an offline computer and doing it that way for a bit but I really like the bitaddress paper wallet layout and use, hence my curiousity for how safe it is.

Assuming you have two PC, download coinb.in and save it in offline computer. Using online computer, go to https://coinb.in/#newTransaction and enter your Bitcoin address(never enter your private key there). After completing the process, you will get an unsigned raw transaction. You can copy-paste that into offline computer or transfer using Qr code+webcam. Then sign it with coinb.in and then transfer signed transaction to online computer and broadcast it using Blockchain.info/pushtx.

[spazzdla]

-snip-
I don't understand how to do the siging of transactions from an offline wallet. I just assume one I've importated the paper wallet it is I consider that wallet hacked and no longer safe.  I know it requires me to make a bunch of different wallets on an offline computer but.. I like being as safe as I can be.  I was running the BTC core on an offline computer and doing it that way for a bit but I really like the bitaddress paper wallet layout and use, hence my curiousity for how safe it is.

Assuming you have two PC, download coinb.in and save it in offline computer. Using online computer, go to https://coinb.in/#newTransaction and enter your Bitcoin address(never enter your private key there). After completing the process, you will get an unsigned raw transaction. You can copy-paste that into offline computer or transfer using Qr code+webcam. Then sign it with coinb.in and then transfer signed transaction to online computer and broadcast it using Blockchain.info/pushtx.

HUmmms!! Sweet thanks, I will trythis.