Bitcoin Forum
November 22, 2017, 04:04:42 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Encrypted Paper Backups  (Read 3595 times)
ben-abuya
Sr. Member
****
Offline Offline

Activity: 323



View Profile WWW
January 30, 2013, 10:58:53 PM
 #1

I know this has been discussed before, but here's why I think encrypted paper backups would be a good idea. Possibly the most realistic failure mode is that the original binary wallet will get corrupted. You could make a few copies on flash drives, but those aren't that reliable either. You could put it on the cloud, but that opens up some more risk. Of course that's why we have paper backups. But I personally wouldn't want to put an unencrypted paper backup in a safety deposit box in a bank. I do think that's a pretty good place for an encrypted paper backup, though.

I don't expect to forget my password anytime soon, so if my digital backups fail, I can always go get that paper. I'll also keep my unencrypted paper backups, in case I do forget my password, but I feel I have to be much more careful with those. Since I don't want to make multiple copies of the unencrypted paper backups, they're more susceptible to loss and damage.

http://lamassubtc.com/
Lamassu Bitcoin Ventures
Join ICO Now Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511323482
Hero Member
*
Offline Offline

Posts: 1511323482

View Profile Personal Message (Offline)

Ignore
1511323482
Reply with quote  #2

1511323482
Report to moderator
picobit
Hero Member
*****
Offline Offline

Activity: 547


Decor in numeris


View Profile
February 03, 2013, 08:48:06 PM
 #2

I don't expect to forget my password anytime soon

Nobody does, yet it happens all the time.

Much better in my opinion is 2-of-3 paper backups: Three pieces of paper hidden three places.  You need any two of them to recover the backup, but alone they are useless.  I think they are on their way into Armory.

ben-abuya
Sr. Member
****
Offline Offline

Activity: 323



View Profile WWW
February 03, 2013, 08:57:48 PM
 #3

I don't expect to forget my password anytime soon

Nobody does, yet it happens all the time.

Much better in my opinion is 2-of-3 paper backups: Three pieces of paper hidden three places.  You need any two of them to recover the backup, but alone they are useless.  I think they are on their way into Armory.

I agree, but that's why I said I'd keep a plaintext backup, as well. Just not in a safety deposit box. There are always going to be tradeoffs, so it's important to have layers of security againsts both theft and loss. 2-of-3 is also my preferred solution, but this might contribute a beneficial layer of security, and it might be quicker to implement into the GUI.


http://lamassubtc.com/
Lamassu Bitcoin Ventures
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
February 05, 2013, 02:28:40 PM
 #4

I would like encrypted backups as well.  I could leave this next to my computer and keep a plaintext backup in a safe.

picobit
Hero Member
*****
Offline Offline

Activity: 547


Decor in numeris


View Profile
February 07, 2013, 09:51:18 AM
 #5

I would like encrypted backups as well.  I could leave this next to my computer and keep a plaintext backup in a safe.

+1
1541
Newbie
*
Offline Offline

Activity: 19



View Profile
February 07, 2013, 11:36:29 AM
 #6

Wouldn't it be easier to just keep the private key in the safe instead of several printed pages?
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
February 07, 2013, 01:01:28 PM
 #7

I've ranted about this before, and I'll resist the urge to ramble about it again, but the gist is:  if there is an encrypted backup option, everyone who's not thinking deeply about it will just use it because it sounds better, and they will end up with no plaintext backup anywhere.  In reality though, if you have no plaintext backup, you have a brainwallet.  Your coins go with you to the grave, or when you forget the decryption passphrase in 10 years (the first time you ever need it).  I believe that it's best for everyone to have a plaintext backup somewhere, and I don't usually support "protecting user's from themselves" (like the drug war, etc), but in this case I think it's preventing a lot of pain. Though, I could probably make some money setting up a service to help people recover their wallets after they forget it...

This is why I was excited about that M-of-N fragmented backups.  Because it really opens up the possibilities for backing up your wallet without effectively creating a brainwallet.

One thing I was thinking of doing was having a screen that says something like: "Print a paper backup with a printer-protection key: create a passphrase that is required to restore your wallet from the paper backup, so that the backup information cannot be stolen by a compromised printer.  Please write the passphrase in the specified area on the paper backup after it is done printing".  This would hide the capability as an extra protective measure, and most users would probably just follow directions and write it on the paper (along with adding extra protection for the Samsung printers with known root exploits).  But an expert user could choose not to write it on there.  That might be enough to sooth my nerves.

This is all coming with the new wallets... if I ever finish them.  It's turning out to be a complete overhaul of some previously-well-tested code, and so it might be a while before I can get them working again (and I probably have to re-write my 1,000+ lines of unit-tests, too).  But I think it will be worth it.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
ErebusBat
Hero Member
*****
Offline Offline

Activity: 560

I am the one who knocks


View Profile
February 07, 2013, 01:22:00 PM
 #8

You could also display a code/sentence on the screen rather than having the user select one.  This more or less forces them to record it somewhere (and as you said, most people would record it on the paper).  If you did this then you would probably want to have the user re-enter for accuracy.

Fr those that truly want an armory brainwallet the methods are out there if they look hard enough, so they are not locked out either.

░▒▓█ Coinroll.it - 1% House Edge Dice Game █▓▒░ • Coinroll Thread • *FREE* 100 BTC Raffle

Signup for CEX.io BitFury exchange and get GHS Instantly!  Don't wait for shipping, mine NOW!
ben-abuya
Sr. Member
****
Offline Offline

Activity: 323



View Profile WWW
February 07, 2013, 11:31:52 PM
 #9

I've ranted about this before, and I'll resist the urge to ramble about it again, but the gist is:  if there is an encrypted backup option, everyone who's not thinking deeply about it will just use it because it sounds better, and they will end up with no plaintext backup anywhere. 

You're right. I actually just read that rant, but my mistake was looking at this from my point of view rather than from a typical user's point of view. I would use it by printing an unencrypted paper backup, and then just printing out this encrypted backup as another layer of insurance in case the unencrypted backup gets lost/destroyed while I still remember my password. But as you pointed out, the typical user would probably not bother with the unencrypted backup. The other solution you offered, where you'd hand-write an additional code, would do the trick for me.

http://lamassubtc.com/
Lamassu Bitcoin Ventures
Jan
Legendary
*
Offline Offline

Activity: 1043



View Profile
June 27, 2013, 10:02:30 AM
 #10

Sorry for reviving this thread...

You could also display a code/sentence on the screen rather than having the user select one.  This more or less forces them to record it somewhere (and as you said, most people would record it on the paper).  If you did this then you would probably want to have the user re-enter for accuracy.

I am not fond of brain wallets for many reasons (users are notoriously bad at choosing strong passwords, they are easily forgotten, you can attempt a brute force once the address hits the network, etc...)

However, I like ErebusBat's idea of letting software pick a strong password to be displayed in addition to print out an encrypted secret on paper:
 - The password wil be strong
 - The user has no choice but to write it down, but can choose to write it down on a separate sheet.
 - Unlike brain wallets, it is not feasible to brute force until you have the secret stored on paper

I would however still let the user choose to store the secret in plain on paper, and have this as an alternative option.

Mycelium let's you hold your private keys private.
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
June 27, 2013, 07:09:37 PM
 #11

Sorry for reviving this thread...

You could also display a code/sentence on the screen rather than having the user select one.  This more or less forces them to record it somewhere (and as you said, most people would record it on the paper).  If you did this then you would probably want to have the user re-enter for accuracy.

I am not fond of brain wallets for many reasons (users are notoriously bad at choosing strong passwords, they are easily forgotten, you can attempt a brute force once the address hits the network, etc...)

However, I like ErebusBat's idea of letting software pick a strong password to be displayed in addition to print out an encrypted secret on paper:
 - The password wil be strong
 - The user has no choice but to write it down, but can choose to write it down on a separate sheet.
 - Unlike brain wallets, it is not feasible to brute force until you have the secret stored on paper

I would however still let the user choose to store the secret in plain on paper, and have this as an alternative option.


Oh you mean like this?  Smiley
(it was part of a demo at the Bitcoin conference in May, and will be part of one of the next two major Armory upgrades)

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Jan
Legendary
*
Offline Offline

Activity: 1043



View Profile
June 27, 2013, 07:50:21 PM
 #12

Sorry for reviving this thread...

You could also display a code/sentence on the screen rather than having the user select one.  This more or less forces them to record it somewhere (and as you said, most people would record it on the paper).  If you did this then you would probably want to have the user re-enter for accuracy.

I am not fond of brain wallets for many reasons (users are notoriously bad at choosing strong passwords, they are easily forgotten, you can attempt a brute force once the address hits the network, etc...)

However, I like ErebusBat's idea of letting software pick a strong password to be displayed in addition to print out an encrypted secret on paper:
 - The password wil be strong
 - The user has no choice but to write it down, but can choose to write it down on a separate sheet.
 - Unlike brain wallets, it is not feasible to brute force until you have the secret stored on paper

I would however still let the user choose to store the secret in plain on paper, and have this as an alternative option.

Oh you mean like this?  Smiley
(it was part of a demo at the Bitcoin conference in May, and will be part of one of the next two major Armory upgrades)

Yes Wink
I was at the Mycelium booth just on the other side of the aisle all three days of the conference and didn't get a chance to see it. I guess that's my own fault.
Here it how it is currently done with the Mycelium Bitcoin Wallet (in beta): http://www.youtube.com/watch?v=W7V2myIwAuE
Since it is on a smartphone I prefer to use QR-codes. I'll probably add the option to request a device generated password. Do you have a spec for how the armory wallet backup is generated?

Mycelium let's you hold your private keys private.
LogicalUnit
Sr. Member
****
Offline Offline

Activity: 289


View Profile
August 09, 2013, 03:47:30 AM
 #13

Why not just print the paper wallet to PDF and encrypt it with TrueCrypt?

rahl
Full Member
***
Offline Offline

Activity: 140



View Profile
September 17, 2013, 07:13:10 AM
 #14

Copy paste the paper into PGP/GPG. Encrypt. Print it and the private key ... use a really complicated pass-phrase you also have to write down to be able to remember or it will be too easy to use the copy of your private key? Store in 3 places .... ehh

Doesn't it really come down to security by obscurity no matter how you do if you want to keep it all analogue?

dserrano5
Legendary
*
Offline Offline

Activity: 1848



View Profile
September 17, 2013, 07:43:54 AM
 #15

Copy paste the paper into PGP/GPG. Encrypt. Print it and the private key ... use a really complicated pass-phrase you also have to write down to be able to remember or it will be too easy to use the copy of your private key? Store in 3 places .... ehh

But if you're going to use a complicated passphrase anyway, why go through the GPG step? Just use a complicated passphrase (or a whole paragraph) as a brain wallet and store the funds in the related address.

Jan
Legendary
*
Offline Offline

Activity: 1043



View Profile
September 17, 2013, 07:55:15 AM
 #16

Copy paste the paper into PGP/GPG. Encrypt. Print it and the private key ... use a really complicated pass-phrase you also have to write down to be able to remember or it will be too easy to use the copy of your private key? Store in 3 places .... ehh

But if you're going to use a complicated passphrase anyway, why go through the GPG step? Just use a complicated passphrase (or a whole paragraph) as a brain wallet and store the funds in the related address.
Because brainwallets can be brute-forced just by looking at the blockchain (observe an address with funds + use a huge dictionary to find a passphrase that generates a key which matches the address). This has happened multiple times. If you want to brute force an encrypted paper backup you first have to get access to the paper.

Brainwallets are generally a bad idea because the passphrases that normal people can remember are not strong enough to withstand a brute-force attack. If the passphrase is complex enough you have to write it down, and you might as well have written down the private key in the first place.

Mycelium let's you hold your private keys private.
rahl
Full Member
***
Offline Offline

Activity: 140



View Profile
September 17, 2013, 08:11:04 AM
 #17

How much space does plausible deniability add?
Like if you have one key that decrypts it to a naughty sex letter and another to the bitcoin key...


dserrano5
Legendary
*
Offline Offline

Activity: 1848



View Profile
September 17, 2013, 08:33:32 AM
 #18

use a really complicated pass-phrase you also have to write down

Brainwallets are generally a bad idea because the passphrases that normal people can remember are not strong enough to withstand a brute-force attack. If the passphrase is complex enough you have to write it down, and you might as well have written down the private key in the first place.

Yeah but rahl was already talking about writing down stuff. I guess we have a hybrid paper/brain wallet, in which you write down a really long and/or complex piece of text unable to be reliably memorized and impossible to brute force.

adamas
Legendary
*
Offline Offline

Activity: 1008


VIS ET LIBERTAS


View Profile WWW
September 17, 2013, 03:05:55 PM
 #19

I saved my priv keys on a pendrive, put it in a waterproof box and buried it here: http://www.geocaching.com/geocache/GC242VT_this-is-it
After hiding the box, I disabled this (geo)cache.

"Es ist kein Zeichen geistiger Gesundheit, gut angepasst an eine kranke Gesellschaft zu sein."
cp1
Hero Member
*****
Offline Offline

Activity: 616


Stop using branwallets


View Profile
September 17, 2013, 05:00:17 PM
 #20

As Rahl said, you can use gpg to encrypt it to an ascii phrase that you can print out:

gpg -ac armory_backup_phrase.txt

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!