Bitcoin Forum
November 19, 2017, 10:16:49 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: Encrypted Paper Backups  (Read 3594 times)
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 17, 2013, 05:37:30 PM
 #21

I just want to reiterate my position on this -- I have outlined in the past why I don't want to support directly-encrypted backups.  Not everyone agrees with the reasoning, but I'm sticking to it because the ability to recover your wallet is higher priority than having the extra physical security.

Instead, this is being addressed with the fragmented backups.  It is a perfect mix of redundancy and security, and can be used very similarly to an encrypted backup without the same risks.  Fragmented backups have already been merged into my development branch, and will be part of the next release along with the the RAM reduction.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511129809
Hero Member
*
Offline Offline

Posts: 1511129809

View Profile Personal Message (Offline)

Ignore
1511129809
Reply with quote  #2

1511129809
Report to moderator
1511129809
Hero Member
*
Offline Offline

Posts: 1511129809

View Profile Personal Message (Offline)

Ignore
1511129809
Reply with quote  #2

1511129809
Report to moderator
Jan
Legendary
*
Offline Offline

Activity: 1043



View Profile
September 17, 2013, 05:56:45 PM
 #22

I just want to reiterate my position on this -- I have outlined in the past why I don't want to support directly-encrypted backups.  Not everyone agrees with the reasoning, but I'm sticking to it because the ability to recover your wallet is higher priority than having the extra physical security.
+1

Instead, this is being addressed with the fragmented backups.  It is a perfect mix of redundancy and security, and can be used very similarly to an encrypted backup without the same risks.  Fragmented backups have already been merged into my development branch, and will be part of the next release along with the the RAM reduction.
Can you elaborate what you mean by fragmented backups?
Do you mean Shamir's secret sharing scheme, encryption with a computer generated passphrase, or something else entirely?

For the Mycelium wallet I am leaning towards private key export using BIP38 with a computer generated passphrase which is only displayed on screen (and written on paper by hand). The encrypted backup turned into a JPG image containing the encrypted bits are base58 encoded as text and a QR-code. The JPG is  shared by whatever means your phone supports. If you combine this with import verification I'd say you are pretty well off.

Mycelium let's you hold your private keys private.
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
September 17, 2013, 06:26:03 PM
 #23

I just want to reiterate my position on this -- I have outlined in the past why I don't want to support directly-encrypted backups.  Not everyone agrees with the reasoning, but I'm sticking to it because the ability to recover your wallet is higher priority than having the extra physical security.
+1

Instead, this is being addressed with the fragmented backups.  It is a perfect mix of redundancy and security, and can be used very similarly to an encrypted backup without the same risks.  Fragmented backups have already been merged into my development branch, and will be part of the next release along with the the RAM reduction.
Can you elaborate what you mean by fragmented backups?
Do you mean Shamir's secret sharing scheme, encryption with a computer generated passphrase, or something else entirely?

For the Mycelium wallet I am leaning towards private key export using BIP38 with a computer generated passphrase which is only displayed on screen (and written on paper by hand). The encrypted backup turned into a JPG image containing the encrypted bits are base58 encoded as text and a QR-code. The JPG is  shared by whatever means your phone supports. If you combine this with import verification I'd say you are pretty well off.

Yes, I'm talking about Shamir's Secret Sharing.  I have developed a full interface around it and will be releasing it along with the RAM-reduced version of Armory.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
Melbustus
Legendary
*
Offline Offline

Activity: 1638



View Profile
November 06, 2013, 08:08:54 PM
 #24

I just want to reiterate my position on this -- I have outlined in the past why I don't want to support directly-encrypted backups.  Not everyone agrees with the reasoning, but I'm sticking to it because the ability to recover your wallet is higher priority than having the extra physical security.

Instead, this is being addressed with the fragmented backups.  It is a perfect mix of redundancy and security, and can be used very similarly to an encrypted backup without the same risks.  Fragmented backups have already been merged into my development branch, and will be part of the next release along with the the RAM reduction.


This stance is the one thing keeping me from using (and recommending) Armory predominantly. I do understand your reasoning and position, but for my personal use-case, I want encrypted backups. I simply am not comfortable with paper wallets due to potential theft, loss, destruction. I very specifically *want* my coins to be unlockable by my brain only. And the last thing I want to worry about is keeping some slip (or M slips) of paper physically secure.

But obviously Armory has lots of great features, so that essentially leaves me to implement my own encrypted Armory backup process which will be MUCH more error-prone than if the feature existed natively in the client.

I really hope you change your mind.

Bitcoin is the first monetary system to credibly offer perfect information to all economic participants.
Cryptoasset rankings and metrics for investors: http://onchainfx.com
rocks
Legendary
*
Offline Offline

Activity: 1149


View Profile
November 07, 2013, 02:39:55 AM
 #25

I just want to reiterate my position on this -- I have outlined in the past why I don't want to support directly-encrypted backups.  Not everyone agrees with the reasoning, but I'm sticking to it because the ability to recover your wallet is higher priority than having the extra physical security.

Instead, this is being addressed with the fragmented backups.  It is a perfect mix of redundancy and security, and can be used very similarly to an encrypted backup without the same risks.  Fragmented backups have already been merged into my development branch, and will be part of the next release along with the the RAM reduction.


This stance is the one thing keeping me from using (and recommending) Armory predominantly. I do understand your reasoning and position, but for my personal use-case, I want encrypted backups. I simply am not comfortable with paper wallets due to potential theft, loss, destruction. I very specifically *want* my coins to be unlockable by my brain only. And the last thing I want to worry about is keeping some slip (or M slips) of paper physically secure.

But obviously Armory has lots of great features, so that essentially leaves me to implement my own encrypted Armory backup process which will be MUCH more error-prone than if the feature existed natively in the client.

I really hope you change your mind.

Agreed,

The option already exists to make encrypted digital backups. So I don't really understand the logic behind not supporting the feature. Many users only create digital backups and brainwallet those, so they are already in the exact situation etotheipi says he want to avoid.

All that is being asked for is to provide the same functionality for paper backups as for digital backups.
cp1
Hero Member
*****
Offline Offline

Activity: 616


Stop using branwallets


View Profile
November 07, 2013, 04:57:42 PM
 #26

It just takes two seconds to encrypt your recovery key, there's no need for this in armory.  Just do it yourself if you want that.

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
rocks
Legendary
*
Offline Offline

Activity: 1149


View Profile
November 08, 2013, 01:35:18 AM
 #27

It just takes two seconds to encrypt your recovery key, there's no need for this in armory.  Just do it yourself if you want that.

Agreed, this is very easy to do.

The issue is it is error prone when done manually. For every 100 times I've done the above manually there is 1 time where something went wrong. If I have a cold wallet that I come back to in 2020 and BTC is priced to the moon, I don't want that to be the time my manual encryption effort screwed up somehow.

The advantage of automation is it eliminates manual mistakes.
etotheipi
Legendary
*
Offline Offline

Activity: 1428


Core Armory Developer


View Profile WWW
November 08, 2013, 01:41:08 AM
 #28

It just takes two seconds to encrypt your recovery key, there's no need for this in armory.  Just do it yourself if you want that.

Agreed, this is very easy to do.

The issue is it is error prone when done manually. For every 100 times I've done the above manually there is 1 time where something went wrong. If I have a cold wallet that I come back to in 2020 and BTC is priced to the moon, I don't want that to be the time my manual encryption effort screwed up somehow.

The advantage of automation is it eliminates manual mistakes.

You're going to remember the password you chose today, 7 years from now?  Either you re-use passwords way more than you technically should, or your memory is epic.  I'd be much more concerned about the number of things that can go wrong in 7 years that make that backup useless.

Founder and CEO of Armory Technologies, Inc.
Armory Bitcoin Wallet: Bringing cold storage to the average user!
Only use Armory software signed by the Armory Offline Signing Key (0x98832223)

Please donate to the Armory project by clicking here!    (or donate directly via 1QBDLYTDFHHZAABYSKGKPWKLSXZWCCJQBX -- yes, it's a real address!)
cp1
Hero Member
*****
Offline Offline

Activity: 616


Stop using branwallets


View Profile
November 08, 2013, 02:38:05 AM
 #29

It just takes two seconds to encrypt your recovery key, there's no need for this in armory.  Just do it yourself if you want that.

Agreed, this is very easy to do.

The issue is it is error prone when done manually. For every 100 times I've done the above manually there is 1 time where something went wrong. If I have a cold wallet that I come back to in 2020 and BTC is priced to the moon, I don't want that to be the time my manual encryption effort screwed up somehow.

The advantage of automation is it eliminates manual mistakes.

There's nothing manual about it, it's just one command.  You can even check your work with diff.

Guide to armory offline install on USB key:  https://bitcointalk.org/index.php?topic=241730.0
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!