Encrypted Paper Backups

[etotheipi]

I just want to reiterate my position on this -- I have outlined in the past why I don't want to support directly-encrypted backups.  Not everyone agrees with the reasoning, but I'm sticking to it because the ability to recover your wallet is higher priority than having the extra physical security.

Instead, this is being addressed with the fragmented backups.  It is a perfect mix of redundancy and security, and can be used very similarly to an encrypted backup without the same risks.  Fragmented backups have already been merged into my development branch, and will be part of the next release along with the the RAM reduction.

[Jan]

I just want to reiterate my position on this -- I have outlined in the past why I don't want to support directly-encrypted backups.  Not everyone agrees with the reasoning, but I'm sticking to it because the ability to recover your wallet is higher priority than having the extra physical security.

+1

Instead, this is being addressed with the fragmented backups.  It is a perfect mix of redundancy and security, and can be used very similarly to an encrypted backup without the same risks.  Fragmented backups have already been merged into my development branch, and will be part of the next release along with the the RAM reduction.

Can you elaborate what you mean by fragmented backups?
Do you mean Shamir's secret sharing scheme, encryption with a computer generated passphrase, or something else entirely?

For the Mycelium wallet I am leaning towards private key export using BIP38 with a computer generated passphrase which is only displayed on screen (and written on paper by hand). The encrypted backup turned into a JPG image containing the encrypted bits are base58 encoded as text and a QR-code. The JPG is  shared by whatever means your phone supports. If you combine this with import verification I'd say you are pretty well off.

[etotheipi]

I just want to reiterate my position on this -- I have outlined in the past why I don't want to support directly-encrypted backups.  Not everyone agrees with the reasoning, but I'm sticking to it because the ability to recover your wallet is higher priority than having the extra physical security.

+1

Instead, this is being addressed with the fragmented backups.  It is a perfect mix of redundancy and security, and can be used very similarly to an encrypted backup without the same risks.  Fragmented backups have already been merged into my development branch, and will be part of the next release along with the the RAM reduction.

Can you elaborate what you mean by fragmented backups?
Do you mean Shamir's secret sharing scheme, encryption with a computer generated passphrase, or something else entirely?

For the Mycelium wallet I am leaning towards private key export using BIP38 with a computer generated passphrase which is only displayed on screen (and written on paper by hand). The encrypted backup turned into a JPG image containing the encrypted bits are base58 encoded as text and a QR-code. The JPG is  shared by whatever means your phone supports. If you combine this with import verification I'd say you are pretty well off.

Yes, I'm talking about Shamir's Secret Sharing.  I have developed a full interface around it and will be releasing it along with the RAM-reduced version of Armory.

[Melbustus]

I just want to reiterate my position on this -- I have outlined in the past why I don't want to support directly-encrypted backups.  Not everyone agrees with the reasoning, but I'm sticking to it because the ability to recover your wallet is higher priority than having the extra physical security.

Instead, this is being addressed with the fragmented backups.  It is a perfect mix of redundancy and security, and can be used very similarly to an encrypted backup without the same risks.  Fragmented backups have already been merged into my development branch, and will be part of the next release along with the the RAM reduction.

This stance is the one thing keeping me from using (and recommending) Armory predominantly. I do understand your reasoning and position, but for my personal use-case, I want encrypted backups. I simply am not comfortable with paper wallets due to potential theft, loss, destruction. I very specifically *want* my coins to be unlockable by my brain only. And the last thing I want to worry about is keeping some slip (or M slips) of paper physically secure.

But obviously Armory has lots of great features, so that essentially leaves me to implement my own encrypted Armory backup process which will be MUCH more error-prone than if the feature existed natively in the client.

I really hope you change your mind.

[rocks]

I just want to reiterate my position on this -- I have outlined in the past why I don't want to support directly-encrypted backups.  Not everyone agrees with the reasoning, but I'm sticking to it because the ability to recover your wallet is higher priority than having the extra physical security.

Instead, this is being addressed with the fragmented backups.  It is a perfect mix of redundancy and security, and can be used very similarly to an encrypted backup without the same risks.  Fragmented backups have already been merged into my development branch, and will be part of the next release along with the the RAM reduction.

This stance is the one thing keeping me from using (and recommending) Armory predominantly. I do understand your reasoning and position, but for my personal use-case, I want encrypted backups. I simply am not comfortable with paper wallets due to potential theft, loss, destruction. I very specifically *want* my coins to be unlockable by my brain only. And the last thing I want to worry about is keeping some slip (or M slips) of paper physically secure.

But obviously Armory has lots of great features, so that essentially leaves me to implement my own encrypted Armory backup process which will be MUCH more error-prone than if the feature existed natively in the client.

I really hope you change your mind.

Agreed,

The option already exists to make encrypted digital backups. So I don't really understand the logic behind not supporting the feature. Many users only create digital backups and brainwallet those, so they are already in the exact situation etotheipi says he want to avoid.

All that is being asked for is to provide the same functionality for paper backups as for digital backups.

[cp1]

It just takes two seconds to encrypt your recovery key, there's no need for this in armory.  Just do it yourself if you want that.

[rocks]

It just takes two seconds to encrypt your recovery key, there's no need for this in armory.  Just do it yourself if you want that.

Agreed, this is very easy to do.

The issue is it is error prone when done manually. For every 100 times I've done the above manually there is 1 time where something went wrong. If I have a cold wallet that I come back to in 2020 and BTC is priced to the moon, I don't want that to be the time my manual encryption effort screwed up somehow.

The advantage of automation is it eliminates manual mistakes.

[etotheipi]

It just takes two seconds to encrypt your recovery key, there's no need for this in armory.  Just do it yourself if you want that.

Agreed, this is very easy to do.

The issue is it is error prone when done manually. For every 100 times I've done the above manually there is 1 time where something went wrong. If I have a cold wallet that I come back to in 2020 and BTC is priced to the moon, I don't want that to be the time my manual encryption effort screwed up somehow.

The advantage of automation is it eliminates manual mistakes.

You're going to remember the password you chose today, 7 years from now?  Either you re-use passwords way more than you technically should, or your memory is epic.  I'd be much more concerned about the number of things that can go wrong in 7 years that make that backup useless.

[cp1]

It just takes two seconds to encrypt your recovery key, there's no need for this in armory.  Just do it yourself if you want that.

Agreed, this is very easy to do.

The issue is it is error prone when done manually. For every 100 times I've done the above manually there is 1 time where something went wrong. If I have a cold wallet that I come back to in 2020 and BTC is priced to the moon, I don't want that to be the time my manual encryption effort screwed up somehow.

The advantage of automation is it eliminates manual mistakes.

There's nothing manual about it, it's just one command.  You can even check your work with diff.