paper wallet - security concerns - best way to create one.

[vlom]

hi

i read about paper wallets here: https://en.bitcoin.it/wiki/Paper_wallet

this part is the most important for me:

Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation.

i don't want to make things more insecure than without a paper wallet.

there are some websites that claim to help you with paper wallets.
e.g https://bitcoinpaperwallet.com or  https://www.bitaddress.org
why should i trust them?

so please help me find a secure way to create a paper wallet. and please consider that i don't want to spend hours to achieve my goal.

thanks.

[mocacinno]

hi

i read about paper wallets here: https://en.bitcoin.it/wiki/Paper_wallet

this part is the most important for me:

Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation.

i don't want to make things more insecure than without a paper wallet.

there are some websites that claim to help you with paper wallets.
e.g https://bitcoinpaperwallet.com or  https://www.bitaddress.org
why should i trust them?

so please help me find a secure way to create a paper wallet. and please consider that i don't want to spend hours to achieve my goal.

thanks.

The most secure workflow:

• download the sourcecode of bitaddress.org straight from github https://github.com/pointbiz/bitaddress.org
• put it on a thumbdrive
• boot a linux live cd WITHOUT INTERNET CONNECTION, insert the thumbdrive, check the md5 hash of the zip you downloaded
• unzip the zip, run the website locally without internet connection
• generate a paper wallet, use BIP38 encryption with a strong password of passphrase
• either connect a printer directly to the offline PC (make sure the printer isn't online) or print the paper wallet as pdf and put it on the thumbdrive, use an offline printer that allows input from a thumbdrive, and print your wallet directly from the thumbdrive
• in case you used a thumbdrive, overwrite the thumbdrive with random characters several times after you're done(there are guides on how to do this TL;DR: dd if=/dev/urandom > /dev/sd*** -> replace with correct device)
• reboot your pc, send a couple big printjobs to your printer, reboot your printer

Maybe somebody will see some addendums here, but i think it's pretty complete...
It goes without saying: don't make pictures of your workflow, don't do this in public, make sure nobody you don't trust is watching (filming, photographing) your private key...

Also, it's a good idear to laminate your key and store it in a physical secure location (with a bank or notary in a special safe) or make copys (but be carefull as to where you'll store them)

[vlom]

thank you for this how-to.
it really sounds like working for 5 hours.

i will think about it and in the meantime i will try to check the trustworthiness of bitaddress.org.

[mocacinno]

thank you for this how-to.
it really sounds like working for 5 hours.

i will think about it and in the meantime i will try to check the trustworthiness of bitaddress.org.

You're welcome  
Actually, it looks like a really big task, but in reality it only takes about an hour (the biggest timeconsumer is downloading a livecd... I personally used lubuntu, but you can pick one here: https://en.wikipedia.org/wiki/List_of_live_CDs
If you have a livecd (preferably linux) laying around, it should be ok, it doesn't matter which version, since you're not using it to go online anyways.

bitaddress.org is pretty trusted, but it's always a good idear to check out those thing for yourself, after all, it's about money

[BitcoinSupremo]

Vlom judging from your rank, I think you have enough bitcoins that you want to store in a secure place. Paper wallet is secure enough but needs some jobs to be done by you, if you are comfortable with the very nice explanation here then it is ok, but if you want you can buy a Ledger Nano for just 20 USD 0.045 BTC price and store them securely there. Just my suggestion.

[vlom]

Vlom judging from your rank, I think you have enough bitcoins that you want to store in a secure place. Paper wallet is secure enough but needs some jobs to be done by you, if you are comfortable with the very nice explanation here then it is ok, but if you want you can buy a Ledger Nano for just 20 USD 0.045 BTC price and store them securely there. Just my suggestion.

i have been thinking about hw-wallets. but how can i backup these things. in case of a hw failure? but this i an other topic....

[BitcoinSupremo]

Vlom judging from your rank, I think you have enough bitcoins that you want to store in a secure place. Paper wallet is secure enough but needs some jobs to be done by you, if you are comfortable with the very nice explanation here then it is ok, but if you want you can buy a Ledger Nano for just 20 USD 0.045 BTC price and store them securely there. Just my suggestion.

i have been thinking about hw-wallets. but how can i backup these things. in case of a hw failure? but this i an other topic....

You can't but the percentage of a hw wallet failing is pretty low, basically the same as if your house get hit by fire and you lose your paper wallet .
You can try putting the hardware wallet in a safe place of yours and use it as rarely as you can, this way chances of it getting failure are pretty pretty low.

[mocacinno]

Vlom judging from your rank, I think you have enough bitcoins that you want to store in a secure place. Paper wallet is secure enough but needs some jobs to be done by you, if you are comfortable with the very nice explanation here then it is ok, but if you want you can buy a Ledger Nano for just 20 USD 0.045 BTC price and store them securely there. Just my suggestion.

i have been thinking about hw-wallets. but how can i backup these things. in case of a hw failure? but this i an other topic....

Ledger HW wallets are deterministic. When you initialise them, you get 24? seed words, which you have to write down.
If you ever break your HW wallet, you can order a new one and restore it from the seed words you've written down
The cheapest ones are $18, and i think they're well worth the investment.

However, i personally do not believe them to be more secure than a well-prepped paper wallet... Offcourse, i also think they leave less room for error than generating a paper wallet, which makes them ideal for people that don't want to invest a lot of time into generating paper wallets, or are in doubt about the correct procedure.

[alani123]

hi

i read about paper wallets here: https://en.bitcoin.it/wiki/Paper_wallet

this part is the most important for me:

Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation.

i don't want to make things more insecure than without a paper wallet.

there are some websites that claim to help you with paper wallets.
e.g https://bitcoinpaperwallet.com or  https://www.bitaddress.org
why should i trust them?

so please help me find a secure way to create a paper wallet. and please consider that i don't want to spend hours to achieve my goal.

thanks.

The most secure workflow:

• download the sourcecode of bitaddress.org straight from github https://github.com/pointbiz/bitaddress.org
• put it on a thumbdrive
• boot a linux live cd WITHOUT INTERNET CONNECTION, insert the thumbdrive, check the md5 hash of the zip you downloaded
• unzip the zip, run the website locally without internet connection
• generate a paper wallet, use BIP38 encryption with a strong password of passphrase
• either connect a printer directly to the offline PC (make sure the printer isn't online) or print the paper wallet as pdf and put it on the thumbdrive, use an offline printer that allows input from a thumbdrive, and print your wallet directly from the thumbdrive
• in case you used a thumbdrive, overwrite the thumbdrive with random characters several times after you're done(there are guides on how to do this TL;DR: dd if=/dev/urandom > /dev/sd*** -> replace with correct device)
• reboot your pc, send a couple big printjobs to your printer, reboot your printer

Maybe somebody will see some addendums here, but i think it's pretty complete...
It goes without saying: don't make pictures of your workflow, don't do this in public, make sure nobody you don't trust is watching (filming, photographing) your private key...

Also, it's a good idear to laminate your key and store it in a physical secure location (with a bank or notary in a special safe) or make copys (but be carefull as to where you'll store them)

To add to that, certain printers contain hard drives. So try and check for that if you care.

[AzibLala007]

The most secure workflow:
Download the source code of bitaddress.org straight from github https://github.com/pointbiz/bitaddress.org
Put it on a thumbdrive and then boot a Linux live CD WITHOUT INTERNET CONNECTION, insert the thumbdrive, check the md5 hash of the zip you downloaded and unzip the zip, run the website locally without internet connection and generate a paper wallet, use BIP38 encryption with a strong password of pass phrase and either connect a printer directly to the offline PC (make sure the printer isn't online) or print the paper wallet as pdf and put it on the thumbdrive, use an offline printer that allows input from a thumbdrive, and print your wallet directly from the thumbdrive
in case you used a thumbdrive, overwrite the thumbdrive with random characters several times after you're done(there are guides on how to do this TL;DR: dd if=/dev/urandom > /dev/sd*** -> replace with correct device)
reboot your pc, send a couple big printjobs to your printer, reboot your printer

Maybe somebody will see some addendums here, but i think it's pretty complete...
It goes without saying: don't make pictures of your workflow, don't do this in public, make sure nobody you don't trust is watching (filming, photographing) your private key...

Also, it's a good idea to laminate your key and store it in a physical secure location (with a bank or notary in a special safe) or make copys (but be carefull as to where you'll store them)

[Divinespark]

I downloaded the bitaddress.org html file off github and then ran it and printed out my paper wallets in offline mode

[vlom]

Ledger HW wallets are deterministic. When you initialise them, you get 24? seed words, which you have to write down.
If you ever break your HW wallet, you can order a new one and restore it from the seed words you've written down
The cheapest ones are $18, and i think they're well worth the investment.

mhh, then i think it should be possible like this too:

install a software wallet  (e.g. multibit_hd) on a clean os, disconnected from internet. generate an address and write down the wallet words. afterwords erase the sdd.

[7788bitcoin]

Download bitaddress.org into thumbdrive --> disconnect all network cables/wifi --> Format the computer everything
--> reinstall OS --> run the downloaded bitaddress.org --> print using offline printer --> Keep you paper wallet secure
--> format all the drives (hard drive and thumbdrive) --> secure!

... or maybe not. The formatting part is important as some people maybe able to recover data from formatted harddisk...

[DimensionZ]

I think the Linux live distro cd is the best approach as you won't need to format any HDD on a second computer and reinstall the OS to make a secure environment. Also make sure that you are offline while generating the paper wallet. If you don't have a printer just buy the cheapest one around with no fancy features and print it at home because I don't trust public ones. Also laminating the paper wallet and putting it in a safe deposit box will make it last forever while hardware wallets may break.

[calkob]

hi

i read about paper wallets here: https://en.bitcoin.it/wiki/Paper_wallet

this part is the most important for me:

Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation.

i don't want to make things more insecure than without a paper wallet.

there are some websites that claim to help you with paper wallets.
e.g https://bitcoinpaperwallet.com or  https://www.bitaddress.org
why should i trust them?

so please help me find a secure way to create a paper wallet. and please consider that i don't want to spend hours to achieve my goal.

thanks.

Bitaddress has been around for years and has been tested by some very experienced people.  I have used it for my own paperwallets.  have a look at vanitygen where you can create your own vanity addresess or just an address with priv key.

[BitcoinNewsMagazine]

Just bypass paper wallets and go straight to using a Trezor. You have to be very careful about change addresses and exposing your private keys when spending from a paper wallet.

[thejaytiesto]

hi

i read about paper wallets here: https://en.bitcoin.it/wiki/Paper_wallet

this part is the most important for me:

Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation.

i don't want to make things more insecure than without a paper wallet.

there are some websites that claim to help you with paper wallets.
e.g https://bitcoinpaperwallet.com or  https://www.bitaddress.org
why should i trust them?

so please help me find a secure way to create a paper wallet. and please consider that i don't want to spend hours to achieve my goal.

thanks.

The most secure workflow:

• download the sourcecode of bitaddress.org straight from github https://github.com/pointbiz/bitaddress.org
• put it on a thumbdrive
• boot a linux live cd WITHOUT INTERNET CONNECTION, insert the thumbdrive, check the md5 hash of the zip you downloaded
• unzip the zip, run the website locally without internet connection
• generate a paper wallet, use BIP38 encryption with a strong password of passphrase
• either connect a printer directly to the offline PC (make sure the printer isn't online) or print the paper wallet as pdf and put it on the thumbdrive, use an offline printer that allows input from a thumbdrive, and print your wallet directly from the thumbdrive
• in case you used a thumbdrive, overwrite the thumbdrive with random characters several times after you're done(there are guides on how to do this TL;DR: dd if=/dev/urandom > /dev/sd*** -> replace with correct device)
• reboot your pc, send a couple big printjobs to your printer, reboot your printer

Maybe somebody will see some addendums here, but i think it's pretty complete...
It goes without saying: don't make pictures of your workflow, don't do this in public, make sure nobody you don't trust is watching (filming, photographing) your private key...

Also, it's a good idear to laminate your key and store it in a physical secure location (with a bank or notary in a special safe) or make copys (but be carefull as to where you'll store them)

One step that is often overlooked is the integrity of the OS that you are using. If your OS is compromised, your Bitcoins will be compromised. So beside BIP38 and all that, you must and I repeat, you MUST boot with an OS that can't be modified, in other words in read only, in other words, you must boot your OS from the ram memory.

I think Tails (the OS that Edward Snowden uses) is very easy to boot, you just open it and create your wallet with internet off and that's all.

[Kprawn]

Take a old outdated computer and printer, disconnect it from the internet. Download the source from GitHub or just save the site in html on a memory stick and copy it to the offline computer. Then

generate as many paper wallets as you like and print and laminate them. Destroy the computer and printer or keep them offline and you will be fine. Who would want to go through all the trouble of

hunting down your paper wallets, if the coins are spread over multiple paper wallets. Remember to store a copy of the private key at a separate location... if the first location burns down or a flood

destroy your first copy, you can fall back on the backup copies. That is pretty much it...   ... If you store big amounts... the spending on a old computer and printer, will not break your bank.  

[vlom]

I think Tails (the OS that Edward Snowden uses) is very easy to boot, you just open it and create your wallet with internet off and that's all.

yes, thats it.  i could have thought about that by myself. i hope that i can find the usb-drive with the installation.

[vlom]

found usb drive with tails OS.
worked like a charm. i made a test paper wallet and then sent 0.001 to this address. after that i went back to my standard OS, installed electreum and used the seed words. et voila