Bitcoin Forum
December 16, 2024, 12:19:20 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: paper wallet - security concerns - best way to create one.  (Read 994 times)
vlom (OP)
Legendary
*
Offline Offline

Activity: 1498
Merit: 1117


View Profile
April 25, 2016, 08:53:12 AM
 #1

hi

i read about paper wallets here: https://en.bitcoin.it/wiki/Paper_wallet

this part is the most important for me:
Quote
Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation.

i don't want to make things more insecure than without a paper wallet.

there are some websites that claim to help you with paper wallets.
e.g https://bitcoinpaperwallet.com or  https://www.bitaddress.org
why should i trust them?

so please help me find a secure way to create a paper wallet. and please consider that i don't want to spend hours to achieve my goal.

thanks.
mocacinno
Legendary
*
Offline Offline

Activity: 3612
Merit: 5279


https://merel.mobi => buy facemasks with BTC/LTC


View Profile WWW
April 25, 2016, 08:58:05 AM
 #2

hi

i read about paper wallets here: https://en.bitcoin.it/wiki/Paper_wallet

this part is the most important for me:
Quote
Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation.

i don't want to make things more insecure than without a paper wallet.

there are some websites that claim to help you with paper wallets.
e.g https://bitcoinpaperwallet.com or  https://www.bitaddress.org
why should i trust them?

so please help me find a secure way to create a paper wallet. and please consider that i don't want to spend hours to achieve my goal.

thanks.


The most secure workflow:
  • download the sourcecode of bitaddress.org straight from github https://github.com/pointbiz/bitaddress.org
  • put it on a thumbdrive
  • boot a linux live cd WITHOUT INTERNET CONNECTION, insert the thumbdrive, check the md5 hash of the zip you downloaded
  • unzip the zip, run the website locally without internet connection
  • generate a paper wallet, use BIP38 encryption with a strong password of passphrase
  • either connect a printer directly to the offline PC (make sure the printer isn't online) or print the paper wallet as pdf and put it on the thumbdrive, use an offline printer that allows input from a thumbdrive, and print your wallet directly from the thumbdrive
  • in case you used a thumbdrive, overwrite the thumbdrive with random characters several times after you're done(there are guides on how to do this TL;DR: dd if=/dev/urandom > /dev/sd*** -> replace with correct device)
  • reboot your pc, send a couple big printjobs to your printer, reboot your printer

Maybe somebody will see some addendums here, but i think it's pretty complete...
It goes without saying: don't make pictures of your workflow, don't do this in public, make sure nobody you don't trust is watching (filming, photographing) your private key...

Also, it's a good idear to laminate your key and store it in a physical secure location (with a bank or notary in a special safe) or make copys (but be carefull as to where you'll store them)

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
vlom (OP)
Legendary
*
Offline Offline

Activity: 1498
Merit: 1117


View Profile
April 25, 2016, 09:09:23 AM
 #3

thank you for this how-to.
it really sounds like working for 5 hours.

i will think about it and in the meantime i will try to check the trustworthiness of bitaddress.org.
mocacinno
Legendary
*
Offline Offline

Activity: 3612
Merit: 5279


https://merel.mobi => buy facemasks with BTC/LTC


View Profile WWW
April 25, 2016, 09:12:35 AM
 #4

thank you for this how-to.
it really sounds like working for 5 hours.

i will think about it and in the meantime i will try to check the trustworthiness of bitaddress.org.

You're welcome  Grin
Actually, it looks like a really big task, but in reality it only takes about an hour (the biggest timeconsumer is downloading a livecd... I personally used lubuntu, but you can pick one here: https://en.wikipedia.org/wiki/List_of_live_CDs
If you have a livecd (preferably linux) laying around, it should be ok, it doesn't matter which version, since you're not using it to go online anyways.

bitaddress.org is pretty trusted, but it's always a good idear to check out those thing for yourself, after all, it's about money Wink

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
BitcoinSupremo
Copper Member
Hero Member
*****
Offline Offline

Activity: 1442
Merit: 529


View Profile
April 25, 2016, 09:15:16 AM
 #5

Vlom judging from your rank, I think you have enough bitcoins that you want to store in a secure place. Paper wallet is secure enough but needs some jobs to be done by you, if you are comfortable with the very nice explanation here then it is ok, but if you want you can buy a Ledger Nano for just 20 USD 0.045 BTC price and store them securely there. Just my suggestion.
vlom (OP)
Legendary
*
Offline Offline

Activity: 1498
Merit: 1117


View Profile
April 25, 2016, 09:21:17 AM
 #6

Vlom judging from your rank, I think you have enough bitcoins that you want to store in a secure place. Paper wallet is secure enough but needs some jobs to be done by you, if you are comfortable with the very nice explanation here then it is ok, but if you want you can buy a Ledger Nano for just 20 USD 0.045 BTC price and store them securely there. Just my suggestion.


i have been thinking about hw-wallets. but how can i backup these things. in case of a hw failure? but this i an other topic....
BitcoinSupremo
Copper Member
Hero Member
*****
Offline Offline

Activity: 1442
Merit: 529


View Profile
April 25, 2016, 09:25:38 AM
 #7

Vlom judging from your rank, I think you have enough bitcoins that you want to store in a secure place. Paper wallet is secure enough but needs some jobs to be done by you, if you are comfortable with the very nice explanation here then it is ok, but if you want you can buy a Ledger Nano for just 20 USD 0.045 BTC price and store them securely there. Just my suggestion.


i have been thinking about hw-wallets. but how can i backup these things. in case of a hw failure? but this i an other topic....

You can't but the percentage of a hw wallet failing is pretty low, basically the same as if your house get hit by fire and you lose your paper wallet Smiley .
You can try putting the hardware wallet in a safe place of yours and use it as rarely as you can, this way chances of it getting failure are pretty pretty low.
mocacinno
Legendary
*
Offline Offline

Activity: 3612
Merit: 5279


https://merel.mobi => buy facemasks with BTC/LTC


View Profile WWW
April 25, 2016, 09:30:26 AM
 #8

Vlom judging from your rank, I think you have enough bitcoins that you want to store in a secure place. Paper wallet is secure enough but needs some jobs to be done by you, if you are comfortable with the very nice explanation here then it is ok, but if you want you can buy a Ledger Nano for just 20 USD 0.045 BTC price and store them securely there. Just my suggestion.


i have been thinking about hw-wallets. but how can i backup these things. in case of a hw failure? but this i an other topic....

Ledger HW wallets are deterministic. When you initialise them, you get 24? seed words, which you have to write down.
If you ever break your HW wallet, you can order a new one and restore it from the seed words you've written down Smiley
The cheapest ones are $18, and i think they're well worth the investment.

However, i personally do not believe them to be more secure than a well-prepped paper wallet... Offcourse, i also think they leave less room for error than generating a paper wallet, which makes them ideal for people that don't want to invest a lot of time into generating paper wallets, or are in doubt about the correct procedure.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
alani123
Legendary
*
Offline Offline

Activity: 2618
Merit: 1514



View Profile
April 25, 2016, 10:12:09 AM
 #9

hi

i read about paper wallets here: https://en.bitcoin.it/wiki/Paper_wallet

this part is the most important for me:
Quote
Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation.

i don't want to make things more insecure than without a paper wallet.

there are some websites that claim to help you with paper wallets.
e.g https://bitcoinpaperwallet.com or  https://www.bitaddress.org
why should i trust them?

so please help me find a secure way to create a paper wallet. and please consider that i don't want to spend hours to achieve my goal.

thanks.


The most secure workflow:
  • download the sourcecode of bitaddress.org straight from github https://github.com/pointbiz/bitaddress.org
  • put it on a thumbdrive
  • boot a linux live cd WITHOUT INTERNET CONNECTION, insert the thumbdrive, check the md5 hash of the zip you downloaded
  • unzip the zip, run the website locally without internet connection
  • generate a paper wallet, use BIP38 encryption with a strong password of passphrase
  • either connect a printer directly to the offline PC (make sure the printer isn't online) or print the paper wallet as pdf and put it on the thumbdrive, use an offline printer that allows input from a thumbdrive, and print your wallet directly from the thumbdrive
  • in case you used a thumbdrive, overwrite the thumbdrive with random characters several times after you're done(there are guides on how to do this TL;DR: dd if=/dev/urandom > /dev/sd*** -> replace with correct device)
  • reboot your pc, send a couple big printjobs to your printer, reboot your printer

Maybe somebody will see some addendums here, but i think it's pretty complete...
It goes without saying: don't make pictures of your workflow, don't do this in public, make sure nobody you don't trust is watching (filming, photographing) your private key...

Also, it's a good idear to laminate your key and store it in a physical secure location (with a bank or notary in a special safe) or make copys (but be carefull as to where you'll store them)

To add to that, certain printers contain hard drives. So try and check for that if you care.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
 
 Duelbits 
██
██
██
██
██
██
██
██

██

██

██

██

██
TRY OUR UNIQUE GAMES!
    ◥ DICE  ◥ MINES  ◥ PLINKO  ◥ DUEL POKER  ◥ DICE DUELS   
█▀▀











█▄▄
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀
 
███
▀▀▀
███
▀▀▀

███
▀▀▀
███
▀▀▀
███
▀▀▀

███
▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
 KENONEW 
 
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀█











▄▄█
10,000x
 
MULTIPLIER
██
██
██
██
██
██
██
██

██

██

██

██

██
 
NEARLY
UP TO
50%
REWARDS
██
██
██
██
██
██
██
██

██

██

██

██

██
[/tabl
AzibLala007
Newbie
*
Offline Offline

Activity: 56
Merit: 0


View Profile
April 25, 2016, 10:21:48 AM
 #10

The most secure workflow:
Download the source code of bitaddress.org straight from github https://github.com/pointbiz/bitaddress.org
Put it on a thumbdrive and then boot a Linux live CD WITHOUT INTERNET CONNECTION, insert the thumbdrive, check the md5 hash of the zip you downloaded and unzip the zip, run the website locally without internet connection and generate a paper wallet, use BIP38 encryption with a strong password of pass phrase and either connect a printer directly to the offline PC (make sure the printer isn't online) or print the paper wallet as pdf and put it on the thumbdrive, use an offline printer that allows input from a thumbdrive, and print your wallet directly from the thumbdrive
in case you used a thumbdrive, overwrite the thumbdrive with random characters several times after you're done(there are guides on how to do this TL;DR: dd if=/dev/urandom > /dev/sd*** -> replace with correct device)
reboot your pc, send a couple big printjobs to your printer, reboot your printer

Maybe somebody will see some addendums here, but i think it's pretty complete...
It goes without saying: don't make pictures of your workflow, don't do this in public, make sure nobody you don't trust is watching (filming, photographing) your private key...

Also, it's a good idea to laminate your key and store it in a physical secure location (with a bank or notary in a special safe) or make copys (but be carefull as to where you'll store them)
Divinespark
Hero Member
*****
Offline Offline

Activity: 938
Merit: 501



View Profile
April 25, 2016, 11:02:23 AM
 #11

I downloaded the bitaddress.org html file off github and then ran it and printed out my paper wallets in offline mode

.AMEPAY..
█  FAST
█  CONVENIENT
█  SECURE
▄▄█████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄█████████▀▀▄▀▀█████████▄

▄██████▄▄█▀ ▀█▄▄██████▄
███████  ▀▀█▄██▀▀▄███████
███████ █ ▄ █ ▄▀▀▄███████
████████ █ █ █ ▄▀▀▄████████
▀█████████▄█ █ ▄██████████▀
▀████████  ▀▀▀  ████████▀
▀█████████████████████▀
▀██
███████████████▀
▀▀█████████▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
||$600,000
worth of AME
.
!
▄▄█████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄█████████▀▀▄▀▀█████████▄

▄██████▄▄█▀ ▀█▄▄██████▄
███████  ▀▀█▄██▀▀▄███████
███████ █ ▄ █ ▄▀▀▄███████
████████ █ █ █ ▄▀▀▄████████
▀█████████▄█ █ ▄██████████▀
▀████████  ▀▀▀  ████████▀
▀█████████████████████▀
▀██
███████████████▀
▀▀█████████▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
vlom (OP)
Legendary
*
Offline Offline

Activity: 1498
Merit: 1117


View Profile
April 25, 2016, 11:09:22 AM
 #12


Ledger HW wallets are deterministic. When you initialise them, you get 24? seed words, which you have to write down.
If you ever break your HW wallet, you can order a new one and restore it from the seed words you've written down Smiley
The cheapest ones are $18, and i think they're well worth the investment.


mhh, then i think it should be possible like this too:

install a software wallet  (e.g. multibit_hd) on a clean os, disconnected from internet. generate an address and write down the wallet words. afterwords erase the sdd.

7788bitcoin
Legendary
*
Offline Offline

Activity: 2282
Merit: 1023


View Profile
April 25, 2016, 11:09:30 AM
 #13

Download bitaddress.org into thumbdrive --> disconnect all network cables/wifi --> Format the computer everything
--> reinstall OS --> run the downloaded bitaddress.org --> print using offline printer --> Keep you paper wallet secure
--> format all the drives (hard drive and thumbdrive) --> secure!

... or maybe not. The formatting part is important as some people maybe able to recover data from formatted harddisk...
DimensionZ
Sr. Member
****
Offline Offline

Activity: 350
Merit: 251


Shit, did I leave the stove on?


View Profile
April 25, 2016, 02:34:22 PM
 #14

I think the Linux live distro cd is the best approach as you won't need to format any HDD on a second computer and reinstall the OS to make a secure environment. Also make sure that you are offline while generating the paper wallet. If you don't have a printer just buy the cheapest one around with no fancy features and print it at home because I don't trust public ones. Also laminating the paper wallet and putting it in a safe deposit box will make it last forever while hardware wallets may break.

calkob
Hero Member
*****
Offline Offline

Activity: 1106
Merit: 521


View Profile
April 25, 2016, 03:32:52 PM
 #15

hi

i read about paper wallets here: https://en.bitcoin.it/wiki/Paper_wallet

this part is the most important for me:
Quote
Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation.

i don't want to make things more insecure than without a paper wallet.

there are some websites that claim to help you with paper wallets.
e.g https://bitcoinpaperwallet.com or  https://www.bitaddress.org
why should i trust them?

so please help me find a secure way to create a paper wallet. and please consider that i don't want to spend hours to achieve my goal.

thanks.


Bitaddress has been around for years and has been tested by some very experienced people.  I have used it for my own paperwallets.  have a look at vanitygen where you can create your own vanity addresess or just an address with priv key.
BitcoinNewsMagazine
Legendary
*
Offline Offline

Activity: 1806
Merit: 1164



View Profile WWW
April 25, 2016, 05:28:34 PM
 #16

Just bypass paper wallets and go straight to using a Trezor. You have to be very careful about change addresses and exposing your private keys when spending from a paper wallet.

thejaytiesto
Legendary
*
Offline Offline

Activity: 1358
Merit: 1014


View Profile
April 25, 2016, 05:37:23 PM
 #17

hi

i read about paper wallets here: https://en.bitcoin.it/wiki/Paper_wallet

this part is the most important for me:
Quote
Storing bitcoins on paper wallets is not safe unless very strict security precautions are undertaken during their initial preparation.

i don't want to make things more insecure than without a paper wallet.

there are some websites that claim to help you with paper wallets.
e.g https://bitcoinpaperwallet.com or  https://www.bitaddress.org
why should i trust them?

so please help me find a secure way to create a paper wallet. and please consider that i don't want to spend hours to achieve my goal.

thanks.


The most secure workflow:
  • download the sourcecode of bitaddress.org straight from github https://github.com/pointbiz/bitaddress.org
  • put it on a thumbdrive
  • boot a linux live cd WITHOUT INTERNET CONNECTION, insert the thumbdrive, check the md5 hash of the zip you downloaded
  • unzip the zip, run the website locally without internet connection
  • generate a paper wallet, use BIP38 encryption with a strong password of passphrase
  • either connect a printer directly to the offline PC (make sure the printer isn't online) or print the paper wallet as pdf and put it on the thumbdrive, use an offline printer that allows input from a thumbdrive, and print your wallet directly from the thumbdrive
  • in case you used a thumbdrive, overwrite the thumbdrive with random characters several times after you're done(there are guides on how to do this TL;DR: dd if=/dev/urandom > /dev/sd*** -> replace with correct device)
  • reboot your pc, send a couple big printjobs to your printer, reboot your printer

Maybe somebody will see some addendums here, but i think it's pretty complete...
It goes without saying: don't make pictures of your workflow, don't do this in public, make sure nobody you don't trust is watching (filming, photographing) your private key...

Also, it's a good idear to laminate your key and store it in a physical secure location (with a bank or notary in a special safe) or make copys (but be carefull as to where you'll store them)

One step that is often overlooked is the integrity of the OS that you are using. If your OS is compromised, your Bitcoins will be compromised. So beside BIP38 and all that, you must and I repeat, you MUST boot with an OS that can't be modified, in other words in read only, in other words, you must boot your OS from the ram memory.

I think Tails (the OS that Edward Snowden uses) is very easy to boot, you just open it and create your wallet with internet off and that's all.
Kprawn
Legendary
*
Offline Offline

Activity: 1904
Merit: 1074


View Profile
April 25, 2016, 05:40:51 PM
 #18

Take a old outdated computer and printer, disconnect it from the internet. Download the source from GitHub or just save the site in html on a memory stick and copy it to the offline computer. Then

generate as many paper wallets as you like and print and laminate them. Destroy the computer and printer or keep them offline and you will be fine. Who would want to go through all the trouble of

hunting down your paper wallets, if the coins are spread over multiple paper wallets. Remember to store a copy of the private key at a separate location... if the first location burns down or a flood

destroy your first copy, you can fall back on the backup copies. That is pretty much it...  Grin ... If you store big amounts... the spending on a old computer and printer, will not break your bank.  Wink

THE FIRST DECENTRALIZED & PLAYER-OWNED CASINO
.EARNBET..EARN BITCOIN: DIVIDENDS
FOR-LIFETIME & MUCH MORE.
. BET WITH: BTCETHEOSLTCBCHWAXXRPBNB
.JOIN US: GITLABTWITTERTELEGRAM
vlom (OP)
Legendary
*
Offline Offline

Activity: 1498
Merit: 1117


View Profile
April 25, 2016, 05:43:45 PM
 #19



I think Tails (the OS that Edward Snowden uses) is very easy to boot, you just open it and create your wallet with internet off and that's all.

yes, thats it.  Shocked i could have thought about that by myself. i hope that i can find the usb-drive with the installation.
vlom (OP)
Legendary
*
Offline Offline

Activity: 1498
Merit: 1117


View Profile
April 25, 2016, 07:44:25 PM
Last edit: April 26, 2016, 06:39:46 AM by vlom
 #20

found usb drive with tails OS.
worked like a charm. i made a test paper wallet and then sent 0.001 to this address. after that i went back to my standard OS, installed electreum and used the seed words. et voila




Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!