The official BitcoinPaperWallet.com thread -- updates and news.

[canton]

Update: August 2018

*** A reminder that you should ALWAYS run the generator from the GitHub source code, never from a live website. ***

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

bitcoinpaperwallet.com is under new ownership
 
First of all, thanks to everyone who supported this project and helped with its development since I started it back in 2013.
 
At the end of April 2018, I sold the bitcoinpaperwallet.com website, service, and associated domain names to a new owner.  This also includes related projects such as litecoinpaperwallet.com and ethereumpaperwallet.com.  All orders for hologram stickers and CDs, and any questions relating to the business, should be directed to the new owner at orders@paperwalletshop.com.  Also, I will no longer be making updates or accepting code contributions for this project at https://github.com/cantonbecker/bitcoinpaperwallet. The updates posted in September 2017 are my final contributions to this project.
 
If you have any questions regarding bitcoinpaperwallet.com, please direct them to the new owner at orders@paperwalletshop.com.
 
Canton Becker
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEdh99U9EVkSdKFwuDknetcTbh2bYFAltjUJ0ACgkQknetcTbh
2bb4lggAmSQECgNx8XUccJOa5NkU76hQjtZLe+REWnaqLb9MOt3LhBl0+uaDaVPX
VpIqBH0J78phPX7ZGIb5TnEfEy7Q19njCANtTqD686aKqNUsJRfKiRqmQBP9aAAq
BcXdyl/zDHLw0taZIhmaemlb/FAze1jq5IvJ3XjcXn35N0Zd9k/7s9WBXOGWwvsZ
IzFlUJwd1uT6hiT9lMiZ5AwBYUH5wmNSat4dK6qfh+3hu65A3Ex0/EcOFOqRBPBH
801Gv347/vFkV8LOuVEUnbhf/9FwJkqxy1TADVNQyNr7cdJfX5Rg3/X0FGnYUE6s
xA9RXpfGJvFOZ4yoUTa3+qWt6krQbQ==
=28VT
-----END PGP SIGNATURE-----



----------------------------------
Original post (April, 2013)

I had lots of fun this weekend working on my own design for a two-sided tri-fold tamper-resistant paper Bitcoin wallet. Thanks for any and ALL criticism / comments -- whether it's about the look & feel, functionality, security features, etc. See:

http://youtu.be/V4H1VE3EAtI

This video is also a treasure hunt in which I happily invite you to “steal” 0.1 BTC . Finders keepers, so race on!

Design features:

• Private key is hidden behind folds, so your wallet content is still safe if left out in the open or photographed.
• Tamper-proof tape indicates when you (or someone else!) has revealed the private key.
• Folding design obfuscates private keys so they’re hidden even when holding wallet up to a bright light.
• Reverse side has basic wallet operation instructions and a register for writing down deposits / balance.
• Private and public keys are replicated (and rotated) in triplicate to maximize chances of recovering keys if paper is damaged / crumpled.

When I’ve got enough feedback and a final design, I’ll publish a web page that will generate these wallets with just a couple of clicks. (No photoshop required, as the foundation will be based on the excellent wallet generator at bitaddress.org which as you probably already know uses a secure javascript page you can run even while offline.)

If you'd like to print out a sample for yourself, see PDF links here: http://cantonbecker.com/projects/2013/bitcoin-paper-wallet-design-video/.

[1714492976]

1714492976

[mai77]

200 btc bounty am I am in

[stillfire]

Looks like someone already nicked the 0.1. The paper wallet looks great. The old one on bitaddress.org is too low resolution for printing, plus the private key is right there in the open necessitating that each bill is put into an envelope for security. Your bill solves those problems beautifully.

Where did you buy the tamper proof tape?

[WiW]

I've also made some nifty paper wallets (though not as well designed as yours), but here's my problem with making well designed paper wallets:
If you're making it for yourself, what do you care about design/tamper-proof/etc?
If you're making it for others, why would they trust you that you didn't print another copy of the private key at home?

[Bitsky]

Seems I was too slow 
Address: 16nQ2FD6qTLymmsZQAufJHqdqPJYbcGpj6
Privkey: 5K9bNHVjCGgqnv1vGZAKaye4VPdFUMvexbqCCmkB5rouC93wWSC
The 0.1BTC are already gone

The idea isn't bad. I think I saw some other threat here with a similar approach (the banknote one iirc).
That one worked without folding by using those grey rub-off stickers.

[Neverest]

Just for my understanding:
I also had the private key copied 5K9bNHVjCGgqnv1GZAKaye4VPdFUMvexbqCCmkB5rouC93wWSC

When going to Blcokchain.info. opening an account/wallet and importing private key, I get the Error Importing private key: unknown key format.

I also tried to use a new multibit wallet, but even when exporting a key, replacing it with the one above and reimporting, it did not work.

So how would I recreate my wallet from just a private key backup?

[stillfire]

If you're making it for yourself, what do you care about design/tamper-proof/etc?

It doesn't offer much in terms of security - if someone did find your bill they'd probably just take the whole bill with them and sweep the address quickly, leaving neither evidence nor much to do about it.

But the tamper proof tape does offer peace of mind. It's the knowledge that if you did get robbed you'd know it at once, and not discover it much later when you perform a routine check of you balance.

[canton]

The old one on bitaddress.org is too low resolution for printing, plus the private key is right there in the open necessitating that each bill is put into an envelope for security. Your bill solves those problems beautifully.

Thanks -- in fact I'm already having good success modifying the bitaddress.org code so it works exactly like it did before, but with this new design at 300dpi.

Where did you buy the tamper proof tape?

Ebay! $7 for 100 stickers, delivered. These are the 2 inch wide strips.

[canton]

If you're making it for yourself, what do you care about design/tamper-proof/etc?

It doesn't offer much in terms of security - if someone did find your bill they'd probably just take the whole bill with them and sweep the address quickly, leaving neither evidence nor much to do about it.

But the tamper proof tape does offer peace of mind. It's the knowledge that if you did get robbed you'd know it at once, and not discover it much later when you perform a routine check of you balance.

It's not just for myself -- once the design is reviewed/revised, it will be available as a clientside javascript wallet generator based on the code from bitaddress.org. The idea is just to incrementally improve on the paper wallet generator already there, especially for people who want to do things like give their family members and friends a more attractive and idiot-proof wallet. Also I think a wallet should look valuable so that if I die, someone stumbling on my belongings will think, "Oh, this looks valuable. Maybe we should keep it!" 

[Rodyland]

If you're making it for yourself, what do you care about design/tamper-proof/etc?

It doesn't offer much in terms of security - if someone did find your bill they'd probably just take the whole bill with them and sweep the address quickly, leaving neither evidence nor much to do about it.

But the tamper proof tape does offer peace of mind. It's the knowledge that if you did get robbed you'd know it at once, and not discover it much later when you perform a routine check of you balance.

It's not just for myself -- once the design is reviewed/revised, it will be available as a clientside javascript wallet generator based on the code from bitaddress.org. The idea is just to incrementally improve on the paper wallet generator already there, especially for people who want to do things like give their family members and friends a more attractive and idiot-proof wallet. Also I think a wallet should look valuable so that if I die, someone stumbling on my belongings will think, "Oh, this looks valuable. Maybe we should keep it!"  

I like the design - well done.

If I'm not mistaken, inkjet printer ink can fade relatively quickly (a couple of years?).  I am not sure about laser printers.  

If I were you I would put some warnings up when using the software to that effect.

[SuperZac]

Something else you could do if you don't think your printer is up to snuff, is to go get a bunch of blank ones printed in high quality, and then just run them through your printer with only the address part of the template showing.

[TiagoTiago]

Have you tested it both with different lights, different printers, different types of paper, lit at different angles, trying to curve it so the layers of paper separate a bit etc?

[canton]

Have you tested it both with different lights, different printers, different types of paper, lit at different angles, trying to curve it so the layers of paper separate a bit etc?

Only one printer so far, and my biggest concern is about the volatility of inkjet printers. I don't think the ink fading significantly would be a big deal but I am trying to figure out some ways to try to protect against moisture which is a huge issue. (One ounce of water and the whole bill turns to soup.) Some success with packing tape but I wonder if there's a better fixative...

What do you mean re: "layers of paper separate a bit"? If your question is about trying to read the private key via backlight, it's hard to imagine any combination of supplies/lights would bear fruit. Very, very opaque. I've played around with a high intensity laser even, and though you can get a couple of letters of the key it's neigh impossible to get anything close to a complete cipher.

BTW here's a couple of photos -- I realized I'd only posted the video so far.

[TiagoTiago]

I mean so the folded parts aren't touching each other kinda like () instead of ||

[niko]

One problem is that the mask is a regular pattern - it's trivial to shine light through the folds and subtract this pattern. I simply include a piece of aluminum foil as a mask in my wallets..

Another issue is that this wallet advertises what it is. My wallets are stripped-down version of bitaddress - just two QR codes, and Al foil mask folded around the priv key. Then I laminate these - works as well as security sticker (I'd know if someone had cut the wallet to reveal the priv key).

Finally, this thing is huge. Too much wasted real estate.

[bitcoinstarter]

You did a really good job. Keep up the good work!

[canton]

I mean so the folded parts aren't touching each other kinda like () instead of ||

Oh I totally get it now. Thanks for the ASCII art.

You're the second person to comment on this possible weakness. (The other person was on reddit.) So I just now [did a test], squishing the bill and then shining an extremely bright laser through the now 2 instead of 3 folds. Result? The QR code is still totally obfuscated because of the security pattern printed on the opposite panel. However I could easily read *some* of the characters in the alphanumeric private key. Probably not enough to be a risk but I'll redesign to make sure there's a good security stripe that gets folded over the alphanumeric private key as well.

Thanks for the advice!

[canton]

One problem is that the mask is a regular pattern - it's trivial to shine light through the folds and subtract this pattern. I simply include a piece of aluminum foil as a mask in my wallets...

I've been fooling around with bright lights and lasers and such I'm feeling pretty confident that transparency won't be a problem...

... but would you like to wager on this, just for fun? I'll mail you a wallet loaded with the equivalent of $5 USD (lord knows what that will be in BTC as of tomorrow) and if you can read the private key without opening the tri-fold you can swipe the funds with my blessing. (In return I'd appreciate you telling me how you succeeded so I can improve the design.) If you fail, you can load the same amount into that wallet's public key and I'll trust you to destroy the wallet afterwards. Send your snailmail to canton@gmail.com if you'd like to have a go at it.

With regards to the bill being obvious and bulky, I agree that secretive wallets should be obtuse, memorized, etc. However there's a legitimate need for providing idiot-proof wallets to friends & family. Additionally, if I die and my wife finds a few paper wallets in my desk, I'd like her to be able to easily recognize the wallets as having value (as opposed to being scraps of random gibberish.)

[Stephen Gornick]

When I’ve got enough feedback and a final design, I’ll publish a web page that will generate these wallets with just a couple of clicks.

Will you also be providing a method for redeeming them?   e.g., a page that takes two fields:  Withdraw  (for scanning the private key) and the Send To (for the Bitcoin address to pay).   That way I can simply do two scans, first the private key from the paper wallet, and the second I show my QR code for my mobile wallet.

Also, will this work with only a black and white printer?

[niko]

... but would you like to wager on this, just for fun?

It's on!  Not just for fun, but also because I like what you are trying to do. I suggest you don't load the value until I let you know I've received the mail. You'd have to trust me I won't first try, then claim I've never received the letter if I can't figure it out.