jubalix
Legendary
Offline
Activity: 2632
Merit: 1023
|
|
April 17, 2013, 05:19:58 AM |
|
bright light and good software = I can get all your numbers, they just shine on through I had lots of fun this weekend working on my own design for a two-sided tri-fold tamper-resistant paper Bitcoin wallet. Thanks for any and ALL criticism / comments -- whether it's about the look & feel, functionality, security features, etc. See: http://youtu.be/V4H1VE3EAtIThis video is also a treasure hunt in which I happily invite you to “steal” 0.1 BTC . Finders keepers, so race on! Design features: - Private key is hidden behind folds, so your wallet content is still safe if left out in the open or photographed.
- Tamper-proof tape indicates when you (or someone else!) has revealed the private key.
- Folding design obfuscates private keys so they’re hidden even when holding wallet up to a bright light.
- Reverse side has basic wallet operation instructions and a register for writing down deposits / balance.
- Private and public keys are replicated (and rotated) in triplicate to maximize chances of recovering keys if paper is damaged / crumpled.
When I’ve got enough feedback and a final design, I’ll publish a web page that will generate these wallets with just a couple of clicks. (No photoshop required, as the foundation will be based on the excellent wallet generator at bitaddress.org which as you probably already know uses a secure javascript page you can run even while offline.) If you'd like to print out a sample for yourself, see PDF links here: http://cantonbecker.com/projects/2013/bitcoin-paper-wallet-design-video/.
|
|
|
|
aantonop
Full Member
Offline
Activity: 196
Merit: 116
Entrepreneur, coder, hacker, pundit, humanist.
|
|
April 17, 2013, 06:00:03 AM |
|
I've also made some nifty paper wallets (though not as well designed as yours), but here's my problem with making well designed paper wallets: If you're making it for yourself, what do you care about design/tamper-proof/etc? If you're making it for others, why would they trust you that you didn't print another copy of the private key at home?
This is exactly the problem we are solving over at Open Paper Wallet. We've designed wallets that follow a standard template, with lots of different designs. The graphics are pre-printed on high quality paper and shipped with security features. However, the keys are self-printed at home That way you get the best of both. We're a couple of weeks from the first 5000 sheet production print run. See the project here: https://bitcointalk.org/index.php?topic=155847.0;all
|
|
|
|
canton (OP)
|
|
April 17, 2013, 06:10:23 AM |
|
bright light and good software = I can get all your numbers, they just shine on through Exactly what niko suspected. If you poke through this thread you'll see that he and I have a friendly wager to see if the wallet can be "candled" without tampering with the tape. I hope he finds some weaknesses I can improve on! (I'm confident that there's *some* way to make a secure folding wallet, even if I didn't get it right this time.)
|
|
|
|
StarfishPrime
|
|
April 18, 2013, 01:59:01 PM |
|
Not that it matters, but it seems that bounty has been claimed three days after wallet was mailed out, and five days before it arrived into my mailbox... OI! Matters quite a bit. I'm trying to figure out WTF might have happened. I messaged you privately with details. As for the bounty even though it's no longer on the wallet I'd still pay up of course. Good luck! When you do find out how the keys were compromised please let us know so similar risks can be avoided.
|
¦ ¦ ¦¦¦ ¦¦ ¦¦¦¦ ¦¦ ¦¦¦¦ ¦ ¦¦ ¦¦¦¦ ¦¦¦¦¦¦¦¦ ¦¦¦¦¦¦¦ ¦¦¦¦¦¦ ¦¦¦ ¦¦¦¦¦¦ ¦ ¦¦¦¦¦¦ ¦¦ ¦ ¦¦¦¦ ¦¦ ¦¦¦¦ ¦¦ ¦ ¦¦¦¦ ¦¦¦ ¦ ¦¦¦¦¦ ¦¦¦¦ ¦ ¦¦¦¦¦¦¦¦ ¦¦¦¦¦ ¦ ¦¦ ¦¦¦¦¦¦¦¦¦¦ ¦¦¦¦¦ ¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦ ¦¦¦¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦¦¦ ¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦¦ ¦¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦ ¦¦ ¦¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦ ¦ ¦ ¦¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦¦ ¦¦ ¦ ¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦¦ ¦ ¦ ¦ ¦¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦¦ ¦ ¦¦ ¦¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦¦ ¦¦ ¦¦ ¦ ¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦¦ ¦ ¦¦ ¦¦¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦ ¦¦ ¦ ¦ ¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦ ¦ ¦ ¦¦ ¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦ ¦ ¦¦ ¦ ¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦ ¦ ¦ ¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦¦ ¦ ¦¦ ¦¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦¦ ¦ ¦¦ ¦¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦¦¦ ¦ ¦¦ ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦¦¦¦¦ ¦¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦ ¦¦
| . TorCoin.....
| ¦ ¦ ¦ ¦ | Fully Anonymous TOR-integrated Crypto ¦ Windows ¦ Linux ¦ GitHub ¦ macOS
| ¦ ¦ ¦ ¦ | . ANN THREAD | ¦ ¦ ¦ ¦ |
[/center]
|
|
|
yellowcoin
Newbie
Offline
Activity: 43
Merit: 0
|
|
April 18, 2013, 07:43:12 PM |
|
Been lurking around and found this post. It's a good idea but there is 2 big issues. 1) What is preventing me from taking a stripe of paper with some expose tape in the end, slip it in the flap and pulling out the folded part? The security tape can be finger held down by the opening to prevent it from tearing. I just tried it on a test paper and it worked as the whole flap came out. You can solve this by getting something like double sided security tape for the 2nd fold but then it'll add to the cost. 2) The worse enemy of all stickers ... good old heat gun / blow dryer The adhesive will just peel off if you work at it long enough. Unless there is some heat sensitive ones I am not aware of. Even so that will add to the cost. Low tech solution to a high tech problem Donate too if you feel this feedback is worth it: 15kFAbgWsSM28N7x5ZbWAehABkGnp9dPPT
|
|
|
|
canton (OP)
|
|
April 18, 2013, 11:13:48 PM |
|
When you do find out how the keys were compromised please let us know so similar risks can be avoided. Well I found out a couple hours after Niko first noticed the balance was missing. I've just been too embarrassed to fess up to what happened. Here's the skinny: Back when I generated Niko's test wallet I was still using a photoshop template to make these wallets. (Now I'm using a fork of bitaddress.org / javascript.) The same day that I printed out his wallet, I also did some work in photoshop on a different (non-folding) bitcoin template for another project on bitcointalk.org. I used my photoshop template as a starting point (which still had Niko's codes on it) and I accidentally included the QR code from Niko's test wallet in a couple of design templates over here: https://bitcointalk.org/index.php?topic=155847.100Someone apparently tried out the codes, realized there was a balance, and swiped the wallet. That person was kind enough to contact me anonymously and let me know that s/he had swiped the bounty. If Niko wins the bet I'll just have to send him his BTC the "old fashioned" way. tl/dr: I screwed up and posted an image containing the private key QR code to bitcointalk.org.
|
|
|
|
canton (OP)
|
|
April 18, 2013, 11:44:55 PM |
|
1) What is preventing me from taking a stripe of paper with some expose tape in the end, slip it in the flap and pulling out the folded part? THAT IS FRIGGING AWESOME. I didn't think it was possible reading your post, but then I tried it myself on a test wallet and was able to reveal the inner flap without disturbing the tape. That's a superb low-tech work-around, nice job. I could add a third sticker requirement to cover the open fold - could even be a nice circular hologram of a BTC or something. Or, I could change the design so it includes an extra cut in the middle like so: This way the tape holds down the innermost flap as well. I can't quite decide whether it's better to have more stickers plastered on the thing, or require that users make an additional (farily deft) set of cuts. Opinions? 2) The worse enemy of all stickers ... good old heat gun / blow dryer
Good idea. I'll have to experiment with dry heat (if Niko hasn't already) to see if these tamper-evident stickers are susceptible. Thanks for the excellent feedback. Just sent you a beers-worth of BTC to your address. https://blockchain.info/address/15kFAbgWsSM28N7x5ZbWAehABkGnp9dPPT
|
|
|
|
Mylon
Full Member
Offline
Activity: 140
Merit: 100
Mining FTW
|
|
April 19, 2013, 12:13:23 AM |
|
The one concern I still have about paper wallets, which a lot of people seem to forget. (seeing this here too on the instructions on the front)
You should put the clear instruction on the wallet that it is for ONE TIME USE ONLY the moment you used the private key to transfer (some) of the BTC, the paper wallet is technically no longer safe. Best is to transfer them all to a normal wallet, take what you need and create a new paper wallet for the remaining funds.
Hence also why its better to have 50 paper wallets with 20 BTC each, than 1 with 1000 BTC.
|
"All Your Base Are Belong To Us" by CATS
|
|
|
canton (OP)
|
|
April 19, 2013, 01:58:36 AM |
|
You should put the clear instruction on the wallet that it is for ONE TIME USE ONLY A million percent agreed. Here's the current back of the wallet, though I wonder if the point should be amplified... And here's the related bit of instructions as they'll appear on the web. Note the tip in the middle. Especially that typo. Oops. The link to "lose your balance forever" goes to this excellent thread: http://www.reddit.com/r/Bitcoin/comments/1c9xr7/psa_using_paper_wallets_understanding_change/I welcome any edits/ideas/additions to making this hugely important point as clear as possible.
|
|
|
|
aantonop
Full Member
Offline
Activity: 196
Merit: 116
Entrepreneur, coder, hacker, pundit, humanist.
|
|
April 19, 2013, 02:14:34 AM |
|
Very nice work cantor!
I can't wait till you launch the site.
|
|
|
|
canton (OP)
|
|
April 19, 2013, 02:16:05 AM |
|
You should put the clear instruction on the wallet that it is for ONE TIME USE ONLY How's this for an updated reverse?
|
|
|
|
Dabs
Legendary
Offline
Activity: 3416
Merit: 1912
The Concierge of Crypto
|
|
April 19, 2013, 02:27:26 AM |
|
May I suggest that while you have this nice dollar bill size paper wallet, you can also make a nice A4 or Letter size full page paper wallet. Easier for people to use a printer, as they just put the whole page in.
Also, you can put more newbie type instructions on the full page paper wallet, the QR codes can be larger, and you have more design artwork space, and maybe more space for additional fund deposit information.
I personally have tried two cheap paper wallets: 1. one page that contains 50+ private keys / public keys / pairs. No QR code. 2. one page that contains only 1 public / private key pair. Giant text. Giant QR code.
Your size = fits in a real wallet like any other fiat money. My full size = fits in an envelope, looks like a stock certificate or bearer bond or something really valuable.
|
|
|
|
canton (OP)
|
|
April 19, 2013, 03:29:52 PM |
|
What is preventing me from taking a stripe of paper with some expose tape in the end, slip it in the flap and pulling out the folded part? The security tape can be finger held down by the opening to prevent it from tearing. I just tried it on a test paper and it worked as the whole flap came out. I worked on about 5 or 6 variations last night before I hit on this one which isn't significantly more difficult to cut out with scissors. In my own tests, this new shape overcomes this exploit while still using the original design that calls for two strips of 2" x .625" tamper-evident tape. (When you fold this new design up, the tape now sticks to all three "panels" in the folded area so the innermost panel can't be snuck out.) Thanks again yellowcoin for the excellent experiment. PS: Yes, those are live keys, but there's nothing stored in them this time. Yet.
|
|
|
|
farlack
Legendary
Offline
Activity: 1310
Merit: 1000
|
|
April 19, 2013, 06:43:57 PM |
|
I mean so the folded parts aren't touching each other kinda like () instead of ||
Oh I totally get it now. Thanks for the ASCII art. You're the second person to comment on this possible weakness. (The other person was on reddit.) So I just now [did a test], squishing the bill and then shining an extremely bright laser through the now 2 instead of 3 folds. Result? The QR code is still totally obfuscated because of the security pattern printed on the opposite panel. However I could easily read *some* of the characters in the alphanumeric private key. Probably not enough to be a risk but I'll redesign to make sure there's a good security stripe that gets folded over the alphanumeric private key as well. Thanks for the advice! Whats wrong with using a third sticker? Or a foil sticker on the inside?
|
|
|
|
niko
|
|
April 19, 2013, 07:14:41 PM Last edit: April 19, 2013, 07:25:09 PM by niko |
|
I've been busy on other fronts, but here is a preview of a simple attempt: Clearly, some letters of the private key can be read, through all the folds and the safety sticker. While I wasn't able to extract the complete key yet, this is a warning to anyone creating paper wallets. Canton takes this seriously, and from our private communication it seems that he has already implemented further improvements to the tamper-proofness (sic!) of his design. While public information about techniques of non-destructive readout of hidden print is limited, everyone should bear in mind that we can see oil paintings that have been painted over, the insides of living creatures, insides of bags and people's pockets and underwear at the airports, obliterated serial numbers from hand guns, etc. I'll try to find time to keep having fun with the paper wallet canton has sent me. Besides through-illumination and image processing, other simple methods involve volatile liquids that make paper temporarily translucent. Finally, I'll share what I've been doing for many months: print a paper wallet, and place a piece of aluminum fold (folded in V-shape) around the fold with private key. I then laminate the whole thing. It would be extremely hard to read what's on the paper between two layers of Al foil. Added benefit - private key survives baking in the oven that completely destroys the exposed public key. Án example, before laminating:
|
They're there, in their room. Your mining rig is on fire, yet you're very calm.
|
|
|
exor674
Newbie
Offline
Activity: 13
Merit: 0
|
|
April 20, 2013, 02:46:07 AM |
|
I worked on about 5 or 6 variations last night before I hit on this one which isn't significantly more difficult to cut out with scissors. In my own tests, this new shape overcomes this exploit while still using the original design that calls for two strips of 2" x .625" tamper-evident tape. (When you fold this new design up, the tape now sticks to all three "panels" in the folded area so the innermost panel can't be snuck out.) Thanks again yellowcoin for the excellent experiment. https://i.imgur.com/Cx4Tg8V.jpgPS: Yes, those are live keys, but there's nothing stored in them this time. Yet. I wonder what QR code generator you use, because I didn't think it was possible to get QR codes to misread [ either they'll scan, or it'll fail ]. Because, out of like 8 tries, I've read "1264FsZE5Fkc7TcsP1qg4PTcVi3^VYMgrA" off that QR code twice. I do think that new design is a good compromise between cutting difficulty and the issue with sneaking the panel out, though.
|
|
|
|
canton (OP)
|
|
April 20, 2013, 03:19:18 AM |
|
I wonder what QR code generator you use, because I didn't think it was possible to get QR codes to misread Hmm, I hope this is just a blurring/resolution issue from taking a screenshot and then shrinking the size and applying JPG. I'm using the same code and QR generator as bitaddress.org -- the only fundamental difference is the web interface, CSS/HTML and the background art. Here's a non-downscaled sample. Would you see if the sample below reads correctly 10/10 for you? The QR codes when printed are quite sharp. Significantly sharper than this JPG.
|
|
|
|
exor674
Newbie
Offline
Activity: 13
Merit: 0
|
|
April 20, 2013, 04:00:38 AM |
|
I wonder what QR code generator you use, because I didn't think it was possible to get QR codes to misread Hmm, I hope this is just a blurring/resolution issue from taking a screenshot and then shrinking the size and applying JPG. I'm using the same code and QR generator as bitaddress.org -- the only fundamental difference is the web interface, CSS/HTML and the background art. Here's a non-downscaled sample. Would you see if the sample below reads correctly 10/10 for you? The QR codes when printed are quite sharp. Significantly sharper than this JPG. https://i.imgur.com/03MhJNI.jpgCouldn't get that one to read garbled even when I tried vile things with it ( rotating the camera, off-axis, etc... ) so was probably the blurriness.
|
|
|
|
ripbitinstant
Newbie
Offline
Activity: 23
Merit: 0
|
|
April 20, 2013, 09:51:03 PM |
|
I wonder what QR code generator you use, because I didn't think it was possible to get QR codes to misread Hmm, I hope this is just a blurring/resolution issue from taking a screenshot and then shrinking the size and applying JPG. I'm using the same code and QR generator as bitaddress.org -- the only fundamental difference is the web interface, CSS/HTML and the background art. For what it's worth, I was able to instantly scan all of the codes from this page without issue. I wonder if the lower resolution coupled with a lower quality scanner was the problem...? I used a Galaxy S3, but I have no idea how that camera compares to anything else.
|
|
|
|
yellowcoin
Newbie
Offline
Activity: 43
Merit: 0
|
|
April 21, 2013, 05:30:50 AM |
|
What is preventing me from taking a stripe of paper with some expose tape in the end, slip it in the flap and pulling out the folded part? The security tape can be finger held down by the opening to prevent it from tearing. I just tried it on a test paper and it worked as the whole flap came out. I worked on about 5 or 6 variations last night before I hit on this one which isn't significantly more difficult to cut out with scissors. In my own tests, this new shape overcomes this exploit while still using the original design that calls for two strips of 2" x .625" tamper-evident tape. (When you fold this new design up, the tape now sticks to all three "panels" in the folded area so the innermost panel can't be snuck out.) Thanks again yellowcoin for the excellent experiment. https://i.imgur.com/Cx4Tg8V.jpgPS: Yes, those are live keys, but there's nothing stored in them this time. Yet. New design looks great! I tend to think outside of the box and that was like the first thing that pop up on my head. I'll poke around the new format when I get the chance to see if I can break it.
|
|
|
|
|