Bitcoin Forum
November 08, 2024, 02:47:15 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 »  All
  Print  
Author Topic: The official BitcoinPaperWallet.com thread -- updates and news.  (Read 55949 times)
jubalix
Legendary
*
Offline Offline

Activity: 2632
Merit: 1023


View Profile WWW
April 17, 2013, 05:19:58 AM
 #41

bright light and good software = I can get all your numbers, they just shine on through



I had lots of fun this weekend working on my own design for a two-sided tri-fold tamper-resistant paper Bitcoin wallet. Thanks for any and ALL criticism / comments -- whether it's about the look & feel, functionality, security features, etc. See:

http://youtu.be/V4H1VE3EAtI

This video is also a treasure hunt in which I happily invite you to “steal” 0.1 BTC . Finders keepers, so race on!

Design features:

  • Private key is hidden behind folds, so your wallet content is still safe if left out in the open or photographed.
  • Tamper-proof tape indicates when you (or someone else!) has revealed the private key.
  • Folding design obfuscates private keys so they’re hidden even when holding wallet up to a bright light.
  • Reverse side has basic wallet operation instructions and a register for writing down deposits / balance.
  • Private and public keys are replicated (and rotated) in triplicate to maximize chances of recovering keys if paper is damaged / crumpled.

When I’ve got enough feedback and a final design, I’ll publish a web page that will generate these wallets with just a couple of clicks. (No photoshop required, as the foundation will be based on the excellent wallet generator at bitaddress.org which as you probably already know uses a secure javascript page you can run even while offline.)

If you'd like to print out a sample for yourself, see PDF links here: http://cantonbecker.com/projects/2013/bitcoin-paper-wallet-design-video/.

Admitted Practicing Lawyer::BTC/Crypto Specialist. B.Engineering/B.Laws

https://www.binance.com/?ref=10062065
aantonop
Full Member
***
Offline Offline

Activity: 196
Merit: 116


Entrepreneur, coder, hacker, pundit, humanist.


View Profile WWW
April 17, 2013, 06:00:03 AM
 #42

I've also made some nifty paper wallets (though not as well designed as yours), but here's my problem with making well designed paper wallets:
If you're making it for yourself, what do you care about design/tamper-proof/etc?
If you're making it for others, why would they trust you that you didn't print another copy of the private key at home?

This is exactly the problem we are solving over at Open Paper Wallet.

We've designed wallets that follow a standard template, with lots of different designs. The graphics are pre-printed on high quality paper and shipped with security features.

However, the keys are self-printed at home

That way you get the best of both.

We're a couple of weeks from the first 5000 sheet production print run. See the project here:

https://bitcointalk.org/index.php?topic=155847.0;all

Bitcoin entrepreneur - OpenBitcoinStore,SafePaperWallet,BitcoinPressCenter.org... and more.
Host on LetsTalkBitcoin.
canton (OP)
Sr. Member
****
Offline Offline

Activity: 261
Merit: 285



View Profile WWW
April 17, 2013, 06:10:23 AM
 #43

bright light and good software = I can get all your numbers, they just shine on through

Exactly what niko suspected. If you poke through this thread you'll see that he and I have a friendly wager to see if the wallet can be "candled" without tampering with the tape. I hope he finds some weaknesses I can improve on! (I'm confident that there's *some* way to make a secure folding wallet, even if I didn't get it right this time.)
StarfishPrime
Sr. Member
****
Offline Offline

Activity: 358
Merit: 250


View Profile
April 18, 2013, 01:59:01 PM
 #44

Not that it matters, but it seems that bounty has been claimed three days after wallet was mailed out, and five days before it arrived into my mailbox...Huh

OI! Matters quite a bit. I'm trying to figure out WTF might have happened. I messaged you privately with details. As for the bounty even though it's no longer on the wallet I'd still pay up of course.

Good luck!

When you do find out how the keys were compromised please let us know so similar risks can be avoided.

                         
    ¦                     
  ¦    ¦¦¦               
¦¦  ¦¦¦¦                 
                             ¦¦  ¦¦¦¦
                          ¦ ¦¦ ¦¦¦¦                     
                         ¦¦¦¦¦¦¦¦
                        ¦¦¦¦¦¦¦
                        ¦¦¦¦¦¦
                  ¦¦¦  ¦¦¦¦¦¦
                   ¦ ¦¦¦¦¦¦

                    ¦¦  ¦ ¦¦¦¦
                    ¦¦    ¦¦¦¦
                    ¦¦  ¦ ¦¦¦¦
                   ¦¦¦  ¦ ¦¦¦¦¦
                ¦¦¦¦    ¦ ¦¦¦¦¦¦¦¦
             ¦¦¦¦¦    ¦ ¦¦ ¦¦¦¦¦¦¦¦¦¦
          ¦¦¦¦¦       ¦  ¦   ¦¦¦¦¦¦¦¦¦¦¦
        ¦¦¦¦         ¦        ¦¦¦¦¦¦¦¦¦¦¦¦
     ¦¦¦¦          ¦      ¦    ¦¦¦¦¦¦¦¦¦¦¦¦¦¦
    ¦¦¦         ¦¦         ¦   ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
   ¦¦        ¦¦         ¦¦  ¦   ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
  ¦¦       ¦          ¦ ¦¦   ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
 ¦¦¦     ¦¦          ¦   ¦    ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦¦¦     ¦          ¦      ¦   ¦¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦¦¦    ¦        ¦¦         ¦¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦¦¦   ¦¦     ¦¦         ¦   ¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
¦¦¦   ¦     ¦¦         ¦¦¦   ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
 ¦¦   ¦¦    ¦        ¦    ¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
 ¦¦    ¦   ¦        ¦¦    ¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
  ¦¦    ¦  ¦¦       ¦     ¦  ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
   ¦¦    ¦  ¦      ¦      ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
    ¦¦¦   ¦ ¦¦     ¦¦     ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
     ¦¦¦   ¦ ¦¦     ¦¦    ¦ ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
       ¦¦¦¦  ¦ ¦¦    ¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
          ¦¦¦¦¦¦  ¦¦  ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
             ¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦
                        ¦¦

.
TorCoin.....
¦
¦
¦
¦
  Fully Anonymous TOR-integrated Crypto
               ¦ Windows     ¦ Linux     ¦ GitHub     ¦ macOS
     ¦
     ¦
     ¦
     ¦
.
   ANN THREAD
     ¦
     ¦
     ¦
     ¦
[/center]
yellowcoin
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
April 18, 2013, 07:43:12 PM
 #45

Been lurking around and found this post.  It's a good idea but there is 2 big issues.

1) What is preventing me from taking a stripe of paper with some expose tape in the end, slip it in the flap and pulling out the folded part? The security tape can be finger held down by the opening to prevent it from tearing.  I just tried it on a test paper and it worked as the whole flap came out.

You can solve this by getting something like double sided security tape for the 2nd fold but then it'll add to the cost.


2) The worse enemy of all stickers ... good old heat gun / blow dryer

The adhesive will just peel off if you work at it long enough.  Unless there is some heat sensitive ones I am not aware of.  Even so that will add to the cost.


Low tech solution to a high tech problem  Grin

 Cheesy Donate too if you feel this feedback is worth it:
15kFAbgWsSM28N7x5ZbWAehABkGnp9dPPT
canton (OP)
Sr. Member
****
Offline Offline

Activity: 261
Merit: 285



View Profile WWW
April 18, 2013, 11:13:48 PM
 #46

When you do find out how the keys were compromised please let us know so similar risks can be avoided.

Well I found out a couple hours after Niko first noticed the balance was missing. I've just been too embarrassed to fess up to what happened. Here's the skinny:

Back when I generated Niko's test wallet I was still using a photoshop template to make these wallets. (Now I'm using a fork of bitaddress.org / javascript.) The same day that I printed out his wallet, I also did some work in photoshop on a different (non-folding) bitcoin template for another project on bitcointalk.org. I used my photoshop template as a starting point (which still had Niko's codes on it) and I accidentally included the QR code from Niko's test wallet in a couple of design templates over here:

https://bitcointalk.org/index.php?topic=155847.100

Someone apparently tried out the codes, realized there was a balance, and swiped the wallet. That person was kind enough to contact me anonymously and let me know that s/he had swiped the bounty. If Niko wins the bet I'll just have to send him his BTC the "old fashioned" way.

tl/dr: I screwed up and posted an image containing the private key QR code to bitcointalk.org.
canton (OP)
Sr. Member
****
Offline Offline

Activity: 261
Merit: 285



View Profile WWW
April 18, 2013, 11:44:55 PM
 #47

1) What is preventing me from taking a stripe of paper with some expose tape in the end, slip it in the flap and pulling out the folded part?

THAT IS FRIGGING AWESOME. I didn't think it was possible reading your post, but then I tried it myself on a test wallet and was able to reveal the inner flap without disturbing the tape. That's a superb low-tech work-around, nice job.

I could add a third sticker requirement to cover the open fold - could even be a nice circular hologram of a BTC or something. Or, I could change the design so it includes an extra cut in the middle like so:



This way the tape holds down the innermost flap as well.

I can't quite decide whether it's better to have more stickers plastered on the thing, or require that users make an additional (farily deft) set of cuts. Opinions?

2) The worse enemy of all stickers ... good old heat gun / blow dryer

Good idea. I'll have to experiment with dry heat (if Niko hasn't already) to see if these tamper-evident stickers are susceptible.

Thanks for the excellent feedback. Just sent you a beers-worth of BTC to your address.
https://blockchain.info/address/15kFAbgWsSM28N7x5ZbWAehABkGnp9dPPT
Mylon
Full Member
***
Offline Offline

Activity: 140
Merit: 100

Mining FTW


View Profile
April 19, 2013, 12:13:23 AM
 #48

The one concern I still have about paper wallets, which a lot of people seem to forget. (seeing this here too on the instructions on the front)

You should put the clear instruction on the wallet that it is for ONE TIME USE ONLY the moment you used the private key to transfer (some) of the BTC, the paper wallet is technically no longer safe. Best is to transfer them all to a normal wallet, take what you need and create a new paper wallet for the remaining funds.

Hence also why its better to have 50 paper wallets with 20 BTC each, than 1 with 1000 BTC.

"All Your Base Are Belong To Us" by CATS
canton (OP)
Sr. Member
****
Offline Offline

Activity: 261
Merit: 285



View Profile WWW
April 19, 2013, 01:58:36 AM
 #49

You should put the clear instruction on the wallet that it is for ONE TIME USE ONLY

A million percent agreed. Here's the current back of the wallet, though I wonder if the point should be amplified...




And here's the related bit of instructions as they'll appear on the web. Note the tip in the middle. Especially that typo. Oops. Smiley



The link to "lose your balance forever" goes to this excellent thread:
http://www.reddit.com/r/Bitcoin/comments/1c9xr7/psa_using_paper_wallets_understanding_change/

I welcome any edits/ideas/additions to making this hugely important point as clear as possible.
aantonop
Full Member
***
Offline Offline

Activity: 196
Merit: 116


Entrepreneur, coder, hacker, pundit, humanist.


View Profile WWW
April 19, 2013, 02:14:34 AM
 #50

Very nice work cantor!

I can't wait till you launch the site.

Bitcoin entrepreneur - OpenBitcoinStore,SafePaperWallet,BitcoinPressCenter.org... and more.
Host on LetsTalkBitcoin.
canton (OP)
Sr. Member
****
Offline Offline

Activity: 261
Merit: 285



View Profile WWW
April 19, 2013, 02:16:05 AM
 #51

You should put the clear instruction on the wallet that it is for ONE TIME USE ONLY

How's this for an updated reverse?

Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
April 19, 2013, 02:27:26 AM
 #52

May I suggest that while you have this nice dollar bill size paper wallet, you can also make a nice A4 or Letter size full page paper wallet. Easier for people to use a printer, as they just put the whole page in.

Also, you can put more newbie type instructions on the full page paper wallet, the QR codes can be larger, and you have more design artwork space, and maybe more space for additional fund deposit information.

I personally have tried two cheap paper wallets:
1. one page that contains 50+ private keys / public keys / pairs. No QR code.
2. one page that contains only 1 public / private key pair. Giant text. Giant QR code.

Your size = fits in a real wallet like any other fiat money.
My full size = fits in an envelope, looks like a stock certificate or bearer bond or something really valuable.

canton (OP)
Sr. Member
****
Offline Offline

Activity: 261
Merit: 285



View Profile WWW
April 19, 2013, 03:29:52 PM
 #53

What is preventing me from taking a stripe of paper with some expose tape in the end, slip it in the flap and pulling out the folded part? The security tape can be finger held down by the opening to prevent it from tearing.  I just tried it on a test paper and it worked as the whole flap came out.

I worked on about 5 or 6 variations last night before I hit on this one which isn't significantly more difficult to cut out with scissors. In my own tests, this new shape overcomes this exploit while still using the original design that calls for two strips of 2" x .625" tamper-evident tape. (When you fold this new design up, the tape now sticks to all three "panels" in the folded area so the innermost panel can't be snuck out.)

Thanks again yellowcoin for the excellent experiment.



PS: Yes, those are live keys, but there's nothing stored in them this time. Yet. Smiley
farlack
Legendary
*
Offline Offline

Activity: 1310
Merit: 1000



View Profile
April 19, 2013, 06:43:57 PM
 #54

I mean so the folded parts aren't touching each other kinda like () instead of ||

Oh I totally get it now. Thanks for the ASCII art. Smiley

You're the second person to comment on this possible weakness. (The other person was on reddit.) So I just now [did a test], squishing the bill and then shining an extremely bright laser through the now 2 instead of 3 folds. Result? The QR code is still totally obfuscated because of the security pattern printed on the opposite panel. However I could easily read *some* of the characters in the alphanumeric private key. Probably not enough to be a risk but I'll redesign to make sure there's a good security stripe that gets folded over the alphanumeric private key as well.

Thanks for the advice!



Whats wrong with using a third sticker? Or a foil sticker on the inside?
niko
Hero Member
*****
Offline Offline

Activity: 756
Merit: 501


There is more to Bitcoin than bitcoins.


View Profile
April 19, 2013, 07:14:41 PM
Last edit: April 19, 2013, 07:25:09 PM by niko
 #55

I've been busy on other fronts, but here is a preview of a simple attempt:

Clearly, some letters of the private key can be read, through all the folds and the safety sticker.
While I wasn't able to extract the complete key yet, this is a warning to anyone creating paper wallets. Canton takes this seriously, and from our private communication it seems that he has already implemented further improvements to the tamper-proofness (sic!) of his design.

While public information about techniques of non-destructive readout of hidden print is limited, everyone should bear in mind that we can see oil paintings that have been painted over, the insides of living creatures, insides of bags and people's pockets and underwear at the airports, obliterated serial numbers from hand guns, etc.

I'll try to find time to keep having fun with the paper wallet canton has sent me. Besides through-illumination and image processing, other simple methods involve volatile liquids that make paper temporarily translucent.

Finally, I'll share what I've been doing for many months: print a paper wallet, and place a piece of aluminum fold (folded in V-shape) around the fold with private key. I then laminate the whole thing. It would be extremely hard to read what's on the paper between two layers of Al foil. Added benefit - private key survives baking in the oven that completely destroys the exposed public key.
Án example, before laminating:



They're there, in their room.
Your mining rig is on fire, yet you're very calm.
exor674
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
April 20, 2013, 02:46:07 AM
 #56

I worked on about 5 or 6 variations last night before I hit on this one which isn't significantly more difficult to cut out with scissors. In my own tests, this new shape overcomes this exploit while still using the original design that calls for two strips of 2" x .625" tamper-evident tape. (When you fold this new design up, the tape now sticks to all three "panels" in the folded area so the innermost panel can't be snuck out.)

Thanks again yellowcoin for the excellent experiment.

https://i.imgur.com/Cx4Tg8V.jpg

PS: Yes, those are live keys, but there's nothing stored in them this time. Yet. Smiley

I wonder what QR code generator you use, because I didn't think it was possible to get QR codes to misread [ either they'll scan, or it'll fail ]. Because, out of like 8 tries, I've read "1264FsZE5Fkc7TcsP1qg4PTcVi3^VYMgrA" off that QR code twice.

I do think that new design is a good compromise between cutting difficulty and the issue with sneaking the panel out, though.
canton (OP)
Sr. Member
****
Offline Offline

Activity: 261
Merit: 285



View Profile WWW
April 20, 2013, 03:19:18 AM
 #57

I wonder what QR code generator you use, because I didn't think it was possible to get QR codes to misread

Hmm, I hope this is just a blurring/resolution issue from taking a screenshot and then shrinking the size and applying JPG. I'm using the same code and QR generator as bitaddress.org -- the only fundamental difference is the web interface, CSS/HTML and the background art.

Here's a non-downscaled sample. Would you see if the sample below reads correctly 10/10 for you? The QR codes when printed are quite sharp. Significantly sharper than this JPG.

exor674
Newbie
*
Offline Offline

Activity: 13
Merit: 0


View Profile
April 20, 2013, 04:00:38 AM
 #58

I wonder what QR code generator you use, because I didn't think it was possible to get QR codes to misread

Hmm, I hope this is just a blurring/resolution issue from taking a screenshot and then shrinking the size and applying JPG. I'm using the same code and QR generator as bitaddress.org -- the only fundamental difference is the web interface, CSS/HTML and the background art.

Here's a non-downscaled sample. Would you see if the sample below reads correctly 10/10 for you? The QR codes when printed are quite sharp. Significantly sharper than this JPG.

https://i.imgur.com/03MhJNI.jpg

Couldn't get that one to read garbled even when I tried vile things with it ( rotating the camera, off-axis, etc... ) so was probably the blurriness.
ripbitinstant
Newbie
*
Offline Offline

Activity: 23
Merit: 0


View Profile
April 20, 2013, 09:51:03 PM
 #59

I wonder what QR code generator you use, because I didn't think it was possible to get QR codes to misread

Hmm, I hope this is just a blurring/resolution issue from taking a screenshot and then shrinking the size and applying JPG. I'm using the same code and QR generator as bitaddress.org -- the only fundamental difference is the web interface, CSS/HTML and the background art.

For what it's worth, I was able to instantly scan all of the codes from this page without issue.

I wonder if the lower resolution coupled with a lower quality scanner was the problem...? I used a Galaxy S3, but I have no idea how that camera compares to anything else.
yellowcoin
Newbie
*
Offline Offline

Activity: 43
Merit: 0


View Profile
April 21, 2013, 05:30:50 AM
 #60

What is preventing me from taking a stripe of paper with some expose tape in the end, slip it in the flap and pulling out the folded part? The security tape can be finger held down by the opening to prevent it from tearing.  I just tried it on a test paper and it worked as the whole flap came out.

I worked on about 5 or 6 variations last night before I hit on this one which isn't significantly more difficult to cut out with scissors. In my own tests, this new shape overcomes this exploit while still using the original design that calls for two strips of 2" x .625" tamper-evident tape. (When you fold this new design up, the tape now sticks to all three "panels" in the folded area so the innermost panel can't be snuck out.)

Thanks again yellowcoin for the excellent experiment.

https://i.imgur.com/Cx4Tg8V.jpg

PS: Yes, those are live keys, but there's nothing stored in them this time. Yet. Smiley

New design looks great!
I tend to think outside of the box and that was like the first thing that pop up on my head.  I'll poke around the new format when I get the chance to see if I can break it.
Pages: « 1 2 [3] 4 5 6 7 8 9 10 11 12 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!