The official BitcoinPaperWallet.com thread -- updates and news.

[canton]

If I could make one small suggestion, put a web address somewhere on the template for basic instructions, so I can give to a newbie and they can learn everything they need to, like bitcoin.org or whatever.

Jinx. I just did that -- literally -- 10 minutes ago.

See the bottom right of the notes/deposit area:

https://bitcoinpaperwallet.com/bitcoinpaperwallet/images/back-300dpi.jpg

- Canton

PS: If you haven't yet voted on your favorite open source bitcoin paper wallet design, hurry up, voting is ending soon!
https://tricider.com/en/brainstorming/poxx

[1715043696]

1715043696

[1715043696]

1715043696

[1715043696]

1715043696

[bitcoinminer]

You actually encouraged me to order ink cartridges (refills with reset chips actually) for a long unused inkjet printer, and some good stock.

[Rodyland]

You actually encouraged me to order ink cartridges (refills with reset chips actually) for a long unused inkjet printer, and some good stock.

Be wary - inject printer ink has a finite and relatively short life (can be as short as a few years).  Don't use inkjet unless you know the ink is long lasting, or only for temporary wallets.

[bitcoinminer]

It's water resistant pigment based ink   and its going on 100% cotton stock.

[charleshoskinson]

Canton I did a lecture today on your wallet. I recommended it to my students seeking a paper backup:

https://www.udemy.com/bitcoin-or-how-i-learned-to-stop-worrying-and-love-crypto/

[dhenson]

Excuse me if this seems unappreciative (I think your design is awesome and have printed out 3 wallets for my family).  But has anyone verified the Javascript in the Zip download?  I'm just wanting to make sure that the random mouse movements are actually seeding the RNG and we aren't all just making the largest Bitcoin donation in history. ;-)

If someone is paranoid and is going to go through the extra effort of doing this completely offline, it would help to have 100% confidence in the RNG.

[charleshoskinson]

Insert Quote
Excuse me if this seems unappreciative (I think your design is awesome and have printed out 3 wallets for my family).  But has anyone verified the Javascript in the Zip download?  I'm just wanting to make sure that the random mouse movements are actually seeding the RNG and we aren't all just making the largest Bitcoin donation in history. ;-)

If someone is paranoid and is going to go through the extra effort of doing this completely offline, it would help to have 100% confidence in the RNG.

I looked through the javascript and it seems to be legit; however, I have not invested a huge amount of time verifying this claim. The random movements are seeding the PRG; however, I have not verified that he has implemented a CSPRNG.

[charleshoskinson]

He is using crypto-js https://code.google.com/p/crypto-js/downloads/detail?name=Crypto-JS%20v2.5.4.zip&can=2&q= Simon Greatrix and Jeff Mott. Yes the implementation looks fine.

Canton any reason you didn't use the newer implementation?

https://code.google.com/p/crypto-js/

[canton]

Be wary - inject printer ink has a finite and relatively short life (can be as short as a few years).

I've been experimenting with spraying the finished printouts with Krylon "Preserve It" before folding up. Stinky as hell, but I think it's going to make a difference as long as their marketing info is accurate:

• Digital photo and paper protectant more than doubles the life of documents and photos.
• Ideal for protecting digital photos, address labels, greeting cards, scrapbook materials, artwork and more
• Acid-free/Archival-safe

[canton]

Canton I did a lecture today on your wallet. I recommended it to my students seeking a paper backup:

https://www.udemy.com/bitcoin-or-how-i-learned-to-stop-worrying-and-love-crypto/

Hi Charles,
Lecture looks *great* I skimmed it. Really glad to see a detailed straightforward explanation in such depth.

[canton]

Canton any reason you didn't use the newer implementation?

No (good) reason at all! My generator is based on GitHub fork of bitaddress.org from about 2 weeks ago, so whatever bitaddress.org was using back then I'm still using now. I haven't folded in any recent developments (including BIP38 which I'm considering implementing.) I'll have to ask if pointbiz/bitaddress.org are using the older crypto for compatibility reasons or if it just needs refreshing.

I've also been thinking about building in some very human random input other than mouse movement... like an option to flip coins or throw dice or something...

I'm enormously grateful for any source code checking anyone wants to do, especially for a forthcoming live bootable CD I intend to distribute. (Someone generously ported my design to their own linux-based command line generator which uses an in-memory filesystem and PDF generation to circumvent issues with cached print files ending up on the hard drive, etc.)

[charleshoskinson]

No (good) reason at all! My generator is based on GitHub fork of bitaddress.org from about 2 weeks ago, so whatever bitaddress.org was using back then I'm still using now. I haven't folded in any recent developments (including BIP38 which I'm considering implementing.) I'll have to ask if pointbiz/bitaddress.org are using the older crypto for compatibility reasons or if it just needs refreshing.

The only reason I mentioned is that Jeff worked pretty hard to speed up the code in version 3.0.

I've also been thinking about building in some very human random input other than mouse movement... like an option to flip coins or throw dice or something...

Mouse movements are likely to be a more random express than such inputs. JS-Crypt's implementation has not been vetted as a CSPRNG, but it seems sufficiently good. You could always implement a proof of work style random generation and then hash the solution and select the first few bits of output as your seed. All hardware will have different solution time and the randomness of network latency would also add a slight stochasticism even on the same configuration. Combined with a hash, you would have a totally random seed.

I'm enormously grateful for any source code checking anyone wants to do, especially for a forthcoming live bootable CD I intend to distribute. (Someone generously ported my design to their own linux-based command line generator which uses an in-memory filesystem and PDF generation to circumvent issues with cached print files ending up on the hard drive, etc.)

If I can find the time, then I'd be happy to help. Shoot me an email. And any course suggestions you would recommend, I'd greatly appreciate.

[canton]

Does anyone have any ideas about how a paper wallet design should look & work when the private key has been encrypted with a password? I'm talking about https://en.bitcoin.it/wiki/BIP_0038 implementation.

Folding, tamper-evidence, all that seems unimportant if you can show off your encrypted private key to the world with (relative) safety. On the other hand, what I like about an unencrypted wallet is that -- for example -- if you die, your spouse can recover your funds from a wallet stored in a safety deposit box without knowing your passphrase.

One idea I'm kicking around is a design that prints out a wallet plus a backup wallet stub (like on the open paper wallet project elsewhere on bitcointalk) -- but in this case a mixed encrypted / unencrypted private key wallet. Something like this:



If not this, then what do YOU think would be a good way to implement BIP38 on a paper wallet?

[charleshoskinson]

Canton, do you do all the graphics art yourself?

[ShireSilver]

Wouldn't the best use of BIP38 be to have the manufacturer print half the private key while the customer writes down the other half? You can print a really nice note for them and they know that you don't have access to the funds, but they can verify that the half of the code you printed is correct.

[canton]

Canton, do you do all the graphics art yourself?

Yup! Programming web stuff is my mainstay but I do a fair amount of design for fun and work as well.

[canton]

Wouldn't the best use of BIP38 be to have the manufacturer print half the private key while the customer writes down the other half? You can print a really nice note for them and they know that you don't have access to the funds, but they can verify that the half of the code you printed is correct.

For professionally printed notes, I was thinking the process might go like this:

• customer uses a secure generator (like bitaddress.org) to produce 100 pairs of BIP38 encrypted keys and public addresses.
• customer sends the list of keys to the professional printer
• printer prints out fully-filled in ready-to-load notes and sends them back.

I'm still not 100% sure I understand how BIP38 is supposed to be used so please correct me if my assumptions are wrong here.

[ShireSilver]

For professionally printed notes, I was thinking the process might go like this:

• customer uses a secure generator (like bitaddress.org)...

That's already too complicated.

...

• customer sends the list of keys to the professional printer
• printer prints out fully-filled in ready-to-load notes and sends them back.

I'm still not 100% sure I understand how BIP38 is supposed to be used so please correct me if my assumptions are wrong here.

IMHO it should be more like:

• Customer visits site
• Customer clicks "Buy a paper wallet"
• Client side script generates two pass phrases, only showing one to the customer
• Clear and concise instructions tell the customer to write down or print their pass phrase
• Client side script then sends the other pass phrase and the public address to the server
• Client side then says "to complete your order send XXX BTC to 1?... and also presents a QR code
• Server alerts production that a new wallet is ordered
• Production prints out and ships the wallet

The customer shouldn't have to know about BIP38 or any of that, although if they want to learn about it good links should be available.

The wallet should have the codes to verify that the pass phrase in the wallet will generate the half of the private key. The website should have a client side script page that will take both pass phrases and use them to determine the real private key.

I made a test wallet using my Shire Silver equipment, putting a piece of aluminum foil between two pieces of 100# cardstock and laminating them (private key on the inside of one of the pieces of cardstock). It sure seemed to be pretty well guarded against casual prying, and only when the laminate was cut on three sides was the private key portion visible.

You can also save the pass phrase that the customer didn't get in a database, so if they ever lose the card they can always ask for another (for a price).

[canton]

The latest revision to this wallet design is fairly minor. But pretty! I had gold and silver tamper-evident hologram stickers custom printed with white "bitcoin" text that exactly matches the pseudo "watermark" design on the reverse of the folding wallet.



Rainbows are wicked hard to photograph, so this video shows the silver vs. gold holograms best: http://youtu.be/gZBXhFT_GKo

Although I haven't officially launched this design yet, the stickers and the latest folding design are all both available at http://bitcoinpaperwallet.com

[niko]

I finally got a couple of hours to play with the early prototype. Here is what I was able to get by simply shining light through the wallet:


Now, as much as I am satisfied that I was able to read most of the letters, the level of satisfaction will not increase significantly if I spend time doing this until I am able to read all of the letters. If it was a 100-coin wallet, maybe.

Furthermore, canton included a sample sticker (that he did not apply to the wallet he sent it with) that would pretty much render my attempts completely futile: the sticker substrate appears to be metallic. No way we'll be able to read through that any more that we can read through Casascius coins.

I give up! Since this private key was inadvertently revealed elsewhere by canton, I will not be sending my dues there; canton, PM me a new address!

This was fun. Again, if you do make your own paper wallets, and you store any significant value in them, do not take tamper-proofness lightly.