The official BitcoinPaperWallet.com thread -- updates and news.

[canton]

I give up! Since this private key was inadvertently revealed elsewhere by canton, I will not be sending my dues there; canton, PM me a new address!

Nice work with the partial reveal, Niko!

I'll PM you an address for the .0255 BTC bet, but only if you let me send you a batch of these new holograms for your own use. Do you want silver, gold, or both?

[1714077397]

1714077397

[1714077397]

1714077397

[1714077397]

1714077397

[1714077397]

1714077397

[1714077397]

1714077397

[1714077397]

1714077397

[niko]

Things usually work out much better when you don't try too hard. After officially giving up, and paying up the dues, I could finally have some fun with the sample wallet. I was able to read the key in about two minutes, without any apparent damage.
Canton, I emailed you with the details.

[fluffypony]

My stickers just arrived today (thanks Canton, shipping to South Africa was FAST!) - I'm not going to post an unboxing, it's a frikkin envelope:)

I printed a wallet (1PJegEonLNGqxgtk1dva6sJze9F1HwraMn) in grayscale and decided to try candle it. For my experiment I'm using a Fenix TK41 U2, which produces 860 Lumens of blinding white brightness.

Setup:


15 Lumens test:


120 Lumens test:


365 Lumens test:


860 Lumens test:

I know it may be a little hard to see clearly, but even at 860 Lumens there was sufficient blur to make the QR code unreadable and impossible to clean up. The stickers obliterated any chance at reading the code. If I was extra paranoid I could stick an extra sticker to cover the QR code:) I'm confident that even at 860 Lumens, printed with relatively light toner on a grayscale laser printer, that it is safe to use. I'll be printing out a new permanent one in colour to be extra safe:)

[canton]

I was able to read the key in about two minutes, without any apparent damage.

I wanted to confirm for anyone following this thread (or following the bet Niko and I had re: his efforts to try to bypass the tamper-evidence features of this wallet) that Niko did in fact come up with a very smart way to reveal the private key without damaging the tape.

Once he sends me his public address I'll send him a few beers BTC to honor our bet.

For the time being, since I don't (yet) have a solution for Niko's hack, I appreciate that he's not making it public here. I'm no believer in security through obscurity, but at the same time I figure there's no especially good reason to post instructions for circumventing the tamper-evidence so long as I publicly declare: YES there are definitely ways to reveal the private key without anyone knowing it, and you don't need superconducting quantum NASA laserbeam technology or anything like that.

[canton]

I'm using a Fenix TK41 U2 which produces 860 Lumens of blinding white brightness

Fluffypony -- thanks both for ordering those stickers and for testing them out with what appears to be a Jedi lightsaber.

Glad the stickers arrived to you intact. Your order was one of the first 30 or 40 orders in which I was using an attractive/descriptive "bitcoinpaperwallet.com" return address. Two of those orders (both to Canada, interestingly) were sliced open before arrival. Stickers intact, but someone tampered with the envelope on the way for sure, possibly someone high up in the CA postal route.

"It's not paranoia if they really are out to get you."

I've since made the return address more obscure, less likely to draw attention.

[R2D221]

For the time being, I don't (yet) have a solution for Niko's hack

So, will you inform us when you do have a solution? I would like to be sure it's the most secure possible before starting to use it.

[dhenson]

I don't see the point in stressing about the 'hack'.  Keep your wallet physically secured and you won't have to worry about it.

[fluffypony]

I don't see the point in stressing about the 'hack'.  Keep your wallet physically secured and you won't have to worry about it.

This exactly. I don't think that this is designed to be kept loose in your wallet, there are other solutions for that. This is meant to be stored somewhere safe, and is designed in a way that tampering will be evident.

[Terk]

For the time being, since I don't (yet) have a solution for Niko's hack, I appreciate that he's not making it public here. I'm no believer in security through obscurity, but at the same time I figure there's no especially good reason to post instructions for circumventing the tamper-evidence so long as I publicly declare: YES there are definitely ways to reveal the private key without anyone knowing it, and you don't need superconducting quantum NASA laserbeam technology or anything like that.

1. These wallets aren't designed to be kept in your open space office desk drawer. You should keep it secure and unavailable for others' physical access.
2. More probable attack vector of someone who accessed that wallet physically is to rip it open and withdraw coins. All users should be aware that if someone can access the wallet, they're screwed.

Considering this, I think it's safe to assume that everybody sane will keep their paper wallet secured. And considering this, I think it's better to openly describe the hack, because crowdsourced solution might come much faster.

[Terk]

Also, if there is someone who you know deposits regularly into his cold paper wallet and you really want to see the private key without him knowing, there's better attack vector than that.

You quickly take a picture of his wallet when you first have a chance (to have the public address). Then you go back home and print a copy using your website. On the outside, everything looks like the original with the same public key. On the inside, there is some random string instead of the private key.

You fold the wallet and use the original stickers purchased from https://bitcoinpaperwallet.com/. Now the wallet looks exactly like the original. You go back and switch wallets (or you do everything in one go with some portable printer). You open the original wallets without any tricks.

Now you can sit and enjoy balance increasing over time. He won't know the wallet is stolen until he opens it. And when he opens it, it's probably because he wants to withdraw. So as a bonus, you are secured in case that the owner would like to withdraw money. When he opens the wallet two years later he won't have access to the private key. You won't get that if you only read the private key and leave the original wallet.

So: reading private key and leaving it back in place isn't good. You never know when the owner is going to withdraw. You should either steal the whole wallet and withdraw or switch the wallet with a forged one. Both of these attacks are not only easier but more effective than trying to read the wallet and leave it intact.

[fluffypony]

Also, if there is someone who you know deposits regularly into his cold paper wallet and you really want to see the private key without him knowing, there's better attack vector than that.

You quickly take a picture of his wallet when you first have a chance (to have the public address). Then you go back home and print a copy using your website. On the outside, everything looks like the original with the same public key. On the inside, there is some random string instead of the private key.

You fold the wallet and use the original stickers purchased from https://bitcoinpaperwallet.com/. Now the wallet looks exactly like the original. You go back and switch wallets (or you do everything in one go with some portable printer). You open the original wallets without any tricks.

Now you can sit and enjoy balance increasing over time. He won't know the wallet is stolen until he opens it. And when he opens it, it's probably because he wants to withdraw. So as a bonus, you are secured in case that the owner would like to withdraw money. When he opens the wallet two years later he won't have access to the private key. You won't get that if you only read the private key and leave the original wallet.

So: reading private key and leaving it back in place isn't good. You never know when the owner is going to withdraw. You should either steal the whole wallet and withdraw or switch the wallet with a forged one. Both of these attacks are not only easier but more effective than trying to read the wallet and leave it intact.

That is ingenious - very clever attack vector! The only way to mitigate it somewhat, I suppose, is to handwrite something on the wallet. That way, unless they go to the extraordinary length of getting a really good handwriting forger, you will recognise someone else's handwriting.

[Rodyland]

Also, if there is someone who you know deposits regularly into his cold paper wallet and you really want to see the private key without him knowing, there's better attack vector than that.

You quickly take a picture of his wallet when you first have a chance (to have the public address). Then you go back home and print a copy using your website. On the outside, everything looks like the original with the same public key. On the inside, there is some random string instead of the private key.

You fold the wallet and use the original stickers purchased from https://bitcoinpaperwallet.com/. Now the wallet looks exactly like the original. You go back and switch wallets (or you do everything in one go with some portable printer). You open the original wallets without any tricks.

Now you can sit and enjoy balance increasing over time. He won't know the wallet is stolen until he opens it. And when he opens it, it's probably because he wants to withdraw. So as a bonus, you are secured in case that the owner would like to withdraw money. When he opens the wallet two years later he won't have access to the private key. You won't get that if you only read the private key and leave the original wallet.

So: reading private key and leaving it back in place isn't good. You never know when the owner is going to withdraw. You should either steal the whole wallet and withdraw or switch the wallet with a forged one. Both of these attacks are not only easier but more effective than trying to read the wallet and leave it intact.

That is ingenious - very clever attack vector! The only way to mitigate it somewhat, I suppose, is to handwrite something on the wallet. That way, unless they go to the extraordinary length of getting a really good handwriting forger, you will recognise someone else's handwriting.

Handwriting the deposit information on the back would lead to early detection.

I am wondering if a two factor wallet would be a better option for the paranoid and/or large amounts.

[fluffypony]

Handwriting the deposit information on the back would lead to early detection.

I am wondering if a two factor wallet would be a better option for the paranoid and/or large amounts.

Well, I've suggested this before, but it seems none of the paper wallet systems out there support it: why can't the private key be encoded/encrypted with a passphrase? When importing, the passphrase would be required to decode/decrypt the private key, thus mitigating most physical attacks.

[Terk]

Truly paranoid could also deposit using multi signature transactions. You send the deposit to two or three recipients (addresses of your own paper wallets). Then when you want to withdraw, there are two private keys required from two of your wallets. Of course you store these paper wallets in different physical locations.

[canton]

Well, I've suggested this before, but it seems none of the paper wallet systems out there support it: why can't the private key be encoded/encrypted with a passphrase?

(BTW I love your evil scenario for replacing wallets with look-alikes. Very clever.) I think the next round of holographic tape I order might (1) feature a totally custom hologram (expensive to forge) plus (2) stickers with unique serial numbers printed in pairs to discourage wallet swapping / sticker replacing.

Regarding encrypted private keys, I'm working on implementing BIP38 as a different design less suited for gift-giving and more suited for long-term storage, something like this:



Finally, for anyone dying to know what Niko's subterfuge was, it was about soaking the wallet in a liquid to remove the stickers without detection. At some point he thought a heatgun/blowdrier might work as well. I haven't tested.

[niko]

For the time being, since I don't (yet) have a solution for Niko's hack, I appreciate that he's not making it public here. I'm no believer in security through obscurity, but at the same time I figure there's no especially good reason to post instructions for circumventing the tamper-evidence so long as I publicly declare: YES there are definitely ways to reveal the private key without anyone knowing it, and you don't need superconducting quantum NASA laserbeam technology or anything like that.

1. These wallets aren't designed to be kept in your open space office desk drawer. You should keep it secure and unavailable for others' physical access.
2. More probable attack vector of someone who accessed that wallet physically is to rip it open and withdraw coins. All users should be aware that if someone can access the wallet, they're screwed.

Considering this, I think it's safe to assume that everybody sane will keep their paper wallet secured. And considering this, I think it's better to openly describe the hack, because crowdsourced solution might come much faster.

Good points, Terk. Furthermore, the slight-of-hand attack you described in yor next post is great. BIP38 addresses these kinds of problems, and canton is working on implementing it.

[jabberwok]

Good work, Canton!

I love the design and am definitely going to start using these.

I don't see the point in stressing about the 'hack'.  Keep your wallet physically secured and you won't have to worry about it.

I agree completely, but I am very much enjoying the friendly battle with Niko.

Is there any way you could post the base design without keys and QR codes so that I could stick in a vanity address just for fun?  Or maybe you could find a way to incorporate vanitygen, though that sounds like it might be a bit difficult.  It might also be nice if other address formats could be used.  I would love to use this for Litecoins, too.

[canton]

Is there any way you could post the base design without keys and QR codes so that I could stick in a vanity address just for fun?  Or maybe you could find a way to incorporate vanitygen, though that sounds like it might be a bit difficult.  It might also be nice if other address formats could be used.  I would love to use this for Litecoins, too.

Hi Jabberwok,

I sure will post the PSDs/PDFs for editing/adjusting. Also someone else has generously worked on a shell script (live CD!) based version that uses vanitygen and outputs PDF files of my design as an alternative to the current bitaddress.org-based method I'm using now. Distributing this might be a few weeks out. It's a wicked bit of code: uses a RAM drive during wallet generation and then shreds the memory space afterwards -- less worrying about printer cache files and such.

[jcw]

First of all, this is my favorite paper wallet I've seen by far. It has had a lot of thought put into it, and it shows. They look so good I am considering buying a color laser printer so that I can print these in color!

A couple of questions:

• The tamper-proofing is nice, but I intend to store these securely and so it is not as important to me as being able to trust the wallet generation code itself. Are there any plans to get a third party to post a hash of a vetted version of the offline wallet generator (and/or of the upcoming official Live CD)?
• I am currently using the technique of booting a Ubuntu Live CD from a non-internet connected computer which has the offline version of the paper wallet generator available on a USB thumb drive. Once opening this in Firefox, I print to a B&W laser printer (connected via USB). Once finished, I remove the Live CD and reboot into my normal OS, and reconnect the network cable. Would the official Live CD provide more security than this?

A few suggestions for the back:

• Typo in third point "until you are ready import"
• The last warning on the back of the wallet could be misinterpreted to mean you can't partially spend the funds you have on the wallet (i.e. so how do I ever use this to buy something less than the value on the wallet?). Since you mention How to Deposit as its own step, perhaps you should also have an entire step on How to Withdraw?
  
  Current:
  When withdrawing your funds from this wallet you should remove the ENTIRE BALANCE.
  If you attempt to spend only some of the funds you will likely lose the remaining bitcoins forever.
  
  Suggested (feel free to condense):
  To withdraw your funds from this wallet:
  1. Prepare a software wallet to receive the funds. This could be a bitcoin client on your computer or phone, an exchange, or an online wallet.
  2. Transfer the ENTIRE BALANCE to the software wallet. See http://bitcoinpaperwallet.com for instructions on how to perform this transfer. Note that it is important to transfer the entire balance in order to avoid losing control over the remaining bitcoins.
  3. Wait for the transaction to be confirmed. This typically occurs in under 10 minutes. Once confirmed, the funds are free to be spent as desired.
  4. Do not reuse the paper wallet - there is now a software wallet that has knowledge of its private key.
  

The reason I'm suggesting referring the user to the website for instructions on how to perform the transfer is because there doesn't seem to be a good way to do this just yet. There are several manual ways, some more complicated than others, but unfortunately there doesn't seem to be a feature common to most/all wallet software to sweep funds from another wallet, so the idea is that the current "recommended" ways of doing this could be maintained on the website, rather than out-of-date methods being printed on the wallet itself.

[ReCat]

I love this wallet. I printed myself one of these and stored 0.1 BTC in it. Putting in a suitcase where I'll find it by surprise many months from now. Have you considered selling professionally printed wallets? Albeit everyone would have to trust you don't record the public keys. It'd still be nice. All I have is an inkjet, and no idea where I can possibly find a laser printer.