Bitcoin Forum
November 18, 2017, 03:49:54 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Creating Paperwallet with TAILS  (Read 2885 times)
domob
Legendary
*
Offline Offline

Activity: 983


View Profile WWW
November 04, 2013, 03:52:08 PM
 #1

I want to create a paperwallet, and think that TAILS (https://tails.boum.org/) could be a good choice for doing so securely.  Ideally, I'm thinking of the following workflow:

1) Disable WiFi on my laptop using the hardware switch and boot into TAILS.

2) Create a private key and address, encrypt the private key with a strong passphrase (using GPG), and save it to a flash drive.

3) Shutdown TAILS without ever enabling network access, boot into the main system, and print the encrypted private key.

This ensures that, even if my main system is compromised (I hope not), the passphrase used to encrypt the private key is never accessible to malware; assuming that the TAILS image itself is not already compromised, TAILS is written to not leak any data on persistent storage, and furthermore the system on which the private key is accessible in clear text will never be connected to the internet.

Does this sound like a reasonably good way to create a (long-term storage) address?  The problem I now have is the question, which tools to use to generate the address.  TAILS unfortunately does not include any Bitcoin tools and also doesn't come with gcc (although it can probably be installed using pre-downloaded apt-packages if I try hard enough).  I see the following options:

1) Use the bitcoind binary download.  I tried this, but it seems to not start up when not connected to the internet and no blockchain data is present.  Unfortunately, TAILS doesn't give me enough storage to keep a full blockchain.  Is it possible to start up bitcoind and use it to create a wallet and export a private key without ever connecting to the internet and ever downloading a single block?

2) Vanitygen:  Here I would also need a 32-bit binary, which I would have to try to find (not sure whether one is provided, usually I use the sources - but I would have to cross-compile them to 32-bit from my main system which uses amd64).  Is this a secure method to generate addresses, considering entropy?  I think it allows to seed the random-number generator with some arbitrary file, which could be generated from /dev/random earlier.

3) Using a downloaded version of bitaddress.org.  This works, but I'm hesitant to use that because I'm not sure about the security of the generated data.  Is the entropy good enough?  Of course, I could also generate a file from /dev/random, hash it, and use the resulting hash as passphrase to a brain wallet.  Do you think this is a secure enough method that I can trust?  Is the used crypto in JS code stable enough to trust it with generating a long-term storage key?

What would you suggest?

Use your Namecoin identity as OpenID: https://nameid.org/
Donations: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS | GPG 0xA7330737
1511020194
Hero Member
*
Offline Offline

Posts: 1511020194

View Profile Personal Message (Offline)

Ignore
1511020194
Reply with quote  #2

1511020194
Report to moderator
1511020194
Hero Member
*
Offline Offline

Posts: 1511020194

View Profile Personal Message (Offline)

Ignore
1511020194
Reply with quote  #2

1511020194
Report to moderator
A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511020194
Hero Member
*
Offline Offline

Posts: 1511020194

View Profile Personal Message (Offline)

Ignore
1511020194
Reply with quote  #2

1511020194
Report to moderator
dserrano5
Legendary
*
Offline Offline

Activity: 1848



View Profile
November 04, 2013, 03:57:38 PM
 #2

I'd go with either bitaddress or NoBrainr (search the latter in the forum).

domob
Legendary
*
Offline Offline

Activity: 983


View Profile WWW
November 04, 2013, 08:09:09 PM
 #3

I'd go with either bitaddress or NoBrainr (search the latter in the forum).

Thanks - I think I'll try to use bitaddress.org with the "brainwallet" function (but with a passphrase generated randomly from /dev/random).  As long as bitaddress.org doesn't have a bug in the logic to generate the private key from it (which I doubt), this should be fine.

Use your Namecoin identity as OpenID: https://nameid.org/
Donations: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS | GPG 0xA7330737
dserrano5
Legendary
*
Offline Offline

Activity: 1848



View Profile
November 04, 2013, 08:28:29 PM
 #4

Thanks - I think I'll try to use bitaddress.org with the "brainwallet" function (but with a passphrase generated randomly from /dev/random).

You can also use the "Paper wallet" tab and BIP38-encrypt the private key.

domob
Legendary
*
Offline Offline

Activity: 983


View Profile WWW
November 05, 2013, 06:36:59 AM
 #5

Thanks - I think I'll try to use bitaddress.org with the "brainwallet" function (but with a passphrase generated randomly from /dev/random).

You can also use the "Paper wallet" tab and BIP38-encrypt the private key.

Ah thanks, I didn't know that.  But I just want a single private key & address pair, so I probably don't need that.  I'll try it out soon! Smiley

Regarding NoBrainr: It seems that it needs some additional Python libraries (ecdsa at least) - which I would need to also install on the TAILS system once booted up.

Use your Namecoin identity as OpenID: https://nameid.org/
Donations: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS | GPG 0xA7330737
flatfly
Legendary
*
Offline Offline

Activity: 994


View Profile
November 05, 2013, 07:07:57 AM
 #6

Thanks - I think I'll try to use bitaddress.org with the "brainwallet" function (but with a passphrase generated randomly from /dev/random).

You can also use the "Paper wallet" tab and BIP38-encrypt the private key.

Ah thanks, I didn't know that.  But I just want a single private key & address pair, so I probably don't need that.  I'll try it out soon! Smiley

Regarding NoBrainr: It seems that it needs some additional Python libraries (ecdsa at least) - which I would need to also install on the TAILS system once booted up.

Thanks for looking at NoBrainr! I just want to confirm that it requires the ecdsa library indeed, which is a tiny 90Kb package from the pypi central python repository (and used by countless other bitcoin apps, including Electrum.)

Keep in mind that a great feature of NoBrainr is that it is only about 25 lines of code, making it orders of magnitude simpler than alternatives, while still producing cryptographically strong keys. Also, it will soon accept real physical entropy as input, bypassing any NSA-backdoored RNG concerns. Smiley

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
domob
Legendary
*
Offline Offline

Activity: 983


View Profile WWW
November 06, 2013, 06:42:26 AM
 #7

Thanks - I think I'll try to use bitaddress.org with the "brainwallet" function (but with a passphrase generated randomly from /dev/random).

You can also use the "Paper wallet" tab and BIP38-encrypt the private key.

Ah thanks, I didn't know that.  But I just want a single private key & address pair, so I probably don't need that.  I'll try it out soon! Smiley

Regarding NoBrainr: It seems that it needs some additional Python libraries (ecdsa at least) - which I would need to also install on the TAILS system once booted up.

Thanks for looking at NoBrainr! I just want to confirm that it requires the ecdsa library indeed, which is a tiny 90Kb package from the pypi central python repository (and used by countless other bitcoin apps, including Electrum.)

Keep in mind that a great feature of NoBrainr is that it is only about 25 lines of code, making it orders of magnitude simpler than alternatives, while still producing cryptographically strong keys. Also, it will soon accept real physical entropy as input, bypassing any NSA-backdoored RNG concerns. Smiley

Yes - does it need any other packages also?  The problem really is that on TAILS without internet access, I have to pre-download everything and install it right after booting for every time I run the system.  If it is just this one library and it can be installed by simply running a setup.py or placing a single .py file somewhere, I don't mind.  But if it depends on other non-standard packages and so on, it gets bad.

Regarding physical entropy:  That's really nice, and even though it is probably *very paranoid*, I was planning to add some just in case.  My intention is to simply generate a random file, with parts from /dev/random, parts from me hacking on the keyboard, and maybe just for fun some parts according to such a physical source of entropy, and then hashing it to produce the private key.

Use your Namecoin identity as OpenID: https://nameid.org/
Donations: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS | GPG 0xA7330737
flatfly
Legendary
*
Offline Offline

Activity: 994


View Profile
November 06, 2013, 08:28:06 AM
 #8

No other packages are needed. Sorry, can't give a longer answer now, I'm running late...

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
flatfly
Legendary
*
Offline Offline

Activity: 994


View Profile
November 07, 2013, 09:14:38 PM
 #9

Hey, you may want to check out version 1.052 which we have just released, as it provides easy support for regular dice as a physical randomness source.

Also, I've just made a small Unix tarball available of it on the website, which provides a fully self-contained package, including ecdsa. 

1111127SpvabYpoeDoiz5L7QPkfiSh2Q. Only donate if you have a reason to.
domob
Legendary
*
Offline Offline

Activity: 983


View Profile WWW
November 08, 2013, 06:26:17 AM
 #10

Hey, you may want to check out version 1.052 which we have just released, as it provides easy support for regular dice as a physical randomness source.

Also, I've just made a small Unix tarball available of it on the website, which provides a fully self-contained package, including ecdsa. 

Great, thanks!  I'll check it out! Smiley

Use your Namecoin identity as OpenID: https://nameid.org/
Donations: 1domobKsPZ5cWk2kXssD8p8ES1qffGUCm | NMC: NCdomobcmcmVdxC5yxMitojQ4tvAtv99pY
BM-GtQnWM3vcdorfqpKXsmfHQ4rVYPG5pKS | GPG 0xA7330737
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!