Security Experts? Another Paper Wallet Ques

[BittBurger]

I am not comfortable with Armory or Ubuntu or Linux.  I am a normal windows user who knows most basic computer stuff.  But i am a newbie for sure.
 
I am trying to get my head around this private key thing and I can't.  Some people use bitaddress.org, even downloading the software, unzipping, offline, generating paper wallet.  But someone aptly pointed out that any third party is a risk.  

So how do you make your own private key that doesn't involve a third party?   I am really frustrated because a lot of money is at stake here.  I don't like feeling like one day I could wake up and "X" website has run off with all the coins because fools used "X" website to generate private keys.  If bitaddress is a potential risk, as some say (Probably just out of paranoia but still..) then how does one make a secure paper wallet?  You always need a third party don't you?  This is so confusing and frustrating .....

[RodeoX]

You could try this.
Put all the coins you are saving for the long run into a wallet and get it offline. Burn it to discs or USB drives and protect it like you would jewels. I recommend a safe deposit box, but any high security should do.

If I were going to use windows, I would not keep any coins (private key) on my machine.

[RoxxR]

To be honest the current situation is a huge mess. Everybody is in a state of uber paranoia,
which is of course irrational. It is totally possible to keep bitcoins on a Windows machine, and whatever
solution you choose, there is ALWAYS some amount of trust needed. That said, if you're a newbie, I would
recommend to wait till you have done enough research before investing any significant money in bitcoin.

[BittBurger]

You could try this.
Put all the coins you are saving for the long run into a wallet and get it offline. Burn it to discs or USB drives and protect it like you would jewels. I recommend a safe deposit box, but any high security should do.

If I were going to use windows, I would not keep any coins (private key) on my machine.

THis was my method.  For 5 months.   Then when the new version of QT came out, every time I would move or rename the wallet.dat file, it would "corrupt" on me .... the *only* reason i didn't lose *everything* was bedcause I still had a "recycle bin" with old wallet.dat file versions ...

I also had encryption keys that were changing on me randomly.   Thankfully they were capital versus lower case character changes.  I have *no* idea how those happened because I was copying and pasting my encryption keys in to the box when I would encrypt.   But needless to say, once I started seeing corruption notices just from moving the wallet.dat files to USB drives, and my encryption keys were showing up as "invalid", I was done with QT.   Done.   There's no way im trusting XXXXXXXXX dollars to a software program on windows.  

[Barek]

Third party usually means that you trust someone else with your coins, not that you cannot use someone else's software.

If your goal is to store your coins safely, I think a paper wallet is a good idea. The website you found, bitaddress.org, also looks very userfriendly. This is a javascript based tool, which means it runs locally on your machine and you do not need to be connected to the internet.

To generate the private key, you could open the website, disconnect from the internet and then generate the address. After you printed your data, you can close the browser and most of the traces should be gone. This is the basic idea, but there is a chance that you left traces.

Some browsers have privacy type modes. You could use those to make sure the browser properly clears its cache. Taking it a step further, you could use some live CD and put the website on a USB stick. Once you printed the address information, you shut down the live CD.

I think you get the idea.

[acoindr]

You're right that unless you're constructing the keys & software yourself you have to trust a third party.

That being the case you look at which third party to trust. Right now Bitcoin is like the earliest days of the Web, or computers before nice Windows GUIs. Technology usually gets easier to use as time goes by. You're part of an early adopter group which means you can experience and expect bumps. The tradeoff is being positioned well to benefit as things go more mainstream.

There are a few options. The community is working on producing better and more user friendly security. The Piper wallet is one such product. DeathAndTaxes points out one possible flaw with this option being an easily erasable thermal printout.

Another option is the Trezor. Some people have pointed out a potential problem with these being software tampering en route to the customer.

I often recommend Armory. I think it's the best balance of top notch security and usability at the moment and the developer is now working on it full time (and is funded).

I'd recommend taking the time to learn to set up Linux and use Armory. It's not that hard considering being an early adopter as I've said.

Thinking this through, though, makes me realize all these software options should come with an easy checksum method. That way as long as you trust the developer (and peer reviews of the open source) you can be sure your generated keys are safe.

[Kouye]

To be honest the current situation is a huge mess. Everybody is in a state of uber paranoia,
which is of course irrational.

I tend to agree, the security advice from top-tech users are way overkill, in my opinion.

Easy steps to print a paper wallet under windows

01 - Get your hands on an old computer with win7/xp.
02 - Download https://casascius.com/btcaddress-alpha.zip and unzip.
03 - Download foxit reader from here: http://www.foxitsoftware.com/downloads/
04 - Disconnect internet, pull the rj45 plug and switch off wifi physically - alternatively, disable wifi device.
05 - If you don't have a direct connected printer (// port or USB), install foxit reader.

06 - Run BtcAddress.exe (from the location where you unzipped 03) => Address => New Address
07 - Check(box) the new address
08 - Selection => Print Banknote Vouchers
09 - As target printer, select either a directly connected printer (through // port or usb) or a PDF output, and save the file on a blank usb stick.
10 - If you did not have a directly connected printer, plug the usb stick in your printer and print the PDF from the printer.

11 - Repeat steps 06-10 to print as many addresses as you wish.
12 - Plug the usb stick back in the computer, and format it.
13 - Insert your win xp/win 7 DVD, reboot from it (might need to check boot order in BIOS), and reformat+reinstall windows.
14 - You can now connect the computer back to internet to update windows, redownload your favorite antivirus, etc.
15 - Whenever you need more paper wallets, go back to 02.

Always try with tiny amouns of BTC first, to make sure you're able to redeem the paper wallets and gain confidence.
If you secure your printed vouchers in a safe after that, and anyone is still able to steal coins from you, he would have probably succeeded anyway.

[bitcoinchecker]

There is curently NO safe, simple and reliable way for a non-techie to store their bitocins securely.

Regardless of all the posts on here about paper wallets, offline storage, armory, ubuntu, usb sticks and whatever saying how straightforward it is, some people just don't get it regardless of how easy it sounds to people who are tech-savvy.

As I have said a few times on here, this is a major hurdle for Bitcoin and needs addressing. The Trezor sounds good, but it sounded good 6 months ago and there is still no sign of it arriving.

With the price of Bitcoin as it is now, a small amount of BTC bought by a newbie could represent a significant amount of "real money" and there needs to be a simple non-tehnical way of securing them without going through the massive learning curve inolved with cold storage or other means of 100% security.

These "everyday people" are essential if Bitcoin is going to grow and reach its full potential.

[DannyHamilton]

- snip -
someone aptly pointed out that any third party is a risk.  

So how do you make your own private key that doesn't involve a third party?
- snip -

If you're really that paranoid, go get some well balanced dice.

Learn some math.

Subtract 1 from each dice roll and write the result down as a digit.

When you have rolled enough dice, convert from your dice base to hex.

Voila, you now have a completely randomly generated private key without trusting any any third party (well, you had to trust the dice manufacturer I suppose).