Paper Wallets

[TheDigitalMan]

I am happy with my TREZOR wallet but I like the idea of storing some of the bitcoin I am buying into small paper wallets.  Maybe a bitcent each or even a nickel or dime (0.05 BTC or 0.1 BTC) in one.  But when I google and read about paper wallets it seems most of the articles I read discourage me from creating one.  But I still don't understand why they are such a bad idea?  If I use the software offline (Such as https://walletgenerator.net/ or https://bitcoinpaperwallet.com/bitcoinpaperwallet/generate-wallet.html) and create random public addresses and private keys why would there be a problem with my saving those and sending coin to the public addresses?  I'm talking about a ONE TIME SEND transaction that sends the amount of bitcoin I want to store on that paper wallet address.  I could see it on the blockchain that it arrived in the address.  I could then save the wallet away.  And later when I am ready just sweep the wallet into my Bitcoin Core wallet or TREZOR?

Can anyone give me a good reason why I can't do this?  Or why it would not be safe? Or why I shouldn't do this?

Per the bitcoin wiki it says:

1. Printing is problematic (O.K. I get it that paper is not forever.  But let's just agree that I have the archival issues on this front sorted out)
2. Promotes address re-use (I'm talking about sending ONE transaction to this address.  No more. Then sweeping it when ready to spend. So I'm calling this a non-issue)
3. Encouragement of centralized and outsourced validation (I'm not sure I totally get this one?  It might be true that I would use a blockchain explorer to verify the transaction went through.  But after that I would not look at that address again.  Perhaps I visit the block chain explorer while running a VPN?  So I am anonymous while verifying that my paper wallet transactions have indeed landed in their correct addresses.)
4. Raw Private Keys are Dangerous (I read this section and I do fully understand what they are talking about. So no worries for me on this front.)
5. Change addresses are not handled which leads to screwups (I understand this.  But as long as I sweep the paper wallet into a TREZOR wallet or Core Wallet and spend the coin from the desktop wallet I shouldn't have any problems. Right? I get that if I sweep the coin into the wallet and then uninstall the wallet it won't recover that coin when I use my mnemonic phrase to restore the wallet elsewhere.  I would need my paper wallet again.)
6. Low Error Correction (I get this concern.  But I am totally O.K. with it because I do not intend to have my paper wallets sitting around with the private key printed on them verbatim anyway.  I have an entire encryption scheme I intend to use which will eliminate any issues on this front. And don't get me started on why I shouldn't encrypt my private keys.  That should be obvious and I'm not buying into the "DON'T DO IT" crowd.)
7. Encouragement of obsolete brainwallet style (This is also a non-issue.  I get that brainwallets are not secure.  I have no intention of using them)
8. Javascript software (I do not fully understand this. I'm open to being educated here)
9. Browser wallets are bad (I also do not fully understand this.  Again... Educate me.  Surely there is software out there that can create safe bitcoin public addresses and their matching Private Keys?)

Thanks in advance for your time and energy in responding to me.  It is appreciated.  I just want to save some of my bitcoin in a safe and simple manner for my retirement.  And I don't want all my eggs in one basket such as the TREZOR.

TheDigitalMan

[1714149465]

1714149465

[1714149465]

1714149465

[1714149465]

1714149465

[fiulpro]

Since you are already reading the wiki , it does list almost everything.
The only reason they are bad are based on two things .

1. Personal errors
2. The website errors

Since they are generated by the browser they have all the disadvantages that is associated with that particular site. It is a 3rd party system thus we all know how much we can trust it.

Person problems may include errors we may or may not unknowingly make, it is just a piece of paper , you might loose it or actually just read it incorrectly and things like that .
A piece might get torn and stuff.

It's very fragile.
Thus it is for someone who can actually handle it.

[OmegaStarScream]

If done properly, you should be fine:

1. Use Ubuntu (or some other Linux distribution - Run as LiveCD).
2. Download Bitaddress.org offline and run it locally.
3. Print.

You can send funds regularly to the wallet without any issues by either printing a second copy of the wallet (just the address) or by saving it in your computer.

As for spending, then yes, sweeping will do the trick whenever you want to spend. Bitcoin core and Trezor don't allow that though, so you would need Electrum for desktop or Mycelium for Android for that purpose.

The reason why it can be inconvenient is like said above, papers are fragile, it can get wet, torn apart, lost or even found by someone else (that's the part where you might consider encrypting the private keys with a password), etc. but If you're confident of your ability to keep it safe, you should be fine.

[gentlemand]

I've created plenty. I would do so again and will.

And 'paper wallet' is a term that should be retired really. None of my paper wallets have been on paper. They're keys generated offline.

I double check the private keys match the wallet address with another program.

I put them in encrypted folders on SD cards. I photograph them with a dumb camera and copy and paste the keys and store them as jpegs and txt files. I do that with several cards and distribute them hither and thither.

I would not reuse, or partially spend though things like Mycelium can allow that. They're for long term one time storage and they do a fine job.

[CryptoMobster]

Most secure type of wallet by default...

If you know how to use them and don't use it to put your cup of tea on.

[pooya87]

to be honest i don't agree with that wiki article. i have argued about it on reddit too when it was posted there. basically i believe that it is saying "since people are using it wrong, then the method should be considered bad!"

1. Printing is problematic (O.K. I get it that paper is not forever.  But let's just agree that I have the archival issues on this front sorted out)
4. Raw Private Keys are Dangerous (I read this section and I do fully understand what they are talking about. So no worries for me on this front.)

simply encrypt everything you want to print and that solves multiple issues including the printer memory, and physical access to the paper containing the keys.

2. Promotes address re-use (I'm talking about sending ONE transaction to this address.  No more. Then sweeping it when ready to spend. So I'm calling this a non-issue)

correct call.

3. Encouragement of centralized and outsourced validation (I'm not sure I totally get this one?  It might be true that I would use a blockchain explorer to verify the transaction went through.  But after that I would not look at that address again.  Perhaps I visit the block chain explorer while running a VPN?  So I am anonymous while verifying that my paper wallet transactions have indeed landed in their correct addresses.)

it is about "privacy" and that is something most users don't care that much about. for example there are a lot of users already using Electrum so they are already relying on Electrum nodes, one more address is not a big concern to them. if you want privacy then you run your own full node and since paper wallets is something you use once when you are spending, the time rescan takes in your full node is not a big concern either compared to the privacy you gain.

5. Change addresses are not handled which leads to screwups (I understand this.  But as long as I sweep the paper wallet into a TREZOR wallet or Core Wallet and spend the coin from the desktop wallet I shouldn't have any problems. Right? I get that if I sweep the coin into the wallet and then uninstall the wallet it won't recover that coin when I use my mnemonic phrase to restore the wallet elsewhere.  I would need my paper wallet again.)

the point that this is trying to make is when for instance you have a paper wallet containing 1BTC and want to sell 0.9BTC of it. you will be left with 0.1BTC which if you send back, it will be address reuse and if not you will have to create a new wallet from scratch which is time consuming and hard. (using mnemonic helps solve this)

6. Low Error Correction (I get this concern.  But I am totally O.K. with it because I do not intend to have my paper wallets sitting around with the private key printed on them verbatim anyway.  I have an entire encryption scheme I intend to use which will eliminate any issues on this front. And don't get me started on why I shouldn't encrypt my private keys.  That should be obvious and I'm not buying into the "DON'T DO IT" crowd.)

use BIP38 encryption and create more than one backup of it and you will be fine.

8. Javascript software (I do not fully understand this. I'm open to being educated here)

JavaScript is known to have many bugs and issues. there has been a lot of exploits in it too. and if you look at one of these tools (like bitaddress) history you can see some of these bugs that were found and fixed. generally it is considered unsafe.

9. Browser wallets are bad (I also do not fully understand this.  Again... Educate me.  Surely there is software out there that can create safe bitcoin public addresses and their matching Private Keys?)

this again is repetition of "users use these tools the wrong way" argument. the "website" is meant for the preview not for usage. the correct way is to download the source code from GitHub and transfer it to a clean offline computer and use it there.

[TheDigitalMan]

Thanks everyone for your replies.  I feel much better now.    I intend to encrypt the private keys.  No worries there. I also don't intend to print on actual paper.  One of you had great ideas in regard to that.  I might add some of them to my own.  Anyway, I just wanted to be sure I wasn't missing something fundamental. 

[Baofeng]

Please be warned about WalletGenerator[dot]net though, please check my thread here, Disclosure: Key generation vulnerability found on WalletGenerator.net.

[leftgirly]

Paper wallets are equally safe like the hardware wallets like Trezor. Storing something which is fragile like a paper wallet is never an easy task for anyone.  Fortunately,  most of the traditional banks across the globe have the capacity to protect such important documents from any harm. So for people who cannot be careful with paper wallets can save them at the bank.

[TheDigitalMan]

Please be warned about WalletGenerator[dot]net though, please check my thread here, Disclosure: Key generation vulnerability found on WalletGenerator.net.

Thanks!  I will avoid that one!

[pooya87]

Please be warned about WalletGenerator[dot]net though, please check my thread here, Disclosure: Key generation vulnerability found on WalletGenerator.net.

Thanks!  I will avoid that one!

just FYI you don't have to use any of these paper wallet specific generators to create a paper wallet! you can use literary any wallet that allows you to export your private keys. so for example you can install bitcoin-core on an offline computer and generate a new private key, encrypt that and print it. (you may need another tool for encryption though.

also make sure to test your method first before sending actual bitcoins to that wallet. for example restart the offline OS and try to recover what you created, or you can even create one paper wallet and send a small amount like $1 worth of bitcoin to it and then spend it right away to both learn how things work and also test if your setup was correct.

[TheDigitalMan]

Thanks pooya87.  You point out some sound ways of doing it.  And I agree with the testing as far as testing the methodology goes.  I won't try to re-use the tested address.

[whotookmycrypto]

OP, you might want to check this article out by Trezor: https://blog.trezor.io/paper-wallets-a-relic-of-the-past-1f711ba82b8c

[Chris!]

Isn't that wiki article just horrible? I've always used a "paper" wallet, stored it properly and never had any issues. I do agree that the name should be retired. It's just an offline backup or air-gap generated private key.

You never have to worry about some kid hacking your device with offline private keys. The only risk is physical access or your house burning down. There are many materials out there that won't burn in a house fire. Get creative.

OP, you might want to check this article out by Trezor: https://blog.trezor.io/paper-wallets-a-relic-of-the-past-1f711ba82b8c

I wonder why a company selling hardware wallets wouldn't want people storing their funds more securely, and for free . Strange /s

[peleion]

You might also want to read this:

How to Write, Store, and Preserve Your Cryptocurrency Wallet Seed on Paper

[Chris!]

If you'd like to see objections and debunking re: paper wallets I've been having a good time at https://bitcointalk.org/index.php?topic=5161786.msg51734098#msg51734098. In hindsight, maybe dissing hardware wallets in a part of the forum that everyone uses hardware wallets wasn't the best choice, but hey, I'm not here to pat people on the back and tell them what a great job they did buying a $100 glorified USB. I'm here to help educate the next wave of bitcoiners.

[TheDigitalMan]

Isn't that wiki article just horrible? I've always used a "paper" wallet, stored it properly and never had any issues. I do agree that the name should be retired. It's just an offline backup or air-gap generated private key.

You never have to worry about some kid hacking your device with offline private keys. The only risk is physical access or your house burning down. There are many materials out there that won't burn in a house fire. Get creative.

OP, you might want to check this article out by Trezor: https://blog.trezor.io/paper-wallets-a-relic-of-the-past-1f711ba82b8c

I wonder why a company selling hardware wallets wouldn't want people storing their funds more securely, and for free . Strange /s

Chris...  I appreciate your replies.  And you seem to have a good handle on this subject.  So I am now at a point where I want to ask another question.  This is regarding the private key.
Is there any discernable pattern in a private key?  I am assuming no based on what I know about them.

So my question is.  Would it be obvious to a person if a couple of the characters in a private key were swapped?  Let's say for example that I create my paper wallet.  I have nosy relatives that I don't trust.  So I swap the 13th and 27th characters around.  A simple swap.  I then pound the characters into my crypto steel plate and put it into my top desk drawer for safe keeping.  Fast forward to Thanksgiving and one of my nosy relatives sneaks into my study and finds the plate.  He photographs it with his smart phone and later after getting back home attempts to sweep the public address into his own wallet.  The problem is he get's an error message (I'm assuming he would either get an error message or the notification that there is no bitcoins to be swept) saying wrong private key or maybe he just gets a message saying there are no bitcoins.  Of course he sees them in the public address so he knows they are there.  Could he at that point realizing I mixed up the private key figure out how to unscramble it?  Would there be a way for a good hacker to do that?  It is my understanding that it would not be possible.  But I want to be sure.  Would there be a way for them to determine that the key is good up through the first 12 characters?  Then realizing Character 13 is bad could they somehow run some kind of key hacking software to figure out what Character 13 should be?  Is swapping just 2 characters around in a private key enough?  Or should I swap 4 or 6?  Obviously the more I mix it up the harder it would be to hack it but I don't want to make it impossible for me to unscramble either.  I'm assuming a thief wouldn't really have a clue what to do if the private key does not work.  They wouldn't even know that it was almost correct would they? My original intent was to save the addresses separately from the keys and have a system for marrying them up.  But I like this idea better.  Partly because it looks like a normal paper wallet.  And I myself can certainly sweep the contents of it whenever I please.  I might leave a paragraph in my will on how to decode these for my children on the off chance I don't spend all of them before I die.

Anyway, I appreciate your time in reading this and would like your thoughts on it.

Thanks Chris!

The Digital Man

[CounterEntropy]

There is absolutely no problem in using paper wallets, if you know how to use it. Follow this...

1. Download BitAddress.org JS code from https://github.com/pointbiz/bitaddress.org.

2. Run it in an offline computer and generate Address + Private Key.

3. Copy the Address in a text file and write down the Private Key by hand in your notebook.

4. Write the Private Key from your notebook to the text file by typing and run it through BitAddress.org JS code to see whether it generates back the same Address in the text file.

5. Now remove all traces of the Private Key, save the text file with Address and wipe out the temporary cache from your browser.

6. Download Coinb.in JS code from https://github.com/OutCast3k/coinbin/ and use it to sweep fund received at the generated Address.

[TheDigitalMan]

There is absolutely no problem in using paper wallets, if you know how to use it. Follow this...

1. Download BitAddress.org JS code from https://github.com/pointbiz/bitaddress.org.

2. Run it in an offline computer and generate Address + Private Key.

3. Copy the Address in a text file and write down the Private Key by hand in your notebook.

4. Write the Private Key from your notebook to the text file by typing and run it through BitAddress.org JS code to see whether it generates back the same Address in the text file.

5. Now remove all traces of the Private Key, save the text file with Address and wipe out the temporary cache from your browser.

6. Download Coinb.in JS code from https://github.com/OutCast3k/coinbin/ and use it to sweep fund received at the generated Address.

I follow the process you have outlined above but correct me if I'm wrong.  The private key exists in your notebook written down correctly so that if anybody is able to copy it they will be able to steal your bitcoin (assuming they get a copy of the address as well).  Which I understand you are saving in a separate place.  So that's one method.  Keeping the two items separate.  I'm interested in obscuring the Private Key by jumbling it up.  My question was would it be obvious to anyone if I jumbled it?

I was simply trying to understand how secure a private key would be if two of it's characters were swapped so that it was no longer correct.  And if "what was done to the key would be obvious?". i.e. would it be obvious that the key was "almost" correct and just needed a couple of it's characters swapped back into place.  I am banking on the fact that this will not be the case.  That when the private key fails it will be anybody's guess as to why?  Other then the fact that it is NOT the CORRECT private key.  I'm simply wanting to confirm this.

Thanks

The Digital Man

[o_e_l_e_o]

Would it be obvious to a person if a couple of the characters in a private key were swapped?

No.

The problem is he get's an error message (I'm assuming he would either get an error message or the notification that there is no bitcoins to be swept) saying wrong private key or maybe he just gets a message saying there are no bitcoins.

Assuming your key is in Base58 Wallet Import Format, swapping two characters around will almost certainly generate an invalid key. The chance of the checksum still being valid after you change the address is 1 in 4.3 billion.

Could he at that point realizing I mixed up the private key figure out how to unscramble it?

He might realize you have scrambled the key in some way, but that will provide zero clues on how to unscramble it. All he can do is brute force a variety of combinations.

Would there be a way for them to determine that the key is good up through the first 12 characters?

No.

Is swapping just 2 characters around in a private key enough?

No. If someone was to try swapping every 2 character combination in a 52 digit WIF key, that is only in the region of 1300 possibilities. That could be brute forced in seconds.

Or should I swap 4 or 6?

Adding more swaps makes it harder, but still not hard enough to not be able to be brute forced relatively quickly. This is a very insecure method of storing your coins.

They wouldn't even know that it was almost correct would they?

Correct.

The private key exists in your notebook written down correctly so that if anybody is able to copy it they will be able to steal your bitcoin (assuming they get a copy of the address as well).

You do not need both the private key and the address to steal the coins. Having just the private key on its own is enough to control all the coins. The public address is derived from the private key, so importing the private key in to a wallet will automatically show you the relevant public address.

If you are this concerned about someone else being able to gain physical access to your private key, then storing it in plain text is not the method you should be choosing. Either store it somewhere secure that other people cannot access it, or look in to using an encrypted airgapped machine or hardware wallet.