Bitcoin Forum
February 26, 2021, 04:50:42 AM *
News: Latest Bitcoin Core release: 0.21.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: How would you say is the most secure way to create and maintain a paper wallet?  (Read 722 times)
9thsky
Member
**
Offline Offline

Activity: 127
Merit: 35


View Profile
October 27, 2020, 07:58:17 AM
 #1

Care to share your knowledge?
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1614315042
Hero Member
*
Offline Offline

Posts: 1614315042

View Profile Personal Message (Offline)

Ignore
1614315042
Reply with quote  #2

1614315042
Report to moderator
1614315042
Hero Member
*
Offline Offline

Posts: 1614315042

View Profile Personal Message (Offline)

Ignore
1614315042
Reply with quote  #2

1614315042
Report to moderator
NotATether
Sr. Member
****
Online Online

Activity: 448
Merit: 1065


to Alpha Centurai


View Profile WWW
October 27, 2020, 08:31:37 AM
 #2

You should not be using paper wallets anymore, there is too much risk that the paper the private keys are written on will get damaged or lost. Also when using paper wallets your security is at the mercy of the site or app you use to get the private keys. Some of these sites aren’t using enough randomness and could leak the keys.

You should be using a hardware wallet to store large sums of bitcoin. These don’t let people extract private keys, they can’t be used by thieves without knowing the PIN you set on them, and some hardware wallets self-destruct if you enter the PIN code incorrectly too many times.

pooya87
Legendary
*
Online Online

Activity: 2282
Merit: 3585


Remember tonight for it's the beginning of forever


View Profile
October 27, 2020, 09:16:44 AM
Last edit: October 28, 2020, 03:31:05 AM by pooya87
Merited by Welsh (6), ETFbitcoin (2), Heisenberg_Hunter (1), igor72 (1), dre1982 (1)
 #3

0. decide whether you want to use private key or mnemonic in your paper wallet. (the later is better since it can create as many keys as you want)
1. choose a tool that can be trusted to create the key safely. any popular wallet that has an export option is excellent for this. this choice depends on step 0 since not all tools can create mnemonics, for example bitcoin core (only private keys) or Electrum (both private keys and mnemonic).
2. choose an encryption tool and learn how to use it correctly. this must be an open source tool that is capable of strong encryption using AES. if your step 0 choice is to use a single private key you can choose a tool that supports BIP38 encryption and skip this step.
3. build your step 1 choice from source or download the binaries and verify its signature.
4. download a Linux distribution and verify its signature.
5. burn the Linux OS on a DVD, disconnect your network and boot up that DVD.
6. run the result (the "tool") of step 3 in that live OS, create a new wallet export the key/mnemonic
7. encrypt the result of step 6 with the tool chosen in step 2
8. print the encrypted result. create backups and write down the password separately in another secure place.
9. laminate the paper or use a metal plate and engrave your encrypted result on it and store it in a safe place that is not exposed to things that can damage it.
10. (important step) reboot the same DVD and try to recover the key you just created using your password and see if you can get the same address (this makes sure you have written things down correctly). if step 0 choice was a mnemonic you can send some coins to the first address and spend it using an offline/online combination of master private key (on offline backup) and master public key (on the online machine) to also test spending.

don't be afraid to create more than one paper wallet this way for testing and send money to and from that wallet before you create one final one that you end up using.

ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2672


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
October 27, 2020, 09:36:39 AM
Merited by pooya87 (1)
 #4

I wouldn't recommend paper wallet unless you're expert and being very careful on every single steps you do to create and maintain paper wallet.

0. decide whether you want to use private key or mnemonic in your paper wallet. (the later is better since it can create as many keys as you want)
1. choose a tool that can be trusted to create the key safely. any popular wallet that has an export option is excellent for this. this choice depends on step 0 since not all tools can create mnemonics, for example bitcoin core (only private keys) or Electrum (both private keys and mnemonic).
2. choose an encryption tool and learn how to use it correctly. this must be an open source tool that is capable of strong encryption using AES
3. build your step 1 choice from source or download the binaries and verify its signature.
4. download a Linux distribution and verify its signature.
5. burn the Linux OS on a DVD, disconnect your network and boot up that DVD.
6. run the result (the "tool") of step 4 in that live OS, create a new wallet export the key/mnemonic
7. encrypt the result of step 6 with the tool chosen in step 2
8. print the encrypted result. create backups and write down the password separately in another secure place.
9. laminate the paper or use a metal plate and engrave your encrypted result on it and store it in a safe place that is not exposed to things that can damage it.
10. (important step) reboot the same DVD and try to recover the key you just created using your password and see if you can get the same address (this makes sure you have written things down correctly). if step 0 choice was a mnemonic you can send some coins to the first address and spend it using an offline/online combination of master private key (on offline backup) and master public key (on the online machine) to also test spending.

don't be afraid to create more than one paper wallet this way for testing and send money to and from that wallet before you create one final one that you end up using.

Some thought or alternative,
1,2. You can use tools which support BIP 38
4. Choosing live distro which offer offline mode or better security (such as Tails) might be useful
8. This part is vague, do you mean print from running OS on DVD? How about driver support?

pooya87
Legendary
*
Online Online

Activity: 2282
Merit: 3585


Remember tonight for it's the beginning of forever


View Profile
October 27, 2020, 09:49:02 AM
 #5

Some thought or alternative,
1,2. You can use tools which support BIP 38
4. Choosing live distro which offer offline mode or better security (such as Tails) might be useful
8. This part is vague, do you mean print from running OS on DVD? How about driver support?
1,2. it will only work if you choose single private key instead of mnemonic since BIP38 is defined for private keys only and we have no BIP for mnemonic encryption. a simple AES-256 encrytion of the string would work on anything though.
nonetheless i've updated my answer, thanks.
4. good idea.
8. it won't matter as much if it is encrypted using a strong password. worst case scenario you can print it on your online machine and then try wiping the memory. although i believe Linux distros such as Ubuntu already support a lot of printers without needing any driver installation but i may be wrong.

bob123
Legendary
*
Offline Offline

Activity: 1484
Merit: 2314



View Profile WWW
October 27, 2020, 09:58:38 AM
 #6

pooya87 already pretty much gave you a good list.
 
A little addition to step 8 (printing the paper wallet) would be, that you shouldn't use a modern printer which either 1) stores printed files in a cache or 2) is network-/internet connected.

Such printers pose a real risk. I remember reading a paper stating that roughly 50% (don't quote me on that number) of such printers can be manipulated by simply just visiting a malicious website (obviously javascript enabled, just like a regular user would browse).
You really want to use an old offline printer if you are going to print it out.


ETFbitcoin
Legendary
*
Offline Offline

Activity: 1792
Merit: 2672


NotYourKeys.org - Not Your Keys, Not Your Bitcoin


View Profile
October 27, 2020, 10:38:04 AM
 #7

8. it won't matter as much if it is encrypted using a strong password. worst case scenario you can print it on your online machine and then try wiping the memory. although i believe Linux distros such as Ubuntu already support a lot of printers without needing any driver installation but i may be wrong.

It's true that many distro support lots of printer by default, but AFAIK it doesn't support additional printer feature or limited configuration when printing.
But this could be mitigated easily if you download the driver first and burn it altogether on your DVD.

Lucius
Legendary
*
Offline Offline

Activity: 2072
Merit: 2189


Si Vis Pacem, Para Bellum


View Profile WWW
October 27, 2020, 10:42:25 AM
 #8

When you look at what is the only safe procedure, then this way of storing keys definitely is not for beginners. Of course, we should not forget that in addition to all the steps necessary to create a paper wallet, you need to know how to properly spend those same funds when the time comes. In case someone tries to spend part of the funds directly from such a wallet, without first paying attention to the change address, will be unpleasantly surprised.

WARNING: How I lost Bitcoins using a paper wallet

dre1982
Sr. Member
****
Offline Offline

Activity: 588
Merit: 277


★Bitvest.io★ Play Plinko or Invest!


View Profile
October 27, 2020, 10:49:15 AM
 #9

When I created a paper wallet with (BIP38) on a live linux distro I always print the wallets and also safe the wallets to a PDF file.

I store this PDF on an USB drive and safe this in an external place. So if the paper wallet got broken/lost I always have a copy of it.



BIG WINNER!
[15.00000000 BTC]


▄████████████████████▄
██████████████████████
██████████▀▀██████████
█████████░░░░█████████
██████████▄▄██████████
███████▀▀████▀▀███████
██████░░░░██░░░░██████
███████▄▄████▄▄███████
████▀▀████▀▀████▀▀████
███░░░░██░░░░██░░░░███
████▄▄████▄▄████▄▄████
██████████████████████
▀████████████████████▀
▄████████████████████▄
██████████████████████
█████▀▀█▀▀▀▀▀▀██▀▀████
█████░░░░░░░░░░░░░▄███
█████░░░░░░░░░░░░▄████
█████░░▄███▄░░░░██████
█████▄▄███▀░░░░▄██████
█████████░░░░░░███████
████████░░░░░░░███████
███████░░░░░░░░███████
███████▄▄▄▄▄▄▄▄███████
██████████████████████
▀████████████████████▀
▄████████████████████▄
███████████████▀▀▀▀▀▀▀
███████████▀▀▄▄█░░░░░█
█████████▀░░█████░░░░█
███████▀░░░░░████▀░░░▀
██████░░░░░░░░▀▄▄█████
█████░▄░░░░░▄██████▀▀█
████░████▄░███████░░░░
███░█████░█████████░░█
███░░░▀█░██████████░░█
███░░░░░░████▀▀██▀░░░░
███░░░░░░███░░░░░░░░░░
▀██░▄▄▄▄░████▄▄██▄░░░░
▄████████████▀▀▀▀▀▀▀██▄
█████████████░█▀▀▀█░███
██████████▀▀░█▀░░░▀█░▀▀
███████▀░▄▄█░█░░░░░█░█▄
████▀░▄▄████░▀█░░░█▀░██
███░▄████▀▀░▄░▀█░█▀░▄░▀
█▀░███▀▀▀░░███░▀█▀░███░
▀░███▀░░░░░████▄░▄████░
░███▀░░░░░░░█████████░░
░███░░░░░░░░░███████░░░
███▀░██░░░░░░▀░▄▄▄░▀░░░
███░██████▄▄░▄█████▄░▄▄
▀██░████████░███████░█▀
▄████████████████████▄
████████▀▀░░░▀▀███████
███▀▀░░░░░▄▄▄░░░░▀▀▀██
██░▀▀▄▄░░░▀▀▀░░░▄▄▀▀██
██░▄▄░░▀▀▄▄░▄▄▀▀░░░░██
██░▀▀░░░░░░█░░░░░██░██
██░░░▄▄░░░░█░██░░░░░██
██░░░▀▀░░░░█░░░░░░░░██
██░░░░░▄▄░░█░░░░░██░██
██▄░░░░▀▀░░█░██░░░░░██
█████▄▄░░░░█░░░░▄▄████
█████████▄▄█▄▄████████
▀████████████████████▀




Rainbot
Daily Quests
Faucet
9thsky
Member
**
Offline Offline

Activity: 127
Merit: 35


View Profile
October 27, 2020, 01:11:40 PM
 #10

You should not be using paper wallets anymore, there is too much risk that the paper the private keys are written on will get damaged or lost. Also when using paper wallets your security is at the mercy of the site or app you use to get the private keys. Some of these sites aren’t using enough randomness and could leak the keys.

You should be using a hardware wallet to store large sums of bitcoin. These don’t let people extract private keys, they can’t be used by thieves without knowing the PIN you set on them, and some hardware wallets self-destruct if you enter the PIN code incorrectly too many times.

So what do you suggest as a 2nd best alternative to HW?
bob123
Legendary
*
Offline Offline

Activity: 1484
Merit: 2314



View Profile WWW
October 27, 2020, 01:51:10 PM
 #11

~snip~

So what do you suggest as a 2nd best alternative to HW?

Don't listen to him.
You should never use any website to generate a paper wallet. And neither are you forced to only use paper as the medium of storage.

To answer your question, it depends.
Generally, a dedicated offline device is the best way to store private keys in a cold wallet.

If you don't transact very often and don't want to buy a HW wallet, a paper wallet would be one of the most secure ways.



9thsky
Member
**
Offline Offline

Activity: 127
Merit: 35


View Profile
October 27, 2020, 02:28:40 PM
 #12

~snip~

So what do you suggest as a 2nd best alternative to HW?

Don't listen to him.
You should never use any website to generate a paper wallet.
And neither are you forced to only use paper as the medium of storage.

To answer your question, it depends.
Generally, a dedicated offline device is the best way to store private keys in a cold wallet.

If you don't transact very often and don't want to buy a HW wallet, a paper wallet would be one of the most secure ways.




1) How else does (should) one generate a paper wallet then?

2) Didn't get you about the not forced to use the paper as a medium to storage. Could you eleborate please?

3) Dedicated offline storage? Like a mobile that's never online? Or do you mean HW like Ledger?

Could you rank storage methods from most secure to least?
bob123
Legendary
*
Offline Offline

Activity: 1484
Merit: 2314



View Profile WWW
October 27, 2020, 02:49:28 PM
Merited by Welsh (4), ETFbitcoin (1)
 #13

1) How else does (should) one generate a paper wallet then?

Just like pooya87 said. Use a good wallet on a live linux distro (everything offline + signatures verified). That's the easiest way.
Another option would be to use command line tools from linux which are built in. This won't give you a mnemonic code, but you'll be able to generate a private-/public keypair and address with nothing but core functionality from your operating system.



2) Didn't get you about the not forced to use the paper as a medium to storage. Could you eleborate please?

Well, you don't need to print it on a piece of paper (which can be vulnerable to water, fire, etc..).
You could for example engrave the private key into metal.



3) Dedicated offline storage? Like a mobile that's never online? Or do you mean HW like Ledger?

A mobile which never goes online and doesn't have any other network connection (preferably with the components being removed) would be an option, yes.
That's basically dedicated cold storage. Most people use an old PC or laptop. But a mobile is fine too.


Could you rank storage methods from most secure to least?

This always depends on the user and environment.

Generally:
Dedicated Cold Storage > Paper Wallet > HW Wallet > Desktop-/Mobile Wallet > Browser-based Wallet > Web Wallet > Custodial Wallet


But you also have to know the pitfalls of each scheme. For example:
  • If you for example use a website to create your paper wallet on an online device, it suddenly is roughly as secure as a web wallet.
  • And if you create it perfectly, but at some point you need to spend from your paper wallet and use a software wallet being online, this whole setup suddenly is no longer more secure than a standard desktop wallet.


In the end, no storage method is perfect. There is no "most secure" option. It always depends on your adversary- / threat model.

9thsky
Member
**
Offline Offline

Activity: 127
Merit: 35


View Profile
October 27, 2020, 04:16:39 PM
 #14

1) How else does (should) one generate a paper wallet then?

Just like pooya87 said. Use a good wallet on a live linux distro (everything offline + signatures verified). That's the easiest way.
Another option would be to use command line tools from linux which are built in. This won't give you a mnemonic code, but you'll be able to generate a private-/public keypair and address with nothing but core functionality from your operating system.



2) Didn't get you about the not forced to use the paper as a medium to storage. Could you eleborate please?

Well, you don't need to print it on a piece of paper (which can be vulnerable to water, fire, etc..).
You could for example engrave the private key into metal.



3) Dedicated offline storage? Like a mobile that's never online? Or do you mean HW like Ledger?

A mobile which never goes online and doesn't have any other network connection (preferably with the components being removed) would be an option, yes.
That's basically dedicated cold storage. Most people use an old PC or laptop. But a mobile is fine too.


Could you rank storage methods from most secure to least?

This always depends on the user and environment.

Generally:
Dedicated Cold Storage > Paper Wallet > HW Wallet > Desktop-/Mobile Wallet > Browser-based Wallet > Web Wallet > Custodial Wallet


But you also have to know the pitfalls of each scheme. For example:
  • If you for example use a website to create your paper wallet on an online device, it suddenly is roughly as secure as a web wallet.
  • And if you create it perfectly, but at some point you need to spend from your paper wallet and use a software wallet being online, this whole setup suddenly is no longer more secure than a standard desktop wallet.


In the end, no storage method is perfect. There is no "most secure" option. It always depends on your adversary- / threat model.

Thanks! Beautiful explanation. So Linux live USB then? With persistence or without? Also how does that compare to tails in security?
bob123
Legendary
*
Offline Offline

Activity: 1484
Merit: 2314



View Profile WWW
October 27, 2020, 04:59:38 PM
 #15

Thanks! Beautiful explanation. So Linux live USB then? With persistence or without? Also how does that compare to tails in security?

Yes, a live linux distro is the way to go.

Persistence is just for storing data between different boots.
For creating a paper wallet, you don't actually need that if you are using the command line option.
When using the software wallet (a.k.a probably electrum) option, you might need it to store the electrum AppImage there prior booting the distro in offline mode.

And Tails basically just is a linux distro which is preconfigured for easier "privacy" mode, i.e. it is easier to boot it completely offline / with tor.
You can use tails, if you want to. Just as good as debian, manjaro, whatever. As long as it is a trusted distro and you verify the signature of the .iso prior installing it, you are fine.

9thsky
Member
**
Offline Offline

Activity: 127
Merit: 35


View Profile
October 27, 2020, 05:16:08 PM
Merited by ETFbitcoin (1)
 #16

Thank you Pooya. This is fantastic!

Could you clarify a few things if you don't mind?

1. choose a tool that can be trusted to create the key safely. any popular wallet that has an export option is excellent for this. this choice depends on step 0 since not all tools can create mnemonics, for example bitcoin core (only private keys) or Electrum (both private keys and mnemonic).
Any recommendations if I want to go the mnemonics route? And what exactly is an "export option"?

2. choose an encryption tool and learn how to use it correctly. this must be an open source tool that is capable of strong encryption using AES. if your step 0 choice is to use a single private key you can choose a tool that supports BIP38 encryption and skip this step.
And if I'm doing mnemonics....Recommendations? Also, what is an encryption tool?

3. build your step 1 choice from source or download the binaries and verify its signature.
OK, I'm going to need this in layman's terms..."build"? How? Download the binaries? I'm guessing this is not a download an app and install type of deal.

4. download a Linux distribution and verify its signature.
I do have a Xubuntu Live USB. How do I verify it's signature?

5. burn the Linux OS on a DVD, disconnect your network and boot up that DVD.
I'm guessing a USB would suffice, correct? Also, do I need persistance or not?

6. run the result (the "tool") of step 4 in that live OS, create a new wallet export the key/mnemonic
I'm afraid I'll need a little bit more detail on this part. I'm not sure what "run the result" means. As well as "create a new wallet export the key/mnemonic"

7. encrypt the result of step 6 with the tool chosen in step 2
I'm guessung this tool encrypts the key? Is the result of step 6 the key?

8. print the encrypted result. create backups and write down the password separately in another secure place.
So it's not the key?

Create a backup...of the paper? Like make a xerox copy?

Write down the password... So is it not encrypted? What did we encrypt then?

10. (important step) reboot the same DVD and try to recover the key you just created using your password and see if you can get the same address (this makes sure you have written things down correctly).
So persistence...necessary or not?

if step 0 choice was a mnemonic you can send some coins to the first address and spend it using an offline/online combination of master private key (on offline backup) and master public key (on the online machine) to also test spending.
How is that done exactly?

Again, thank you for the help!
pooya87
Legendary
*
Online Online

Activity: 2282
Merit: 3585


Remember tonight for it's the beginning of forever


View Profile
October 28, 2020, 03:58:46 AM
Merited by Welsh (6), Pmalek (1), BlackHatCoiner (1)
 #17

Any recommendations if I want to go the mnemonics route?
i'd go with Electrum but keep in mind that Electrum mnemonics are only usable in Electrum itself and one or two other wallets. it is not a big deal since the algorithm is known and pretty easy to duplicate but you should know that it is different from BIP39 (the mnemonic BIP).

Quote
And what exactly is an "export option"?
it was mainly for the private key route not the mnemonic. some wallets only show you the addresses they generated and don't have an option to show you the private key of it. but most of them let you access the private key and export it. which is what you need if you want to create a paper wallet.

Quote
And if I'm doing mnemonics....Recommendations? Also, what is an encryption tool?
an encryption tool is a tool that lets you enter an arbitrary string plus a password and gives you the encrypted result. it has to be open source and popular. since i haven't used any i can't recommend any. maybe someone else can chip in. i pretty much wrote my own code using a KDF and .net System.Security.Cryptography.AES

Quote
OK, I'm going to need this in layman's terms..."build"? How? Download the binaries? I'm guessing this is not a download an app and install type of deal.
trusted bitcoin wallets are always open source, which means you can download the source code and "build" it yourself and then use that instead. but since not everyone can do this, the developers of these wallets build it themselves and release the "binaries" which you can download. for example for Windows it is the .exe file that you download and install. for Linux it is usually a tarball (.tar.gz file).

Quote
I do have a Xubuntu Live USB. How do I verify it's signature?
Xubuntu is a flavor of Ubuntu (with a different desktop environment). you can follow the same steps here:
https://ubuntu.com/tutorials/how-to-verify-ubuntu

Quote
I'm guessing a USB would suffice, correct? Also, do I need persistance or not?
if you are creating a "paper wallet" then you don't need any kind of persistence at all. because you don't want anything to be left behind. and yes you can do it with a USB disk too.

Quote
6. run the result (the "tool") of step 4 in that live OS, create a new wallet export the key/mnemonic
I'm afraid I'll need a little bit more detail on this part. I'm not sure what "run the result" means. As well as "create a new wallet export the key/mnemonic"
there was a mistake in the step number (it should be 3). it means that for example if you chose Electrum, you unzip the tarball in the Linux you are running and run Electrum to create a new wallet.

Quote
I'm guessung this tool encrypts the key? Is the result of step 6 the key?
it is your choice.
for example again using Electrum you can use the mnemonic that it created for you and encrypt that, or you can simply select one of the addresses and export its private key to create a paper wallet from that single key. then encrypt that.

Quote
So it's not the key?
Create a backup...of the paper? Like make a xerox copy?
Write down the password... So is it not encrypted? What did we encrypt then?
you can print it 5 times so you have 5 copies of the encrypted result. let me give you an example:
lets say you created this menmonic
Code:
slice citizen truth work orange delay cactus curve talk include grocery group
use a strong password
Code:
%Vn4mDb2g0@Abv,3*q
encrypt using AES-256-CBC
Code:
7844bc02c50ec1b141181602e02ab2cb447924f227594ec29a650124ef83dfa860212c35cd19b6fddb13a808856b21bc8323b15eee0e36f5b08ad82e14453c91852601e27df72de82ef0a09399ef03b8

you don't need the mnemonic (slice citizen truth ...) anymore, you can throw it away. you have to print the encrypted result (7844bc....) which would be your paper wallet and you can create copies of this.
but also you have to write down the password you used because it is not possible to remember a strong password such as (%Vn4mDb2g0@Abv,3*q). but this has to be on a separate paper and kept separately otherwise the encryption would be pointless.

when you want to recover, you use the same encryption tool and enter the encrypted result (7844bc....) and your password (%Vn4mDb2g0@Abv,3*q) and it should give you the mnemonic (slice citizen truth...) which you can use in the same wallet software.

Quote
So persistence...necessary or not?
persistence will remember the changes you made. for example if you install and create the wallet it will remember the wallet and next time you boot the OS it will have it. you don't want this if you are creating a paper wallet.
that is why i suggested using a DVD since you can't add persistence to a DVD.

Quote
How is that done exactly?
take a look here: https://electrum.readthedocs.io/en/latest/coldstorage.html

9thsky
Member
**
Offline Offline

Activity: 127
Merit: 35


View Profile
October 31, 2020, 03:51:07 PM
Last edit: October 31, 2020, 04:08:28 PM by 9thsky
 #18

Appreciate it Pooya!

Any recommendations if I want to go the mnemonics route?
i'd go with Electrum but keep in mind that Electrum mnemonics are only usable in Electrum itself and one or two other wallets. it is not a big deal since the algorithm is known and pretty easy to duplicate but you should know that it is different from BIP39 (the mnemonic BIP).

OK. I'm not getting much luck Googeling "private key vs mnemonic vs mneminics BIP39".

Could you please help me out? What's the difference between the three in the way they are and function in as layman's termish as possible?

And what exactly is an "export option"?
...some wallets only show you the addresses they generated and don't have an option to show you the private key of it.....

Like Coinbase?

And if I'm doing mnemonics....Recommendations? Also, what is an encryption tool?
an encryption tool is a tool that lets you enter an arbitrary string plus a password and gives you the encrypted result. it has to be open source and popular. since i haven't used any i can't recommend any. maybe someone else can chip in. i pretty much wrote my own code using a KDF and .net System.Security.Cryptography.AES

Sorry. I'm not sure I understand the core function of this tool in relation to Bitcoin. Is it a tool where you enter your btc key and it would convert it to a code and then you can use that code to retrieve your key? If so, then when does the password come into play?

Or does it also generate a password so now you'd have to enter the password AND the code to retrieve your key?

If it's the later, then what's the point of the code? Why not only a password to retrieve your key instead of (what basically seems to me as) two sets of passwords; the code and the actual password?
If it's for extra security then wouldn't you be able to create the same level of security with combining both the code and the password to make one password. What am I missing here?

OK, I'm going to need this in layman's terms..."build"? How? Download the binaries? I'm guessing this is not a download an app and install type of deal.
trusted bitcoin wallets are always open source, which means you can download the source code and "build" it yourself and then use that instead. but since not everyone can do this, the developers of these wallets build it themselves and release the "binaries" which you can download. for example for Windows it is the .exe file that you download and install. for Linux it is usually a tarball (.tar.gz file).

In Electrum I see .tar.gz and Appimage. Which one to use?

I'm guessung this tool encrypts the key? Is the result of step 6 the key?
it is your choice.
for example again using Electrum you can use the mnemonic that it created for you and encrypt that, or you can simply select one of the addresses and export its private key to create a paper wallet from that single key. then encrypt that.

1) What exactly is the benefit of mnemonic over private key?

2) What exactly is the benefit of mnemonic over private key when using an encryption tool?

So persistence...necessary or not?
persistence will remember the changes you made. for example if you install and create the wallet it will remember the wallet and next time you boot the OS it will have it. you don't want this if you are creating a paper wallet.
that is why i suggested using a DVD since you can't add persistence to a DVD.

Is there any risk of doing this on a public computer?
o_e_l_e_o
Legendary
*
Offline Offline

Activity: 1218
Merit: 5774


Wear a mask, slow the spread


View Profile
October 31, 2020, 07:43:49 PM
Merited by Welsh (4), pooya87 (1), ETFbitcoin (1)
 #19

OK. I'm not getting much luck Googeling "private key vs mnemonic vs mneminics BIP39".

Could you please help me out? What's the difference between the three in the way they are and function in as layman's termish as possible?
Mnemonics or mnemonic phrases are a series of words (usually 12 or 24) which can be used to recover your bitcoin wallet and all the addresses it contains. They are also known as seed phrases. (Indeed, "mnemonic" is a bit of a misnomer since these phrases are supposed to be backed up on paper, not memorized).

There are different ways that these phrases can be generated. Most wallets use a method known as BIP39, which is a standardized method. You can read more about it here: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki (a little bit technical). Electrum, on the other hand, uses their own system which is not compatible with BIP39.

Private keys are numbers which relate to individual addresses. Each address in your wallet has a different private key which can be used to spend any coins on that address. All the private keys in your BIP39 or your Electrum wallet are derived from the mnemonic phrase. So to answer your other question further down your post, if you back up the mnemonic phrase, then you are effectively backing up every private key in your wallet and therefore your entire wallet. If you were to back up a single private key, then you are only backing up a single address.

NotATether
Sr. Member
****
Online Online

Activity: 448
Merit: 1065


to Alpha Centurai


View Profile WWW
October 31, 2020, 11:02:08 PM
Last edit: October 31, 2020, 11:12:15 PM by NotATether
 #20

~snip~

So what do you suggest as a 2nd best alternative to HW?

Don't listen to him.
You should never use any website to generate a paper wallet. And neither are you forced to only use paper as the medium of storage.

To be clear, I never suggested to OP to use a website to make a paper wallet (I'm not so foolish to suggest such a thing to anyone). I said:

Also when using paper wallets your security is at the mercy of the site or app you use to get the private keys. Some of these sites aren’t using enough randomness and could leak the keys.

Only reason why I suggested to OP to use hardware wallets instead is that most people don't make their paper wallets safely.

Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!