BitcoinSpinner

[giszmo]

If you have any significant amount of bitcoins in your wallet, be careful which systems your backup goes through. Avoid pulling it through a computer.

The following advice is only for fat wallets. If you have less than, say, 100 bitcoins, you can probably take the small risk that they get stolen. But if you have more, read on.

Printing from your phone directly to a printer without a computer in between would be fairly safe, possibly the best way to do it. But be careful not to use some service that uses any computer or cloud in between. That wouldn't cut it. Direct-printing USB or Bluetooth printers are still a rare breed though. I guess things will get better over time.

Unfortunately you cannot put the phone face-down on a copier. The copier beams too much light at the original, so the phone screen will not be visible on the copy.

Photographing the QR code with a Polaroid camera would do just fine, but those are out of fashion these days. If you still have one, keep it usable for this purpose. Polaroid has a cute Bluetooth printer for smartphones, which would solve the problem very nicely, but that would set you back another $100.

Taking a screenshot and pulling it through your computer is decidedly less safe, but then an Android phone with many programs installed and usually connected to the Internet is also not safe. You could have a bitcoin-stealing Trojan on it, for example, or some remote-controlled spying software.

If all else fails, you can still copy the wallet backup to the clipboard, paste it into a text editor, and write it down on a piece of paper by hand. Just understand that every single typo will completely invalidate your backup. I'm not sure about digit zero vs. upper-case O and lower-case L vs. upper-case i ambivalence, but you could try to use a text editor with a font where each character is unique. Test your backup before you rely on it.

If you have a larger amount of bitcoins on a phone, you probably want a separate phone without an always-on Internet connection and with little or no extra software installed. That would be your little bitcoin safe. An older Android phone, factory-wiped, devoid of unneeded software, and with all Internet connections switched off is ideal. Of course you have to connect it to the Internet to do a transaction, but disconnect it again when you're done.

Ok so let me share my random thoughts on security, too:
Typos invalidate your backup, but if you talk long term storage, don't worry about that neither as you can brute force from a key with 5 typos "easily".
Don't use Spinner. Don't use Schildbach's wallet. Neither of them encrypt your key. You loose your phone, you loose your money (I don't like POV of Jan that it is inconvenient to type serious keys on an android and therefore not having it encrypted. Sorry, for the situation of wanting to put the big stash into one dedicated device, Androids are a perfect low cost type of device. Sure, raspberries would do, too but Androids are just so common place nowerdays.)
Maybe use a recent Android as these provide disk encryption but please investigate first.
Don't rely on your key being stored in just one place. Phones brick.
Take into account that the wallet of your choice might be designed to create weak keys that the maker of the binary knows how to brute force.
Compile your wallet yourself and in order to do so, download a popular wallet from github or google code where github or google code reported no changes for months so that hopefully any traps were found by code reviewers. Take the repo everybody is forking and downloading and not a fork with zero activity if you don't intend to review the differences.
Binaries can be signed, too. If you don't intend to compile for yourself, the second best option is to take a signed package. Signed means that the signer approves of the content and hopefully he knows of the content. What you get from the google market is signed by the "developer".
(Is it easily possible to compile bitcoin-qt to the exact same binary as the one I can download? At least this is non-trivial as you also use different compilers, platforms, libraries etc. so for others to verify the binary actually has something to do with the public source code is what less people do than to review every commit. There is room for attacks.)

"If you have less than, say, 100 bitcoins, you can probably take the small risk that they get stolen." … 100Ƀ is $10,000 is a fortune for about 99% of the worlds population. Thanks for respecting this negligible part of our world.

Public copiers not only beam light at your screen but also store your wallet indefinitely on a hard drive. Avoid "big" printers for secret stuff.

[1714591557]

1714591557

[1714591557]

1714591557

[1714591557]

1714591557

[1714591557]

1714591557

[giszmo]

importing and exporting keys:
While others try to export their key to other wallets, I would like to integrate a cool vanitygen address in my Spinner. I have my phone rooted so I have access to KeyManagerCache.xml but the format of the keys is unfamiliar to me. What format is it and would it work to put the according data of my vanitygen key there?

[Jan]

...
Don't use Spinner. Don't use Schildbach's wallet. Neither of them encrypt your key. You loose your phone, you loose your money (I don't like POV of Jan that it is inconvenient to type serious keys on an android and therefore not having it encrypted. Sorry, for the situation of wanting to put the big stash into one dedicated device, Androids are a perfect low cost type of device. Sure, raspberries would do, too but Androids are just so common place nowerdays.)
Maybe use a recent Android as these provide disk encryption but please investigate first.
Don't rely on your key being stored in just one place. Phones brick.
...

Encrypted keys are prone to brute force attacks. And, end users are notoriously bad at choosing strong passwords -> kindergarten cryptography.
In the end you will have to rely on physical security (e.g. paper backups) to obtain two paramount properties:
1. The ability to make sure you can restore your private key
2. The inability for someone else to obtain your private key

This is why I suggest anyone storing large amounts with BitcoinSpinner to:
1. Use a dedicated device (I installed cyanogen, no sim-card, no other apps)
2. Use two wallets backed up on paper QR-codes. As soon as you restore wallet A on top of wallet B, then wallet B is deleted from your device, and there is no way to get to the key. (yes, wallet B is your savings wallet)

The definition of "large amounts" and proper physical security is up to you.

Hgmichna has some good suggestions for retrieving the backup and put it on paper. I myself took a picture with a camera and placed the SD-card in my printer.

[ffe]

Don't use Spinner. Don't use Schildbach's wallet. Neither of them encrypt your key. You loose your phone, you loose your money (I don't like POV of Jan that it is inconvenient to type serious keys on an android and therefore not having it encrypted. Sorry, for the situation of wanting to put the big stash into one dedicated device, Androids are a perfect low cost type of device. Sure, raspberries would do, too but Androids are just so common place nowerdays.)

Good thoughts. Thanks for the advice. Unlike Jan, I actually keep three QR codes on paper in my wallet. One is the long term storage, one is my daily use wallet, and the last one is an empty wallet. When I'm done with a transaction I always restore the empty wallet and now if I lose my phone all I lose is the phone.

By the way Jan, I found out by trial and error that I DO NOT have to backup a wallet before I restore it. It turns out that if the restore string or QR code is properly formed (ie. excludes certain illegal characters etc.) any random string will be "restored" as if it had been backed up in the past. I know you disapprove of brain wallets Jan but this is a nice brain wallet on bitcoinspinner!

I use an offline tool to hash my (strong, salted) password. I go through and strike out illegal characters. I add a couple of snippets in front and after to make it a valid spinner backup. I use an offline tool to QR it. I then restore it and voila. Brain wallet lite on spinner. (Not quite the same as other brain wallets in that it's restricted to spinner.)

[giszmo]

When I'm done with a transaction I always restore the empty wallet and now if I loose my phone all I loose is the phone.

Good people only loose phones and never loose wallets.

[ffe]

When I'm done with a transaction I always restore the empty wallet and now if I loose my phone all I loose is the phone.

Good people only loose phones and never loose wallets.

lol 

[Dabs]

You know what Mr. Jan, just put a simple form of encryption, at least on the private key, if the user wants that. Not a PIN code with an unencrypted private key. Check out how bitcoin-qt encrypts the wallet private keys with AES.

You can do the same, or even take it an extra step by doing iterations, so every time you attempt to spend, it has to decrypt the private key, which will take several hundred or thousand iterations of AES using your password or passphrase, or something like 0.3 seconds. That stops brute force attacks on the password.

That end users pick bad or short passwords is their problem. A little memo or note on that or a validation routine that enforces minimum length, or at least 2 different groups of characters (numerals, UPPERCASE LETTERS, lowercase letters, symbols). I suggest a reminder that tells people to use at least 8 characters, and to use at least letters AND numbers (symbols optional). I personally prefer using just lowercase letters, but my password lengths are at least 8 to 16 to 24 alphanumeric characters.

Only have a maximum length only because the phone is itself limited, but making the limit something like 64 or 256 characters isn't going to get too many complaints. (If you can memorize 64 characters, you might as well memorize the private key itself huh, it's only 51 or 52 characters.)

In the event the phone or mobile device is lost or stolen, the thief can only see the amount of coins in that public key. Brute force attacks using that phone will take 0.3 seconds per attempt. Brute force attacks using the encrypted private key downloaded to a computer, with or without GPUs or ASICs or other hardware will be faster, but you will have time to spend the funds to a new wallet.

With a long enough salt stored on the device - maybe 64 characters or 256 bits -, you can even thwart rainbow table based brute force attacks.

Don't bother protecting the phone from getting the encrypted private key (they will just root the device), but make sure the encryption implementation is good enough. 0.3 seconds to wait before signing the transaction and broadcasting to the bitcoin network is something I am willing to wait for. It will take me much longer to input the password.

For speed and convenience, cache the password (but not the unencrypted private key) for 1 minute (or users option).

[hgmichna]

That end users pick bad or short passwords is their problem. A little memo or note on that or a validation routine that enforces minimum length, or at least 2 different groups of characters (numerals, UPPERCASE LETTERS, lowercase letters, symbols). I suggest a reminder that tells people to use at least 8 characters, and to use at least letters AND numbers (symbols optional). I personally prefer using just lowercase letters, but my password lengths are at least 8 to 16 to 24 alphanumeric characters.

I think Jan is right on this one. Minimum password cracking difficulty does not work because of dictionary attacks, if users use easy-to-remember words, which many do.

The PIN already gives the person whose phone was stolen enough time to move his bitcoins to another wallet, before the thief works it out.

Of course there is always some room for improvement, so your proposals should be taken into account and carefully weighed, but I'm sure Jan will do that anyway.

[giszmo]

Gnah!!! Of course secure passwords can be entered on phones just as easily as on computers and of course there are people who would do it wrong. This is no excuse for Jan ... for us ... not to provide encryption.

[Richy_T]

Gnah!!! Of course secure passwords can be entered on phones just as easily as on computers and of course there are people who would do it wrong. This is no excuse for Jan ... for us ... not to provide encryption.

Easy option: Add encryption, call it Bitspinner pro, charge $1. Those who would find the option useful can have it, those who would likely mess it up will be discouraged by the cost.

[Jan]

Gnah!!! Of course secure passwords can be entered on phones just as easily as on computers and of course there are people who would do it wrong. This is no excuse for Jan ... for us ... not to provide encryption.

Easy option: Add encryption, call it Bitspinner pro, charge $1. Those who would find the option useful can have it, those who would likely mess it up will be discouraged by the cost.

+1

[molecular]

Gnah!!! Of course secure passwords can be entered on phones just as easily as on computers and of course there are people who would do it wrong. This is no excuse for Jan ... for us ... not to provide encryption.

Easy option: Add encryption, call it Bitspinner pro, charge $1. Those who would find the option useful can have it, those who would likely mess it up will be discouraged by the cost.

+1

+1, but make it 0.01 BTC instead

[kaoD]

Amazing client and amazing API. I just love how simple and lightweight it is.

[Dabs]

I'll donate 0.01 BTC. But the minute it is paid or commercial software people are going to want many more additional features.

1. Other currency exchanges, like, based on openexchangerates.com (similar to localbitcoins.com), dual display (in USD and PHP for example).
2. AES encryption like I described, with variable time delay using iterative hashing (key strengthening)
3. Import private key.
4. Generate new private keys in compressed format (those keys that begin with L or K instead of 5.)
5. More than 1 key (or wallet) with coin control (to manipulate individual unspent outputs)
6. Regular computation of transaction fee, no imposition of mandatory fee (at users risk of tx not included in next block). Or set your own transaction fee, instead of fixed to 0.0005.
7. Some other feature I haven't thought of yet.

[BitLucky]

My phone has been lost for a week now, and I have not loaded up my Spinner backup yet (still waiting for new phone to arrive)... so far so good and bitcoins remain unspent 

[Jan]

I'll donate 0.01 BTC. But the minute it is paid or commercial software people are going to want many more additional features.

1. Other currency exchanges, like, based on openexchangerates.com (similar to localbitcoins.com), dual display (in USD and PHP for example).
2. AES encryption like I described, with variable time delay using iterative hashing (key strengthening)
3. Import private key.
4. Generate new private keys in compressed format (those keys that begin with L or K instead of 5.)
5. More than 1 key (or wallet) with coin control (to manipulate individual unspent outputs)
6. Regular computation of transaction fee, no imposition of mandatory fee (at users risk of tx not included in next block). Or set your own transaction fee, instead of fixed to 0.0005.
7. Some other feature I haven't thought of yet.

If you add HD wallets and offline transactions to the list you end up with Armory.

BitcoinSpinner was designed to be easy to use for ordinary people. Adding the above features violate that.

Also, very few people fully understand the fee structure of Bitcoin. Setting your own transaction fee will make people say "Hell, I don't wanna pay any stinking fees", making your transactions stuck.

[Edit] However, anyone can take the source, fork it and do whatever they want

[Jan]

My phone has been lost for a week now, and I have not loaded up my Spinner backup yet (still waiting for new phone to arrive)... so far so good and bitcoins remain unspent 

If you have exported your private key you can move your coins using for instance blockchain.info or MultiBit, until you can get a new wallet up and running on your new phone.

[BitLucky]

My phone has been lost for a week now, and I have not loaded up my Spinner backup yet (still waiting for new phone to arrive)... so far so good and bitcoins remain unspent 

If you have exported your private key you can move your coins using for instance blockchain.info or MultiBit, until you can get a new wallet up and running on your new phone.

No I just exported the BSB backup

[Richy_T]

My phone has been lost for a week now, and I have not loaded up my Spinner backup yet (still waiting for new phone to arrive)... so far so good and bitcoins remain unspent 

If you have exported your private key you can move your coins using for instance blockchain.info or MultiBit, until you can get a new wallet up and running on your new phone.

No I just exported the BSB backup

You could use the android emulator for PC.

[Dabs]

I'll donate 0.01 BTC. But the minute it is paid or commercial software people are going to want many more additional features.

1. Other currency exchanges, like, based on openexchangerates.com (similar to localbitcoins.com), dual display (in USD and PHP for example).
2. AES encryption like I described, with variable time delay using iterative hashing (key strengthening)
3. Import private key.
4. Generate new private keys in compressed format (those keys that begin with L or K instead of 5.)
5. More than 1 key (or wallet) with coin control (to manipulate individual unspent outputs)
6. Regular computation of transaction fee, no imposition of mandatory fee (at users risk of tx not included in next block). Or set your own transaction fee, instead of fixed to 0.0005.
7. Some other feature I haven't thought of yet.

If you add HD wallets and offline transactions to the list you end up with Armory.

BitcoinSpinner was designed to be easy to use for ordinary people. Adding the above features violate that.

Also, very few people fully understand the fee structure of Bitcoin. Setting your own transaction fee will make people say "Hell, I don't wanna pay any stinking fees", making your transactions stuck.

[Edit] However, anyone can take the source, fork it and do whatever they want

Okay. Fair enough. How about just one feature? hehe. Import private key, where private key can be a compressed key. Like L5EeLJXGeXNcqtBBnYyjeDA75cbd8NR92o3Bcjd3Tz4edCK5Xgj6 or KyRocm71UpThBFrz6cn8kuvLc1uJCp3LaWUVdnRcubRgxAqMTDEM