getting Bech32 address on paper wallet

[fred21]

Hello,

I have used for 1 year the ian coleman Mnemonic Code Converter (https://iancoleman.io/bip39/) to manage my BTC

However I would like to generate  Bech32 address for efficiency with my wallet (thanks to words mnemonic).

Is there a way to do so with ian coleman Mnemonic Code Converter or other ?

Is it safe to keep BTC on P2PKH address?

thanks

[NeuroticFish]

However I would like to generate  Bech32 address for efficiency with my wallet (thanks to words mnemonic).

Is there a way to do so with ian coleman Mnemonic Code Converter or other ?

If I understood right your problem, all you need is to click the BIP84 tab in Ian Coleman generator.

Is it safe to keep BTC on P2PKH address?

Yes. Nothing has change on that matter.

[fred21]

Thanks for your reply.

I will try to use those addresses from now

I am also wondering if ian coleman Mnemonic Code Converter is the best tool as a browser based way to generate offline word seeds and all private, public keys and address?

is it really 100% secure in terms of randomness of the word seeds?

I also have some BTC on paper wallet generated on bitaddress.org (offline). is it at risk?

thanks

[BitMaxz]

As an alternative, if you don't need to generate many Segwit addresses then you can use this one below to generate a single (Bench32)address.

- https://coinb.in/#newSegWit

For safety to P2PKH addresses always generate them on offline PC. So, download the page of iancoleman tool or the coinb.in tool and disconnect the PC before you generate any address you want from those tools.

I am also wondering if ian coleman Mnemonic Code Converter is the best tool as a browser based way to generate offline word seeds and all private, public keys and address?

is it really 100% secure in terms of randomness of the word seeds?

I also have some BTC on paper wallet generated on bitaddress.org (offline). is it at risk?

As of now, I never heard any issue with using iancoleman tool so I think it's safe the same goes for bitaddress.org

[Charles-Tim]

I am also wondering if ian coleman Mnemonic Code Converter is the best tool as a browser based way to generate offline word seeds and all private, public keys and address?

It is open source and following the BIP39 standard for seed phrase generation and also generating the seed safely if provided you run it in a safe environment by runing it on an airgapped device and also making use of its utml source.

is it really 100% secure in terms of randomness of the word seeds?

Yes, but if you are not convenient with that, you can make use of your own entropy by throwing a coin up 256 times, upside as 1 and downside as 0 or vice versa.

I also have some BTC on paper wallet generated on bitaddress.org (offline). is it at risk?

It depends on the source you used to generate the private key and address, if it is https://bitaddress.org, it is safe, but I can only guarantee safety if done offline especially using its source on an airgapped device. The fee for legacy addresses are higher than segwit, but not that you want to be using it for frequent transactions.
You can even still run Electrum on airgapped device which will generate you segwit wallet by default. You can use this guide for its download and signature verification.

[fred21]

I have heard that bitaddress.org generated address was crackable but not anymore now.

[hosseinimr93]

For safety to P2PKH addresses always generate them on offline PC. So, download the page of iancoleman tool or the coinb.in tool and disconnect the PC before you generate any address you want from those tools.

By disconnecting your computer from internet when generating addresses, you don't really make your wallet more secure.
It is recommended to generate addresses on an air-gapped computer. This means that you should use a computer that has always been offline and will never be online in future.

[Charles-Tim]

By disconnecting your computer from internet when generating addresses, you don't really make your wallet more secure.
It is recommended to generate addresses on an air-gapped computer. This means that you should use a computer that has always been offline and will never be online in future.

I agree, especially if the person wants to be making use of the cold generated wallet on the airgapped device for signing, this means the airgapped wallet should remain airgapped for safety. I have even recently learned that it is best on newly installed computer OS like Ubuntu in which any online connections are disabled. But, according to OP, he only wants to generate it as a paper wallet, which means having proper backup of the seed phrase is enough, deleting the wallet after it has been created will be fine and used as a paper wallet.

But what I am concerned about now is that, is it good to format the computer again after the wallet generation and reinstall back the OS, or just deleting the wallet on the device is enough. Although, I will go for the former.

[hosseinimr93]

-------------

When you delete some data from your computer, it's not that they disappear completely once they are deleted. The deleted data exists on your hard drive until some new data replace them.
By deleting a file from your computer, you actually tell your operating system that "I don't need this file anymore. Please don't display it. You are allowed to replace it with new data in future."
That's why there are some tools for recovering permanently deleted files. The deleted data can be accessed by a malware as long as they have not been replaced by new data.

Therefore, for generating a wallet, I would use a computer that has never been online and will never be online. It's not enough to delete files. Formatting the hard drive (as suggested by you) can be a good idea too.

[ranochigo]

I have heard that bitaddress.org generated address was crackable but not anymore now.

It isn't.

Javascript-based generation is notorious for being subpar as compared to your normal wallets. Having to rely on your browser to correctly communicate with the OS CSPRNG with no assurance isn't very good if you need to ensure that your generation involves enough entropy. JS cryptography modules aren't very well implemented or audited either, there has been cases where users have lost funds due to poor implementation by the developers or just from the limitation of javascript. I wouldn't bother running JS sites, offline or not. The fact that you'll have to trust put your trust in so many different components and have no assurance of whether it would be working perfectly is quite dangerous.

Consider just using a normal desktop wallet for generation instead.

[ranochigo]

According to this old GitHub issue (#35), it was possible to generate private key with low entropy if user don't move the mouse. But i doubt it's what @fred21 meant since user usually move their move.

Hmm, okay that I didn't know. I always thought bitaddress was using a browser CSPRNG (not math.random()) for the entropy. Mouse movement and the other variables should serve as a complement to the original entropy and shouldn't be overly-reliant on that.

Anyhow, I think this proves my point that generating addresses in browser is inherently insecure.

[o_e_l_e_o]

Therefore, for generating a wallet, I would use a computer that has never been online and will never be online. It's not enough to delete files. Formatting the hard drive (as suggested by you) can be a good idea too.

Even better than that - don't have a hard drive to begin with. Take an old computer, remove any WiFi cards or other connectivity hardware, remove any hard drives or other storage devices, and then boot from a live OS on a CD or USB drive which are write protected. Use that live session to generate your seed phrase or private keys to write down on paper and your addresses to receive to, and then just power off. Within a few minutes to an hour or so, depending on your RAM and its physical environment, all traces of your data will be gone.

If you don't want to do that and want to have some persistent storage on your airgapped device (such as for using a cold wallet), then use full disk encryption on its hard drive. It doesn't matter so much if you leave behind traces of your seed phrase or private keys on a hard drive if the entire thing is encrypted and an attacker can't decrypt the data.

[BlackHatCoiner]

is it really 100% secure in terms of randomness of the word seeds?

No and you can't verify it somehow. Generally, generating random numbers using javascript through a web browser isn't recommended. Once you want to keep your funds safe, you have to ensure that nothing malicious has being involved in the process of the entropy's generation. Theoretically, a malware/virus could affect your computer's RNG and return you results that may seed random, but they're not.

I'd advice you to use tangible and physical things whose randomness could be verified like a coin's or even better (for your time), a dice's.

Take a look: [Open Source] Coin Flipped Seed (coin flip, dice roll, rubik's cube mixing)

[ranochigo]

-snip-
Once you want to keep your funds safe, you have to ensure that nothing malicious has being involved in the process of the entropy's generation. Theoretically, a malware/virus could affect your computer's RNG and return you results that may seed random, but they're not.

I'd advice you to use tangible and physical things whose randomness could be verified like a coin's or even better (for your time), a dice's.

If there is a malware infection, using your own entropy won't matter. They just wouldn't attack your entropy.

Your computer's randomness is crucial for many of its function and the kernel provides for and gathers sufficient entropy through several environmental sources. Generating your own entropy through your own methods can introduce potential weakness through inherent weaknesses that are associated with various actions or objects; imperfect dice, throwing techniques, etc. These can make for entropy that are perceived to be enough but infact would provide lesser entropy than that generated with your computer's randomness. Certain wallets also include additional entropy sources as a fallback.

I would only do this provided that the user actually understands how this works and to ensure unpredictability in the results. If not, then using a well-known and tested programs would be far better for most purposes. If you're paranoid and understand what you're doing, then yeah it is doable.

[BlackHatCoiner]

If there is a malware infection, using your own entropy won't matter. They just wouldn't attack your entropy.

If the computer is offline, then the attacker would have to compromise your system's RNG. There is no other method to steal your money, if we assume that it'll remain offline forever. (or that it'll be formatted right after the generation)

Rolling a dice is randomly verifiable in contrast with an RNG. The sufficient entropy you've mentioned that is provided from my kernel isn't verifiable or at least, not same like with dice.

If not, then using a well-known and tested programs would be far better for most purposes. If you're paranoid and understand what you're doing, then yeah it is doable.

I believe paranoia comes with large amounts. Wouldn't you roll the dice properly instead if you had 1000 BTC?

[ranochigo]

If the computer is offline, then the attacker would have to compromise your system's RNG. There is no other method to steal your money, if we assume that it'll remain offline forever. (or that it'll be formatted right after the generation)

If you cannot trust the integrity of your offline system, then you actually might have more things to worry about; the signature for the transaction it generates, whether it is generating the correct keys, etc. No one AFAIK has been attacked by someone compromising their RNG so far, because it is usually hardened. If you don't trust the OS, then the best way is to try to obtain the best source of entropy (radioactive decay, etc) and calculate everything by hand.

Rolling a dice is randomly verifiable in contrast with an RNG. The sufficient entropy you've mentioned that is provided from my kernel isn't verifiable or at least, not same like with dice.

You cannot verify entropy. The 100 rolls, or however many rolls is usually insufficient to build a model to show that it has zero bias (or with the numbers evenly distributed). Most wallets includes various other variables to try to reduce their dependency on a single source within the OS. There is a very good reason why most known wallets don't allow their users to provide their own entropy out of the box. It usually doesn't end very well.

I believe paranoia comes with large amounts. Wouldn't you roll the dice properly instead if you had 1000 BTC?

I would probably trust the group of people that made Bitcoin Core and the Linux Kernel than myself. Might just be me though.

Of course, as I've said. If you've got any idea of what you're dealing with and accept the possible accompanying risks, then there's no problem.

[Charles-Tim]

If the computer is offline, then the attacker would have to compromise your system's RNG. There is no other method to steal your money, if we assume that it'll remain offline forever. (or that it'll be formatted right after the generation)

I couldn't agree more, proper dealing with and holding of Bitcoin safely and securely comes with security etiquette, bitcoin safely wallet generation and usage also comes with security etiquette, airgapped device totally free of malware like newly installed Ubuntu which acertain no malware with no external connection irrespective of throwing dice for entropy generation or generating it or seed phrase using tools like Iancoleman. Just my opinion to total safety.

[BlackHatCoiner]

If you cannot trust the integrity of your offline system, then you actually might have more things to worry about; the signature for the transaction it generates, whether it is generating the correct keys, etc.

Yes, this is correct, but you also have to worry about these with or without the dice roll. If you chose to generate your seed using your RNG, besides with the randomness' compromisation you would also have to worry about the keys' validation etc. The physical and completely unpredictable selection of bits that can be verified skips the RNG compromisation part.

I would probably trust the group of people that made Bitcoin Core and the Linux Kernel than myself. Might just be me though.

But, you aren't trusting only those, this is the problem; you have to also trust the unverifiable randomness used for the generation of a number directly from your OS. It means that you have to trust every third-party involved in the process of the computer's building.

[ranochigo]

The physical and completely unpredictable selection of bits that can be verified skips the RNG compromisation part.

You cannot verify how random your results are. You can only verify that you generated the results and that you are trusting that the way you've executed it is free of any critical mistakes that could influence the entropy.

But, you aren't trusting only those, this is the problem; you have to also trust the unverifiable randomness used for the generation of a number.

Yes, as for my dice rolling is the faith that my dice is not biased (perfect CG) and that I'm not throwing them in a way that makes it biased. As I've said, most Bitcoin wallets collects data from multiple sources to try to prevent a single source from ruining the randomness of your keys. Core in particular uses urandom, rdrand, CPU cycles, OpenSSL, etc. Compromising every source of entropy constitutes a complete compromise of either your OS or wallet as well. To which, at this point you shouldn't be using them.

You can of course, XOR your own entropy in addition to those given by your OS. The way the wallets do this is by including multiple sources of data.

[BlackHatCoiner]

You cannot verify how random your results are. You can only verify that you generated the results and that you are trusting that the way you've executed it is free of any critical mistakes that could influence the entropy.

Well, yes, but there are ways to avoid any critical mistakes. If you put a dice in a black box, wiggled the box and opened it after a certain period, you'd have accomplished true randomness. You could do that with many dices inside the box to reduce time. Generally, you have to find a way in which the person doesn't know what he's doing. If you go with the rubik's cube mixing or the deck's shuffling, or even the mouse movement used by bitaddress.org, the user knows very well what he's doing; he just tries to do it with the smallest probability.