What do you guys think about this method to safely store your Bitcoin?

[turvarya]

Someone asked me per PM, how to save his Bitcoin securely, but also so you can use them. Having print out some paper wallets a while ago,  I haven't really looked into how to make them secure, since I just use them.

So, giving it some thought, I came up with this solution.

1. Go to this site:
https://www.bitaddress.org/bitaddress.org-v2.9.3-SHA1-7d47ab312789b7b3c1792e4abdb8f2d95b726d64.html
save the html

2. Download tails
https://tails.boum.org/

3. put both on an usb stick

4. Boot from that usb stick(I think, there is an offline mode, but unplug your internet connection to be sure)

5. Open your bitadress-html.

6. go to Paper wallet

7. Check Bip38 and give a strong password(e.g. 8 unrelated words)

8. Print them out(nor sure about tails, but last time I tried a live os, i had to go back in my common os to use the printer, but that should still be safe, since the wallets are Bip38-encrypted). Print them multiples times to make sure, you don't lose them all.

9. Install Mycelium: https://play.google.com/store/apps/details?id=com.mycelium.wallet (android)
or BreadWallet (iOS)

10. Buy Bitcoin and send it directly to your paper wallets.

11. When you want to use your Bitcoin, scan your private key QR-code(type in your passphrase for bip38-decrypion with your smartphone-app, send the amount you want and send the change to another of your paper wallets.


I think, that are pretty easy steps and you don't have to spend a satoshi to take them.

Does anybody see a flaw?
I haven't really tried it out, so there might be something in it.

[shorena]

-snip-
Does anybody see a flaw?
I haven't really tried it out, so there might be something in it.

Not really...



Lets make some assumptions and see where we end up. You do the steps given and we assume that I was able to take over your machine (the one you use in step 1) with a rootkit. Possible actions would be:

#1 I manipulate the source from bitaddress.org while/directly after you download it (signatures/public keys are replaced ofc)
#2 I manipulate tails
#1 and #2 can result in the following: You actually have a private key I dont know, but I just replace the address with one (or several) of mine, thus the moment you send funds to "your private key", I own them.

[odolvlobo]

For that level of security, you could also run Armory on an offline computer. It would be much easier than making paper wallets all the time.

[turvarya]

For that level of security, you could also run Armory on an offline computer. It would be much easier than making paper wallets all the time.

1. He said, that he travels a lot.
2. For that, you have to have an offline computer.
3. You can just print out 100 paper wallets at a time.

[LiteCoinGuy]

the only secure way for a beginner is a hardware wallet in my view.

[turvarya]

the only secure way for a beginner is a hardware wallet in my view.

What is unsecure about my way?

[newIndia]

For that level of security, you could also run Armory on an offline computer. It would be much easier than making paper wallets all the time.

Is armory safer than bitcoin core ?

[Robert Paulson]

if someone tampers with your phone and replaces mycelium with something else its game over.

[LiteCoinGuy]

the only secure way for a beginner is a hardware wallet in my view.

What is unsecure about my way?

to be accurate: your way is not unsecure but exhausting. when you are tech-savvy you can do that but 99,5 % cant do that (or dont want to do that).

hardware wallets are the way to go. just my 2 satoshis  

[turvarya]

the only secure way for a beginner is a hardware wallet in my view.

What is unsecure about my way?

to be accurate: your way is not unsecure but exhausting. when you are tech-savvy you can do that but 99,5 % cant do that (or dont want to do that).

hardware wallets are the way to go. just my 2 satoshis  

It's hard to tell, since I am tech-savy, but it doesn't seem that exhausting to me, and the steps are easy enough.
But we would need a non-tech-savy person, who tries it out, to settle that argument

[Q7]

While it is not a bad idea, can't imagine having to go through all the lengthy process and the time it takes will probably outweighs the advantage. Just to be safe what I always do is transfer a small amount to the phone and use it. Even if I lose my phone or the account gets compromised the losses are minimal.

Nevertheless if I need to purchase items using lots of btc, I would rather do this at home. It's a give and take situation, between security and comfort....I'll go along the middle line.

[axel2078]

I actually tried this (generating paper wallet offline with bitaddress file), but the only web browser available in Tails (Tor) had the plugins removed or disabled that would allow me to generate the paper wallet (javascript prehaps?). I ended up disconnecting my main computer from the web and just running it on that and then moving everything off before I connected it again.  Yeah, I know it's not as secure, but I'll take my chances.

[ChuckBuck]

For the common noob, just have him buy this:

https://www.ledgerwallet.com/

Your way is fine, but for average Joe, he'd probably like less steps.

[LiteCoinGuy]

For the common noob, just have him buy this:

https://www.ledgerwallet.com/

Your way is fine, but for average Joe, he'd probably like less steps.

  and look here for an overview of hardware wallets:

https://bitcointalk.org/index.php?topic=899253.0

[Flashman]

Well lets ask a n00b...

Ugg: Ugg say me carve notches on stick and hide stick, not trust mysterious rock remember Uggs gold.