A Thorough Step-by-Step Guide to Creating Secure Paper Wallets (w/ An Online Component to Monitor Your Balance 24/7)

View previous topic View next topic Go down

A Thorough Step-by-Step Guide to Creating Secure Paper Wallets (w/ An Online Component to Monitor Your Balance 24/7)

Post by Admin on Sat Jan 10, 2015 5:18 pm

It seems like every day i see a post on /r/bitcoin where someone has had their entire saving of BTC wiped out in an instant. Yet we still keep storing our coins in exchanges and hot wallets.
If we do not wish to give up the decentralized nature of bitcoin, then we ABSOLUTELY MUST educate everyone on cold storage, and how to do it for themselves.
DISCLAIMER-READ BEFORE COMMENTING: I have a VERY small knowledge of technology, which definitely adds to my paranoia of having my BTC hacked, and my curiosity into the topic of keeping it secure.
I can only explain this to you in a sort of laymens terms, so i apologize in advance if it sounds unrefined. I have a very minimal knowledge of the technical side of bitcoin (public/private key cryptography, etc) If you are not comfortable taking my advice, by all means, there are plenty of sites on google you can get better, more technical advice about paper wallets.
By presenting it in this relatively quick, concise format, that you can simply print out and follow... we might be able to collectively save the community thousands of coins in theft.
Lets go over a few important concepts that I believe one needs to understand before delving into paper wallets.
WHAT IS A BITCOIN ADDRESS?
A bitcoin "Address" is nothing more than a pairing of a public key (which you share with people to receive money, think of your public key as INBOUND ONLY traffic) and a private key (which cryptographically links to your public key, allowing you to spend said funds, OUTBOUND traffic). As im sure most of us would have no issue with money accidentally coming INTO our account, your public address can be shown to anyone. However, to spend/move those funds, you must possess the PRIVATE key. this is why they are named as such.
tl;dr
an address is a randomly generated pair of keys, one public for receiving funds, and one private for spending.
OKAY, SO WHAT IS A KEY, AND WHERE DOES IT COME FROM?
Okay, this one is going to make you techies cringe. Key pairs are generated using complex codes and algorithms and javascript and shit, and these algorithms basically spit you out two keys. One is short, and that is your public key. the other is long, that is your private key, which allows you to spend funds.
The public key is mathematically derived from the private key.
Now i know what you're thinking, Dafuq? Couldnt someone just take my public key, plug it into a reverse key generator, and determine my private key, and then spend my coins?? Well this is where the genius of bitcoin comes into play:
Your public key is derived in such a way that, if someone wanted to reverse math your public key to find your private key, it would take the worlds most powerful computer something like 43928409382490832904839028490328 years to perform the calculation, because math. Boom.
tl;dr
keys to receive and spend your bitcoins are randomly generated using bitcoin's algorithm, to give you 1 public key to receive BTC, and 1 private key to spend.
WHAT IS A BITCOIN WALLET?
A bitcoin "Wallet" is a collection of addresses (keys) which can be stored online thru a service like Blockchain.info or just stored on the Bitcoin app or software on your PC. These programs contain many addresses for you to accept (and also Send) payments.
Unfortunately, at the price of convenience, in order to send your funds easily, the private keys for your bitcoin addresses are stored within the computer or smartphone(remember that zoolander scene?)... and for me this is not secure enough for my paranoia. If there is somehow malware on your computer, and it captures your private key somehow during a transaction or something.. your coins are gone. This is where the need for paper wallets (cold storage) arises. With cold storage, your private keys have never been e
Okay so we gotta chill here for a second, because this next sentence pretty much i feel like no one understands, and this is super important.........
ANYONE WHO HAS ACCESS TO YOUR PRIVATE KEY CAN AND WILL SPEND YOUR FUNDS FROM YOUR BITCOIN ADDRESS.
So lets just assume everything BESIDES paper wallets are inherently UNSECURED. Okay, now we can move on.
The last thing we need to cover is the subject of BIP0038 Private Key encryption. I mean this shit is mind-blowing people. This is something for the ultra-paranoid like myself.
WHAT IS BIP38 PRIVATE KEY ENCRYPTION??
Complex shit, but im gonna nutshell it for you guys. BIP38 basically takes the security of the math behind your public key and performs that same magic on your private key.
Did i lose you? thats okay.
All BIP38 does is make it so that your Private key needs a password to be decrypted in order to spend your funds. For example, even if my house were robbed and a bad guy stole my paper wallets out of my safe, without my BIP38 encrypted passphrase, those keys are useless to him. It basically takes your normal private key (which normally if someone can see, they can steal the funds) and password protects it to add an increased layer of security if they are ever lost.
WHY IS BIP38 BETTER?
Well lets use the scenario i described above. BIP38 is good because it protects your keys. My funds are un-spendable. However, lets go back to the robber who stole my paper wallet in the above example. Although he might not be able to use them, if those were the only copies that existed, then neither can I, which means im pretty much fucked. Without my private key, which was on that piece of paper, i have no access to my funds
BIP38 effectively solves this problem because now you are able to make copies or backups and store them in other places, or even online on a well secured cloud account, without having to worry about your private key being exposed. If someone finds your PDF file or that extra copy of your paper wallets that you left at your moms house, it wont matter because they still need your BIP38 encryption passphrase to spend your funds.
tl;dr
BIP38 is like password protecting your paper wallet. SUPER SECURE.
So as many of you learned from the above introduction, I am in no way technologically savvy.
What I do understand, however, is by generating your addresses (public and private key pairs) securely, offline, on a secure OS (ubuntu), you have the advantage of holding private keys that have never seen the internet.
You are the sole holder of your private keys, meaning that until you decide to spend/move your coins, It is a physical impossiblity for you to be hacked. When you store your coins anywhere other than cold storage (paper wallets) You are essentially trusting the wallet and client and server and whatever other middle ground protocols or prying eyes might be involved. With Paper Wallets, you are the sole owner and curator of your keys, and that's pretty bad ass.
HOW TO MAKE PAPER WALLETS
1 BUY PRINTER.
Kinda necessary. Get the simplest laserjet you can find, with no wifi capability. Laser holds up better to water, and also prints a little more sharply in my opinion.
2 BUY USB STICK.
It has to be 2GB, 4GB or higher is preferred. We will use this to install Ubuntu (stable open source linux-based OS with few security holes unlike windows)
3 INSTALL UBUNTU ONTO USB STICK
Use this step-by-step guide to create a bootable USB stick: http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-windows
EDIT: I have been made aware that there are other stabile operating systems including Tails which provide the same benefits as ubuntu, by all means, use whatever operating system you feel is the safest, as long as it is not windows.
4 DOWNLOAD BITADDRESS.ORG HTML FROM GITHUB
Bitaddress.org is a JavaScript Client-Side Bitcoin Wallet Generator. I prefer bitaddress.org, because of the BIP0038 functionality built right in. We will acquire the source code from GitHub, which is open source consensus based filesharing, which reduces the risk of the code being compromised.
https://github.com/pointbiz/bitaddress.org/archive/master.zip is the direct link. IMPORTANT: Copy all the files in the zip into the Documents folder on your USB stick. This zip contains the bitaddress offline HTML page that you will use to generate your paper wallets. if that .zip direct link ever breaks, this link (https://github.com/pointbiz/bitaddress.org) will take you to the bitaddress.org github page, then click "download zip" in the lower right hand corner.
**If you would like to be 100% sure your copy of bitaddress.org.html is legitimate, verify your copy of bitaddress.org with GPG. Instructions at: https://bitcointalk.org/index.php?topic=43496.0
Please don't forget to tip bitaddress.org. Those guys are amazing.**
BTCVAULT offers a shortcut and also an alternative with an offline electrum wallet. Check it out.
5 BOOT UBUNTU FROM USB STICK
http://www.ubuntu.com/download/desktop/try-ubuntu-before-you-install
Make sure there are no ethernet cables attached to your computer, and do not connect to any sort of wifi while using Ubuntu
6 SET UP YOUR PRINTER IN UBUNTU
"How to setup a printer in Ubuntu"
https://www.youtube.com/watch?v=Fe0QE9oEp0A
7 OPEN YOUR BITADDRESS.ORG.HTML PAGE IN UBUNTU
It should look identical to https://www.bitaddress.org/
Click the Paper Wallet Tab
Make sure "BIP38 Encrypt?" box is CHECKED
Choose how many wallets you want per page (i always do 3, fits neatly on a page)
Enter a passphrase for your BIP38 encryption. Make it something complex, use numbers mixed in with upper and lowercase letters, and write this down somewhere OFFLINE. or make DAMN sure you will remember it. without this passphrase, you will be unable to spend your funds.
Click GENERATE.
8 PRINT YOUR WALLETS
Using the PRINT button (use the one inside the page). Print a few copies to store in different locations. You may also wish to print your wallet to a PDF file, and store that online on dropbox or something for easy access to your wallet in an emergency. And don't worry, because that BIP38 passphrase will keep you safe on the super super super small chance some hacker finds that PDF file.
after step 8 you are done generating the keys and you should immediately shut down your Ubuntu session by turning off your computer. Remove the USB stick. All the following steps are performed using your regular OS setup while connected to the Internet.
IMPORTANT: Don't forget you might have to change your PC's BIOS setting back to "boot from disk" again if you having issues starting windows back up.
9 CREATE A WALLET AT BLOCKCHAIN.INFO
https://blockchain.info/wallet/new
When you get signed up and you're on the Blockchain wallet main page, click on ACCOUNT SETTINGS. Click continue when prompted about sensitive data.
On the left, click "devices" then click "Show/Hide Pairing Code" Leave this window open, we will use it for the next step.
10 DOWNLOAD BLOCKCHAIN ANDROID APP FROM THE PLAY STORE
Install, open, and click "Pair Device", then click "Scan QR Code". Scan the pairing barcode that we just generated in STEP 9 above. You should hear a little chime, and at this point the app should prompt you to create a PIN. You now have set up your online wallet. We will use this to monitor our paper wallet balance.
11 SCAN YOUR "WATCH ONLY" ADDRESSES
On the dropdown menu in the Blockchain app (can also be accessed by hitting the MENU buttin on your android), click "Scan Watch Only Address" and scan each one of your paper wallet PUBLIC keys. Hit Okay to confirm. For the address labels, i usually make an inconspicuous nickname for my wallet, and then name the addresses accordingly. For example, you could name them Bacon01, Bacon02, and Bacon03.
12 TEST PAYMENT
Send a small portion your funds to one of your public keys you just printed (Bacon01).
Verify the payment using your blockchain app on your phone. as soon as your payment hits your paper wallet you should hear a notification on your phone. Your funds are now stored in a much more secure way.
EDIT: If you use an exchange like coinbase, just click send money, and enter your paper wallet public address (yourself) as the recipient.
MANAGING AND SPENDING PAPER WALLETS
If you go to your address book in the blockchain app, you can see that you now have 3 addresses listed. Bacon01, Bacon01, and Bacon03, that all say "watch only" There should be a 4th address, and this is your "hot wallet" with blockchain. I usually just archive this address that way i dont have to see it or deal with it.
If you're planning to save long term, and dont plan on spending BTC anytime soon, then in your Address Book, Long press on that hot wallet address (the only one that DOESNT say "watch only") and click "Archive". Now, when you go back to your main blockchain balance screen on the Android app, youll notice that when you click that little barcode in the top left, it renders you a nice barcode that ties to your paper wallet public address (Bacon01). You can now accept payments directly to your paper wallet, without having to have the actual paper in front of you!
Lastly, the Blockchain balance reported in the front screen of the app is the balance of all your "active addresses" ADDED TOGETHER. if there are any that you would not like to have the balance reflected in the main balance, then archive them.
EDIT: check out this more advanced tutorial using dice to generate real world randomness: http://www.reddit.com/r/BitcoinWallet/comments/1p6y5c/secure_paper_wallet_tutorial
IF I MADE ANY MISTAKES, LET ME KNOW, AND I WILL FIX THEM. THIS NEEDS TO BE READ BY EVERYONE HOLDING BITCOIN.
Another guide by BTGuide https://docs.google.com/document/d/1Mjmeh2M2D_76K92V5pGcTFMp12axkkdB8zRL7zOLLjA/edit

Admin
Admin

Posts : 24
Join date : 2015-01-06

View user profile http://yorkbit.forumotion.net

Back to top Go down

Re: A Thorough Step-by-Step Guide to Creating Secure Paper Wallets (w/ An Online Component to Monitor Your Balance 24/7)

Post by Admin on Sat Jan 10, 2015 5:19 pm

Taken from here:

http://www.reddit.com/r/Bitcoin/comments/1ucn47/a_thorough_stepbystep_guide_to_creating_secure/

Admin
Admin

Posts : 24
Join date : 2015-01-06

View user profile http://yorkbit.forumotion.net

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum