[bitcoin-dev] Paper Wallet support in bitcoin-core
Sjors Provoost
sjors at sprovoost.nl
Sat Sep 30 07:36:46 UTC 2017
> Op 30 sep. 2017, om 06:49 heeft Jonas Schnelli via bitcoin-dev <bitcoin-dev at lists.linuxfoundation.org> het volgende geschreven:
>
>> On 09/29/2017 02:03 PM, Luke Dashjr wrote:
>> Paper wallets are a safety hazard, insecure, and generally not advisable.
>>
>
> I have to agree with Luke.
> And I would also extend those concerns to BIP39 plaintext paper backups.
>
> IMO, private keys should be generated and used (signing) on a trusted, minimal and offline hardware/os. They should never leave the device over the channel used for the signing I/O. Users should have no way to view or export the private keys (expect for the seed backup). Backups should be encrypted (whoever finds the paper backup should need a second factor to decrypt) and the restore process should be footgun-safe (especially the lost-passphrase deadlock).
I believe BIP39 does an excellent job at reducing the amount of bitcoin permanently lost. Stolen funds can at least in theory be retrieved at some future date. There's a trade-off between having a backup process that is secure and one that people actually use. I don't know the right answer, and tend to agree it's better left to individual wallets to decide.
Sjors
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20170930/d70b17b5/attachment-0001.sig>
More information about the bitcoin-dev
mailing list