|
|
(35 intermediate revisions by 2 users not shown) |
Line 1: |
Line 1: |
− | A '''paper wallet''' is the name given to a method of storing bitcoin which involves printing a single [[Private Keys|private key]] and bitcoin [[address]] onto paper and depositing funds into a [[Bitcoin Transactions#P2PHK|P2PKH]] script using the address. Funds can be accessed by accessing the physical paper and entering the private key into a wallet. This is usually achieved by scanning a QR code of the private key in [[Wallet import format]]. | + | A '''paper wallet''' is the name given to a method of storing bitcoin which involves printing a paired [[Private Keys|Bitcoin private key]] and [[Bitcoin address]] onto paper and depositing funds into a [[Bitcoin Transactions#P2PHK|P2PKH]] script using the address. Funds can be spent by accessing the physical paper and entering the private key into a wallet. This is usually achieved by scanning a QR code of the private key in [[Wallet import format]] (WIF). |
| | | |
− | Paper wallets are seen as a secure method of long term storage of funds however there are downsides to using this method.
| + | == Redeeming bitcoins stored using paper wallets == |
| + | |
| + | The best way to redeem the bitcoins from a private key is to use the "sweep" feature of certain wallet software. This process creates a new transaction that sends the entire balance of the paper wallet to a new address controlled by that wallet. |
| + | |
| + | Various wallets support sweeping private keys including: |
| + | |
| + | * [https://electrumsv.io/ ElectrumSV] |
| + | * [https://simply.cash/ Simply Cash] |
| | | |
| ==Downsides/Risks== | | ==Downsides/Risks== |
| | | |
− | ===Printing===
| + | Paper wallets are generally regarded as a secure method of long-term storage of funds; however, there are downsides to using this method. |
| | | |
− | Paper wallets require using a printer to transfer them to paper. Most printers have internal storage where the image of the wallet could be saved allowing an attacker with access to the printer to see the private key and steal the stored bitcoins. Shared printers such as in schools, offices or internet cafes are also usually centrally logged. If the printer is accessed over WiFi then any radio wave listener could also obtain the private keys and steal the money. | + | ===Printing and print media=== |
| + | Paper wallets require using a printer to transfer them to paper which presents a risk if networked printers are used in an insecure environment. |
| | | |
− | [[Seed phrase]]s avoid this problem by having the user transfer the sensitive information to paper without a printer but via their own handwriting.
| + | Additionally, while QR codes have a checksum and robust error correction, print media can be damaged by water, soilage or through crumpling or folding of the paper. |
| | | |
| === Address reuse === | | === Address reuse === |
| | | |
− | Paper wallets have just one bitcoin address, leading to [[address reuse]]. | + | Paper wallets have just one Bitcoin address, leading to [[address reuse]]. |
| | | |
| === Poor user experience === | | === Poor user experience === |
| | | |
− | Dealing with raw private keys can be unintuitive and may lead to loss of funds if not managed properly. It is recommended that users of paper wallets understand how they function before using them as long term funds storage. | + | Dealing with raw private keys can be unintuitive and may lead to loss of funds if not managed properly. It is recommended that users of paper wallets understand how they function before using them as long-term funds storage. |
− | | |
− | === Change addresses are not handled which leads to screwups ===
| |
− | | |
− | Users have been known to import the private key into software wallet and then spend part of the funds. They mistakenly believe the remaining funds are still on the paper wallet when in reality they are in a [[change|change address]].<ref>https://www.reddit.com/r/Bitcoin/comments/1c9xr7/psa_using_paper_wallets_understanding_change/</ref>
| |
− | | |
− | === Encouragement of raw transactions ===
| |
− | | |
− | [[Raw Transactions]] are dangerous, unintuitive and have many times resulted in loss of funds.
| |
− | | |
− | A notable example of such a costly mistake is the address <code>1Acbo3viCYy1TSZB7m2W1nPPNF4rcAPMC9</code> which seems to have been a paper wallet. The owner appears to have been regularly buying bitcoin between April 2014 and January 2017, before apparently making a mistake with raw transactions and sending ''50 bitcoins'' as miner fees.<ref>See transaction <code>d38bd67153d774a7dab80a055cb52571aa85f6cac8f35f936c4349ca308e6380</code></ref> (worth about $50000 at the contemporary exchange rate).
| |
− | | |
− | Also note the terrible privacy due to [[Address reuse]] that allows us to get such a complete picture of what happened.
| |
− | | |
− | === Low error correction ===
| |
− | | |
− | [[File:Water-damaged-paper-wallet-privkey.jpg|thumb|right|400px|Water damaged paper wallet [[private key]]]]
| |
− | | |
− | The private keys is typically printed in rather small font. Sometimes the characters could be mistakenly read for another letter, such as a B versus an 8 or 1 versus l. If even a single character is wrong or mistakenly typed then the entire private key will be invalid. Private keys in WIF format have a checksum but there are no tools for regular users to correct mistakes.
| |
− | | |
− | QR codes were not designed for secure storage of cryptographic material. QR codes have been damaged and made unscannable by water<ref>https://www.reddit.com/r/Bitcoin/comments/1sc02w/make_sure_to_secure_your_paperwallet_against/</ref><ref>https://www.reddit.com/r/Bitcoin/comments/2ni2fq/reminder_keep_your_paper_wallets_dry_if_you_use/</ref>, crumpling and even folding the paper.
| |
− | | |
− | As [[seed phrase]]s uses natural language words, they have far more error correction. Words written in bad handwriting can often still be read. If one or two letters are missing the word can often still be read. The [[Seed_phrase#Word_Lists|word list]] from which seed phrase words are drawn from is carefully chosen so that the first four letters of a word is enough to uniquely identify it.
| |
− | | |
− | === Inconsistent private key format ===
| |
− | | |
− | The spending of paper wallets relies on wallet software understanding the private key format. There has been at least one situation where an update to private key formats resulted in a user's funds becoming stuck <ref>https://www.reddit.com/r/Bitcoin/comments/8v2lxa/did_i_lose_my_btc_by_sending_to_a_segwit_bc1/</ref>.
| |
− | | |
− | [[Seed phrase]]s avoid this problem because they are created by the same wallet software which understands how to spend from them.
| |
− | | |
− | === Encouragement of obsolete brainwallet style ===
| |
− | | |
− | Almost all paper wallet websites today also have an interface to the obsolete sha256 brainwallets. These are very insecure and should never be used, yet paper wallet websites do not come with adequate warnings.
| |
− | | |
− | See also: [[Brainwallet#Obsolete_Brainwallet_Style]]
| |
− | | |
− | === Javascript software ===
| |
− | | |
− | Most paper wallets are created in a website using [[Javascript cryptography]], which is considered unsafe for anything related to bitcoin.
| |
− | | |
− | === Browser wallets are bad ===
| |
− | | |
− | Almost all paper wallets are made by websites, which therefore involves most of the problems associated with [[Browser-based wallet]].<ref>https://www.reddit.com/r/Bitcoin/comments/771c4z/bitaddressorg_beware_of_possible_scam/</ref><ref>https://np.reddit.com/r/Bitcoin/comments/a7xaej/paperwallet_being_hacked/</ref>
| |
− | | |
− | == Redeeming bitcoins and withdrawing funds ==
| |
− | | |
− | [[File:FirstBitcoinBills.jpg|thumb|right|200px|Casascius holding early paper wallets]]
| |
− | | |
− | The best way to redeem the bitcoins from a private key is to use the "sweep" feature of certain wallet software. This sends the entire balance of the paper wallet to a [[deterministic wallet]]. Alternatively the private key could be imported and the entire balance sent to an address in the wallet.
| |
− | | |
− | There are various wallets for doing this:
| |
− | | |
− | * [[Electrum]] and [[Mycelium]] support sweeping private keys.
| |
− | * [[Bitcoin Core]] supports the RPC call "importprivkey" for this purpose. See [[How to import private keys in Bitcoin Core 0.7+]]
| |
− | * [[BlockChain.info]] and [[Armory]] can also import them directly into wallets.
| |
| | | |
| == Bitcoin ATMs and paper wallets == | | == Bitcoin ATMs and paper wallets == |
| | | |
− | Many bitcoin ATMs use a paper-wallet-like system for delivering bitcoins if the customer doesn't have a bitcoin wallet. The ATMs can print out a private key/address pair onto paper which contain the customer's bitcoins. Ideally the customer would sweep the bitcoins into their own wallet as soon as they can. | + | Many Bitcoin ATMs use a paper-wallet-like system for delivering bitcoins if the customer doesn't have a Bitcoin wallet. The ATMs can print out a private key/address pair onto paper which contain the customer's bitcoins. Ideally the customer should sweep the bitcoins into their own wallet as soon as they can. |
| | | |
| == See Also == | | == See Also == |
| | | |
− | * [[Private key]]
| |
| * [[Seed phrase]] | | * [[Seed phrase]] |
− | * [[Storing bitcoins]]
| |
− | * [[How to import private keys]]
| |
− | * https://bitzuma.com/posts/how-to-spend-a-bitcoin-paper-wallet-in-three-easy-steps/
| |
− |
| |
− | ==References==
| |
− | <references />
| |
| | | |
− | [[Category:Security]] | + | ==Attribution== |
| + | This content is based on content sourced from https://en.bitcoin.it/wiki/Paper_wallet under [https://creativecommons.org/licenses/by/3.0/ Creative Commons Attribution 3.0]. Although it may have been extensively revised and updated, we acknowledge the original authors. |
A paper wallet is the name given to a method of storing bitcoin which involves printing a paired Bitcoin private key and Bitcoin address onto paper and depositing funds into a P2PKH script using the address. Funds can be spent by accessing the physical paper and entering the private key into a wallet. This is usually achieved by scanning a QR code of the private key in Wallet import format (WIF).
Redeeming bitcoins stored using paper wallets
The best way to redeem the bitcoins from a private key is to use the "sweep" feature of certain wallet software. This process creates a new transaction that sends the entire balance of the paper wallet to a new address controlled by that wallet.
Various wallets support sweeping private keys including:
Downsides/Risks
Paper wallets are generally regarded as a secure method of long-term storage of funds; however, there are downsides to using this method.
Printing and print media
Paper wallets require using a printer to transfer them to paper which presents a risk if networked printers are used in an insecure environment.
Additionally, while QR codes have a checksum and robust error correction, print media can be damaged by water, soilage or through crumpling or folding of the paper.
Address reuse
Paper wallets have just one Bitcoin address, leading to address reuse.
Poor user experience
Dealing with raw private keys can be unintuitive and may lead to loss of funds if not managed properly. It is recommended that users of paper wallets understand how they function before using them as long-term funds storage.
Bitcoin ATMs and paper wallets
Many Bitcoin ATMs use a paper-wallet-like system for delivering bitcoins if the customer doesn't have a Bitcoin wallet. The ATMs can print out a private key/address pair onto paper which contain the customer's bitcoins. Ideally the customer should sweep the bitcoins into their own wallet as soon as they can.
See Also
Attribution
This content is based on content sourced from https://en.bitcoin.it/wiki/Paper_wallet under Creative Commons Attribution 3.0. Although it may have been extensively revised and updated, we acknowledge the original authors.