Difference between revisions of "Paper wallet"
Line 24: | Line 24: | ||
While QR codes have a checksum and robust error correction, they can be damaged by water, crumpling or folding of the paper. | While QR codes have a checksum and robust error correction, they can be damaged by water, crumpling or folding of the paper. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
=== Encouragement of obsolete brainwallet style === | === Encouragement of obsolete brainwallet style === |
Revision as of 06:28, 15 January 2020
A paper wallet is the name given to a method of storing bitcoin which involves printing a single private key and bitcoin address onto paper and depositing funds into a P2PKH script using the address. Funds can be accessed by accessing the physical paper and entering the private key into a wallet. This is usually achieved by scanning a QR code of the private key in Wallet import format.
Paper wallets are seen as a secure method of long term storage of funds however there are downsides to using this method.
Downsides/Risks
Printing
Paper wallets require using a printer to transfer them to paper. Most printers have internal storage where the image of the wallet could be saved allowing an attacker with access to the printer to see the private key and steal the stored bitcoins. Shared printers such as in schools, offices or internet cafes are also usually centrally logged. If the printer is accessed over WiFi then any radio wave listener could also obtain the private keys and steal the money.
Seed phrases avoid this problem by having the user transfer the sensitive information to paper without a printer but via their own handwriting.
Address reuse
Paper wallets have just one bitcoin address, leading to address reuse.
Poor user experience
Dealing with raw private keys can be unintuitive and may lead to loss of funds if not managed properly. It is recommended that users of paper wallets understand how they function before using them as long term funds storage.
Low error correction
The private keys are typically printed in small fonts. Sometimes characters may be mistaken for another letter. One single wrong character will invalidate the key. Private keys in WIF format have a checksum but there are a lack of tools for regular users to correct mistakes.
While QR codes have a checksum and robust error correction, they can be damaged by water, crumpling or folding of the paper.
Encouragement of obsolete brainwallet style
Almost all paper wallet websites today also have an interface to the obsolete sha256 brainwallets. These are very insecure and should never be used, yet paper wallet websites do not come with adequate warnings.
See also: Brainwallet#Obsolete_Brainwallet_Style
Javascript software
Most paper wallets are created in a website using Javascript cryptography, which is considered unsafe for anything related to bitcoin.
Browser wallets are bad
Almost all paper wallets are made by websites, which therefore involves most of the problems associated with Browser-based wallet.<ref>https://www.reddit.com/r/Bitcoin/comments/771c4z/bitaddressorg_beware_of_possible_scam/</ref><ref>https://np.reddit.com/r/Bitcoin/comments/a7xaej/paperwallet_being_hacked/</ref>
Redeeming bitcoins and withdrawing funds
The best way to redeem the bitcoins from a private key is to use the "sweep" feature of certain wallet software. This sends the entire balance of the paper wallet to a deterministic wallet. Alternatively the private key could be imported and the entire balance sent to an address in the wallet.
There are various wallets for doing this:
- Electrum and Mycelium support sweeping private keys.
- Bitcoin Core supports the RPC call "importprivkey" for this purpose. See How to import private keys in Bitcoin Core 0.7+
- BlockChain.info and Armory can also import them directly into wallets.
Bitcoin ATMs and paper wallets
Many bitcoin ATMs use a paper-wallet-like system for delivering bitcoins if the customer doesn't have a bitcoin wallet. The ATMs can print out a private key/address pair onto paper which contain the customer's bitcoins. Ideally the customer would sweep the bitcoins into their own wallet as soon as they can.
See Also
- Private key
- Seed phrase
- Storing bitcoins
- How to import private keys
- https://bitzuma.com/posts/how-to-spend-a-bitcoin-paper-wallet-in-three-easy-steps/
References
<references />