This is my handout for paranoid people who want a way to store bitcoin safely. It requires a little work, but this is the method I use because it should be resistant to risks associated with:
Bad random number generators
Malicious or flawed software
If you want a method that is less secure but easier, skip to the bottom of this post. The Secure Method
Download bitaddress.org. (Try going to the website and pressing "ctrl+s")
Put the bitaddress.org file on a computer with an operating system that has not interacted with the internet much or at all. The computer should not be hooked up to the internet when you do this. You could put the bitaddress file on a USB stick, and then turn off your computer, unplug the internet, and boot it up using a boot-from-CD copy of linux (Ubuntu or Mint for example). This prevents any mal-ware you may have accumulated from running and capturing your keystrokes. I use an old android smart phone that I have done a factory reset on. It has no sim-card and does not have the password to my home wifi. Also the phone wifi is turned off. If you are using a fresh operating system, and do not have a connection to the internet, then your private key will probably not escape the computer.
Roll a die 62 times and write down the sequence of numbers. This gives you 2160 possible outcomes, which is the maximum that Bitcoin supports.
Run bitaddress.org from your offline computer. Input the sequence of numbers from the die rolls into the "Brain Wallet" tab. By providing your own source of randomness, you do not have to worry that the random number generator used by your computer is too weak. I'm looking at you, NSA ಠ_ಠ
Brain Wallet tab creates a private key and address.
Write down the address and private key by hand or print them on a dumb printer. (Dumb printer means not the one at your office with the hard drive. Maybe not the 4 in 1 printer that scans and faxes and makes waffles.) If you hand copy them you may want to hand copy more than one format. (WIF and HEX). If you are crazy and are storing your life savings in Bitcoin, and you hand copy the private key, do a double-check by typing the private key back into the tool on the "Wallet Details" tab and confirm that it recreates the same public address.
Load your paper wallet by sending your bitcoin to the public address. You can do this as many times as you like.
You can view the current balance of your paper wallet by typing the public address into the search box at blockchain.info
If you are using an old cell phone or tablet do a factory reset when you are finished so that the memory of the private keys is destroyed. If you are using a computer with a boot-from-CD copy of linux, I think you can just power down the computer and the private keys will be gone. (Maybe someone can confirm for me that the private keys would not be able to be cached by bitaddress?)
To spend your paper wallet, you will need to either create an offline transaction, or import the private key into a hot wallet. Creating an offline transaction is dangerous if you don't know what you are doing. Importing to a client side wallet like Bitcoin-Qt, Electrum, MultiBit or Armory is a good idea. You can also import to an online wallet such as Blockchain.info or Coinbase.
Trusting bitaddress.org The only thing you need bitaddress.org to do is to honestly convert the brainwallet passphrase into the corresponding private key and address. You can verify that it is doing this honestly by running several test passphrases through the copy of bitaddress that you plan on using, and several other brainwallet generators. For example, you could use the online version of bitaddress, and brainwallet and safepaperwallet and bitcoinpaperwallet. If you are fancy with the linux command line, you can also try "echo -n my_die_rolls | sha256sum". The linux operating system should reply with the same private key that bitaddress makes. This protects you from a malicious paper wallet generator. Trusting your copy of bitaddress.org Bitaddress publishes the sha1 hash of the bitaddress.org website at this location: https://www.bitaddress.org/pgpsignedmsg.txt The message is signed by the creator, pointbiz. I found his PGP fingerprint here: https://github.com/pointbiz/bitaddress.org/issues/18 "527B 5C82 B1F6 B2DB 72A0 ECBF 8749 7B91 6397 4F5A" With this fingerprint, you can authenticate the signed message, which gives you the hash of the current bitaddress.org file. Then you can hash your copy of the file and authenticate the file. I do not have a way to authenticate the fingerprint itself, sorry. According to the website I linked to, git has cryptographic traceability that would enable a person to do some research and authenticate the fingerprint. If you want to go that far, knock yourself out. I think that the techniques described in this document do not really rely on bitaddress being un-corrupt. Anyway, how do we know pointbiz is a good guy? ;-) There are a lot of skilled eyes watching bitaddress.org and the signed sha1 hash. To gain the most benefit from all of those eyes, it's probably worthwhile to check your copy by hashing it and comparing to the published hash. "But we aren't supposed to use brainwallets" You are not supposed to use brainwallets that have predictable passphrases. People think they are pretty clever about how they pick their passphrases, but a lot of bitcoins have been stolen because people tend to come up with similar ideas. If you let dice generate the passphrase, then it is totally random, and you just need to make sure to roll enough times. How to avoid spending your life rolling dice When I first started doing this, I rolled a die 62 times for each private key. This is not necessary. You can simply roll the die 62 times and keep the sequence of 62 numbers as a "seed". The first paper address you create would use "my die rolls-1" as the passphrase, the second would be "my die rolls-2" and so on. This is safe because SHA256 prevents any computable relationship between the resulting private key family. Of course this has a certain bad security scenario -- if anyone obtains the seed they can reconstruct all of your paper wallets. So this is not for everyone! On the other hand, it also means that if you happen to lose one of your paper wallets, you could reconstruct it so long as you still had the seed. One way to reduce this risk is to add an easy to remember password like this: "my die rolls-password-1". If you prefer, you can use a technique called diceware to convert your die rolls to words that still contain the same quantity of entropy, but which could be easier to work with. I don't use diceware because it's another piece of software that I have to trust, and I'm just copy/pasting my high entropy seed, so I don't care about how ugly it is. Why not input the dice as a Base 6 private key on the Wallet Details tab? Two reasons. First of all, this option requires that you roll the die 99 times, but you do not get meaningful additional protection by rolling more than 62 times. Why roll more times if you don't have to? Second, I use the "high entropy seed" method to generate multiple private keys from the same die rolls. Using the Base 6 option would require rolling 99 times for every private key. I'm a big nerd with exotic dice. How many times to roll? Put this formula in Excel to get the number of times to roll: "=160*LOG(2,f)" where f = number of faces on the die. For example, you would roll a d16 40 times. By the way, somewhat unbelievably casino dice are more fair than ordinary dice The "Change address" problem: You should understand change addresses because some people have accidentally lost money by not understanding it. Imagine your paper wallet is a 10 dollar bill. You use it to buy a candy bar. To do this you give the cashier the entire 10 dollar bill. They keep 1 dollar and give you 9 dollars back as change. With Bitcoin, you have to explicitly say that you want 9 dollars back, and you have to provide an address where it should go to. If you just hand over the 10 dollar bill, and don't say you want 9 dollars back, then the miner who processes the transaction gives 1 dollar to the store and keeps the remainder themselves. Wallet software like Bitcoin-Qt handles this automatically for you. They automatically make "change addresses" and they automatically construct transactions that make the change go to the change address. There are three ways I know of that the change problem can bite you:
You generate a raw transaction by hand, and screw up. If you are generating a transaction "by hand" with a raw transaction editor, you need to be extra careful that your outputs add up to the same number as your inputs. Otherwise, the very lucky miner who puts your transaction in a block will keep the difference.
You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the paper wallet. The change is not in the paper wallet. It is in a change address that the wallet software generated. That means that if you lose your wallet.dat file you will lose all the change. The paper wallet is empty.
You import a paper wallet into a wallet software and spend part of it, and then think that the change is in the change address that the wallet software generated. If the transaction did not need to consume all of the "outputs" used to fund the paper wallet, then there could be some unspent outputs still located at the address of the paper wallet. If you destroyed the paper wallet, and destroyed the copy of the private key imported to the wallet software, then you could not access this money. (E.g. if you restored the software wallet from its seed, thinking all of the money was moved to the wallet-generated change addresses.)
For more on this, see here The hot paper wallet problem Your bitcoin in your paper wallet are secure, so long as the piece of paper is secure, until you go to spend it. When you spend it, you put the private key onto a computer that is connected to the internet. At this point you must regard your paper wallet address as hot because the computer you used may have been compromised. It now provides much less protection against theft of your coins. If you need the level of protection that a cold paper wallet provides, you need to create a new one and send your coins to it. Destroying your paper wallet address Do not destroy the only copy of a private key without verifying that there is no money at that address. Your client may have sent change to your paper wallet address without you realizing it. Your client may have not consumed all of the unspent outputs available at the paper wallet address. You can go to blockchain.info and type the public address into the search window to see the current balance. I don't bother destroying my used/empty paper wallet addresses. I just file them away. Encrypting your private key BIP 0038 describes a standardized way to encrypt your paper wallet private key. A normal paper wallet is vulnerable because if anyone sees the private key they can take the coins. The BIP38 protocol is even resistant to brute force attacks because it uses a memory intensive encryption algorithm called scrypt. If you want to encrypt your wallets using BIP38, I recommend that you use bitcoinpaperwallet because they will let you type in your own private key and will encrypt it for you. As with bitaddress, for high security you should only use a local copy of this website on a computer that will never get connected to the internet. Splitting your private key Another option for protecting the private key is to convert it into multiple fragments that must be brought together. This method allows you to store pieces of your key with separate people in separate locations. It can be set up so that you can reconstitute the private key when you have any 2 out of the 3 fragments. This technique is called Shamir's Secret Sharing. I have not tried this technique, but you may find it valuable. You could try using this website http://passguardian.com/ which will help you split up a key. As before, you should do this on an offline computer. Keep in mind if you use this service that you are trusting it to work properly. It would be good to find other independently created tools that could be used to validate the operation of passguardian. Personally, I would be nervous destroying the only copy of a private key and relying entirely on the fragments generated by the website. Looks like Bitaddress has an implementation of Shamir's Secret Sharing now under the "Split Wallet" tab. However it would appear that you cannot provide your own key for this, so you would have to trust bitaddress. Durable Media Pay attention to the media you use to record your paper wallet. Some kinds of ink fade, some kinds of paper disintegrate. Moisture and heat are your enemies. In addition to keeping copies of my paper wallet addresses I did the following:
Order a set of numeric metal stamps. ($10)
Buy a square galvanized steel outlet cover from the hardware store ($1)
Buy a sledgehammer from the hardware store
Write the die rolls on the steel plate using a sharpie
Use the hammer to stamp the metal. Do all the 1's, then all the 2's etc. Please use eye protection, as metal stamp may emit sparks or fly unexpectedly across the garage. :-)
Use nail polish remover to erase the sharpie
Electrum If you trust electrum you might try running it on an offline computer, and having it generate a series of private keys from a seed. I don't have experience with this software, but it sounds like there are some slick possibilities there that could save you time if you are working with a lot of addresses. Message to the downvoters I would appreciate it if you would comment, so that I can learn from your opinion. Thanks! The Easy Method This method is probably suitable for small quantities of bitcoin. I would not trust it for life-altering sums of money.
Download the bitaddress.org website to your hard drive.
Close your browser
Disconnect from the internet
Open the bitaddress.org website from your hard drive.
Please forgive the new account, but after getting some guidance on the #segwit-support slack channel, here are the steps for us Windows N00bs to keep the miners honest even if you don't have much space on your disk.
Does a functionality of Bitcoin's proof of existence already in anything similar?
A lot of startups have launched based on the idea of using the blockchain as, what I'm calling, a one way searchable decentralized proof of existence. Most notably Factom.. You can embed proof of a document on the blockchain by taking the SHA256SUM and converting it to a bitcoin address. The details of how to this can be found here!. My question is, does a database like this already exist? Or is this legitimately a new technology, and an underappreciated aspect of the blockchain. If you send money to the bitcoin address that corresponds the the unique hash of your document. As far as the miners or anyone else looking at the blockchain transaction knows one wallet paid some amount of BTC to another. Is there a database other than the blockchain that allows for the demonstrating data ownership, timestamping, and checking for document integrity without centrally holding the document itself? All comments on the idea and history of proof-of-existence are appreciated.
If you are running an older version, shut it down. Wait until it has completely shut down (which might take a few minutes for older versions), uninstall all earlier versions of Bitcoin, then run the installer (on Windows) or just copy over /Applications/Bitcoin-Qt (on Mac) or bitcoind/bitcoin-qt (on Linux). If you are upgrading from version 0.7.2 or earlier, the first time you run 0.9.0 your blockchain files will be re-indexed, which will take anywhere from 30 minutes to several hours, depending on the speed of your machine. On Windows, do not forget to uninstall all earlier versions of the Bitcoin client first, especially if you are switching to the 64-bit version.
Windows 64-bit installer
New in 0.9.0 is the Windows 64-bit version of the client. There have been frequent reports of users running out of virtual memory on 32-bit systems during the initial sync. Because of this it is recommended to install the 64-bit version if your system supports it. NOTE: Release candidate 2 Windows binaries are not code-signed; use PGP and the SHA256SUMS.asc file to make sure your binaries are correct. In the final 0.9.0 release, Windows setup.exe binaries will be code-signed.
The 'chainstate' for this release is not always compatible with previous releases, so if you run 0.9 and then decide to switch back to a 0.8.x release you might get a blockchain validation error when starting the old release (due to 'pruned outputs' being omitted from the index of unspent transaction outputs). Running the old release with the -reindex option will rebuild the chainstate data structures and correct the problem. Also, the first time you run a 0.8.x release on a 0.9 wallet it will rescan the blockchain for missing spent coins, which will take a long time (tens of minutes on a typical machine).
Rebranding to Bitcoin Core
To reduce confusion between Bitcoin-the-network and Bitcoin-the-software we have renamed the reference client to Bitcoin Core.
Autotools build system
For 0.9.0 we switched to an autotools-based build system instead of individual (q)makefiles. Using the standard "./autogen.sh; ./configure; make" to build Bitcoin-Qt and bitcoind makes it easier for experienced open source developers to contribute to the project. Be sure to check doc/build-*.md for your platform before building from source.
Another change in the 0.9 release is moving away from the bitcoind executable functioning both as a server and as a RPC client. The RPC client functionality ("tell the running bitcoin daemon to do THIS") was split into a separate executable, 'bitcoin-cli'. The RPC client code will eventually be removed from bitcoind, but will be kept for backwards compatibility for a release or two.
The behavior of the walletpassphrase RPC when the wallet is already unlocked has changed between 0.8 and 0.9. The 0.8 behavior of walletpassphrase is to fail when the wallet is already unlocked:
> walletpassphrase 1000 walletunlocktime = now + 1000 > walletpassphrase 10 Error: Wallet is already unlocked (old unlock time stays)
The new behavior of walletpassphrase is to set a new unlock time overriding the old one:
> walletpassphrase 1000 walletunlocktime = now + 1000 > walletpassphrase 10 walletunlocktime = now + 10 (overriding the old unlock time)
Transaction malleability-related fixes
This release contains a few fixes for transaction ID (TXID) malleability issues:
-nospendzeroconfchange command-line option, to avoid spending zero-confirmation change
IsStandard() transaction rules tightened to prevent relaying and mining of mutated transactions
Additional information in listtransactions/gettransaction output to report wallet transactions that conflict with each other because they spend the same outputs.
Bug fixes to the getbalance/listaccounts RPC commands, which would report incorrect balances for double-spent (or mutated) transactions.
New option: -zapwallettxes to rebuild the wallet's transaction information
This release drops the default fee required to relay transactions across the network and for miners to consider the transaction in their blocks to 0.01mBTC per kilobyte. Note that getting a transaction relayed across the network does NOT guarantee that the transaction will be accepted by a miner; by default, miners fill their blocks with 50 kilobytes of high-priority transactions, and then with 700 kilobytes of the highest-fee-per-kilobyte transactions. The minimum relay/mining fee-per-kilobyte may be changed with the minrelaytxfee option. Note that previous releases incorrectly used the mintxfee setting to determine which low-priority transactions should be considered for inclusion in blocks. The wallet code still uses a default fee for low-priority transactions of 0.1mBTC per kilobyte. During periods of heavy transaction volume, even this fee may not be enough to get transactions confirmed quickly; the mintxfee option may be used to override the default.
0.9.0 Release notes
New notion of 'conflicted' transactions, reported as confirmations: -1
'listreceivedbyaddress' now provides tx ids
Add raw transaction hex to 'gettransaction' output
Updated help and tests for 'getreceivedby(account|address)'
In 'getblock', accept 2nd 'verbose' parameter, similar to getrawtransaction, but defaulting to 1 for backward compatibility
Add 'verifychain', to verify chain database at runtime
Add 'dumpwallet' and 'importwallet' RPCs
'keypoolrefill' gains optional size parameter
Add 'getbestblockhash', to return tip of best chain
Add 'chainwork' (the total work done by all blocks since the genesis block) to 'getblock' output
Make RPC password resistant to timing attacks
Clarify help messages and add examples
Add 'getrawchangeaddress' call for raw transaction change destinations
Reject insanely high fees by default in 'sendrawtransaction'
Add RPC call 'decodescript' to decode a hex-encoded transaction script
Make 'validateaddress' provide redeemScript
Add 'getnetworkhashps' to get the calculated network hashrate
New RPC 'ping' command to request ping, new 'pingtime' and 'pingwait' fields in 'getpeerinfo' output
Adding new 'addrlocal' field to 'getpeerinfo' output
Add verbose boolean to 'getrawmempool'
Add rpc command 'getunconfirmedbalance' to obtain total unconfirmed balance
Explicitly ensure that wallet is unlocked in importprivkey
Add check for valid keys in importprivkey
New option: -nospendzeroconfchange to never spend unconfirmed change outputs
New option: -zapwallettxes to rebuild the wallet's transaction information
Rename option '-tor' to '-onion' to better reflect what it does
Add '-disablewallet' mode to let bitcoind run entirely without wallet (when built with wallet)
Update default '-rpcsslciphers' to include TLSv1.2
make '-logtimestamps' default on and rework help-message
RPC client option: '-rpcwait', to wait for server start
Allow -noserver with bitcoind
Block-chain handling and storage:
Update leveldb to 1.15
Check for correct genesis (prevent cases where a datadir from the wrong network is accidentally loaded)
Allow txindex to be removed and add a reindex dialog
Log aborted block database rebuilds
Store orphan blocks in serialized form, to save memory
Limit the number of orphan blocks in memory to 750
miniZ.exe – the miner. miniZ.exe.sha256sum – a file containing a string, the hash of miniZ.exe file (sha256). It is good policy to check the file hash, if the hash you calculate and the one in the file are not the same do not run miniZ.exe and let us know by leaving us a comment. If you downloaded the file from our website everything should be OK. To get the hash of a file on Windows use ... Bytecoin implements the ring signature technology to sign the transactions of a given user on behalf of the group. This results in a robust and completely anonymous payment scheme. Generate the SHA256 hash of any string. This online tool allows you to generate the SHA256 hash of any string. SHA256 is designed by NSA, it's more reliable than SHA1. A CPU miner for Litecoin, Bitcoin, and other cryptocurrencies. cpuminer is a multi-threaded, highly optimized CPU miner for Litecoin, Bitcoin, and other cryptocurrencies. Currently supported algorithms are SHA-256d and scrypt(N, 1, 1). It supports the getblocktemplate mining protocol as well as the Stratum mining protocol, and can be used for both solo and pooled mining. Notice: Please see ... sha256sum --ignore-missing --check SHA256SUMS.asc. In the output produced by the above command, you can safely ignore any warnings and failures, but you must ensure the output lists "OK" after the name of the release file you downloaded. For example: bitcoin-0.20.1-x86_64-linux-gnu.tar.gz: OK. Obtain a copy of the release signing key by running the following command: gpg --keyserver hkp ...
Forever lost Bitcoins For its 10-years history there were around 10 million Bitcoin coins lost and there are many different and crazy rumors of where they are stored now. Still the most ... For Bitcoin Core Client updates: https://bitcoincore.org @bitcoincoreorg in Twitter Linux terminal commands: sha256sum, tar, cp, sudo, rm, exit, less * All other commands have been covered in ... Squidtastic 👉🏾 smarturl.it/Squidtastic Follow SahBabii: https://twitter.com/SahBabii https://www.instagram.com/SahBabii/ https://www.facebook.com/SahBabii ht... Support Better Than Yesterday: https://www.buymeacoffee.com/uQKkXCF6B You probably don't have a problem playing video games or browsing social media on your ... Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.