Bitcoin Q&A: Using paper wallets

“When spending part of the funds in a paper wallet,
why do you risk losing your remaining balance?” “What is the best way to avoid that?” There are two considerations when
you are spending from a paper wallet. The first consideration is, if you
built that paper wallet securely, on an offline computer isolated from the internet,
when you are spending part of the funds on that wallet, most of the time that means you have either typed,
scanned, or swept the key to an online wallet… to create that transaction. When you put the private key online, it is better
to spending everything from that paper wallet. In the worst case, you can simply make the payment
and send the rest to a brand-new paper wallet.. that you have created offline. But [your paper wallet is not as secure as before];
the private key has now been in an online system. That is one concern. The other concern is, many
wallets use change addresses in the background. When you do a transaction spending from the paper
wallet, the UTXO [controlled by] the private key… will probably be a single UTXO
(unspent transaction output). When you spend from that, unless the amount is
exactly what you want to spend, if you spend less, then your wallet will generate change. Where does that change go? Well, it won’t go back
to the private key on the paper wallet. It goes to a different address in the wallet. Effectively,
you have just moved the money from the paper wallet… to the wallet you used to spend part of the amount. If you didn’t send the change on purpose to a new paper
wallet, you have moved the [rest of] the money online, to a key controlled by an online wallet. You are no longer operating cold storage.
You have turned it into a hot wallet. So it is best to spend all of it and direct
any change, explicitly and deliberately, to another paper wallet if you want to keep it secure. Only use a private key from a paper wallet once
to move everything. But here is one final thought. Because of these complexities and how difficult
it is to create and manage paper wallet securely, which we will talk about in another question… Paper wallets are not as good as hardware
wallets for the vast majority of users. Someone who is very technically sophisticated, with a
very good understanding of the security implications… and Bitcoin technology, can create
a very secure paper wallet. In fact, a paper wallet can be more secure
than a hardware wallet if generated correctly. The problem is, the vast majority of users who are likely
to [try], do not understand the technology well enough. They do not have the necessary skills to
implement [a paper wallet] securely and correctly. They will end up doing something far less secure.
It is very difficult to securely create a paper wallet… offline, and to maintain that security. The reason hardware wallets are more
secure is because they offer ease-of-use. The security can be achieved by
someone who is not a technical expert. “How can a paper wallet be generated offline?” Well, paper wallets are basically just keys printed
on paper, and the keys themselves are just numbers. You create private keys by simply picking,
or having your computer pick, a number at random. You don’t need to be online in order to produce keys. No information is exchanged between you and the
world in order to produce these random numbers. As I have said before, you could flip a coin 256 times,
write down the binary digits, and you have a private key! That is a private key, a 256-bit random number. You could then feed that number to a computer
program, produce a public key and bitcoin address, and now you have [a key] that has never been online. One of the difficulties with generating paper wallets is,
for them to be secure, you need to generate them… on a computer that does not touch or has never
touched the internet, an air-gapped machine. Then you must [use a] printer that has no memory
and has never touched the internet either. This is an almost impossible task for the vast majority
of users, to create this magical air-gapped computer… and the magical disconnected memory-less printer, which makes it very difficult to
implement paper wallets in practice. Almost like the instructions for creating a perpetual
energy machine. Step one: obtain one kilogram of… the substance ‘unobtainium,’ which is all you need
— but you can never obtain it! How do you generate a paper wallet offline?
Step one: obtain a computer that has never been online. Okay, that is pretty hard. Then initialize that computer
with the necessary [firmware and] software, without connecting it to the internet. Also, never connect it to memory storage devices
that come from a computer which has been online. That is pretty much impossible [for most people].
Now you will [encounter] all kinds of problems. We know that USB keys can be infected. Ideally, you would generate a read-only
medium, such as a CD-ROM perhaps. It becomes very complicated. You will be jumping
through hoops to protect that one computer. But you know what kind of computer has never
been online and can generate private keys for you? A hardware wallet. That is basically what a hardware wallet is. The instructions for making a paper wallet [essentially]
start with: “Build your own hardware wallet.” That is basically what it means when we say,
“Create a computer that has never been online.” An air-gapped computer, or configure such a computer. [That is like] asking people to build their own hardware
wallet. I will turn [those intructions] into [fewer] steps. Buy a hardware wallet. Write down the mnemonic seed
that appears on the screen. That is your paper back-up. That is all you need. It is much easier
and actually achievable by most users.

55 thoughts on “Bitcoin Q&A: Using paper wallets

  1. Well, that should clear up any questions as far as what to choose as cold storage and why, just in case you were wondering…

  2. Can two different peoples bitcoin be stored on the same Nano S with two seperate wallet addresses (my father storing his bitcoin on my Ledger?

  3. Thanks sir can u tell us after doing the coin flip up to 256 times how to use ecc on paper to do the maths and find the public key and without touching the internet how to find the point g in ec and to calculate the bitcoin address…..

  4. Great info as always Andreas. Keep it simple by going with a hardware wallet. The potential to take shortcuts/mistakes when creating a paper wallet is very likely. Hope to see you this month in Chicago.

  5. Thanks for the great video! I liked the analogy of flipping a coin 256 times and noting the binary result on each flip. This will lead to your bitcoin private key 🙂

  6. An interesting experiment – create multiple paper wallets with very small amounts of Bitcoin and watch their balances to see if they are stolen. To be honest though I still wouldn't put any meaningful amounts in a paper wallet even if they weren't stolen. I did in the past but that was the wild west days!

    BTW, another top quality video, no one explains Bitcoin better than Andreas.

  7. How to transfer all my bitcoins from paper wallet to hardware wallet. What is better – Sweep or Import. How to correctly do Sweep from paper wallet to ledger or trezor. Thanks.

  8. Why not generate transactions offline which only show that they are valid transactions. Can be done with Electrum.
    Then submit these transactions online. No private key involved online.

  9. How do we know the companies making the hardware wallets don't have something hidden inside that'll take everyone's money someday

  10. Hi Andreas, I love all your work, but don’t you think there is a major problem if the internet of money requires everyone to have an “air gapped computer” and run a node (maybe I’m not sure you advocate everyone should do this)? Listening to the latest talks from bitcoin cash maximalist such as nChain etc. sounds way way better if what they are saying is true (threshold signatures enabling complete secure web / mobile wallets). What does everyone think ? I’m positive for lightening and the suggested path for bitcoin cash, I was something real and useable and everyone is using it!!!

  11. What an amazing video, thank you sir. When it comes to hardware wallet, my issue is introducing new attack surface with the chrome extensions. What do you think about that?

  12. Andreas… I love your work. I can say that from ALL the resources of the Internet to learn about crypto, your channel is the best. I've been referring every crypto newby I run into to your channel. The thing Is that they're a bunch of Mexicans like myself and most of them dont speak english. I'd like to contribute by adding the español subtitles to (at least) some of your videos. Would you consider opening them to translation contributions from the community?

  13. Securely generating the keys in an easily portable format is supposed to be the hard part.

    The rest isn't THAT hard. Crap is your friend. Crappy $150 laptop and really crappy printer $30. (Be sure new computer is never GOING to be on the internet either .. heck, take out the wifi card if it has one.)

    Download linux live CD, burn it to an actual CD, run CD from laptop, generate 100 keys, connect to printer with wires (probably required if it's a $30 printer with no wifi), and then print. Maybe laminate the pages to protect from water, — or baggies will do. Mark each one off after use and move remaining funds to the next one. Put long-term paper wallet funds in a safety deposit box or off-site safe.

    I feel much better with that than hardware that will screw me if it gets too close to a magnet or if someone finds a back-door, etc.

  14. Andreas this is horrible advice at the end of the video. DO NOT keep your seed written down as is. Always encrypt it before storing it. And more importantly, DO NOT keep all your coins in a single wallet. Use at least 2 different wallets, each having different hardware, software, and seed. This will ensure that if the worst happens, you still got half the coins.

  15. Andreas? Therefore, with hard wallets, when I send a percentage of btc from one Ledger Nano S to another Ledger Nano S address (to avoid keeping all of my eggs in the one basket so to speak), must I turn my WIFi off to do so? And if I do not turn it off, am I then compromising my btc?

  16. Thanks Andreas. You are the only one who can explain such complex topics so easy. You are doing the best speeches when it comes to Cryptos. I personally struggled a lot by trying to use a paper wallet and then just bought a Hardware-Wallet ;-). Thanks for your explanation, before I thought I am too stupid to use a paper wallet…

  17. Andreas, you should check out NEM, you can generate transaction and then sign it on "secure" system, or even on paper if you are smart enough. We called it "offline transaction" and you can even try it for yourself, NEM nanowallet has this opportunity 🙂

  18. I respectfully disagree and ask all of you, to please tell me, where I am wrong:
    Issue 1 (special case).: How and why would anyone creating a paper wallet even consider using a printer or plotter? Honestly? Did we forget to use a pen and write down a terribly long public key from a screen? (like 40chars or so…)
    Issue 2 (generally).: How does ANYTHING, that happened on a computer BEFORE I generate my public key out of the private one have an effect on my private-keys afterlife? Seriously? I've done it several times, and what was sad is logically false. Please give me your best shot, and tell me, even if on a theoretical level:
    – if you had unlimited access to my computer BEFORE I generate my public key, how would you screw me?
    Please, I honestly need to know.
    There is only one information leaving said computer, through one interface, and that is the public key which I READ from the screen. So unless the public key itself does not point to my private key, which is checked with a tiny amount as soon as your finished, I do not see, how you access my funds.
    A paper wallets security is SCALABLE, and you do not need to go to places, that never existed. And the massive difference between a quite easily generated paper key-pair and a hard wallet is, that you can reasonably say: you did not have to trust ANYONE. If there was anything corrupted on the way, you notice it.
    BTW paper wallet for that matter = analog wallet.

    Its the computers afterlife, that matters, not what happened before! That's a huge difference, but that you can CONTROL!

    I've been wrong many times, I just don't see, where I could be wrong in this case.

  19. Sir, I hope you are aware of the situation in India regarding India's Central Bank (Reserve Bank of India) ring fencing regulated entities from virtual currencies. Can you show us a way how we can use other service to convert our crypto into fiat? Or any other solution you have. We would be very greatfull to you Sir.

  20. I think you got this slightly wrong Andreas. It's not about a computer that has never been online. It's about a computer that will never ever be online in the future.

    A computer that's infected can still be used to safely create paper wallets. Just don't let it touch the internet ever again.

    Same for USB: you can use any USB or other media to put data onto your cold-computer. You just can't let them touch a hot-computer afterwards; meaning they are single-use. Copy over software and destroy them.

  21. Maybe a raspberry pi would be a cheap way to generate paper wallet? Can keep separate SD card with clean Linux installation on it. And raspberry pi's are cheap.

  22. I realize this is off topic but do you realize that as desperation sets in for the "money managers", they will be forced to implement a universal basic income to keep people using "their" currency. What effect do you think that will have on bitcoin adoption?

  23. Is it safe to generate a key on one of those paper wallet websites without downloading it as long as you turn your internet off before generating it? (Like for smartphones were it might not be possible to download the file/print it?

  24. what is the best option for a hot wallet for sweep a paper wallet to a hot wallet without paying high fees..

  25. Why you shouldnt use a usb drive that was connected to an online computer to generate a paper wallet on an offline computer? If the private key is generated offline and you destroy that pendrive later that information will never leave the offline computer. The only risk is having a corrupted wallet generator, but if you download the html file directly from GitHub its pretty secure.

  26. Can multiple hardware wallets store the same private key? I like the idea that if my house burns down, there's a spare out there some where

  27. I have a question. Is not already confirm that those initials seeds from the hard wallet can be already copied by the previous owner and then sold to another person in order to steal the new funds..?? If so how can one make new seeds to prevent that awful situation.?? Thanks in advance..

  28. Dear Sir,
    In light of what you say.. would it be possible to connect a hardware wallet to a cheap printer and produce endless amounts of secured paper wallets?

  29. I understand you are trying to balance this to drive adoption, but I still disagree with this hardware wallet shilling of yours. You say banks will steal our money, if opportunity is presented, yet you offer us to trust some HW-manufacturing company not to temper with HWs they are selling. I believe we need something like 3d-printable open hardware asic (peer-reviewable by everyone), that would convert sha-256 to public addresses. That would be sufficient for my paranoia.

  30. What about the paper wallet generated by an ATM? Is it a secure wallet? I believe it is one of the most secure wallet around.

  31. Would a NEW Raspberry PI be a potential for the device that has never been online? I know some people do this. One that you don't tunnel into? Connect it with a wire to a display .. the printer part is pretty hard though. I'm pretty tech savvy, but not quite up to that part yet …. hm… hardware wallets are the easier thing for a majority of users now, but Andreas I'm kinda now a bit determined that you said "paper wallets can be more secure if…" (I know most users shouldn't attempt this, but I'm thinking to test it and explore this realm now)… rabbit hole here i come!

  32. I have a paper wallet created offline and probably in a safe correct way. Andreas did you hear about the Bitfi wallet from John Mc afee? any opinions about that? he claims it is unhackable. anyway Andreas compliments for all your videos you are the best ambassador for bitcoin that exists today. everything you explain(in all of your videos) is extremely easy to grasp. Thumbs up

  33. Raspberry pi or an arduino/mcu (I'm a do it my own damn self kinda guy, helps with learn the intricacies of the tech)

  34. Thanks. Been keeping you in mind since 2012. “Let’s talk bitcoin” those were the days lol. Been looking for this kind of info, because I’m removing bch. Wondered about security. Should have gone to the source right away. Thanks again 👍

  35. if you generate a key from 256 rolls of the dice or coin flips, how do you ensure the result is truely yours and you haven't stumbled on someone else's key and by using your key you aren't accidentally giving someone else your BTC?

  36. Why does it have to be a computer that has never been online? You use a regular old laptop, disconnect it from the web, generate the key and then as long as you're storing your crypto on that key just never plug the computer back in. Once you spend it you can plug it back in as long as you don't use that private key ever again… Am I missing something here?

Leave a Reply

Your email address will not be published. Required fields are marked *