All printing of encrypted wallets

[ghost]

Currently you have to decrypt a wallet to print it, which prints out the decrypted version of the wallet. Encrypted wallets should be printable so they can be kept safely without anyone being able to import them just by scanning their QR code...

[stevenroose]

I'm with you.

[etotheipi]

FYI: I'm working on something that is not exactly what you're looking for, but somewhat of an improvement. You could choose not to write the "PrinterMask" key on the backup, and instead write it on a separate piece of paper somewhere else. It's an optional, poor-man's 2-of-2 backup.

https://dl.dropboxusercontent.com/u/1139081/BitcoinImg/new_backup_printermask.png

Of course, I'm working on integrating the full SSS "Fragmented backup" now, which will provide a lot more flexibility. But this will at least calm people's nerves about their printer stealing their wallet!

[ghost]

That's OK, but you really do need to be able to print it encrypted,. Then it's just as secure as an encrypted file. Quick scan, (or type it out) and you can import it in.

[etotheipi]

The paper backup is not intended to be physically secure. You are expected to physically secure it yourself. The goal is to make a piece of paper that is 100% useful when you need 5 years from now. Encrypted paper backups do not fit into that category, because no on remembers a password after 5 years. The absence of the option was intentional, because a lot of users would lose coins otherwise. Read my comments, here for more about this.

The fragmented backups give us the best of both worlds. And that's why I suggested that this "PrinterMask" is a nice compromise, because it at least gives you a 2-of-2 option.

[ghost]

So you suggest creating Horcruxes to protect users from their own stupidity by making it more dumb. Gotta own two safes now. It's simple, you have an advanced feature, you document it and warn of the dangers. After that, it's not up to you to decide how stupid your users are.

[etotheipi]

I gotta make the trade-off somewhere. I can't tell you how many hundreds of BTC have been lost by people forgetting their passphrase on their regular wallet that they use all the time. They always contact me begging for a way to recover their coins. That number would be through the roof if their paper backup was encrypted, undoubtedly with the same passphrase that they forgot.

You're right, that I'm protecting users from themselves. But in a world where we tell everyone that encryption is always strictly better, this is not one of those cases. And you don't need two safes: you just write the encryption key on a few pieces of paper and make non-obvious but easily accessible. It's useless without the paper backup. The point being that two separate objects have to be compromised to lose your coins. This protects against a vast majority of physical threats, which are usually threats of opportunity (someone breaks into your house and steals whatever they find). It would have to be a targeted attack to compromise this.

Your comment about "Horcruxes" is amusing, but Shamir's Secret Sharing is a standard cryptography technique for exactly this kind of situation. It eliminates attacks of opportunity, and frequently thwarts even targeted attacks. Using SSS to make an M-of-N fragmented backup a lot of flexibility to balance the above concerns, while simultaneously giving you some redundancy.

[disposable-ksa98]

I agree with @drak, this should be an advanced feature, an "encrypt" checkbox that defaults to unchecked, with a red message that warns you that you shouldn't normally check that box etc. Being able to give an encrypted copy to a friend would be a great feature in my opinion. Otherwise people like us will end up having to use our own implementations just for this detail, which can make all the difference, and it would be quite inconvenient. Shamir is cool but with it you only have two options: either the recovery of the wallet still depends on you (a fire in your house will result in you losing your savings) or it does not depend on you (if n < m, your friends could steal everything, not a good practice). The encrypted paper backup lets you make the recovery depend on you, but only on the "something you know" part, while the "something you have" part can be kept safely by your friend or both.

If people are losing coins, you should review the default UI to better guide users into the correct flow, not castrate the advanced UI.

[ghost]

@etotheipi This seems to be covered by BIP0038 and is already being implemented in several places. There is also a utility https://en.bitcoin.it/wiki/Bitcoin_Address_Utility

[etotheipi]

By the way, the new version of Armory has the "fragmented backups" implemented.

https://bitcointalk.org/index.php?topic=299684.0

It's still a testing version, but everything I said it would do, it does. Instead of a password-protected backup, make a 2-of-2. It's the same thing, except instead of a password, you simply print off a second sheet of paper. Along with the SecurePrint, you get all the same benefits as a password-protected backup but without the same risk of permanent coin loss. And all combined with as much redundancy as you want (want a lot of reduancy: use a 2-of-6 or 3-of-6)

[disposable-ksa98]

I can't remember a sheet of paper. What I can remember is pass phrase.

Please don't force us into having to trust other people to keep the horcrux safe. It should be up to us.

Imagine you had to leave your home or country for whatever reason. There is no time for syncing stuff into the cloud. Maybe you don't even have internet in that situation. It's only your offline machine and you. You know your crypto, so you are using full disk encryption. But that thing is not gonna make it through the airport. In fact, you are not gonna make it through the airport either (or even be able to go back home) if you refuse to give them the password so they can sniff inside the machine. Thankfully, the developer of your wallet of choice knew better than forcing his views into his users, so you just print a password-protected paper backup and you are good to go!

[ghost]

Here would be clever bit. You make it so that the encrypted printout is also scans as a wallet then you could even have plausible deniability for the wallet.