Bitcoin Wiki - User contributions [en]

Vanitygen

2014-07-31T00:15:32Z

Glitch003:

'''Vanitygen''' is a command-line vanity bitcoin address generator.

If you're tired of the random, cryptic addresses generated by regular bitcoin clients, you can use vanitygen to create a more personalized address.
Add unique flair when you tell people to send bitcoins to 1stDownqyMHHqnDPRSfiZ5GXJ8Gk9dbjO.
Alternatively, vanitygen can be used to generate random addresses offline.

Vanitygen accepts as input a pattern, or list of patterns to search for, and produces a list of addresses and private keys. Vanitygen's search is probabilistic, and the amount of time required to find a given pattern depends on how complex the pattern is, the speed of your computer, and whether you get lucky.

The example below illustrates a session of vanitygen. It is typical, and takes about 10 sec to finish, using a Core 2 Duo E6600 CPU on x86-64 Linux:
<syntaxhighlight lang="bash">
$ ./vanitygen 1Boat
Difficulty: 4476342
Pattern: 1Boat
Address: 1BoatSLRHtKNngkdXEeobR76b53LETtpyT
Privkey: 5J4XJRyLVgzbXEgh8VNi4qovLzxRftzMd8a18KkdXv4EqAwX3tS
</syntaxhighlight>

Vanitygen includes components to perform address searching on your CPU (vanitygen) and your OpenCL-compatible GPU (oclvanitygen). Both can be built from source, and both are included in the Windows binary package. Also included is oclvanityminer, the vanity address mining client. Oclvanityminer can be used to automatically claim bounties on sites such as [[User:ThePiachu|ThePiachu]]'s [[Vanity Pool]].

Current version: 0.22

Windows x86+x64 binaries [https://github.com/downloads/samr7/vanitygen/vanitygen-0.20-win.zip here]. PGP signature [http://insight.gotdns.org/~samr7/vanitygen-0.20-win.zip.asc here].

Get the source from [https://github.com/samr7/vanitygen GitHub]. Includes Makefiles for Linux and Mac OS X.

Main discussion at [https://bitcointalk.org/index.php?topic=25804.0 BitCoinTalk]

For AMD Catalyst 13.1+ you need to run the AMD APP SDK Runtime from Catalyst 12.10 in order to get this program to work. (So all your Catalyst drivers would be brand new except for the SDK Runtime.) This is discussed on [https://github.com/samr7/vanitygen/issues/19 GitHub]. Linux users try [https://github.com/samr7/vanitygen/issues/19#issuecomment-28689948 this solution].

Also the latest source doesn't work properly for high-end AMD cards (7XXX and greater). Solution is to change line 459 in oclengine.c from: return quirks; to: return quirks & ~VG_OCL_AMD_BFI_INT;
Windows x86+x64 binaries that solve this problem plus provide support for compressed keys [https://lifeboat.com/oclvanitygen here]. PGP signature [https://lifeboat.com/oclvanitygen.zip.sig here]. If you have any problems with the binaries, join the relevant [https://bitcointalk.org/index.php?topic=301068.0 BitCoinTalk discussion].

== Expected keysearch rate ==
Main article: [[Vanitygen keysearch rate]]

What key search rate can I expect from hardware X?

Detailed list forthcoming. Some ballpark estimates are listed below.

Dual-core desktop CPUs, 32-bit mode: 100-250 Kkey/s.
Dual-core desktop CPUs, 64-bit mode: 150-450 Kkey/s.
Quad-core desktop CPUs, 32-bit mode: 200-400 Kkey/s.
Quad-core desktop CPUs, 64-bit mode: 300-750 Kkey/s.
NVIDIA GT200 GPUs: up to 6.5 Mkey/s.
NVIDIA GTX 770 GPUs: around 29.5 Mkey/s.
AMD Radeon 58XX, 68XX GPUs: up to 23.5 Mkey/s.
AMD Radeon 69XX GPUs: up to 19.5 Mkey/s.

As vanitygen performs a lot of large integer arithmetic, running it in 64-bit mode makes a huge difference in key search rate, easily a 50% improvement over 32-bit mode. If you are using a 64-bit edition of Windows, and not using a GPU, be sure to use vanitygen64.exe.

Radeon 58XX outperforms Radeon 69XX by a very comfortable margin. Oclvanitygen is sensitive to integer multiply throughput, and Radeon 58XX can multiply concurrently with other operations. At similar clocks, a hobbled Radeon 5830 will outperform a Radeon 6970.

In custom builds, CPU performance will be less than expected if the OpenSSL library is an older version (<1.0.0d) or is not built with the appropriate optimizations enabled.

== Vanity addresses for other crypto-coins ==
Main article: [[Using Vanitygen with Alt-Coins]]

Vanitygen (as of version 0.22) can be used to produce vanity addresses for other crypto coins as well as bitcoin (but not for bitmessage addresses), by using the "-X" option. Examples and usage can be found in the main article [[Using Vanitygen with Alt-Coins]]

== See also ==
* [[Bitcoin Vanity Generation Website]]

[[Category:Vanity address]]

Securing your wallet

2014-07-23T03:08:11Z

Glitch003:

==Introduction==

Unless you are using a [[hardware wallet]] it is strongly recommended to read this page.

Wallet security can be broken down into two independent goals:
# Protecting your wallet against loss.
# Protecting your wallet against theft.

In the case that your current wallet hasn't been protected adequately (e.g. put online with a weaker password):
# Making a new secure wallet, using appropriate long-term protection.

''For a brief overview see also: [[Wallet Security Dos and Don'ts|Wallet Security Dos and Don'ts]]''

==Paper Wallets==
[[Paper wallet]]s can be used to store bitcoins offline in non-digital format. Using securely generated paper wallets significantly decreases the chances of your bitcoins being stolen by hackers or computer viruses.

Fundamentally, a paper wallet is merely a physical record of a [[private key]] (most commonly written as a sequence of fifty-one alphanumeric characters beginning with a '5') and its corresponding [[public key]]. The private key is used to prove your right to spend the bitcoins transferred to the paper wallet, and as such should be kept hidden and secret. If the private key on a paper wallet is exposed (for example in a photograph) then the wallet may be "swept" by anyone who sees the key. To guard against accidental revelation, the private key displayed on the paper wallet may be encrypted using a password ("BIP38") or split into several different parts ("Shamir's secret sharing scheme"). At the very least, the private key should be well hidden e.g. by folding the wallet in half and sealing it shut.

You can send bitcoins to the public address on your paper wallet as often as you like, and they will be inaccessible until the private key is imported into a "live" wallet. You can use a service such as [[BlockChain.info]] to verify the balance of your paper wallet, which is a matter of public record. As of version 0.6.0, the bitcoin QT software has a command line feature called "importprivkey" that can load private keys. Online exchanges and wallets such as [[Coinbase (business)|Coinbase]] and BlockChain.info have features for importing (or "sweeping") paper wallet private keys as well.

=== Software for generating paper wallets ===

Some [[Paper wallet|paper wallet generators]] have been written entirely in HTML/JavaScript to make it fairly easy to generate paper wallets on virtually any operating system. Although these generators use a web browser, they are generally capable of running offline since address generation happens entirely within the web browser. It's advisable to use those services from [https://en.wikipedia.org/wiki/Live_CD live disc], to ensure that private keys are not compromised by spyware.

To generate a safer paper wallet, first save the paper wallet generating code to a newly-formatted USB stick and verify the integrity (SHA1 hash or PGP signature) of the code. Then "clean-boot" your computer with a bootable CD (such as a Linux Live CD) while disconnected from the Internet. Insert the USB stick and open the wallet generator's HTML file using a web browser. Print your paper wallets or store them on external media (do not save them on the computer), and then shut down the computer. You may need to load an appropriate printer driver in order to print while booted from the live CD.

=== Tips for making paper wallets ===

* Disconnecting from the Internet guarantees that that the paper wallet generator is truly self-contained and isn't transmitting your keys online.

* Verifying the integrity of the code (and the trustworthiness of the author) is important to make sure a hacker hasn't modified the HTML so that it generates predictable addresses instead of truly random keys.

* Using a very basic printer is advisable since high-end office printers may have WiFi or internal storage that keeps a cache of printed documents.

* Remember, spyware and viruses often attempt to monitor your computer activities so that their authors can steal from you. They are interested in passwords to online accounts, and anything of value. Bitcoin wallets and private keys are something of value that have already been targeted by malware. If your computer is infected with spyware or viruses - even if there are no symptoms, or your antivirus isn't reporting anything - then anything you type, view, or save on your computer, could potentially be stolen by someone remotely controlling your computer. Your private key can then be intercepted while you enter it, so only enter a Bitcoin private key into your computer when your intent is to redeem its value ''immediately'' or when you want to transfer your funds into a secure [[hardware wallet]].

== Hardware wallets ==
[[Hardware wallet]]s are a major step to enhanced security and usability.

See the [[Hardware wallet]]s page for more information on which hardware wallet solutions are currently available.

==Importance of security updates==

No software is perfect, and from time to time there may be security vulnerabilities found in your Bitcoin client as well.
Be sure you keep your client updated with the latest bug fixes, especially when a new vulnerability is discovered.
We maintain a [[CVEs|list a known vulnerabilities]] on this wiki - you can watch that page to get updates.
Note that you ''don't'' need to be running the latest major client version: some clients, including the popular Bitcoin-Qt, have older versions available with bugfix-only updates.

==Securing the Bitcoin-QT or bitcoind wallet==

Bitcoin transactions send Bitcoins to a specific public key. A Bitcoin address is an encoded hash of a public key. In order to use received Bitcoins, you need to have the private key matching the public key you received with. This is sort of like a super long password associated with an account (the account is the public key). Your Bitcoin wallet contains all of the private keys necessary for spending your received transactions. If you delete your wallet without a backup, then you no longer have the authorization information necessary to claim your coins, and the coins associated with those keys are lost forever.

The wallet contains a pool of queued keys. By default there are 100 keys in the [[key pool]]. The size of the pool is configurable using the "-keypool" command line argument. When you need an address for whatever reason (send, “new address”, generation, etc.), the key is not actually generated freshly, but taken from this pool. A brand new address is generated to fill the pool back to 100. So when a backup is first created, it has all of your old keys plus 100 unused keys. After sending a transaction, it has 99 unused keys. After a total of 100 new-key actions, you will start using keys that are not in your backup. Since the backup does not have the private keys necessary for authorizing spends of these coins, restoring from the old backup will cause you to lose Bitcoins.

Creating a new address generates a new pair of public and private keys, which are added to your wallet. Each keypair is mostly random numbers, so they cannot be known prior to generation. If you backup your wallet and then create more than 100 new addresses, the keypair associated with the newest addresses will not be in the old wallet because the new keypairs are only known after creating them. Any coins received at these addresses will be lost if you restore from the backup.

The situation is made somewhat more confusing because the receiving addresses shown in the UI are not the only keys in your wallet. Each Bitcoin generation is given a new public key, and, more importantly, each sent transaction also sends some number of Bitcoins back to yourself at a new key. When sending Bitcoins to anyone, you generate a new keypair for yourself and simultaneously send Bitcoins to your new public key and the actual recipient's public key. This is an anonymity feature – it makes tracking Bitcoin transactions much more difficult.

So if you create a backup, do more than 100 things that cause a new key to be used, and then restore from the backup, some Bitcoins will be lost. Bitcoin has not deleted any keys (keys are never deleted) – it has created a new key that is not in your old backup and then sent Bitcoins to it.

== Making a new Bitcoin-QT or bitcoind wallet ==

If a wallet or an encrypted wallet's password has been compromised, it is wise to create a new wallet and transfer the full balance of bitcoins to addresses contained only in the newly created wallet. Examples of ways a wallet may be compromised are through password re-use, minimal strength passwords, computer hack or virus attack.

There are a number of ways to create a new wallet with Bitcoin-QT or bitcoind but this is a process that has been tested with bitcoind 0.6.3. We use the copy command to minimize the chance of any data loss but you are warned to make backups of any wallet.dat that holds a balance for you.

:1. Shut down the Bitcoin program.
:2. Find and make a backup of the "compromised" wallet.dat file and rename it, perhaps adding a short description:
:::wallet.dat -> wallet-compromised.dat
:Depending on your OS, the wallet file will be located at:
:::Windows: %APPDATA%\Bitcoin\
:::Linux: ~/.bitcoin/
:::Mac: ~/Library/Application Support/Bitcoin/
:3. Start the Bitcoin program and it will create a new wallet.dat. You may then encrypt the wallet as desired and make a new backup.
:4. Once you've made a new wallet, you can obtain one or more addresses and copy them into a text editor. After obtaining the new address(es), shut down the Bitcoin program, make a backup of the new wallet.dat file and copy it to a new file named wallet-new.dat.
:5. Copy the wallet-compromised.dat file back to wallet.dat, start the Bitcoin program and transfer your balance to the new address(es) you put in your text editor. Once the balance is back to 0 for your compromised wallet, you may want to wait a couple minutes or for a confirmation or check block explorer to be sure the transactions have been broadcasted. Then you may shut down the Bitcoin program.
:6. Rename wallet.dat to wallet-compromised.dat.
:7. Rename wallet-new.dat to wallet.dat.

You should now have a new wallet with all the bitcoins from the old wallet.

==Making a secure workspace==

Unless you are using a [[hardware wallet]], you must take care that the system is free of malware, viruses, keyloggers, remote access tools, and other tools that may be used to make remote copies of your wallet, Bitcoin-related passwords, or Bitcoin private keys. When your computer is compromised, the precautions taken below may provide additional protection.

A [[hardware wallet]] typically holds the private keys on its internal storage that is not accessible by any malware. The device signs the transactions internally and only transmits the signed transactions to the computer. The separation of the private keys from the vulnerable environment allows the user to spend bitcoins on a compromised computer without any risk.

===Debian-based Linux===

==== Store all into an encrypted folder (Tomb) ====

Tomb is a simple tool to manage encrypted storage on GNU/Linux. Among its features are bind-hooks to set up a tomb's contents in the place where other programs expect them, for example in our case mount -o bind the .bitcoin directory in a user's home.

First install tomb from https://files.dyne.org/tomb (homepage is on http://www.dyne.org/software/tomb)

Among the requirements: zsh, cryptsetup, pinentry-curses, gnupg, sudo.

Recommended: wipe, dcfldd, steghide, qrencode.

Then create a tomb (we name it bitcoin) with three commands:

<code>tomb dig -s 100 bitcoin.tomb</code>

<code>tomb forge bitcoin.tomb.key</code>

<code>tomb lock bitcoin.tomb -k bitcoin.tomb.key</code>

Then open it

<code>tomb open bitcoin.tomb</code>

This will require you to input again the password you selected.

Once open the tomb contents are in /media/bitcoin.tomb

Move there your bitcoin wallet:

<code>mv ~/.bitcoin /media/bitcoin.tomb/my-safe-wallet</code>

Then create a file "/media/bitcoin.tomb/bind-hooks" and put a single line:

<code>my-safe-wallet .bitcoin</code>

Which means that every time the tomb is open, the directory my-safe-wallet needs to be bound to ~/.bitcoin. Just make sure an empty ~/.bitcoin directory exists in your home.

Now close the tomb and store its keys safely, make sure you memorize the password. Have a look at Tomb's documentation, there is a number of things you can do like steganography or printing out keys on a paper to hide and such.

That's it. Every time you like to access your wallet open the tomb and the .bitcoin will be in place. One can also store the bitcoin binary inside the tomb and even start the bitcoin client using the exec-hooks. Tomb's manual page "man tomb" explains the possibilities.

The advantage of this approach over an encrypted home is that it becomes extremely portable across computers and even online shells: a Tomb is just a file and its key can be stored far away, on different shells, usb sticks or mobile phones.

==== Secure the whole user home directory ====
The first step is to make a [http://www.howtogeek.com/howto/ubuntu/add-a-user-on-ubuntu-server/ new user]. In order for that new user to have an encrypted home directory, you'll first need the encryption utility. Run:

<code>sudo apt-get install ecryptfs-utils</code>

Now you're ready to create a new user

<code>sudo adduser --encrypt-home new_user_name</code>

You'll need to come up with a [[#Choosing_A_Strong_Password|secure]] new password for that user.

When you get to the prompt 'Enter the new value, or press ENTER for the default', just keep hitting ENTER.

Then switch user to the new user. To get to the new user you can use the switch user icon for your system, which on Ubuntu is in the 'System/Quit' screen, or if there is no switch icon on your system you can log out and log back in as the new user.

Since the home folder of this user is encrypted, if you're not logged in as that user, data that is saved there can't be browsed, even by a root user. If something goes wrong with your system, and you need to decrypt the new user's files, you'll need its decryption key.

<code>ecryptfs-unwrap-passphrase</code>

It will ask you for your user's password and give you the decryption key. '''WRITE DOWN OR SAVE THE CODE IT RETURNS''' because you will need it if you ever have to pull your data off while the OS is not working. (You can run it again later if you need to, but run it now so that you can get your data if your Linux install gets botched.)

The encrypted folder data is not encrypted while it's in memory, and so if it's ever sent to the swap partition it can be stolen from there unless that too is encrypted - be aware that this will mean you cannot use Hibernate anymore, as the bootloader won't be able to restore the hibernation data.

<code>ecryptfs-setup-swap</code>

Then click on a folder in the new user to display the file browser, then keep going up folders until you see the new user home directory, then right click to bring up the Properties dialog, then click on the Permissions tab, then in the Others section, set the folder access to None.

For secure browsing, open Firefox, and then go into the Edit menu and click Preferences. Starting from the left, click on the General tab, and in the 'Startup/When Firefox starts' pop up menu, choose 'Show a Blank Page'. Then click on the Content tab, and deselect 'Load images automatically' and deselect 'Enable JavaScript'. Then click on the Privacy tab, and in the 'History/Firefox will' pop up menu, choose 'Never remember history'. Then click on the Security tab, and in the Passwords section, deselect 'Remember passwords for sites' and deselect 'Use a master password'. Then click on the Advanced tab, then click on the Update tab, and then in the 'Automatically check for updates to' section, deselect 'Add-ons' and 'Search Engines'.

When JavaScript is disabled, the [http://sourceforge.net/projects/bitcoin/files/Bitcoin/bitcoin-0.3.23/bitcoin-0.3.23-linux.tar.gz/download Linux download page] will not download automatically, so you'll have to click on the 'direct link' part of the "Problems with the download? Please use this 'direct link' or try another mirror." line.

===Mac===
This solution '''does not scale'''; the amount of needed space can grow beyond the image size.

===Windows===

Due to the frequency with which Windows computers are compromised, it is advised to encrypt your wallet or to keep your wallet on an encrypted disk image created by third-party software, such as [http://www.truecrypt.org/ TrueCrypt] (open source) or [http://www.jetico.com/encryption-bestcrypt/ Jetico BestCrypt] (commercial). This also applies to the storage of passwords, private keys and other data that can be used to access any of your Bitcoin balances.

Assuming that you have installed the Windows Bitcoin client and run it at least once, the process is described below.

To mount the Bitcoin data directory on an encrypted drive
<ol start=1 type=1>
<li>Use the third-party disk image encryption program of your choice to create and mount an encrypted disk image of at least 5GB in size. This procedure stores the entire block chain database with the wallet.dat file so the required size of the encrypted disk image required may grow in the future.</li>
<li>Locate the Bitcoin data directory, and copy the directory with all contents to the encrypted drive.
For help finding this directory, see [[Securing_your_wallet#Locating_Bitcoin_s_data_directory|Locating Bitcoin's Data Directory]].</li>
<li>Create a Windows shortcut that starts Bitcoin with the <code>-datadir</code> parameter and specifies the encrypted drive and directory.
For example, if you installed Bitcoin in the default directory, mounted your Bitcoin encrypted drive as <code>E:\</code>, and stored your Bitcoin data directory on it as <code>Bitcoin</code>, you would type the following command as the shortcut Target:
<blockquote><code>C:\Program Files\Bitcoin\bitcoin.exe -datadir=E:\Bitcoin</code></blockquote></li>
<li>Open Bitcoin's settings and configure it NOT to start automatically when you start Windows.
This is to allow you to mount the Bitcoin encrypted disk image before starting Bitcoin.</li>
<li>Shut down Bitcoin, and then restart it from the new shortcut.</li>
</ol>

After doing this, any time you want to use Bitcoin, you must first mount the Bitcoin encrypted disk image using the same drive designation, and then run Bitcoin from the shortcut that you created, so that it can find its data and your wallet.

=== General Solutions ===

Your wallet.dat file is not encrypted by the Bitcoin program by default but the most current release of the Bitcoin client provides a method to encrypt with a passphrase the private keys stored in the wallet. Anyone who can access an unencrypted wallet can easily steal all of your coins. Use one of these encryption programs if there is any chance someone might gain access to your wallet.
* [http://www.7-zip.org/ 7-zip] - Supports strongly-encrypted archives.
* [http://www.axantum.com/axcrypt/ AxCrypt by Axantum]
* [http://lrzip.kolivas.org lrzip] - Compression software for Linux and OSX that supports very high grade password protected encryption
* [http://www.truecrypt.org/ TrueCrypt] - Volume-based on-the-fly encryption (for advanced users)

There is also a list of [[OpenSourceEncryptionSoftware|open source encryption software.]]

Decrypting and encrypting the wallet.dat every time you start or quit the Bitcoin client can be ''tedious'' (and outright error-prone). If you want to keep your wallet encrypted (except while you're actually running the Bitcoin client), it's better to relegate the automation to a [http://lorelei.kaverit.org/bitcoin.sh small shell script] that handles the en/decryption and starting up Bitcoin client for you (Linux and OSX).

There is also a method to print out and encrypt your wallet.dat as a special, scannable code. See details here: [[WalletPaperbackup]]

==== Password Strength ====
Brute-force password cracking has come a long way. A password including capitals, numbers, and special characters with a length of 8 characters can be trivially solved now (using appropriate hardware). The recommended length is '''at least''' 12 characters long. You can also use a multi-word password and there are techniques to increase the strength of your passwords without sacrificing usability. [http://www.baekdal.com/tips/password-security-usability The Usability of Passwords]

However, simply using dictionary words is also insecure as it opens you up to a dictionary attack. If you use dictionary words, be sure to include random symbols and numbers in the mix as well.

If you use keyfiles in addition to a password, it is unlikely that your encrypted file can ever be cracked using brute-force methods, even when even a 12 character password might be too short.

Assume that any encrypted files you store online (eg. Gmail, Dropbox) will be stored somewhere forever and can never be erased.

===== Choosing A Strong Password =====
Make sure you pick at least one character in each group: 

Lowercase: abcdefghijklmnopqrstuvwxyz
Uppercase: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Number: 1234567890
Symbol: `~!@#$%^&*()-_=+\|[{]};:'",<.>/? (space)

<9 char = unsuitable for use
09 char = insecure
10 char = low security
11 char = medium security
12 char = good security (good enough for your wallet)
13 char = very good, enough for anything.

You might want to read [http://security.stackexchange.com/questions/662/what-is-your-way-to-create-good-passwords-that-can-actually-be-remembered What is your way to create good passwords that can actually be remembered?] and [http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase XKCD #936: Short complex password, or long dictionary passphrase?]

== Backing up your wallet ==

Backing up your wallet is not necessary if you use a wallet with implemented [[BIP 0032]] (hierarchical deterministic wallet). Today, only [[TREZOR]], [[Electrum]] and [[CarbonWallet]] fully support BIP 0032.

For advise on the backup process see [[Backingup_your_wallet|Backing up your wallet]].

==Erasing Plain-text Wallets==

In most operating systems, including Windows, Linux, and Mac OS X, simply deleting a wallet.dat file will ''not'' generally destroy it. It is likely that advanced tools can still be used to recover the wallet.dat file, even after it has been deleted.

The Linux '''shred''' command can be used to overwrite the wallet file with random data prior to deleting; this particular copy of the file will then be practically impossible to recover. Using shred (and similar tools on Windows) however does not guarantee that still other copies don't exist somewhere hidden on your HD. That will depend on your system configuration and what packages you have installed. Some system restore and backup tools, for instance, create periodic snapshots of your filesystem, duplicating your wallet.dat.

In Mac OS, the equivalent of '''shred''' is '''srm''' (introduced in Leopard). Using the Finder to remove files, clicking "Secure Empty Trash" in the Finder menu will shred the contents of the trash can. As with any OS this doesn't guarantee that there are not other copies elsewhere on your system.

For Windows, the built-in command ''cipher /W'' will shred all previously-deleted files. [http://www.cylog.org/utilities/cybershredder.jsp CyberShredder] can securely deleted individual files.

==Online and Mobile Wallets==

Thus far, this article has been discussing the security of a wallet file for Bitcoin-QT or bitcoind that is under your sole control.

Online wallets have a number of pros and cons to consider. For example, you can access your wallet on any computer in the world, but you are essentially storing your private keys or wallet with the provider of the online wallet.
Depending on the level of security of such service, your bitcoins may be lost if the service is compromised.

The invention of [[hardware wallet]]s makes it possible to use online wallets in a more secure manner.
A hardware wallet keeps your private keys apart from the computer and internet. An online wallet compatible with a hardware wallet (such as [http://mytrezor.com myTREZOR.com]) then does not need to store any sensitive data (private keys, passwords or email addresses) and only serves as tool for broadcasting transactions signed in the hardware wallet out to the blockchain.

Mobile wallet applications are available for Android devices that allow you to send bitcoins by QR code or NFC, but this opens up the possibility of loss if mobile device is compromised. It may be possible to encrypt and backup the wallet or private keys on a mobile device but it is not advisable to store a large amount of bitcoins there without doing your own research and testing. Mobile wallets are useful for small spending and not for storing your bitcoin savings.

==See Also==

* [[Data directory]]
* [[How to import private keys]]
* [http://bitcoinx.io/wallets/ Where to get a Bitcoin wallet]
* [http://startbitcoin.com/how-to-create-a-secure-bitcoin-wallet/ Secure Bitcoin Wallet Tutorial]
* [[How to set up a secure offline savings wallet]]
* [http://arimaa.com/bitcoin/ Bitcoin Gateway - A Peer-to-peer Bitcoin Vault and Payment Network]
* [http://blog.cyplo.net/2012/04/01/bitcoin-wallet-recovery-photorec/ Find lost wallet eg. after disk format, using Photorec]
* [https://docs.google.com/document/d/1dNZ7N_lQXHQp0jWkeN7dW4bWNMpcTBRM4iEoSuQwLho/edit# The Ultimate Guide to Web Wallet Security]

[[Category:Security]]

[[de:Sichere deine Geldbörse]]
[[ru:Bitcoin и безопасность]]
[[es:Cómo asegurar su monedero]]
[[zh-cn:保护你的钱包]]

Hardware wallet

2014-07-23T03:05:26Z

Glitch003:

A '''hardware wallet''' is a device that stores a part of a user's [[wallet]] securely in mostly-offline hardware. They have major advantages over other wallet types:

* the key is often stored in a protected area of a microcontroller, and cannot be transferred out of the device in plaintext
* immune to computer viruses that steal from software wallets
* can be used securely and interactively, as opposed to a [[paper wallet]] which must be imported to software at some point
* much of the time, the software is open source, allowing a user to validate the entire operation of the device

This page is an attempt to summarize all the known developments of hardware wallets that can use Bitcoin as part of their operation.

== Purchasable hardware wallets ==

=== Piper - Standalone bitcoin paper wallet printer ===
[http://www.piperwallet.com PiperWallet.com]
[[File:piper.jpg|300px|thumb|left|Piper wallet from the front]]
Piper is the easiest way to store bitcoin and other cryptocurrencies securely.

* Easy: Simply press the button to print a new paper wallet. You can choose to have Piper store your keys. Backup is as easy as plugging in a USB drive.
* Secure: Paper wallets are the most secure way to store your Bitcoin. Piper is the only offline wallet to pass all 26 Dieharder tests to ensure secure private key generation.
* Customizable: Plug in a display, mouse, and keyboard and customize Piper to do whatever you want. It's Linux-based, open source, and powered by the Raspberry Pi. You can even use your own printer!

 

=== [[TREZOR]] The Bitcoin Safe ===
[http://bitcointrezor.com BitcoinTrezor.com]
[[File:Trezor-tx.jpg|300px|thumb|left|Confirming transaction with TREZOR]]

[http://bitcointrezor.com/faq/ FAQ @BitcoinTrezor.com]

[[TREZOR]] is a secure bitcoin storage and a transaction signing tool.

The private keys generated by the device never leave it and cannot be accessed by a malware. Thanks to a limited USB protocol only a payment template can be sent into the device (address and amount) which then has to be confirmed by a physical user interaction (visual verification of the transaction details and pressing the confirmation button).

[[TREZOR]] uses a deterministic wallet structure which means it can hold an unlimited number of keys (BIP32).

A recovery seed is generated when the device is initialized. In case it gets lost or stolen, all it's contents can be recovered using the seed (private keys, bitcoin balance and transaction history) into a new device or another BIP39 compatible wallet.

[[TREZOR]] introduced a unique way of PIN entering preventing keyloggers from recording it even when entered on a compromised computer.

An encryption passphrase can be set on top of the PIN protection. More passphrases can be used for plausible deniability.

 

=== Pi Wallet - cold storage ===
[[File:Piwallet.jpeg|300px|thumb|left|Pi-Wallet]]
[http://www.pi-wallet.com/ Pi-Wallet Shop]

[http://www.pi-wallet.com/pages/what-is-pi-wallet Further informations about Pi-Wallet]

The Pi-Wallet is comparable to an offline Notebook.

However it combines all features of the Armory bitcoin client (e.g. offline transaction signing) with the advantages of a tiny computer.

To sign offline-transaction you will need an (unused) USB stick.

 

== Not purchasable hardware wallets ==

=== BitcoinCard Megion Technologies-Card based wallet ===
[[File:Bitcoincard-medley-large.jpg|400px|thumb|left|Bitcoin Card]]
[http://www.bitcoincard.org/ Bitcoincard Home Page]

[http://blog.bitinstant.com/blog/2012/6/19/our-discovery-in-vienna-the-bitcoin-card.html Excellent review by evoorhees]

Incorporates a e-paper display, keypad, and radio (custom ISM band protocol.) Unfortunately it is fairly limited in terms of transaction I/O, requiring a radio gateway or another bitcoincard wherever funds need to be transferred.

 

=== BitSafe - allten/someone42's hardware wallet ===
[[File:Bitsafe-wallet-sizecompare.jpg|200px|thumb|left|Bitsafe wallet]]
[https://bitcointalk.org/index.php?topic=127587.0 BitSafe Hardware Wallet Development - BOM Ready - 50 kits being prepared]

Signing transactions only, requires USB host software for transactions & USB power. Has a OLED display and Confirm/Cancel buttons. Evolved out of someone42's prototype below, and has significant contributions from someone42 as well.
 
=== someone42's original prototype ===
[[File:Someone42-wallet-prototype.jpg|300px|thumb|left|someone42's original prototype]]
[https://bitcointalk.org/index.php?topic=78614.0 Hardware Bitcoin wallet - a minimal Bitcoin wallet for embedded devices]

Signing transactions only, requires USB host software for transactions & USB power. All work is rolled into the above BitSafe wallet currently.
 
=== BTChip btchip USB based transaction signer and private key holder ===
[[File:Btchip-wallet.jpg|300px|thumb|left|BTChip]]
[https://bitcointalk.org/index.php?topic=134999.0 ANN Smartcard wallet project + btchip implementation (no reader required)]

[http://www.btchip.com www.btchip.com]

USB smartcard dedicated to bitcoins, no keypad or display so trust in the host device is required. An improvement has been implemented that uses a secret value known to the user during the transaction for additional security.
 
=== Other/Defunct but with good discussion: ===
* natman3400's BitClip Jun 2011 [https://bitcointalk.org/index.php?topic=24852.0 https://bitcointalk.org/index.php?topic=24852.0]
:Seems to have gone defunct around Dec 2011. Some good ideas though and seemed to have started on execution.
* jim618 hardware wallet proposal Apr 2012 [https://bitcointalk.org/index.php?topic=77553.0 Dedicated bitcoin devices - dealing with untrusted networks]
:Great discussion and good ideas from jim618. Also linked the following video:
* Prof. Clemens Cap's hardware wallet? (video:)[https://www.youtube.com/watch?v=IavQ-Wc8S1U Clemens Cap about electronic bitcoin wallet at EuroBit]
:Clemens Cap of Uni Rostock explains the Electronic Bitcoin wallet device he's working on. It's based on adafruit microtouch device.
* ripper234's discussion based on Yubikeys Aug 2012 [https://bitcointalk.org/index.php?topic=99492 Having a YUBIKEY as one of the parties for m-of-n signatures]
:The use of Yubikeys. They only support symmetric crypto, so you'd have to trust the host device.
* kalleguld's hardware wallet proposal Oct 2012 [https://bitcointalk.org/index.php?topic=115294.0 Proposal: Hardware wallet (Win 3 BTC)]
* Vaporware: Matthew N Wright's ellet [https://bitcointalk.org/index.php?topic=85931.0 ANN The world's first handheld Bitcoin device, the Ellet!] (Vaporware)

== Smart Card based wallets ==
This type of device requires complete trust in the host device, as there is no method for user input.
See [[Smart card wallet]]

== Related Resources ==
* slush's Hardware wallet wire protocol discussion: [https://bitcointalk.org/index.php?topic=125383.0 Hardware wallet wire protocol]
* kjj's Todo List discussion for client protocol requirements: [https://bitcointalk.org/index.php?topic=19080.msg272348#msg272348 in topic Re: Split private keys]
* paybitcoin's original post: [https://bitcointalk.org/index.php?topic=134277.0 Hardware Wallet Roundup]
* [https://bitcointalk.org/index.php?topic=135090.0 This thread] about editing this very wiki entry.
* Various Hardware Wallets and Reviews: [http://www.offlinewallets.com/hardware-wallets Offline Hardware Wallets]

[[Category:Security]]
[[Category:Wallets]]
[[Category:Hardware]]

File:Piper.jpg

2014-07-23T03:02:46Z

Glitch003: A photo of the Piper Wallet paper wallet printer device

== Summary ==
A photo of the Piper Wallet paper wallet printer device
== Licensing ==
{{self|GFDL|cc-by-sa-all|migration=redundant}}

Hardware wallet

2014-07-23T02:59:42Z

Glitch003:

A '''hardware wallet''' is a device that stores a part of a user's [[wallet]] securely in mostly-offline hardware. They have major advantages over other wallet types:

* the key is often stored in a protected area of a microcontroller, and cannot be transferred out of the device in plaintext
* immune to computer viruses that steal from software wallets
* can be used securely and interactively, as opposed to a [[paper wallet]] which must be imported to software at some point
* much of the time, the software is open source, allowing a user to validate the entire operation of the device

This page is an attempt to summarize all the known developments of hardware wallets that can use Bitcoin as part of their operation.

== Purchasable hardware wallets ==

=== Piper - Standalone bitcoin paper wallet printer ===
[http://www.piperwallet.com PiperWallet.com]

Piper is the easiest way to store bitcoin and other cryptocurrencies securely.

* Easy: Simply press the button to print a new paper wallet. You can choose to have Piper store your keys. Backup is as easy as plugging in a USB drive.
* Secure: Paper wallets are the most secure way to store your Bitcoin. Piper is the only offline paper wallet printer to pass all 26 Dieharder tests to ensure secure private key generation.
* Customizable: Plug in a display, mouse, and keyboard and customize Piper to do whatever you want. It's Linux-based, open source, and powered by the Raspberry Pi. You can even use your own printer!

 

=== [[TREZOR]] The Bitcoin Safe ===
[http://bitcointrezor.com BitcoinTrezor.com]
[[File:Trezor-tx.jpg|300px|thumb|left|Confirming transaction with TREZOR]]

[http://bitcointrezor.com/faq/ FAQ @BitcoinTrezor.com]

[[TREZOR]] is a secure bitcoin storage and a transaction signing tool.

The private keys generated by the device never leave it and cannot be accessed by a malware. Thanks to a limited USB protocol only a payment template can be sent into the device (address and amount) which then has to be confirmed by a physical user interaction (visual verification of the transaction details and pressing the confirmation button).

[[TREZOR]] uses a deterministic wallet structure which means it can hold an unlimited number of keys (BIP32).

A recovery seed is generated when the device is initialized. In case it gets lost or stolen, all it's contents can be recovered using the seed (private keys, bitcoin balance and transaction history) into a new device or another BIP39 compatible wallet.

[[TREZOR]] introduced a unique way of PIN entering preventing keyloggers from recording it even when entered on a compromised computer.

An encryption passphrase can be set on top of the PIN protection. More passphrases can be used for plausible deniability.

 

=== Pi Wallet - cold storage ===
[[File:Piwallet.jpeg|300px|thumb|left|Pi-Wallet]]
[http://www.pi-wallet.com/ Pi-Wallet Shop]

[http://www.pi-wallet.com/pages/what-is-pi-wallet Further informations about Pi-Wallet]

The Pi-Wallet is comparable to an offline Notebook.

However it combines all features of the Armory bitcoin client (e.g. offline transaction signing) with the advantages of a tiny computer.

To sign offline-transaction you will need an (unused) USB stick.

 

== Not purchasable hardware wallets ==

=== BitcoinCard Megion Technologies-Card based wallet ===
[[File:Bitcoincard-medley-large.jpg|400px|thumb|left|Bitcoin Card]]
[http://www.bitcoincard.org/ Bitcoincard Home Page]

[http://blog.bitinstant.com/blog/2012/6/19/our-discovery-in-vienna-the-bitcoin-card.html Excellent review by evoorhees]

Incorporates a e-paper display, keypad, and radio (custom ISM band protocol.) Unfortunately it is fairly limited in terms of transaction I/O, requiring a radio gateway or another bitcoincard wherever funds need to be transferred.

 

=== BitSafe - allten/someone42's hardware wallet ===
[[File:Bitsafe-wallet-sizecompare.jpg|200px|thumb|left|Bitsafe wallet]]
[https://bitcointalk.org/index.php?topic=127587.0 BitSafe Hardware Wallet Development - BOM Ready - 50 kits being prepared]

Signing transactions only, requires USB host software for transactions & USB power. Has a OLED display and Confirm/Cancel buttons. Evolved out of someone42's prototype below, and has significant contributions from someone42 as well.
 
=== someone42's original prototype ===
[[File:Someone42-wallet-prototype.jpg|300px|thumb|left|someone42's original prototype]]
[https://bitcointalk.org/index.php?topic=78614.0 Hardware Bitcoin wallet - a minimal Bitcoin wallet for embedded devices]

Signing transactions only, requires USB host software for transactions & USB power. All work is rolled into the above BitSafe wallet currently.
 
=== BTChip btchip USB based transaction signer and private key holder ===
[[File:Btchip-wallet.jpg|300px|thumb|left|BTChip]]
[https://bitcointalk.org/index.php?topic=134999.0 ANN Smartcard wallet project + btchip implementation (no reader required)]

[http://www.btchip.com www.btchip.com]

USB smartcard dedicated to bitcoins, no keypad or display so trust in the host device is required. An improvement has been implemented that uses a secret value known to the user during the transaction for additional security.
 
=== Other/Defunct but with good discussion: ===
* natman3400's BitClip Jun 2011 [https://bitcointalk.org/index.php?topic=24852.0 https://bitcointalk.org/index.php?topic=24852.0]
:Seems to have gone defunct around Dec 2011. Some good ideas though and seemed to have started on execution.
* jim618 hardware wallet proposal Apr 2012 [https://bitcointalk.org/index.php?topic=77553.0 Dedicated bitcoin devices - dealing with untrusted networks]
:Great discussion and good ideas from jim618. Also linked the following video:
* Prof. Clemens Cap's hardware wallet? (video:)[https://www.youtube.com/watch?v=IavQ-Wc8S1U Clemens Cap about electronic bitcoin wallet at EuroBit]
:Clemens Cap of Uni Rostock explains the Electronic Bitcoin wallet device he's working on. It's based on adafruit microtouch device.
* ripper234's discussion based on Yubikeys Aug 2012 [https://bitcointalk.org/index.php?topic=99492 Having a YUBIKEY as one of the parties for m-of-n signatures]
:The use of Yubikeys. They only support symmetric crypto, so you'd have to trust the host device.
* kalleguld's hardware wallet proposal Oct 2012 [https://bitcointalk.org/index.php?topic=115294.0 Proposal: Hardware wallet (Win 3 BTC)]
* Vaporware: Matthew N Wright's ellet [https://bitcointalk.org/index.php?topic=85931.0 ANN The world's first handheld Bitcoin device, the Ellet!] (Vaporware)

== Smart Card based wallets ==
This type of device requires complete trust in the host device, as there is no method for user input.
See [[Smart card wallet]]

== Related Resources ==
* slush's Hardware wallet wire protocol discussion: [https://bitcointalk.org/index.php?topic=125383.0 Hardware wallet wire protocol]
* kjj's Todo List discussion for client protocol requirements: [https://bitcointalk.org/index.php?topic=19080.msg272348#msg272348 in topic Re: Split private keys]
* paybitcoin's original post: [https://bitcointalk.org/index.php?topic=134277.0 Hardware Wallet Roundup]
* [https://bitcointalk.org/index.php?topic=135090.0 This thread] about editing this very wiki entry.
* Various Hardware Wallets and Reviews: [http://www.offlinewallets.com/hardware-wallets Offline Hardware Wallets]

[[Category:Security]]
[[Category:Wallets]]
[[Category:Hardware]]