Two-factor paper wallet: Difference between revisions
No edit summary |
old outdated idea, added link to mnemonic phrases page |
||
Line 1: | Line 1: | ||
'''This is an old idea which is much better implemented by [[Mnemonic_phrase#Two-Factor_Mnemonic_Phrases|Two-factor mnemonic phrases]]''' | |||
I believe it was Casascius that [https://bitcointalk.org/index.php?topic=56414.0 first talked about the idea] of a "2 factor paper wallet". TL;DR - it's a system to securely generate BTC addresses given the risk of any particular machine being injected with trojans. | I believe it was Casascius that [https://bitcointalk.org/index.php?topic=56414.0 first talked about the idea] of a "2 factor paper wallet". TL;DR - it's a system to securely generate BTC addresses given the risk of any particular machine being injected with trojans. | ||
Revision as of 14:43, 12 November 2017
This is an old idea which is much better implemented by Two-factor mnemonic phrases
I believe it was Casascius that first talked about the idea of a "2 factor paper wallet". TL;DR - it's a system to securely generate BTC addresses given the risk of any particular machine being injected with trojans.
(If you can find the original discussion, that would be great)
See also this BIP.
How it works
- Trusted 3rd party generates a key pair (Private_1, Public_1), and sends them to you in the form of laminated paper. Public_1 is derivable from Private_1. The keys are deleted after sending.
- You generate an addition key pair (Private_2, Public_2) on your own machine.
- You cryptographically combine Public_1 and Public_2 and get Public_final - a Bitcoin address.
- You transfer BTC into Public_final
- At a later time, when you want to withdraw funds from it, you combine Private_1 and Private_2 to get Private_final, and withdraw.
The point of the system is that an attacker would have to break into both your systems in order to withdraw funds. It is a way to securely store Bitcoins even if your system potentially contains trojans, without trusting a 3rd party. This scheme can in fact be done with N parties, with each additional part just adding security to the system (suspect Party1 is a CIA snitch? That's ok, because all it takes for this to be secure is one secure party).