Using a Bitcoin address provided by a web site to store your coins is Extremely Unwise. You would be giving the owners of that site the power to steal your money later.
Promoting a site which gives a small convenience in exchange for the power to steal your Bitcoins is not okay. Even if the site's original creators are trustworthy, it can be broken into and perverted. You risk creating a repeat of MyBitcoin (an "online wallet service" run anonymously that predictably ran off with everyone's deposits).
It would be neat to have something like this as JS application. Of course again you have to check the code or trust the author, but I think an audit would be possible.
But some hybrid wallets like blockchain.info are so secure.
They do client side encryption, js verifier makes sure any server attacks don't affect the wallets directly, allows user to backup their wallets the way they want, has some redudant backup options, two-factor authentication, and so much more. I don't see a reason why not to trust such wallets.
I agree there have been past instances where the server was comproised and users lost their wallets, but with such hybrid wallets if you are taking regular backups of your wallets you are pretty safe.
I hate dinging hobby projects, but then it's Bitcoin and people seem to be actually trusting hobby projects with non-trivial fractions of their (extremely notional) net worth, so I'll just point out that transferring a public/private key pair which allows people to spend money together over HTTP is not a security best practice.
I don't think you should feel even a hint of remorse, crypto and money are both very serious things. A project with crypto and money at its center is in my mind basically exempt from any margin for error normally associated with a hobby project.
That's true, but the code that generates the wallet is still sent over HTTP, so there is an opportunity for an attacker to insert malicious code. It would be a lot better if this was served over HTTPS, but then you still need to trust the author.
Bitaddress.org has more options, and includes all necessary code in a single .HTML file. So if you download it to run it locally/offline -- as you should -- whether you grab it from your browser, or from the Bitaddress github project, there's just one file and hash to check against the published hash from others who have reviewed the code.
Papercoin adds the 'printer' graphics and the folding-friendly layout, but trust should be the top quality in any such utility, since private key secrecy is everything.
There seems to be some confusion about this project, so I'll try to explain: PaperCoin creates paper Bitcoin gift cards. You put money on the address, then you give the private key to whoever, and now they own the wallet. (Correct me if I'm wrong, I'm not the author.)
It all happens client-side using jsPDF, and you can run it locally by downloading the .zip in the footer.
It's really not meant to replace any financial infrastructure. It's just a novelty thing. Don't use this to store your life's savings, or anything unless you understand the risks. Who knows, maybe it will inspire the next person build something cool in a further direction.
I like it. The design is pretty swell too. Good job.
I tried optar and did everything wrong i could find. I upscaled with gimp, upscaled not by a natural number, used a horrible laser printer with lots of artifacts, gray, thin, checkered recycling paper, folded it and it still worked. I was stunned. The decoder seems to be quite good, it can handle distortion reasonably well.
Follow the instructions and all you end up with is a folded piece of paper. The site doesn't bother to explain what you can do with the paper though. Seems like a significant ommission to me!
I am not a Bitcoin user and I also don't get it. Could anyone else please explain what this hash on the piece of paper is? Is this an address used to send Bitcoins to?
Sequence starting with "1" together with the QR code are the Bitcoin address where you can send Bitcoins to.
Sequence starting with "5" inside of the wallet is the private key, which you use to redeem the funds sent to the address in the first step.
For example Electrum client (electrum.org) allows you to import these keys. Or you can use MtGox Redeem code feature. I'm pretty sure other clients and web wallets have also this functionality.
It's also worth noting that the direction of the fold is always away from the printed side. The black blocks are meant as a security layer which gets folded overtop the key info (so you can't see the keys through the paper) and the final fold followed by taping of the ends together seals everything in with only the QR code and the "Remarks" area showing on the outside.
Why would the receiving party trust that they are receiving the amount promised? The paper itself holds no value, and as clearly both the "buyer" and "seller" are privy to the wallet access code, the "buyer" could simply put 0 BTC in the wallet, or remove it at a later date.
Given a public key you can look up the balance in the blockchain. Casascius has a cool system where the private key is hidden behind a tamper-evident hologram so you can be sure money hasn't been removed, but obviously that's not a DIY option.
Of course they can check at the point of sale, but times where paper money is most useful and times where you have immediate access to the blockchain do not exactly overlap. If they can check right then and there, might as well just do it electronically and skip the paper.
My point is basically that paper money is a store of value while these "paper bitcoins" are a proxy for a store of value, which introduces problems. It's almost like a fiat currency backed by bitcoin, except it has none of the governmental power used to make fiat currencies work.
I have a hard time following the origami. After folding 1-2-3-4, I have a retangular cube. How am I supposed to accomplish fold #5? Sorry for being dense, not an origami guy. Anyone got a pic how how it's supposed to look like?
I can't help noting the irony in reverting to to paper cash; I figure it can only be a matter of time before I see a case titled 'United States vs. 2633.5 Bitcoins.'
You can amass cash in Euros by slowly withdrawing it from chas machines then instead of leaving the country with the cash, you can use a local bitcoin trader to buy bitcoins with it, then turn them back into normal currency when you have left the country.
Yeah, I love the web and webapps, but generating paper wallets is still something I prefer to do with a native app running in Tails or something similarly secure to avoid eavesdropping or other leakage of the private key.
Promoting a site which gives a small convenience in exchange for the power to steal your Bitcoins is not okay. Even if the site's original creators are trustworthy, it can be broken into and perverted. You risk creating a repeat of MyBitcoin (an "online wallet service" run anonymously that predictably ran off with everyone's deposits).