
PaperCoin - paper offline Bitcoin wallets - stickac
http://papercoin.org/
======
jimrandomh
Using a Bitcoin address provided by a web site to store your coins is
Extremely Unwise. You would be giving the owners of that site the power to
steal your money later.

Promoting a site which gives a small convenience in exchange for the power to
steal your Bitcoins is _not okay_. Even if the site's original creators are
trustworthy, it can be broken into and perverted. You risk creating a repeat
of MyBitcoin (an "online wallet service" run anonymously that predictably ran
off with everyone's deposits).

~~~
niggler
To be fair, at the bottom of the page he links to source and a zip that you
can use to run internally if you so desire.

If it concerns you, then run it on your own machine.

~~~
nwh
The generation could still be deterministic in some way. I haven't looked over
the code yet, so I don't know.

Even if it is securely created, there's nothing stopping the code being
modified to some clients.

~~~
DoubleMalt
It would be neat to have something like this as JS application. Of course
again you have to check the code or trust the author, but I think an audit
would be possible.

~~~
stickac
This of course is JavaScript application. And it is downloadable and locally
runnable (read footer on the website).

~~~
DoubleMalt
Great! Sorry for not checking.

------
patio11
I hate dinging hobby projects, but then it's Bitcoin and people seem to be
actually trusting hobby projects with non-trivial fractions of their
(extremely notional) net worth, so I'll just point out that transferring a
public/private key pair which allows people to spend money together over HTTP
is not a security best practice.

~~~
subway
This appears to generate the wallet in your browser, so the key is never sent
over HTTP.

That said, I still have difficulty trusting hobby crypto.

~~~
sltkr
That's true, but the code that generates the wallet is still sent over HTTP,
so there is an opportunity for an attacker to insert malicious code. It would
be a lot better if this was served over HTTPS, but then you still need to
trust the author.

~~~
stickac
You can still download the code (as ZIP archive from github) and run it
locally.

------
gojomo
Note that <http://bitaddress.org> was the pioneer in this field.

Bitaddress.org has more options, and includes all necessary code in a single
.HTML file. So if you download it to run it locally/offline -- _as you should_
\-- whether you grab it from your browser, or from the Bitaddress github
project, there's just one file and hash to check against the published hash
from others who have reviewed the code.

Papercoin adds the 'printer' graphics and the folding-friendly layout, but
trust should be the top quality in any such utility, since private key secrecy
is everything.

------
zrail
Safari gets redirected to a URL like this: blob:<http://papercoin.org/some-
big-hash>

This, of course, doesn't work. When I try to remove the "blob:" it throws a
404.

Edit: works in Chrome, just not in Safari. Neat idea!

~~~
stickac
It seems this is a bug in jsPDF - the same happens with their basic example. I
might look into that, but for now please use Chrome/Firefox.

~~~
mlbmlb
In Opera it opens a new tab with: papercoin.org/undefined

~~~
stickac
Yep, same kind of error ... :(

------
shazow
There seems to be some confusion about this project, so I'll try to explain:
PaperCoin creates paper Bitcoin gift cards. You put money on the address, then
you give the private key to whoever, and now they own the wallet. (Correct me
if I'm wrong, I'm not the author.)

It all happens client-side using jsPDF, and you can run it locally by
downloading the .zip in the footer.

It's really not meant to replace any financial infrastructure. It's just a
novelty thing. Don't use this to store your life's savings, or anything unless
you understand the risks. Who knows, maybe it will inspire the next person
build something cool in a further direction.

I like it. The design is pretty swell too. Good job.

~~~
joosters
The design may be swell, shame they didn't care enough to include useful
instructions or explanations in that design!

------
gnosis
Some related apps:

optar - <http://ronja.twibright.com/optar/>

PaperBak - <http://ollydbg.de/Paperbak/>
<https://en.bitcoin.it/wiki/WalletPaperbackup>

~~~
fosap
Have you experience with paperback?

I tried optar and did everything wrong i could find. I upscaled with gimp,
upscaled not by a natural number, used a horrible laser printer with lots of
artifacts, gray, thin, checkered recycling paper, folded it and it still
worked. I was stunned. The decoder seems to be quite good, it can handle
distortion reasonably well.

But it was only 50kB per page.

How does it compare to paperbak?

~~~
gnosis
I also only have experience with optar, which worked for me. However, here are
some reviews of PaperBak:

[http://www.codinghorror.com/blog/2009/07/the-paper-data-
stor...](http://www.codinghorror.com/blog/2009/07/the-paper-data-storage-
option.html)

[http://www.extremetech.com/extreme/134427-a-paper-based-
back...](http://www.extremetech.com/extreme/134427-a-paper-based-backup-
solution-not-as-stupid-as-it-sounds)

------
sturmeh
Am I the only person who can't follow the instructions?

What is the finished product supposed to look like?

~~~
raimue
I am not a Bitcoin user and I also don't get it. Could anyone else please
explain what this hash on the piece of paper is? Is this an address used to
send Bitcoins to?

~~~
stickac
Sequence starting with "1" together with the QR code are the Bitcoin address
where you can send Bitcoins to. Sequence starting with "5" inside of the
wallet is the private key, which you use to redeem the funds sent to the
address in the first step.

~~~
watt
exactly HOW do you redeem the funds sent to address in the first step?

~~~
stickac
For example Electrum client (electrum.org) allows you to import these keys. Or
you can use MtGox Redeem code feature. I'm pretty sure other clients and web
wallets have also this functionality.

------
sliverstorm
Why would the receiving party trust that they are receiving the amount
promised? The paper itself holds no value, and as clearly both the "buyer" and
"seller" are privy to the wallet access code, the "buyer" could simply put 0
BTC in the wallet, or remove it at a later date.

~~~
wmf
Given a public key you can look up the balance in the blockchain. Casascius
has a cool system where the private key is hidden behind a tamper-evident
hologram so you can be sure money hasn't been removed, but obviously that's
not a DIY option.

~~~
sliverstorm
Of course they can check at the point of sale, but times where paper money is
most useful and times where you have immediate access to the blockchain do not
exactly overlap. If they can check right then and there, might as well just do
it electronically and skip the paper.

My point is basically that paper money is a store of value while these "paper
bitcoins" are a _proxy_ for a store of value, which introduces problems. It's
almost like a fiat currency backed by bitcoin, except it has none of the
governmental power used to make fiat currencies work.

~~~
wmf
Yeah, I don't think paper Bitcoins are useful for trade. I think they're more
useful to keep private keys from getting stolen.

------
songzme
I have a hard time following the origami. After folding 1-2-3-4, I have a
retangular cube. How am I supposed to accomplish fold #5? Sorry for being
dense, not an origami guy. Anyone got a pic how how it's supposed to look
like?

~~~
stickac
Fold 180 degrees. Not 90.

------
anigbrowl
I can't help noting the irony in reverting to to paper cash; I figure it can
only be a matter of time before I see a case titled 'United States vs. 2633.5
Bitcoins.'

------
epylar
How is this randomized? I notice the generating javascript is sent in the
clear (HTTP).

------
aj700
Does/will bitcoin make Cypriot (or anyone's) capital controls ineffective?

~~~
wmf
Not if you wait until after capital controls have been introduced, because
then you have no way to convert your EUR to BTC.

~~~
aj700
You can amass cash in Euros by slowly withdrawing it from chas machines then
instead of leaving the country with the cash, you can use a local bitcoin
trader to buy bitcoins with it, then turn them back into normal currency when
you have left the country.

------
uokyas
so basically bills?

------
drivebyacct2
Yeah, I love the web and webapps, but generating paper wallets is still
something I prefer to do with a native app running in Tails or something
similarly secure to avoid eavesdropping or other leakage of the private key.

