IOHK is pleased to announce the release of Daedalus 0.10.0 and Cardano 1.2.0, which will be delivered through the auto-update systems and users will receive a notification in Daedalus. The features in this release include paper wallets, allowing users to store their funds securely offline. The paper wallets contain a 27-word recovery phrase, of which the first 18 words are printed automatically on the certificate and the remaining 9 words the user writes by hand. This improves security because the printed certificate, which could be cached by the printer or compromised in some other way, does not include everything needed to restore the wallet. Paper wallets can also be restored and brought back online with Daedalus.
For Daedalus, there is now a new support page in āSettingsā. This page includes links for accessing the FAQ with solutions to known issues, access to a form for sending support requests and a link for downloading logs. Clicking the ābugā icon in the sidebar no longer opens the form for sending support requests but takes the user to this page instead.
For Cardano 1.2.0, a new and improved version of the wallet API is now available for cryptocurrency exchanges and other parties. This makes the previous V0 version obsolete. Everyone using this API is encouraged to switch to the new version. Documentation for both versions is available at https://cardanodocs.com/technical/wallet/api. Wallet backend performance has also been improved, especially for retrieving wallets using the API endpoint.
The main difference from having it stored āin Daedalusā is that paper-wallets are ācoldā meaning that your secret keys are not stored on a computer, which means thereās no internet access to it.
When you ākeep you ADA in Daedalusā (meaning - you have your wallet restored and available in Daedalus) - then your secret keys to this wallet are stored on the computer. If you have a spending password - then you keys are encrypted, but still stored on the computer. A little time ago there was some discussions on this forum and in telegram groups about how hackers can potentially steal Daedalus files, acquiring access your secret keys, and this is exactly why it is important to have a spending key to all Daedalus wallets. And the safer those passwords are - the harder it will be for hackers to get access to actual keys.
When people donāt want to have constant access to their wallet, but maybe only have it as a store of value and as an address where to send coins - they donāt want to risk having their keys constantly on their computer. And thereās a way how people solved this - you just create your wallet, write down your secret words, store your receiving address somewhere and delete this wallet from Daedalus. This way you have a completely cold wallet - thereās an address where you can deposit coins, and thereās secret key that you can use anytime to get back access to spending those coins on this address.
The paper-wallet is just a bit more official and a bit more secure way to do the second option The way paper-wallets are generated - your secret words are never shows on the screen in their entirety and they never once stored on the hard-drive, and thereās never even a wallet as is in the Daedalus, until you decide to restore it from its paper form.
Thanks for the detailed explanation. Just how vulnerable is printing the certificate on a printer? I heard stories of printer memories being scanned. I am assuming printers have RAM and can be flushed with a reset, but Iād rather get your opinion.
And what if thereās a super-duper computer O_O From CIAā¦ and they are working with aliens
Read about BIP39 security
Relax
Worry some more
Calculate 2048^9
Relax
Be paranoid
Google āExisting super-computers hash powerā at 3am
Google āExisting super-computer ownersā
Feel like Mulder and look for CIA thru window blinds
Then lose your paper-wallet with all 27 words just by being stupid, in a trash or something
???
Profit
My take is that I will go tomorrow to a public printing service with a USB stick and ask an employee there to print me out some paper-wallets with a colour-printer on some nice paper
UPD:
For those who are too lazy to calculate 2048^9, here it is Trying to brute-force 9 mnemonics would take 78509642000000000 YEARS at 1000 combinations per second (completely ignoring wrong check-sum combinations, even tho those also take some time to process).
Now try to adjust combinations-per-second variable to see how significantly that would change number of YEARS required for a hack (note that this is combinations per second, and not CPU āoperations per secondā. Checking a single combination for a positive balance takes a lot of computer time.)
Linux version was planned to be publicly released along with the 1.2 update, but itās still not available on the official website. Iām looking out for some info, but I reckon it should be available some time soon also in the version 0.10 (1.2)
@IOHK_Laurie Just a heads-up if your generating a paper wallet, the first paper wallet I created the address of the wallet was printed on 3 lines, the third line just had a centered āgā on it. I would never have noticed the address was not complete without that single āgā if I had not checked with the QR code on the wallet. Simply did not notice it beforehand.
So just a heads-up if copy & pasting the wallet address when moving funds to āget it allā.
Second wallet I generated did not have the issue, so I am guessing its the formatting of the wallet is a bit too tight, and if the wallet address contain a certain number of capital letters you risk ending up with a lonely letter on a third line of the address shown.
(I have now also reported this problem via the bug report in the wallet)
When Daedalus shows those 9 words, are they stored in computerās RAM and erased on the next reboot? Also, it looks like you need a client connected to the internet to generate the paper walletā¦
Thanks for your feedback and also submitting this problem via the bug report in the wallet. This will help our technical support team to look into the issue with as much as information as possible.
The way paper-wallets are generated - your secret words are never shows on the screen in their entirety and they never once stored on the hard-drive, and thereās never even a wallet as is in the Daedalus, until you decide to restore it from its paper form.
(note that this is combinations per second, and not CPU āoperations per secondā. Checking a single combination for a positive balance takes a lot of computer time.)