Paper wallets launched for Cardano: Announcing Daedalus 0.10.0 and Cardano 1.2.0 release


#1

IOHK is pleased to announce the release of Daedalus 0.10.0 and Cardano 1.2.0, which will be delivered through the auto-update systems and users will receive a notification in Daedalus. The features in this release include paper wallets, allowing users to store their funds securely offline. The paper wallets contain a 27-word recovery phrase, of which the first 18 words are printed automatically on the certificate and the remaining 9 words the user writes by hand. This improves security because the printed certificate, which could be cached by the printer or compromised in some other way, does not include everything needed to restore the wallet. Paper wallets can also be restored and brought back online with Daedalus.

For Daedalus, there is now a new support page in ‘Settings’. This page includes links for accessing the FAQ with solutions to known issues, access to a form for sending support requests and a link for downloading logs. Clicking the ‘bug’ icon in the sidebar no longer opens the form for sending support requests but takes the user to this page instead.

For Cardano 1.2.0, a new and improved version of the wallet API is now available for cryptocurrency exchanges and other parties. This makes the previous V0 version obsolete. Everyone using this API is encouraged to switch to the new version. Documentation for both versions is available at https://cardanodocs.com/technical/wallet/api. Wallet backend performance has also been improved, especially for retrieving wallets using the API endpoint.

Team IOHK


#2

Superb! thanks for the hard work
you girls and boys are the best out there ! we love you!


#3

Hi

Is having a paper wallet the best way to securely store Ada?

Is it much more secure than just having it stored in daedalus?


2018年6月15日-卡尔达诺基金会通讯
カルダノ財団ニュースレター - 2018年6月15日
[뉴스레터] 카르다노 재단 뉴스 레터 - 2018 년 6 월 15 일
15.6.18 - Cardano Foundation Newsletter
#4

Hi!

The main difference from having it stored “in Daedalus” is that paper-wallets are “cold” meaning that your secret keys are not stored on a computer, which means there’s no internet access to it.

When you “keep you ADA in Daedalus” (meaning - you have your wallet restored and available in Daedalus) - then your secret keys to this wallet are stored on the computer. If you have a spending password - then you keys are encrypted, but still stored on the computer. A little time ago there was some discussions on this forum and in telegram groups about how hackers can potentially steal Daedalus files, acquiring access your secret keys, and this is exactly why it is important to have a spending key to all Daedalus wallets. And the safer those passwords are - the harder it will be for hackers to get access to actual keys.

When people don’t want to have constant access to their wallet, but maybe only have it as a store of value and as an address where to send coins - they don’t want to risk having their keys constantly on their computer. And there’s a way how people solved this - you just create your wallet, write down your secret words, store your receiving address somewhere and delete this wallet from Daedalus. This way you have a completely cold wallet - there’s an address where you can deposit coins, and there’s secret key that you can use anytime to get back access to spending those coins on this address.

The paper-wallet is just a bit more official and a bit more secure way to do the second option :slight_smile: The way paper-wallets are generated - your secret words are never shows on the screen in their entirety and they never once stored on the hard-drive, and there’s never even a wallet as is in the Daedalus, until you decide to restore it from its paper form.


Sending ADA to paper wallet vs Staking
#5

Now that is what you call an Answer!!
Thanks my man, that’s the second time today. :grinning:

@vantuz-subhuman

Keep up the great work


#6

Thanks for the detailed explanation. Just how vulnerable is printing the certificate on a printer? I heard stories of printer memories being scanned. I am assuming printers have RAM and can be flushed with a reset, but I’d rather get your opinion.


#7

That’s why Cardano paper wallet prints only 18 words out of 27, and the rest you need to fill manually.

Printing Cardano paper wallet is safe )


#8

So is there a concern of even with this feature, a super computer can still brute force the 9 mnemonic remaining words… What’s your take on this?


#9

And what if there’s a super-duper computer O_O From CIA… and they are working with aliens

image

:slight_smile:

  1. Read about BIP39 security
  2. Relax
  3. Worry some more
  4. Calculate 2048^9
  5. Relax
  6. Be paranoid
  7. Google “Existing super-computers hash power” at 3am
  8. Google “Existing super-computer owners”
  9. Feel like Mulder and look for CIA thru window blinds
  10. Then lose your paper-wallet with all 27 words just by being stupid, in a trash or something
  11. ???
  12. Profit

My take is that I will go tomorrow to a public printing service with a USB stick and ask an employee there to print me out some paper-wallets with a colour-printer on some nice paper :slight_smile:

UPD:

For those who are too lazy to calculate 2048^9, here it is :slight_smile: Trying to brute-force 9 mnemonics would take 78509642000000000 YEARS at 1000 combinations per second (completely ignoring wrong check-sum combinations, even tho those also take some time to process).

Now try to adjust combinations-per-second variable to see how significantly that would change number of YEARS required for a hack :smiley: (note that this is combinations per second, and not CPU “operations per second”. Checking a single combination for a positive balance takes a lot of computer time.)


#10

Wow thats a lot of years @vantuz-subhuman
This post has filled me with confidence and I will be setting up my PW at the weekend.

Now there is the paranoia of where to keep lol


#11

Can we hope for a Linux update also?


#12

The most legit question ever asked :slight_smile: And everyone has to answer it for themselves.


#13

Linux version was planned to be publicly released along with the 1.2 update, but it’s still not available on the official website. I’m looking out for some info, but I reckon it should be available some time soon also in the version 0.10 (1.2)


#14

@IOHK_Laurie Just a heads-up if your generating a paper wallet, the first paper wallet I created the address of the wallet was printed on 3 lines, the third line just had a centered ‘g’ on it. I would never have noticed the address was not complete without that single ‘g’ if I had not checked with the QR code on the wallet. Simply did not notice it beforehand.
So just a heads-up if copy & pasting the wallet address when moving funds to “get it all”.

Second wallet I generated did not have the issue, so I am guessing its the formatting of the wallet is a bit too tight, and if the wallet address contain a certain number of capital letters you risk ending up with a lonely letter on a third line of the address shown.

(I have now also reported this problem via the bug report in the wallet)


#15

wallet you are trying to restore already exists


#16

Thank you for the great response, do you happen to know the dictionary size used by Cardano?


#17

Cardano used standard BIP39 with 2048 word dictionary. That’s why total number of possible combinations with 9 words is ~ ((2048^9) / 256)

Details: https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki


#18

If you have your 12 words available:

  1. Close Daedalus
  2. Delete %appdata%\Daedalus directory
  3. Open Daedalus again, sync, and restore

#19

When Daedalus shows those 9 words, are they stored in computer’s RAM and erased on the next reboot? Also, it looks like you need a client connected to the internet to generate the paper wallet…


#20

Thanks for your feedback and also submitting this problem via the bug report in the wallet. This will help our technical support team to look into the issue with as much as information as possible.