IOHK is pleased to announce the release of Daedalus 0.10.0 and Cardano 1.2.0, which will be delivered through the auto-update systems and users will receive a notification in Daedalus. The features in this release include paper wallets, allowing users to store their funds securely offline. The paper wallets contain a 27-word recovery phrase, of which the first 18 words are printed automatically on the certificate and the remaining 9 words the user writes by hand. This improves security because the printed certificate, which could be cached by the printer or compromised in some other way, does not include everything needed to restore the wallet. Paper wallets can also be restored and brought back online with Daedalus.
For Daedalus, there is now a new support page in ‘Settings’. This page includes links for accessing the FAQ with solutions to known issues, access to a form for sending support requests and a link for downloading logs. Clicking the ‘bug’ icon in the sidebar no longer opens the form for sending support requests but takes the user to this page instead.
For Cardano 1.2.0, a new and improved version of the wallet API is now available for cryptocurrency exchanges and other parties. This makes the previous V0 version obsolete. Everyone using this API is encouraged to switch to the new version. Documentation for both versions is available at https://cardanodocs.com/technical/wallet/api. Wallet backend performance has also been improved, especially for retrieving wallets using the API endpoint.
The main difference from having it stored “in Daedalus” is that paper-wallets are “cold” meaning that your secret keys are not stored on a computer, which means there’s no internet access to it.
When you “keep you ADA in Daedalus” (meaning - you have your wallet restored and available in Daedalus) - then your secret keys to this wallet are stored on the computer. If you have a spending password - then you keys are encrypted, but still stored on the computer. A little time ago there was some discussions on this forum and in telegram groups about how hackers can potentially steal Daedalus files, acquiring access your secret keys, and this is exactly why it is important to have a spending key to all Daedalus wallets. And the safer those passwords are - the harder it will be for hackers to get access to actual keys.
When people don’t want to have constant access to their wallet, but maybe only have it as a store of value and as an address where to send coins - they don’t want to risk having their keys constantly on their computer. And there’s a way how people solved this - you just create your wallet, write down your secret words, store your receiving address somewhere and delete this wallet from Daedalus. This way you have a completely cold wallet - there’s an address where you can deposit coins, and there’s secret key that you can use anytime to get back access to spending those coins on this address.
The paper-wallet is just a bit more official and a bit more secure way to do the second option The way paper-wallets are generated - your secret words are never shows on the screen in their entirety and they never once stored on the hard-drive, and there’s never even a wallet as is in the Daedalus, until you decide to restore it from its paper form.
Thanks for the detailed explanation. Just how vulnerable is printing the certificate on a printer? I heard stories of printer memories being scanned. I am assuming printers have RAM and can be flushed with a reset, but I’d rather get your opinion.
And what if there’s a super-duper computer O_O From CIA… and they are working with aliens
Read about BIP39 security
Relax
Worry some more
Calculate 2048^9
Relax
Be paranoid
Google “Existing super-computers hash power” at 3am
Google “Existing super-computer owners”
Feel like Mulder and look for CIA thru window blinds
Then lose your paper-wallet with all 27 words just by being stupid, in a trash or something
???
Profit
My take is that I will go tomorrow to a public printing service with a USB stick and ask an employee there to print me out some paper-wallets with a colour-printer on some nice paper
UPD:
For those who are too lazy to calculate 2048^9, here it is Trying to brute-force 9 mnemonics would take 78509642000000000 YEARS at 1000 combinations per second (completely ignoring wrong check-sum combinations, even tho those also take some time to process).
Now try to adjust combinations-per-second variable to see how significantly that would change number of YEARS required for a hack (note that this is combinations per second, and not CPU “operations per second”. Checking a single combination for a positive balance takes a lot of computer time.)
Linux version was planned to be publicly released along with the 1.2 update, but it’s still not available on the official website. I’m looking out for some info, but I reckon it should be available some time soon also in the version 0.10 (1.2)
@IOHK_Laurie Just a heads-up if your generating a paper wallet, the first paper wallet I created the address of the wallet was printed on 3 lines, the third line just had a centered ‘g’ on it. I would never have noticed the address was not complete without that single ‘g’ if I had not checked with the QR code on the wallet. Simply did not notice it beforehand.
So just a heads-up if copy & pasting the wallet address when moving funds to “get it all”.
Second wallet I generated did not have the issue, so I am guessing its the formatting of the wallet is a bit too tight, and if the wallet address contain a certain number of capital letters you risk ending up with a lonely letter on a third line of the address shown.
(I have now also reported this problem via the bug report in the wallet)
When Daedalus shows those 9 words, are they stored in computer’s RAM and erased on the next reboot? Also, it looks like you need a client connected to the internet to generate the paper wallet…
Thanks for your feedback and also submitting this problem via the bug report in the wallet. This will help our technical support team to look into the issue with as much as information as possible.