I'm happy to help with secure paper wallet support. Bitcoin core is already
used offline by the Glacier Protocol, though there's no official offline
support.

I extended the Glacier Protocol with an extra password derivation function.
I used Scrypt with 2GB RAM requirement, though maybe using Argon2id V1.3
would be better.

Also I'd prefer using BIP45 Multisig HD Wallets over a multisig address, as
in the current Glacier Protocol implementation the redeem key is public
because of the test withdrawal transaction.

On Sat, Sep 30, 2017 at 6:49 AM, Jonas Schnelli via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:

>
> > Hi,
> >
> > I'm writing to suggest and discuss the addition of paper wallet
> > functionality in bitcoin-core software, starting with a single new RPC
> > call: genExternalAddress [type].
> >
>
> AFAIK, client implementations such as your proposal are off-topic for this
> ML.
> Better use bitcoin-core-dev (ML or IRC) or Github (bitcoin/bitcoin) for
> such proposals.
>
>
> > On 09/29/2017 02:03 PM, Luke Dashjr wrote:
> > Paper wallets are a safety hazard, insecure, and generally not advisable.
> >
>
> I have to agree with Luke.
> And I would also extend those concerns to BIP39 plaintext paper backups.
>
> IMO, private keys should be generated and used (signing) on a trusted,
> minimal and offline hardware/os. They should never leave the device over
> the channel used for the signing I/O. Users should have no way to view or
> export the private keys (expect for the seed backup). Backups should be
> encrypted (whoever finds the paper backup should need a second factor to
> decrypt) and the restore process should be footgun-safe (especially the
> lost-passphrase deadlock).
>
>
> /jonas
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
>