Can someone tell me what the point of the tamper resistant part is?
I can understand why someone would want an entirely offline wallet... but what's with the tamper proof, hidden private key part? If someone wants to steal the bitcoins, surely they'd just take the wallet itself?
It's not like you're going to flash it around so people can take pictures of it. If you wanted to show people the public key so they could transfer you bitcoins, you could just have the private key and public key on seperate bits of paper so they could keep the public key paper with them?
from bitcoinpaperwallet.com :
> One risk with a paper wallet is that someone with physical access to your wallet may "sneak a peek" at the private key and withdraw your funds without your knowledge.
It's a psychological deterrent for people in your trusted work/home environment. It definitely does nothing to help you with physical theft, muggings, etc. Sad fact that a lot of theft in the world happens between "friends" and close relations.
I want you to consider the following attack:
A thief finds the paper wallet when the user is not present, and opens it. The attacker then scans the public and private keys, and prints another identical copy, by photo-shopping the scanned keys into a new similarly generated paper wallet. He even hand-writes (copies) notes written on the old (ripped) wallet, so when he's done, there's another identical paper wallet and the attacker has the private key on his phone or something. The attacker goes on to spend the funds and the user never knows until months later.
I don't think you've thought this all the way through. The attack you suggest is **no different** to an attacker cloning your credit card. There are many instances where a credit card company won't pay back stolen funds - so if you're stupid enough to lose your paper wallet you may as well kiss the funds goodbye. There isn't much you can do to mitigate a physical attack of a paper wallet (the possible exception being if the private key was encoded with a passphrase).
However, your last point is more than a little ludicrous. For years there have been services that notify you when a transaction is made on an address. You can sign up for a free wallet on blockchain.info, for example, and then add the paper wallet address as "watch only" (no private key needed). Then you turn on notifications, and voila, you'll know the minute the attacker spends the funds.
I think the fellow is still working on it, pouring volatile liquids on it and such. Meanwhile, another person found a beautiful hack that I had to redesign around involving pulling out the fold with some sticky tape. :)
You know what would be cool... A template that fits a standard photo print size, like 6"x4" for example. Maybe that way it could be done without any cutting involved. Load the printer with cheap, thin photo paper, print, fold, stick, and done!
The thing is, the weird "wing" shape of the design that you have to cut out is in fact a security feature. See this thread where "yellowcoin" figured out a sneaky way to reveal the private key without disturbing the tape in an earlier design:
I don't understand why you can't just completely remove the first sticker and then put a new one on top of it, the hologram is opaque so the leftover will blend it in, and when they rip it off again they'll see what they'd assume is the residue from the one sticker.
I think this is a totally valid concern. Have you got a solution? All I can think of right now is having either (1) limited edition stickers that are custom-printed, e.g. have a hologram of an eagle or a coin etc. (so its very difficult to get the same stickers) or (2) having serial numbers on the stickers, or maybe text customized on a per-customer basis. What's your idea?
I think the main point of the holographic sticker is to act as a psychological security barrier, not as 100% tamper or fraud proof protection. Also as Mr Becker points out on his website, a paper wallet should be treated as you would treat cash. Keep it safe and secure.