|
Title: Is there a security risk in reusing paper wallets? Post by: tss on January 07, 2016, 05:08:04 PM I would like to know if there's a security risk in reusing paper wallets?
Both ways. Is it risky to send multiple transactions to the paper wallet? How so? Why? After a paper wallet has been swept, is it safe to keep using it again (put more coin on it)? How so? Why? Title: Re: Is there a security risk in reusing paper wallets? Post by: gentlemand on January 07, 2016, 05:17:39 PM I think the sole issue is exposing the private key to the interweb when you sweep it. I'm unfamiliar with how stuff like Trezor works but perhaps it bypasses that risk. Nowt wrong with sending multiple transactions to it. It's the taking out that might sting.
Title: Re: Is there a security risk in reusing paper wallets? Post by: siameze on January 07, 2016, 05:20:33 PM You can, assuming you didn't expose your private keys. Although address reuse is generally discouraged.
See: https://en.bitcoin.it/wiki/Address_reuse Title: Re: Is there a security risk in reusing paper wallets? Post by: AtheistAKASaneBrain on January 07, 2016, 05:24:28 PM It's bad for your privacy, as people could in theory know that you are storing money in a single address, that's why you should get as many news addresses as possible (for each transaction). I can't wait until the new BIP47 makes it all easier and we don't need to keep creating new addresses each time to retain privacy which is a pain in the ass.
Title: Re: Is there a security risk in reusing paper wallets? Post by: tss on January 07, 2016, 07:05:13 PM I think the sole issue is exposing the private key to the interweb when you sweep it. I'm unfamiliar with how stuff like Trezor works but perhaps it bypasses that risk. Nowt wrong with sending multiple transactions to it. It's the taking out that might sting. how is the private key exposed? hypothetically if i were on the same lan as the device doing the sweep.. would i be able to sniff out the key? Title: Re: Is there a security risk in reusing paper wallets? Post by: helloeverybody on January 07, 2016, 07:08:02 PM Ive always kind of wondered about this too, whats the difference in privacy if i saend 1 btc to a paper wallet or send 1 btc to my phone wallet. You can see both transactions on the blockchain can you not?
Title: Re: Is there a security risk in reusing paper wallets? Post by: AgentofCoin on January 07, 2016, 07:13:41 PM I think the sole issue is exposing the private key to the interweb when you sweep it. I'm unfamiliar with how stuff like Trezor works but perhaps it bypasses that risk. Nowt wrong with sending multiple transactions to it. It's the taking out that might sting. how is the private key exposed? hypothetically if i were on the same lan as the device doing the sweep.. would i be able to sniff out the key? Simply, when you expose the private key at any time, on any computer, connected to internet or not, the fact that you have now "revealed" your private key, is the issue everyone is addressing. The purpose of a paper wallet is that the private key is not stored in a wallet program or ever used on a computer. Your private key is only on that piece of paper and is entirely safe from any computer "thief". As soon as you use the private key to make a transaction, now you are potentially exposed to hackers/malware/etc. For that reason, it is recommend to use a different address each time, because you private key may have been exposed. There are two possible ways of exposure, (1) from malware or hackers, and (2) from address reuse to the point of being able to backwards engineer your private key. (min 30 internal output address transactions) So basically, that is why you are recommended to transfer any remaining bitcoins to a new paper wallet. Title: Re: Is there a security risk in reusing paper wallets? Post by: helloeverybody on January 07, 2016, 07:16:15 PM I think the sole issue is exposing the private key to the interweb when you sweep it. I'm unfamiliar with how stuff like Trezor works but perhaps it bypasses that risk. Nowt wrong with sending multiple transactions to it. It's the taking out that might sting. how is the private key exposed? hypothetically if i were on the same lan as the device doing the sweep.. would i be able to sniff out the key? Simply, when you expose the private key at any time, on any computer, connected to internet or not, the fact that you have now "revealed" your private key, is the issue everyone is addressing. The purpose of a paper wallet is that the private key is not stored in a wallet program or ever used on a computer. Your private key is only on that piece of paper and is entirely safe from any computer "thief". As soon as you use the private key to make a transaction, now you are potentially exposed to hackers/malware/etc. For that reason, it is recommend to use a different address each time, because you private key may have been exposed. There are two possible ways of exposure, (1) from malware or hackers, and (2) from address reuse to the point of being able to backwards engineer your private key. (min 30 internal address transactions) So, basically, that is why you are recommended to transfer any remaining bitcoins to a new paper wallet. So when the private key is exposed it doesnt make it easier to hack from the outside world it just makes it more likely that you will be hacked due to keyloggers etc? Also you say they will then be able to backwards engineer you private key? what does that involve and whats the likely hood of that? thx Title: Re: Is there a security risk in reusing paper wallets? Post by: AgentofCoin on January 07, 2016, 07:20:30 PM Ive always kind of wondered about this too, whats the difference in privacy if i saend 1 btc to a paper wallet or send 1 btc to my phone wallet. You can see both transactions on the blockchain can you not? On the phone wallet, your private key is stored on the phone and is potentially exposed to malware/virus/hackers on your phone. This is why it is advised to store a low about of bitcoins on your phone, and store the rest on a computer wallet, offline or cold storage. On the paper wallet, your private key is only on that piece of paper and is potentially exposed to natural events (fire,flood,physical theft). There is no real difference in privacy. You can see both transaction on the blockchain, but that is irrelevant as to how their private key is stored. Title: Re: Is there a security risk in reusing paper wallets? Post by: AgentofCoin on January 07, 2016, 07:25:44 PM ... So when the private key is exposed it doesnt make it easier to hack from the outside world it just makes it more likely that you will be hacked due to keyloggers etc? Also you say they will then be able to backwards engineer you private key? what does that involve and whats the likely hood of that? thx Yes, it makes it more likely for loss, because of things like keyloggers and such. Private keys are safe and can not be hacked. Only you can be hacked and as a result, eventually reveal your private key. When it comes to backward engineering your private key from address reuse, this is based on what I have read previously. Another forum member who is an expert can expand and explain it more properly than I. My understanding, is that the more you reuse an address, the higher a chance for a hacker to "figure out" your private key. My understanding, is that it isn't simple and would take a good amount of resources and time to do so. My understanding, is that they are able to "figure out" your private key, by finding patterns from your multiple transactions out of that address. My understanding, is that the minimum about of transactions out of your wallet a hacker would need is about 30 individual outputs. But ultimately, if you kept your address reuse to below 29 transactions, out of that address, you are very safe. |