Bitcoin Forum

I have a newly-made paper wallet, and want to practice sweeping it to ensure I have created the correct passphrase. If it is attempted to be swept in an app, and comes up empty, is the private key and passphrase out into the abyss or still safely in my head?

Thanks

If you want a perfectly and fully air-gapped storage method, you should NOT be letting the private key be exposed to any medium that was, is or will be exposed to the internet. If it is exposed to the internet, any malware can get your private key easily.

You can do this with a fully clean phone/linux computer and just wipe it afterwards. The risk will be extremely small if you were to do that.

Even a Chromebook?

i think you use your chromebook to navigate the internet right???
and chromeboock ha an android derivate OS.
If so, it is connected to the internet, and if you store private key on it, you run some risk.

What I'm asking though is, if I use a phone app to sweep the empty wallet just to ensure I have the passphrase right, are the private key and passphrase that I entered now somewhere on the internet or in the app even if I can't see them?

It’s not a given that they’re somewhere on the internet, it just that they risk being stolen by malware whenever you allow the private key to be on a device that connects to the internet. However, if you’re using an unrooted android phone the risk is unbelievably small because android runs all it’s apps in their own separate VM.

Thanks for that.

So if by some chance the private key was obtained, if I entered my passphrase then that's vulnerable too?

I know there's no certainty to any of these questions, just wondering if the risk is above 0%.

While the computer you use to store the private keys is on the internet, then yes, your private keys are somewhere on the internet by definition: the private keys are on your machine, and it's on the internet. Letting the private keys exist on machine that is internet connected is a risk, your machine has a communications connection to other machines.

As mentioned above, you can control how exposed your private keys are much more tightly with an air-gapped machine to keep the private keys.

If you just scanned it but the private key was protected by Bip32 and you didn’t enter the password then you’re perfectly safe, but if you did enter it then it’s at risk just as much as if it didn’t have a password at all.

I think OP is not talking about the creation phase < air-gapped computer > of paper wallets, but rather testing his already created paper wallet to see if he entered the correct passphrase when he created it. One typo could be devastating if you created it with the wrong passphrase, so he wants to prevent that. Right?

We regard private keys as being compromised, once you sweep them. Even offline methods can be logged and pulled, when you go online again. < Well, that is the theory >

We're getting to the bottom of my question, haha thanks! Sorry, I haven't explained myself very clearly.

So the final question is- if you "sweep" an empty wallet but it comes up dry, is it still now vulnerable even though no sweeping really took place? (a message just appears saying "wallet is empty")

Yes. If you were to sweep the private key, you have to enter the passphrase. The moment your passphrase is in contact with the internet, the passphrase will be vulnerable for it being able to be transmitted over the internet.

This is if you use the computer online or didnt have the computer wiped before you let the computer go online again.

Yep, by sweeping one it’s vulnerable because there’s a potential that the private key gets stolen and then the data thieves might just wait for you to deposit money into it before they take it.

This is using an unrooted phone, btw.