Thanks for you answer I understand far better now.

You are telling the truth. I should make very specific questions on dedicated threads.
My last post is far too big and off putting.

Thanks very much for the time spent explaining.

I just would like to be sure of a couple of points.

Where ranochigo kindly post the image of the inputs and outputs for the transaction.

I see the inputs addresses are the same as the change address. This is because the watch only wallet was created from a single address not with an xpub? Or because you chose to uncheck use new change address? Or another reason?

If security is not decreased so much and privacy is the main worry I will maybe just chose to always return the change to the same sending address. This is because I really want to do this..

1. Form the psbt with watch only electrum wallet
2. Sign the psbt and produce the signed.txn in cold airgapped electrum wallet.
3. Find exactly how to extract the raw text from the signed.txn and broadcast with btc console with my full node synced up.

I dont know if the change addresses electrum makes up on the airgapped wallet will always be inside bitcoin core in the future if I went back to using core only one day. Perhaps  core would always know what these new addresses that airgapped electrum makes up but I'm not 100% sure. Also if i was a hacker, a good way to trick someone maybe to retain the correct recipient address, but sneakily make a new change address that I control and hope the sender does not check it is one of his own change addresses. Then all of his change which is usually all the coins left on that address would go to the hacker?


 * 2 *  maybe a problem keeping fully airgapped because the QR can not contain enough information. This produces the yellow warning triangle in the air gapped wallet saying fees on non segwit addresses could be maliciously altered to far greater than expected.) So I may have to use a usb stick.
So it wont be fully airgapped any longer. The only saving grace to this could be that I never need to extract anything from the airgapped machine other than a signed.txn, and perhaps even in the form of a qr code. So nothing on usb ever leaves the air gapped machine.



When nc50lc helps explains this part.


1. It's about PSBT so it's not applicable to a "signed.txn" file.
For signed transaction, Electrum exports it in RAW Transaction format which isn't PSBT, so you'll have to use sendrawtransaction command if you want to broadcast it via Bitcoin Core.

2. For unsigned transactions, it should be in PSBT (Partially Signed Bitcoin Transaction) format which is a ".psbt" file when exported as file.
In Bitcoin-qt (GUI), you can load a PSBT in the menu "File->Load PSBT from <file/clipboard...>", then you can sign it if it has the necessary keys


For part 1 taking signed.txn out of airgapped electrum and broadcasting with a bitcoin core or console

Can you then

A.  Simply enter the qt code that electrum produces containing the signed.txn into bitcoin core ? Does the most recent core wallet have a qr code scanner built in?  Or if not possible then


B. Take the signed.txn and open inside notepad.
Then open bitcoin console command line inside bitcoin core. Type in sendrawtransaction then paste the content from notepad and it will work?
Can I unplug the ethernet and try this on bitcoin core also with a small amount before plug the ethernet back in.

But this part I dont understand.

I have my signed.txn in notepad in a usb drive.
I download bitcoin the entire 700gb with the bitcoin core qt

What kind of wallet should I make with bitcoin core to simply broadcast these signed.txn files in raw text format?
I see options with descriptor, no keys contained or make a normal new wallet that has it's own new different keys inside?


Does anyone know of a step by step little guide to try this out?

Why do people make an electrum server and join that to bitcoin core if it is possible to just copy the raw text from the electrum signed.txn and send via core direct with sendrawtx commands or even just a qr code?  

It seems a good idea if not already available for core to have a qr scanner for raw text signed.txn files from electrum.


For part2

Do you mean you can make a psbt file on electrum and load that into bitcoin core as simple as you describe?
I guess this way though it is hard to make an airgapped process.

Unless you can do this process.

Make psbt on electrum watch only. Copy psbt electrum generated file to offline airgapped bitcoin core and sign this. Then somehow save the signed tx from airgapped bitxcoin core and take the usb drive with the signed tx that airgapped core signed  to another machine with bitcoin core fully synced up but has no private keys and broadcast it?

I was previously told that I would need to use a site like electrum43 to decode the electrum generated psbt before bitcoin core could understand it, but downloading more things or visiting more sites seems to introduce elements of risk.


Hopefully in the future bitcoin.core wallet can make the psbt very easy for unskilled technical people to use like electrum does now.
The only thing I dont like about electrum is how malicous servers can or could send you fake update messages, store your private information and sell it, and even show you fake balance or refuse to relay your tx. These are a bit inconvenient to me.

But I like how electrun deals with psbt. Very simple and easy to understand.

Be really great if they had a tab where you select use the spv version or choose download full blockchain and then have bitcoin core full nodenpower and privacy, but electrum nice features that novice users and those not quite so smart enough to learn how to type and understand coding commands into bitcoin console or making tx on notepad from scratch.

I looked at the descriptors procedure with bitcoin core psbt or even making my own raw tx from scratch just using inputs and outputs. But experts said dont even think about that unless you want to burn your coins. Just one mistake with a squiggle bracket or straight bracket entire thing is not going to work. Some said get a hardware wallet. But conflicting advice says hardware wallet producer knows where to post the package, and can I open the hardware and inspect the wires and computer chips inside or even the private keys it generates are they already known for some future date already to them?
 I suppose this is true.

The best procedure  you can trust is a legit copy of bitcoin core I suppose because if those guys go rogue then I suppose the bitcoin party will be far less exciting . So I will stick with making the private keys with bitcoin core. Then import them to cold wallet on electrum and sign with airgapped electrum wallet to broadcast with electrum watch only or if I can figure it out broadcast with bitcoin core full node.  . Seems the safest way. I mean if a top expert can be scammed like with luke jr then a normal person has to take all possible care to avoid losing his bitcoin.

Just the broadcasting part I am still researching. This is the most critical stage.
Ideally I want to do it with bitcoin core.

Mpp
I was thinking with the RBF if the signer can only make changes. If a secondary security could be put into bitcoin broadcasting.
So say a malware sneakily puts in a new recipient address, and you click send and dont notice.

Then maybe with something like RBF you can get an option after the first confirmation that says
Hey are you sure you want to send xxxx to xxxxxxxxxxxx address for sure?
Then you notice whoops this is the wrong address or wrong amount. Then you could click NO and put a new address and spend lots more fees to put in a new correct recipient address?

You think that feature could be sensible idea?

Or perhaps  that is already how it works and that is why that person who used RBF saw 1 confirm to his correct recipient address then it actually went off to another recipient address?

Actually I would like to know how to do that.

So use RBF  with low fee to allow plenty of time to look if all is correct on a block explorer and malware didnt swap the recipient  address, ( even though my console was showing the correct address but damn it was really sending to his own address)  If a malware did swap the address somehow, then look how to use RBF on a different machine ( not malware infected) to spend more fees to change the recipient address back to the correct one.?

Would that work?

Actually using RBF could be another security step. Use a lower fee initially  to allow more time to verify on block explorer it was submitted correctly. If not correct then have another machine ready to use RBF to change to the correct address with a higher fee?
Could that actually work?

Clearly this will work only against malware that could swap addresses and stuff not that knows the private key.



Maybe for some people the spot etf is quite a safe way to invest in bitcoin. Have half in self custody and half etf.
For technical experts then 100% self custody is the correct choice to stop single entities owning all the btc even if you have some paper saying they will promise you can sell you share and have fiat if you wish at some stage.

Thanks again. I find this all very interesting and actually vital to not making mistakes.

Thanks this makes more sense now especially about when you see the amount sent to recipient and the amount going to the change address the rest is the fee.


Just whatever you are signing. You have to ensure that whatever you are signing is verified by you and that there is nothing out of the ordinary. A visual check of the transaction details will do

Do you mean I should look inside the psbt file in notepad and see or just look at the preview in the airgapped machine?

Someone who is super cautious actually has other laptops running other versions of electrum that airgapped on other machine to verify the qr codes on those first. To make sure he hasnt signed something nasty.


You will, but what is stopping the adversary from tampering with your transaction preview before you broadcast it


Yes this is true. Shame there is no human readable way to look inside the signed.txn file and read it like on notepad to check all is well.

You can. To do so, just increase the gap_limit from electrum console.

You should be referring to the receiving address, and not the change address in this case. Change addresses are generated and are automatically used in the transaction by the wallet

Sorry this bit I wasnt sure about.

Did you mean I can simply untick use new change address when creating the tx so that change will come back to the same address that is spending? I see this option there I think. Or maybe it will use an old change address not the spending address.
It is different when you make a watch only with a single address not xpub because all change is sent back to the single address you send from.

Is increase gap limit a tick box somewhere and does that provide new change addresses to view in the cold wallet so you can be sure the change address is one you control. As yet there has been no occasion I see a change address on the transaction I can not also see in the cold wallet. But eventually if I made further transactions and it always wants to use a new change address then it will make one in the transaction that I can not see in my list of addresses on the cold wallet.


Bitcoin Core doesn't accept .txn file. You would have to use Bitcoin Core console to do so

Can bitcoin core read the qr code that the airgapped electrum can sign?
I'm guessing not because that is just the .txn file made into a picture.

Is the console just that part of core where you type in commands like importprivkey?
Or this is a totally different program that controls bitcoin singing and broadcasting.

Incorrect. Security is not decreased by spending from an address

Sorry I mean to say spending from an address where the change always goes back to that same address.
Like making a electrum wallet from a singlepriv key from bitcoin core.

I understand now that all addresses inside a bitcoin core wallet.dat  are not linked together so when the change is moved to a new address inside your wallet.dat other persons dont know the public key for that private key.

I meant to say when a person knows a public key for a private key it makes that priv key less secure.

Is that correct ?

Thanks for all your help. So far today I have acquired more info than for weeks.

Thanks for the detailed information.

Just a couple of queries.

Yeah, there is a bit of a space compromise when dealing with QR code and thus your computer only sees the partial transactions from the QR code PSBT. Hence, without the actual transactions, there is a risk of the user accidentally burning the fees should a malicious attacker modify the PBST



Okay thanks, I will try with usb stick. One way to the airgapped machine and try with qr code back to the watching wallet.

1.  Am I correct in thinking that even if a key logger got to the airgapped machine then if you never export anything from that machine other than the qr code for electrum then it is impossible to lose coins.

2. With the issue with the warning and fees could be adapted to a much higher than expected amount. Does that mean that the worst damage would be the entire amount you are sending could be used as fees.  Or worse that your wallet could be drained in fees?

3. When you import the signed.txn back to the watching wallet would you not spot the increased fees before you broadcast or is there a reason you couldn't see that.


That's untrue. Bitcoin addresses are meant to be a one-use address only, and using the same addresses repeatedly by sending change and other funds into the same address will compromise your privacy. The server can still deduce your identity when you are using the same addresses over and over again




While I can see in the air gapped address that the new change address is one of my own addresses I'm not worried.
However if it ran out of new addresses and made up a new one I could not see in there I would be concerned that is some hackers address.  So can I do

a/ click the tool box icon in electrum when making the tx and uncheck use new change address. So that it will return funds to my own known address.

b/ go to the airgapped machine and do something to generate more addresses until I see that new change address appear.


think those that are quite well known would be quite difficult to run on Windows. If you are using a server, then possibly Electrs is good: https://github.com/romanz/electrs. Read the usage column. If you are running Bitcoin Core on your current computer, then you should probably just use Bitcoin core

I could put bitcoin core on the same machine as my electrum watch only machine. Do you mean there is in this case a way to connect the watch only wallet to send via core without putting electrum server between them. ?



That's one of the warnings added to Electrum, specifically when the transaction is spending a non-SegWit/non-Taproot output that's not in the transaction history (e.g. offline).

It's part of "_check_risk_of_burning_coins_as_fees" function.
Here's the code for reference

If I transfer the psbt with a usb rather than qr code I hope this would avoid this problem.
If this warning still flashes up after using a usb can I

A  check the tx before I press submit on the hot wallet to ensure it is the correct amount of fees

B. Assume that worse case the entire send could be absorbed as fees not all of the btc in my wallet.  

Both Electrum and Bitcoin Core's PSBT are interchangeable, you can export from Electrum, sign in Bitcoin Core and vice-versa.
That's if you're not using an older version of Electrum

This is very interesting to me. So I can take the signed.txn file via qr code and scan it with bitcoin core or maybe load the signed.txn and load it into bitcoin core and broadcast it?



It's only to those who consider any unconfirmed transaction as "already received" since with RBF, the unconfirmed transaction can still be replaced with another output.

For those accounts that a confirmed transactions can change recipient (probably not RBF-related, can you share one?),
It may have just been a clipboard malware with integrated "vanity address" generator that can create a quite similar address with same first and/or last few characters


Do you mean even the recipients address can be change with RBF until confirmed?

If you are sure you are sending enough fees then should RBF turned off for max security?

I am going to search my reddit browsing history to see if I can find this example and post here.

Thank you for all information. Very helpful.


One further enquiry is

I see that someone said once you spend from an address you actually lower the encryption from 256bit to 128bit.
Does that mean that every time you spend again and again it goes down further so next it is 64bit ?

Or was this person not correct in stating this ?

Hi,

I have a few queries, I wonder if any persons can help answer please.

1  .  I tried the watch only wallet and cold wallet psbt process and tried qr code scanning not the usb as that seems to be regarded as safer.

I have this warning appear with a little yellow triangle  _  the fee could not be verified. Signing non segwit inputs is risky if this transaction was maliciously modified it could be changed different to what is displayed. ?

Is this because the qr code could not fit in the information because I see some warning that the qr code couldn't fit the data inside in the watching wallet when I made it?

Or because the cold wallet can not verify it because it is offline?

Or some other reason I dont understand.



2  .  When making a watch only wallet is it not best to use a single address not xpub
Two main reasons I say this. The first is that I always have to spend a long time checking if the change address is one which is in my wallet. If you simply use 1 address to make the watch only address the change goes back to that same address.
Also it will not reveal to the electrum server your other addresses.

Was bitcoin not mean to spend and get change on the same


3. Is there an easy guide for noobies with windows only skills to connect their full bitcoin node to electrum server so they can be their own server for electrum desktop.  

4. What is the worst someone can do if they got a signed but not broadcast psbt QR code or file?

5. Why do some people say by looking at several of the signed tx before submitting if you see any string of repeated numbers then your private key can be discovered. I didnt think this was possible.

6. It's a shame the psbt formation and signing could not happen in electrum but broadcast on core wallet.

Thank you for any input.

Oh yes..

7. Why do some say RBF is risky ?

I read a strange account of someone sending to correct destination address it got 1 confirm. Then somehow it went off somewhere else to a different address. Other people couldn't answer how this happened.  Other people said maybe RBF could be a factor or somehow the tx leaked some of his private key. Because it was strange how it got 1 confirmation.

Thanks for the explanation. I feel I understand better.
I have some other questions but bit different topic.
So I start a new one because people may not be interested in this heading.

Hi,

I think I didnt explain very well.

What I mean is

Maybe it possible to

Leave airgapped computer at home. Don't need this after signing.

Take watch only wallet to McDonalds car park on the other laptop , quickly broadcast tx on their wifi.

Never possible to track who sent the tx.

If worried about virus or malware. Then can just keep image of windows of that machine before leaving and reformat and reload it.

I agree public wifi is insecure and not for browsing.

Is there a reason people dont leave their airgapped pc at home and just use public wifi anywhere to broadcast the pre signed tx ? I notice people saying they will never use electrum due to worry their country has banned it or that for any reason they want to remain anonymous.

Surely nothing is more anonymous than public wifi ? 
Can sit in car parks everywhere and get wifi.

The watch only wallet is unable to get the private keys so is there any other concern people may have that prevents them doing this?

Thank you for explaining it really helped with my understanding.

Bitcointalk is the best place for gaining crypto knowledge.

Thanks for the replies I understand better now.

My only concern is that if i make spend that makes some change.
How will i spend the change with this watch only address?

Or do I need to find the address the change went to and just spend that with a new watch only address linked to those addresses.
How to find those addresses.

I think in bitcoin code I never have seen any change from a spend.
All my funds just stayed on my single address.

Thank you for explaining.

Edit .bitmaxz explained that the change will go back to the same address.

Thanks for explaining.

Someone mentioned that xpub created watch only wallets can create new addresses but if you make a watch only with a single address it can not.
I noticed a discussion where they said something about you could have an issue with " change"

But I wasnt sure what they meant and I think they never came back to explain further. .

Thanks.

Hi, I have an electrum wallet question.

With my usual way with electrum I have the cold wallet and the watch only wallet.
The watch only wallet I created with the xpub key.

Now I made a new electrum wallet and imported a priv key and now I went to wallet information but this time there is no xpub info?

How would I make a watch only wallet this time.
Is it because I imported just 1 priv key and 1 address.


Someone told me that in this case just use my address to create the watch only wallet?

If the watch only wallet uses an address not the xpub is there any possible issues?
I just want to know does a watch only wallet created by an address only work exactly as one created by using an xpub?

Thanks for information that explains this.

Oh that is very strange, mine started to sync up at once when copied over the appdata folder

Hardware wallets seems to have mixed replies when I ask.
Some like hardware wallets some like cold wallets held in offline laptop.

Also I didnt get any answer yet how to dump priv key direct  to a hardware wallet.
Also one person just seems to lost 27btc on ledger on reddit and lots of people cant see why it happened yet. Even experts looking to it.  I didnt understand the issue of course but lots of people with high ratings I see were puzzled and never seen it before.

Someone said cosmic Ray's changes 1 bit of info during some process.
At first I thought they were joking but I see more people saying that is the only explanation.

I'm liking electrum with watch only atm.

But yeah its weird we have a different experience with the syncing up element of core
Can other verify this is the case please?

Your wallets will not start to sync without the password.entered first?

Yes I think I have not described well what i was originally intending to do. I was not going to enter any password on the internet connected machine.

Like this.


Laptop 1. Offline with v21. Wallet there is not synced fully because machine has not been online maybe 2 years.
When you open bitcoin core v21 on this offline machine, it  tries to sync but can not because it has no internet.

However you can attempt to send bitcoin and it asks for the password.  If you enter the password it signs the tx and says unconfirmed.
Then you can shut down bitcoin v21 on the offline laptop.


So at this point I thought the tx has been signed but could not be submitted and will sit there unconfirmed forever because laptop1 has not internet.


So how to send this already signed but not confirmed tx I wondered?


I assumed ( incorrect perhaps) that if I copied the entire appdata folder over from laptop1 to an internet connected laptop running v23 that v23 would load up and auto try to sync fully and then without asking for the password again it would auto send the tx I created on laptop 1.  I did not think laptop 2 the internet connected machine would ask for the password again.

Then you informed me that actually no need to transfer the entire appdata folder just transfer the wallet.dat and the same thing would happen.  I have not tried that because I decided to go the electrum way.

But either way if I copied the entire appdata folder or just the wallet.dat from the offline machine I was thinking that if I never had to enter any password on the internet connected machine that the private keys were never revealed to the live internet computer at any point.


Perhaps that is not correct.
I am using electrum now. 


But I just didnt and still dont understand if the internet computer never asks for the password but just finished syncing up and broadcasts the tx. I dont understand how that is as risky as just only having 1 live internet connected machine where you have to type your password on it.

I mean I have not tried the entire process luckily. So maybe V23 has to ask for the password again even though you already have sent and signed it on v21 on the offline machine.

If you press send on laptop1 the machine with no internet and it asks for the password is that not signing it at that point. ?
So once you close the qt down is that tx not already signed and stored ready to launch somewhere in the appdata folder?
I assumed this point all signed and never need to be resigned again?

I didnt know if you grabbed the entire appdata folder or maybe just the wallet.dat and moved to a new machine that machine will still need to ask the password to broadcast.

When you say if you just transfer the signed tx that will be okay.
Would copying only the wallet.dat across contain the tx signed on the offline machine to the online machine achieve this without having to enter the password again?

I thought maybe signed but unbroadcast Tx maybe was somewhere else in the appdata folder but also copying entire appdata avoid the rescan wait.

Either way I guess maybe not many people would want to have tried sending from an unsynced offline machine and moving it to a live machine because it has some security issues. So maybe nobody has tried it to see if you have to renter the pass again or it just auto syncs and sends without requesting the pass. I decided to ask here before getting to that part.

I'm sure though once with an alt coin I sent the coins before it synced up actually it was on airplane mode but I didnt see that.
Then my laptop ran out of power before it cold send because I wasnt paying attention and playing some games on playstation.
Then disaster it would not boot up

So took out the ssd and copied the appdata file and put on another machine and when it all came back alive I'm sure it synced up and I reinstalled the new alt wallet. It read the appdata and the tx sent but I sure it never asked the password again.

I could be wrong. But I seem to remember thinking it was surprising at the time. This machine could send but didnt know my password.

Thanks.

Thanks yes I am using electrum now. It is nice how the xpub and psbt works.


When you said this part :

"The wallet.dat is encrypted, but you decrypt it in the same device"
I don't understand that part.

Do you mean if you press send and enter your password on the offline laptop 1 then close bitcoin core on laptop 1.. Then grab the wallet dat with a usb and load that wallet.dat into laptop 2

That even though you don't enter your password on laptop 2 that the wallet dat is de encrypted to broadcast? I thought it would just sync and broadcast without asking the password.

I didnt realise laptop 2 still decrypted the wallet.dat even though it was signed and attempted to be broadcast on the offline laptop 1 previously.


Yes I think core is for experts and is probably safer but only if you know exactly what you are doing.
I may go back to it in the future after learning more about it.

Yes I notice already this exchange has closed down but they did give people some time to withdraw.

Thank you marvel man.

I'm sure that you're correct.
But so as i can understand why. Could you explain why you say this.

I'm trying to learn how many things work with core and other wallets.
Why would  needing to enter your wallet password on an offline computer be the same as just entering it on the internet connected computer?  I thought that in doing this the internet connected computer would always have the wallet password protecting the private keys inside the wallet dat.  Is that part not correct?  

I don't doubt that is is just as bad or maybe worse, but I don't currently understand how? Can you explain it to me please.

Also what are the extra attack vectors you would open yourself to more than just using this wallet as an encrypted hot wallet that is brought online to sync ,sign and send.

I am going to use the method described above by blackhat, but I am interested in what you have said and feel it would be great to find out more about bitcoin core and things that increase or decrease security.


Thanks for your input.

You are correct I shouldn't have really tackled with bitcoin core.
Although I wanted to remove my bitcoin from an exchange and thought this was the most trustworthy one.

Yes, one of the things I wasnt sure about was if tx that were not synced or confirmed were stored inside the wallet dat until they were confirmed or if there was something outside of the wallet.dat that was needed to ensure immediate broadcast

I entirely accept and am grateful for your suggestions.
Which I intend following.

Just asking a few extra questions to gain some further knowledge really.

It's kind of you to take the time to answer and advise. I appreciate it.
Maybe I'm not great at google but it's kind of hard to find specific answers to certain questions.

Actually bitcoin talk seems even better or just as good as reddit

Thanks.

.

I totally agree that mitigating all risk should be the aim.

Why I tried moving the entire appdata/bitcoin folder was because I didnt know which files contained inside there were altered when you clicked send and entered the password.

I didnt know if all changes took place inside the wallet.dat or maybe some other files were altered inside appdata when it tried to broadcast when out of sync, and that would be needed on the internet connected machine.

Thanks for explaining I will not get 12 words when creating a electrum wallet from a priv key from core.

I have been reading on reddit and just got told so many ways to spend half of an old core wallet securely that I got confused.
The easiest way seemed to me to do it by just copying over to a machine that never experienced me typing my pass into it.

But as you noticed it has 2 major issues

1. . Biggest issue is needing to copy updated information post broadcast back to the offline machine so that for future transactions it is able to correctly spend the remaining funds.

A key logger could get inside this and get back on the offline machine.

2  . They could grab the wallet.dat from the internet connected machine with the private keys inside and crack it open their end.

So this isnt a good solution.

 

Thank you very much for the guide with tails and all of the links.

I'm going to go for the technique you describe. I'm just learning how to verify pgp signatures at this stage.
The links you provided are very helpful.

I know I'm pressing reply button  but I just mean can any person comment as you dont personally have time to just answer endless questions from novice users I know that.

Just for my own curiosity and accumulation of new knowledge

Can anyone explain to me a couple of things I dont currently understand.

1  .

 if you send a tx from a bitcoin core wallet that is not synced up from a laptop that has no internet connection then close the core qt and copy that bitcoin app data folder to an internet connected machine and install bitcoin core.
Is the private key (from the offline laptop) ever directly exposed in a useable way on the internet connected laptop to broadcast that tx that was sent from the out of sync offline wallet?

I mean I know the private keys will be on there inside wallet.dat but without cracking the password would the private keys ever be exposed

To maybe ask this question differently -

If I sent a tx from an encrypted  bitcoin core wallet.dat that wasnt synced up and my machine ran out of battery before it could sync and send.

If the laptop was then stolen and he took out my internal ssd scanned it and noticed there was a bitcoin folder in the appdata folder.
What is the worst he could do right up until he broke the password?

If he loaded it into his own laptop and synced up core ( using my appdata folder) then would my original tx spend and that would be it, he has to crack the password before he can send more coins?:


Let me say again I will not use this method because I can see this person helping me is an expert.

But I just wanted to understand other than cracking the password what could go wrong?
Most uxto based pos alt coins like black coin or peer coin seem to hold their wallets on a live internet connected machine to stake and gain rewards. They are unlocked for staking only but presumably they are 24/7 and their private keys are only protected by the password encrypting their private keys in their wallet.dat

I'm trying to understand where the attack points are.


2. .

When you import a bitcoin core private key into an offline electrum wallet or rather create an electrum offline wallet using the private key from dumpprivatekey on bitcoin core.

Then you get the xpub and send the internet connected machine so you can create psbt.

Imagine you make some tx in this way.

Is it best to

A keep the old core wallet.dat
keep a record of the private key
Keep a record of the 12 words from the electrum wallet.


3. .

I finally also found a new guide to the descriptors technique

It looks almost as simple as doing a command listdescriptors and choosing 2 different ones and then pasting those results into a command saying import descriptors in a online descriptor wallet. Then you can make psbt tx like electrum.

Am I correct in thinking that so long as you 0.1 btc is all stored on one wallet address then so long as you always have that private key you can restore you funds ? Because I see people saying they messed up inputs /change and all kinds of things and then their private key didnt seem to have all the info required or their tx got stuck forever.


4. .

Lastly when people say if your cold wallet ever makes a spend even via airgapped  electrum or descriptors core technique then it can be hacked and you need a new wallet. Something about a supercomputer can more likely reverse engineer your private key if you ever use it to make a spend. Or even if you receive on a cold wallet address more than 1x.  Not that small holders would be the first use of super computer owning hackers I would imagine.

Do they mean you need to make a new entire wallet.dat and get a new password to protect it,  or can you simply generate a new address inside your original wallet.dat and now use that as a cold storage. Are new Waller addresses generated inside the same wallet.dat bound together so all become poisoned by a spend on 1 of them?


I know here on this forum most people are technically trained and know what they are doing but those that are not familiar to computers and things like that should probably try to understand how it all works as best as possible

Is this even the correct part of the forum or is this mostly for experts to talk about complicated stuff.
Is there a beginners sub section for total novice questions about wallets and things or a known reddit sub.