Is there nothing planed to refine this "airgapped state"? The software constantly trying to do something to no end when it's not needed wastes resources. It's like having an offline computer you will never plug constantly running ping. In this sense there is some optimization that could be done. Any work in this direction is good imo. Most computers that don't have NSA chips on them are old, so considering you would want to use one of these to create and sign transactions, having a "lightweight offline Core" mode of sorts would be cool. Like a HW wallet with the Core interface and knowing it's proper peer reviewed and running on a librebooted laptop.

Suppose you have the classic 2 laptop setup where one acts as an online node to create the raw unsigned transaction (now I think this can be done easily with the PSBT file) and then the other laptop as the airgapped Core instance where you load the PSBT file and sign it, to then send it back to the online one to broadcast.

Anyway, my question is: How does your airgapped Core instance look like? Do you just leave it trying to sync forever? Is it possible to stop it from trying to sync?

Perhaps some work could be done in this direction? to have an "airgap mode" where you just load Bitcoin Core as a storage box of private addresses to sign PSBTs and control the funds with watch only addresses in the online laptop? I think this is the idea of "Armory" but I only trust the Core software at this point because it's the most peer reviewed one so I would like a Core solution for this one. As far as PSBT tutorials I only see them aimed for hardware wallets but not for airgapped computers which imo is a more powerful tool. I will have to try in testnet exactly how it works. I assume when creating a PSBT file on the GUI you are asked to manually enter where the change will go so you enter an address there that you own on your offline wallet to get the change.

Anyway I would like to know someone here uses this 2-Core airgapped setup and how do you do it.

Im still not 100% sure as to why this idea was discarded in Core. I've read some other claims regarding how it was discarded because people may by accident and due lack of information use a non secure seed, for instance, removing words to make it easier to remember, thus compromising the security.

@achow101 posts here. Could you possibly explain this in detail?

Do you have more links with discussions on this? im sure this has been discussed and there is a lot of literature to read as to why this was discarded. I would like to know gmaxell, luke jr, laanjw, peter wiulle and more opinions on this to get a better idea.

I see that most tutorials point to doing a git clone https://github.com/bitcoin/bitcoin method and then run the autogen script, configure, make cvars.

My question is, after doing this you get some experimental version. In my case I got 22.9.9-df8932938592335892sdfiojasifo (I just typed a bunch of gibberish because I don't remember, but ti was something like that after 22.9).

How safe is to run such a version?

Since I wasn't sure I deleted the .bitcoin folder and started from scratch. I compiled it from this link because I wanted the latest stable version 0.21.1:

https://bitcoincore.org/bin/bitcoin-core-0.21.1/bitcoin-0.21.1.tar.gz

The SHA matched the file:

caff23449220cf45753f312cefede53a9eac64000bb300797916526236b6a1e0  bitcoin-0.21.1.tar.gz

So I assume this is legit. My other question here is: Is it normal that I got in the about window version 0.21.1.0-df32r82394398259823895 (or something like this). What I mean is that it wasn't a clean 0.21.1 version, it had some gibberish in there as well. I goggled this string of characters and I didn't find google entries so im confused.

It also says "this is experimental software" in the window. Not sure if this is normal or I have compiled the wrong thing.

I also encountered some errors with dependencies and I had to do some tweaking that wasn't to be found on the official build guide here:


Particularly ./configure returns this at the end: "configure: error: libdb_cxx headers missing, Bitcoin Core requires this library for wallet functionality (--disable-wallet to disable wallet functionality)".

The official guide points to this

contrib/install_db4.sh

but it doesn't fix it. This also doesn't work:

sudo apt-get install libdb4.8-dev libdb4.8++-dev

I had to download with wget from some place that I don't remember now. Then binaries wouldn't both and I had to do this:

https://github.com/bitcoin/bitcoin/issues/4103#issuecomment-41643742


My question is how exactly you do do this? in the make command you add --with-static when building berkeleydb 4.8?

Anyway, right now it's working so im not going to touch things, just in case for the next time I compile another node.

That's more than 12 words. When it comes to 12 words it's pretty doable to memorize without being a genius. Imagine that there's a flood and you lose all of your backups or something. Or once again, you try to cross a border and you don't want to carry anything digital with you encrypted, or governments become increasingly tyrannical and they knock on your door looking for keys and so on. I see many use cases where you wouldn't want to have any encrypted data and being able to memorize 12 words and know your wallet is safe gives you a peace of mind in these extreme situations where carrying any data becomes a liability.


Wait this went over my head. So "cT2ozo5xcj6iCe4dTfywan3qJnib" is the "12 words" that Electrum uses so to speak? With "cT2ozo5xcj6iCe4dTfywan3qJnib" you could spawn it all? Including transaction history, name for each address, etc etc? What does it exactly spawn?

And I still dont understand why Core cannot generated 12 words instead of cT2ozo5xcj6iCe4dTfywan3qJnib assuming Electrum does it safely. At least make it optional.

So basically using Electrum as a way to store BTC is not safe? the conclusion is that using any "remember these words and spawn your wallet" methods are not safe and that we must carry the wallet.dat file?

Damn, in this case, how do people deal with this when crossing borders? you never know when you are going to get stopped and forced to decrypt. And they make perpetual copies of your drives anyway and store them.

https://bitcoin.stackexchange.com/questions/88237/is-there-a-reason-to-why-bitcoin-core-does-not-implement-bip39

Andrew Chow explains here BIP39 isn't secure, but then he also explains Electrum does not use this anymore, yet Electrum still gives you the option to spawn wallets with 12 words. On the Electrum website they say: "Electrum 2.0 derives keys and addresses from a hash of the UTF8 normalized seed phrase with no dependency on a fixed wordlist.". So the question would be, why isn't Core using this method for wallets then? Electrum devs still consider secure the "show 12 words for seed" method when creating wallet, why not Core?

In Electrum you can use 12 words and have your wallet pop up in any country of the planet including North Korea if you managed to install the software on a computer there. This is insanely useful when you need to cross borders as governments become increasingly tyrannical. People are getting stopped in airport and forced to decrypt already. So with Core you are carrying some wallet file and that puts you in danger, while with Electrum you can just remember 12 words and worry about nothing.

So considering how useful this is I ask: Why Core does not allow for this? As far as I know Core has been an HD wallet for years now, so it must be using some "seed" but it never shows it, and it may just be a random string of alphanumeric characters and not 12 readable words as Electrum shows. Why is that?

Im assuming the Electrum wallets are impossible to crack and the method is safe, so I don't get why Core does not allow this.

I don't want to use Electrum because at the end of the day Core software is by far the most peer reviewed software in Bitcoin so I trust it above the others, so im asking here if this could be implemented so we don't have to carry a file that constantly puts you in danger. And no I don't want to upload this file on some online cloud service even if temporarily to cross borders. You are leaving a copy even if encrypted somewhere on the net pretty much forever. There are no workarounds. Nothing is better than remembering 12 words and knowing your money is in there safe. The question, is it safe? or im missing some security compromises using Electrum's method?

I've seen this asked other times but I've never read a conclusive explanation as to why so im hoping some dev that browses this boardings can reply. Cheers.