How to send from "cold" electrum wallet?

[dabura667]

You know I couldn't understand this raw transaction, watch wallet etc mumbo jumbo, so here is what I did...

... something way more complicated imo. Not to mention dangerous.

As long as you don't ever copy your Master Public Key from your offline computer you should be safe with your method.

Why?

Because if I have a master public key and any one of the private keys of an individual address derived from that master public key, I can calculate the master private key.

To make it easy to understand: Master Public Key + Private Key of any address from it = I now know your seed.



So I hope you never touched the Master Public Key button on your offline wallet... because you've got private keys all over the place, and the one's you've used up, you're probably not too careful with anymore now that they have no balance...

But, if your Master Public Key has never touched an online computer, you're fine.

[jonald_fyookball]

You know I couldn't understand this raw transaction, watch wallet etc mumbo jumbo, so here is what I did...

... something way more complicated imo. Not to mention dangerous.

As long as you don't ever copy your Master Public Key from your offline computer you should be safe with your method.

Why?

Because if I have a master public key and any one of the private keys of an individual address derived from that master public key, I can calculate the master private key.

To make it easy to understand: Master Public Key + Private Key of any address from it = I now know your seed.



So I hope you never touched the Master Public Key button on your offline wallet... because you've got private keys all over the place, and the one's you've used up, you're probably not too careful with anymore now that they have no balance...

But, if your Master Public Key has never touched an online computer, you're fine.

I thought we have to copy the master public key to online computer to set up watching only wallet.

[bitbaby]

You know I couldn't understand this raw transaction, watch wallet etc mumbo jumbo, so here is what I did...

... something way more complicated imo. Not to mention dangerous.

As long as you don't ever copy your Master Public Key from your offline computer you should be safe with your method.

Why?

Because if I have a master public key and any one of the private keys of an individual address derived from that master public key, I can calculate the master private key.

To make it easy to understand: Master Public Key + Private Key of any address from it = I now know your seed.



So I hope you never touched the Master Public Key button on your offline wallet... because you've got private keys all over the place, and the one's you've used up, you're probably not too careful with anymore now that they have no balance...

But, if your Master Public Key has never touched an online computer, you're fine.

Wow, ok thanks for warning me, I am pretty sure my master public key never went online but is it really that easy, if someone finds out my master public key and private key of any of my addresses it will discover my seed?

So then how is it when one uses a master public key on an online client to send some coins, doesn't at any point the private key is inserted to sign off the transaction for it to go through?

[dabura667]

I thought we have to copy the master public key to online computer to set up watching only wallet.

Yes.

But you keep your seed offline, so it is OK. No one can know your seed if you keep it, and ALL PRIVATE KEYS OFFLINE.

ie. DO NOT export a single private key from your seed and bring it online to import into some service.

As soon as you do this, anyone who knows that the private key belongs to one of the addresses generated by the master public key, they can combine them to create your master private key (which is what your seed is used to make)

Remember: When you click "Export Private Key" a huge warning message appears. Please read the warning messages and do not ignore them.

[jonald_fyookball]

I thought we have to copy the master public key to online computer to set up watching only wallet.

Yes.

But you keep your seed offline, so it is OK. No one can know your seed if you keep it, and ALL PRIVATE KEYS OFFLINE.

ie. DO NOT export a single private key from your seed and bring it online to import into some service.

As soon as you do this, anyone who knows that the private key belongs to one of the addresses generated by the master public key, they can combine them to create your master private key (which is what your seed is used to make)

Remember: When you click "Export Private Key" a huge warning message appears. Please read the warning messages and do not ignore them.

Thanks for clarifying Debura.  You da man.

The inference I get is:

Don't use the same wallet as a watch only device and also for use importing some address into another wallet because then you've exposed both the MPK and private key of single address to an online system.

[dabura667]

Wow, ok thanks for warning me, I am pretty sure my master public key never went online but is it really that easy, if someone finds out my master public key and private key of any of my addresses it will discover my seed?

Yes, it is very easy. But no, they will not discover your SEED, but they will discover your MASTER PRIVATE KEY. Using this, you can generate all private keys in the wallet, just like seed, but it is not exactly the seed.

So then how is it when one uses a master public key on an online client to send some coins, doesn't at any point the private key is inserted to sign off the transaction for it to go through?

If you use the master public key on an online client, your seed and private keys are on an offline computer. This is safe.

If you are talking about a normal online wallet (with seed on the online computer) then your seed will get stolen directly if someone has enough control of your PC to see your RAM, no need to steal your master public key, they just take your seed... so Master Public Key is not an added risk.


btw, this vulnerability also affects BIP32, so be careful.

[bitbaby]

Wow, ok thanks for warning me, I am pretty sure my master public key never went online but is it really that easy, if someone finds out my master public key and private key of any of my addresses it will discover my seed?

Yes, it is very easy. But no, they will not discover your SEED, but they will discover your MASTER PRIVATE KEY. Using this, you can generate all private keys in the wallet, just like seed, but it is not exactly the seed.

So then how is it when one uses a master public key on an online client to send some coins, doesn't at any point the private key is inserted to sign off the transaction for it to go through?

If you use the master public key on an online client, your seed and private keys are on an offline computer. This is safe.

If you are talking about a normal online wallet (with seed on the online computer) then your seed will get stolen directly if someone has enough control of your PC to see your RAM, no need to steal your master public key, they just take your seed... so Master Public Key is not an added risk.


btw, this vulnerability also affects BIP32, so be careful.

Ok. Thank you for this lesson man! I learnt a lot!!

And my Master public key never came online, I can confirm that, also my pc is very secure so I think I'll be ok for now.

What's BIP32?

[dabura667]

What's BIP32?

BIP32 is basically Electrum's Deterministic Wallet version 2.0

Thomas, the lead dev for Electrum, helped design the BIP32 protocol and it was inspired and based on the Electrum deterministic model.

http://bip32.org/
This website allows you to mess around with BIP32 and switch around the branches and whatnot to see what kind of addresses are made.

Many wallets are now supporting BIP32, in fact Electrum 2.0 will support BIP32 and on top of that supports 2of2 and 2of3 Multisig addresses generated deterministically

[bitbaby]

A little off-topic but what are your views on paper wallets like one you get from offlineaddress.com, if a user creates a paper wallet offline using the html they provide, do they use some sort of Master Private/Public key, can the people who created this offline paper wallet creation tool know what addresses and private keys were generated by users?

[dabura667]

A little off-topic but what are your views on paper wallets like one you get from offlineaddress.com, if a user creates a paper wallet offline using the html they provide, do they use some sort of Master Private/Public key, can the people who created this offline paper wallet creation tool know what addresses and private keys were generated by users?

I have not personally verified offlineaddress.com so I can't speak for them.

However, I assume it is similar to bitaddress.org.

With bitaddress.org, all calculations are performed on your computer, on the browser. When you generate the paper wallets, you are generating a new private key from a random number generator every time you generate them, so nothing is deterministic.

If you save the html file of the website on to an offline computer and then open the html file in a browser, generate a paper wallet and print it up, there is no way that anyone can know your private key.

If your printer is super smart and connects to the internet and caches everything ever printed on it for some reason, you might be slightly vulnerable, but if you're super paranoid, disconnect the printer from the internet, connect to the offline computer via USB, and after printing up, look up a way to clear the printer's spool. Google "secure home printing" for tips.

[bitbaby]

A little off-topic but what are your views on paper wallets like one you get from offlineaddress.com, if a user creates a paper wallet offline using the html they provide, do they use some sort of Master Private/Public key, can the people who created this offline paper wallet creation tool know what addresses and private keys were generated by users?

I have not personally verified offlineaddress.com so I can't speak for them.

However, I assume it is similar to bitaddress.org.

With bitaddress.org, all calculations are performed on your computer, on the browser. When you generate the paper wallets, you are generating a new private key from a random number generator every time you generate them, so nothing is deterministic.

If you save the html file of the website on to an offline computer and then open the html file in a browser, generate a paper wallet and print it up, there is no way that anyone can know your private key.

If your printer is super smart and connects to the internet and caches everything ever printed on it for some reason, you might be slightly vulnerable, but if you're super paranoid, disconnect the printer from the internet, connect to the offline computer via USB, and after printing up, look up a way to clear the printer's spool. Google "secure home printing" for tips.

Thanks, I guess I am just going to opt for paper wallets from now on-wards, print them offline, keep them offline and only bring them to light when and if to perform a transaction and send the reaming to the next one.

[dabura667]

Thanks, I guess I am just going to opt for paper wallets from now on-wards, print them offline, keep them offline and only bring them to light when and if to perform a transaction and send the reaming to the next one.

Paper wallets have their uses... but their main usefulness is that you can physically protect them and they don't rely on hardware (like hard disks and computer operating systems) that can fail.

If you are going to keep the paper wallets only on your offline computer, you are no more safe than using Electrum offline. And Electrum offline wallet is easier to use.

[bitbaby]

Thanks, I guess I am just going to opt for paper wallets from now on-wards, print them offline, keep them offline and only bring them to light when and if to perform a transaction and send the reaming to the next one.

Paper wallets have their uses... but their main usefulness is that you can physically protect them and they don't rely on hardware (like hard disks and computer operating systems) that can fail.

If you are going to keep the paper wallets only on your offline computer, you are no more safe than using Electrum offline. And Electrum offline wallet is easier to use.

Yeah but the main reason I am going to do this is because I don't have to worry about so many things with them, I don't have to worry about master public key and where to input them or not. I would make a bunch of them, keep them offline and also print them offline as well and still continue doing what I do, which is keep my keys secure and when I perform a transaction, transfer my rest of the funds to the next one and not worry about my other keys being revealed because someone was able to find out my Master Private Key by getting hold of my Master public key and a Private key.

[dabura667]

Yeah but the main reason I am going to do this is because I don't have to worry about so many things with them, I don't have to worry about master public key and where to input them or not. I would make a bunch of them, keep them offline and also print them offline as well and still continue doing what I do, which is keep my keys secure and when I perform a transaction, transfer my rest of the funds to the next one and not worry about my other keys being revealed because someone was able to find out my Master Private Key by getting hold of my Master public key and a Private key.

OK, as long as you actually PRINT your paper wallets and are using secure printing procedures you're fine. Paper wallets are a very powerful tool.

Your Master Private Key will never be found out if you do one thing:
1. Don't ever export a single private key from your Electrum wallet.

It's not hard to be safe with Electrum. Just don't export private keys, and don't let your seed online.

Paper Wallets are better for individual key management, physical security, and long term storage.
Electrum is better for frequent re-use. Aka, I have a cold wallet, but I want to use it to top up my hot wallet occasionally, etc.

Stay calm, and learn about each method, and how to use it safely. If you are paranoid and scared about everything you hear, you will get nervous and make a big mistake that loses all your bitcoins. So stay calm, learn about your options, and remember to BACK UP EVERYTHING. If it doesn't exist in two or more physical locations, one fire in your house can wipe out all your bitcoin holdings.