Transferring address to another wallet

[Giant]

Hi all,

This may be a bit of a newbie question, but I've looked around here and did not find a clear answer to this.

I've got a receiving address at blockchain.info. Now I want to use a local wallet because I think it's safer. However I need this receiving address to receive payments.
I'm using Armory as wallet manager and I have found the feature to import an address through a private key.

My question is: if I import the address this way, is it bound to my local wallet and can I discard my blockchain.info account and keep using the address?

[escrow.ms]

Hi all,

This may be a bit of a newbie question, but I've looked around here and did not find a clear answer to this.

I've got a receiving address at blockchain.info. Now I want to use a local wallet because I think it's safer. However I need this receiving address to receive payments.
I'm using Armory as wallet manager and I have found the feature to import an address through a private key.

My question is: if I import the address this way, is it bound to my local wallet and can I discard my blockchain.info account and keep using the address?

Answer is yes, just make sure you delete your blockchain account and no one except you have access to priv key.

[Giant]

Thanks.
Just another technical question out of interest: how does it work when I've imported the address in my local wallet, but the address is also in the blockchain.info wallet? Where is the data stored?
Or is the blockchain data just accessed from 2 places in that case?

[DannyHamilton]

Or is the blockchain data just accessed from 2 places in that case?

Correct.

Keep in mind that the reason you've decided to switch to a local wallet is that you've decided that blockchain.info isn't "safe" enough.  If you are concerned that someone could access your blockchain.info wallet, then they can still access any bitcoins associated with that receiving address that you've imported into Armory.  Importing it does not remove the security vulnerabilities that you might be concerned about.

[Giant]

If you are concerned that someone could access your blockchain.info wallet, then they can still access any bitcoins associated with that receiving address that you've imported into Armory.

Not if I delete the whole bitcoin.info account I presume?

I get the notion that you think different about bitcoins being safer in a local wallet? How so?

[DannyHamilton]

If you are concerned that someone could access your blockchain.info wallet, then they can still access any bitcoins associated with that receiving address that you've imported into Armory.

Not if I delete the whole bitcoin.info account I presume?

I get the notion that you think different about bitcoins being safer in a local wallet? How so?

Depending on how you use each, a local wallet on an internet connected computer can be safer than blockchain.info, but the average user does not take any steps to ensure that it is.

Armory is a GREAT wallet.  I'm not in any way implying that is is any less secure or safe than any other wallet.  As a matter of fact, with the proper processes it can be the most secure and safe wallet available.

However, as long as you are choosing a wallet that provides you control over your private keys, safety and security will oftenl end up depending more on your processes and habits than which wallet you choose to use.

By importing a private key you are already choosing to forfeit a key safety feature that Armory provides (deterministic addresses).

Some questions to consider:

How often will you backup your wallet?
Where will you store the backups?
How many copies of the backups will you maintain?
Will you run any other software on the computer that is running Armory?
Are you using an air-gapped Armory offline wallet, or are you just using Armory on an online computer?
Are you encrypting your Armory wallet?
How secure is the password you've chosen for your Armory Wallet?
How likely are you to forget that password?
Is there a reason that you trust etothepi's C++/python programing more than you trust Piuk's javascript programming?
If you accidentally create a transaction with insufficient fee to be properly relayed and quickly mined, how will you handle the resulting situation?
Will you ever need/want to access your bitcoins when you are not sitting in front of your computer at home?

I'm sure there are other considerations as well.  These are just the ones that quickly came to mind.

[Giant]

In the Armory wallet I'm doing the encrypting, password and paper back-ups.

For me as a relative layman end user the message would be that blockchain.info is not really different from a local wallet and therefore not necessarily less secure? The difference is that I control the security options myself if I run a local wallet and with an online wallet it is done for you. Am I right?

And about importing the private key: If I want the address in my local wallet I don't think there is any better way then importing, deleting blockchain.info and making a paper backup in Armory? Can't do anything about the seed/deterministic flaw of imported addresses, can I?

[DannyHamilton]

In the Armory wallet I'm doing the encrypting, password and paper back-ups.

For me as a relative layman end user the message would be that blockchain.info is not really different from a local wallet and therefore not necessarily less secure? The difference is that I control the security options myself if I run a local wallet and with an online wallet it is done for you. Am I right?

And about importing the private key: If I want the address in my local wallet I don't think there is any better way then importing, deleting blockchain.info and making a paper backup in Armory? Can't do anything about the seed/deterministic flaw of imported addresses, can I?

Armory is probably the most secure wallet that exists right now.  Assuming you take reasonable precautions it is more secure than just about any other option you have.  The only thing more secure would be a purely paper wallet, and those tend not to be very convenient.

I probably went a bit overboard on my attempt to make some points.

My point wasn't so much that blockchain.info is as secure as Armory, but rather that:

1) blockchain.info isn't as insecure as many people seem to believe.

2) Armory can be insecure if you don't use common sense and take reasonable precautions.

3) You give up some conveniences to use Armory

4) Depending on what your concerns are, you might want to consider any address that was used outside of Armory as unsafe.

If you absolutely must continue to use the address, then you're right there's no way to use it without re-using the private key.

[DannyHamilton]

For me as a relative layman end user the message would be that blockchain.info is not really different from a local wallet and therefore not necessarily less secure? The difference is that I control the security options myself if I run a local wallet and with an online wallet it is done for you. Am I right?

Armory is a special case, and with it I'd say you've probably made the most secure choice available to you.  However, I personally would consider blockchain.info to be just as secure as Electrum and/or MultiBit if you were to backup the wallet of either of those by encrypting it and then storing it "in the cloud" (dropbox, google drive, email, etc).

So as a general rule, I'd say blockchain.info is as safe/secure and any lightweight wallet that you might run on your computer.  blockchain.info also seems to provide more options and control over your wallet and security than those other two clients.

[Terk]

Also, simply consider using more than one wallet and have separate wallets for different use cases. Just like you don't store all your money in one place - you have some cash in your wallet, you have some money in your bank or maybe even split into two or more banks, you might have some emergency cash stashed at some secret place at home, etc.

You can use blockchain.info for everyday small transactions, because of the convenience and features it provides. Then you can have Armory where you store a bit more than a pocket change. And then you can have paper wallets where you store bitcoins which you don't need on a daily/monthly basis.

Regarding importing keys between different wallets - it doesn't improve security. Think of keys as of passwords - just because you memorised the password it doesn't make it more secure if it's still written on a sticky note on a back side of your desk at work. You can remove that sticky note, but if you're worried that someone might have already read it, well, removing the note won't fix that. If you're unsure about your password security, the best way to go is to change the password.

In bitcoin that means changing/abandoning addresses. If you still have funds that are steadily coming to this address and you can't change that, just try not to keep balance at this address and sweep funds from it regularly into some other address that you think is more secure (because its key has been imported into less places).

Also remember, that deleting some data from some online service (e.g. changing password for some website; or deleting bitcoin keys from an online wallet) might not be as effective as removing that sticky note from your desk. You never know how your data is actually handled under the hood. Just because you clicked “delete” and don't see it any more, doesn't mean that it isn't still there. Websites keep backups which can still include your deleted keys. Most websites practice never actually deleting any data, just changing its status to “deleted” but still keeping it in the database (this shouldn't be used for sensitive data like bitcoin keys, but you never know what they really do). If such website is hacked, your “deleted” data might be compromised as well. The best approach is to assume that if you submitted something into a website, they will have access to it forever, even after you delete it (this is a general truth, wether we're talking passwords, bitcoin keys or silly photos uploaded to Facebook). I have no idea how blockchain.info handles data, but you should always assume that deleting online data might not necessarily delete it in the way which you understand as “deleting”.

[Giant]

Thank you all for the responses. I think I now have a broad picture of how wallets work and how the security works.

As for the address, I think I will import it in Armory and transfer funds regularly to a 'native' Armory wallet address.

[Abdussamad]

Frankly I don't think you have gotten a good picture of anything from this thread. It's just full of opinions without any facts being presented. You need to do your own research into these various wallets.

With Armory/electrum/multibit/bitcoin-qt you encrypt your wallet file and store it on your own computer. If someone wants to steal your coins he would have to gain access to your computer, grab the encrypted wallet file and the password you used to encrypt it. This would require a malware infestation.

Another possibility is that someone got access to your backups and then stole the coins using that.

If someone wants to steal coins from a blockchain.info wallet he needs the encrypted wallet file and the password too. But the key difference is that with blockchain.info anyone who knows the wallet identifier can get a copy of the encrypted wallet file. Also blockchain.info's servers are always online and everyone knows that there's gold there so its akin to carrying a giant sign board that says "Hack Me And Get RICH!"

There is another possibility and that is that you loose your coins not because of some thief but because of hardware failure, accidental deletion of wallet file, natural disasters etc. So which of the wallets are safer in that case? Armory and electrum are deterministic meaning you can make paper backups that can restore all the coins (except imported private keys). Multibit and bitcoin-qt are not meaning you have to take regular backups.

Blockchain.info wallets are backed up on multiple servers. However all those servers belong to a third party company. You can also backup the wallet yourself.

[DannyHamilton]

- snip -
If someone wants to steal coins from a blockchain.info wallet he needs the encrypted wallet file and the password too. But the key difference is that with blockchain.info anyone who knows the wallet identifier can get a copy of the encrypted wallet file.
- snip -

I would hope that anyone using blockchain.info would be using two factor authentication, but as I said earlier: "safety and security will often end up depending more on your processes and habits than which wallet you choose to use"

Also blockchain.info's servers are always online and everyone knows that there's gold there so its akin to carrying a giant sign board that says "Hack Me And Get RICH!"

Although all hacking their server will get you is a pile of encrypted data.  You'd still have to guess everyone's passwords to actually access any of it.

There is another possibility and that is that you loose your coins not because of some thief but because of hardware failure, accidental deletion of wallet file, natural disasters etc. So which of the wallets are safer in that case? Armory and electrum are deterministic meaning you can make paper backups that can restore all the coins (except imported private keys).

(emphasis added)

Which would be why I stated: "By importing a private key you are already choosing to forfeit a key safety feature that Armory provides (deterministic addresses)."  Because the OP is choosing to import adresses, they now have to store complete backups of the wallet somewhere and not just the paper backup of the seed.  If they store those backups on the internet somewhere, then they are doing the same thing as blockchain.info (storing encrypted copies of the wallet online where it can be accessed by hackers).

[Abdussamad]

All good points. This is the sort of thing we should present to the OP.

- snip -
If someone wants to steal coins from a blockchain.info wallet he needs the encrypted wallet file and the password too. But the key difference is that with blockchain.info anyone who knows the wallet identifier can get a copy of the encrypted wallet file.
- snip -

I would hope that anyone using blockchain.info would be using two factor authentication, but as I said earlier: "safety and security will often end up depending more on your processes and habits than which wallet you choose to use"

Also blockchain.info's servers are always online and everyone knows that there's gold there so its akin to carrying a giant sign board that says "Hack Me And Get RICH!"

Although all hacking their server will get you is a pile of encrypted data.  You'd still have to guess everyone's passwords to actually access any of it.

A few things:
   One I was comparing like to like. Getting encrypted wallets from some individual's computer vs. doing the same from blockchain.info.

   By broadcasting that it holds lots of wallets blockchain.info is inviting trouble. An individual does not do that or if he does his system is harder to track. I suppose this the old security via obscurity argument.

   If hackers compromise blockchain.info they won't just get the encrypted wallets. They can also put up a phishing site in its place and get people's passwords.

There is another possibility and that is that you loose your coins not because of some thief but because of hardware failure, accidental deletion of wallet file, natural disasters etc. So which of the wallets are safer in that case? Armory and electrum are deterministic meaning you can make paper backups that can restore all the coins (except imported private keys).

(emphasis added)

Which would be why I stated: "By importing a private key you are already choosing to forfeit a key safety feature that Armory provides (deterministic addresses)."  Because the OP is choosing to import adresses, they now have to store complete backups of the wallet somewhere and not just the paper backup of the seed.  If they store those backups on the internet somewhere, then they are doing the same thing as blockchain.info (storing encrypted copies of the wallet online where it can be accessed by hackers).

You can always backup to an external storage medium. You don't have to backup to the cloud.

[Giant]

You can always backup to an external storage medium. You don't have to backup to the cloud.

I would like to add that it's also possible to make paper back-ups of imported private keys in Armory. Then there would be no need to back-up them digitally.