Problem undestanding cold wallets

[NicosKaralis]

I'm very new to BTC and I'm having some problems to understand why colds wallets are so important to users
In a big company that handles a lot of BTC I could understand, but for me I can't even think in a good reason to use it.

I use a blockchain account just because I started there and don't want to get rid off it yet and this account have little to none BTC, most of my BTCs are in my phone wallet (Bread for iOS)

Could my phone be considered a cold wallet? Because it connects directly to the BTC network and (as far as I can tell) doesn't communicates with anything else (its a sandbox app that has no http privileges).

And whats the point of sending your money to a paper wallet if anyone can still see the address and try to steal it? Isn't vanitygen capable of that? (takes time i know, but in statistic "if it can happen, probably it will someday")

From what I see the only capable way of stealing a wallet is to get the private key, but why do people talk about cold storages like the money is actually sent? like fisically

source http://blog.bit2me.com/en/protect-bitcoin-wallet/
4) Create paper wallets

The only way to keep your bitcoins away from the claws of hackers is removing them from the network.
Although this entails the usual risks of any physical object, it is a safe, simple and a free way to protect your bitcoin.
If your wallet is provided by Blockchain.info you have the option to print it by clicking the appropriate option in the “Import / Export” section.
If not, you can use bitaddress.org or a more sophisticated platform like bitcoinpaperwallet.com, which allows you to include holograms or order a CD with Ubuntu preinstalled with software to create all the paper wallets you want.

Each line sounds so wrong to me but the most important are
1. You cant "remove them from the network"
2. If the wallet is provided by blockchain, what exporting could protect? they already have the key, they are only a target to hackers to get the key

And besides why do people assume that the cold wallet is safe? Just because you don't move the funds doesn't mean they are not there.


Can someone explain this to me? I feel like cold wallets for users are just "If you don't move they cant see you"

[1714943156]

1714943156

[laurentmt]

I'm very new to BTC and I'm having some problems to understand why colds wallets are so important to users
In a big company that handles a lot of BTC I could understand, but for me I can't even think in a good reason to use it.

I use a blockchain account just because I started there and don't want to get rid off it yet and this account have little to none BTC, most of my BTCs are in my phone wallet (Bread for iOS)

More security is always better but you're right on one point: if the financial cost of security is greater than the value you want to secure, there's something wrong.
If you just have a few cents, no need for a cold wallet.
If you have thousands dollars, it's better to secure your btc with a cold wallet or an hardware wallet like Ledger, Trezor, ...

Could my phone be considered a cold wallet? Because it connects directly to the BTC network and (as far as I can tell) doesn't communicates with anything else (its a sandbox app that has no http privileges).

Short answer: No

And whats the point of sending your money to a paper wallet if anyone can still see the address and try to steal it? Isn't vanitygen capable of that? (takes time i know, but in statistic "if it can happen, probably it will someday")

As you wrote, stealing a wallet requires knowledge of the private key.
Finding the private key when you only know the address is "impossible" (understand "secured by cryptographic algorithms")
Therefore, nobody can steal your btc without access to your private key (let's forget a potential flaw in random number generators).

From what I see the only capable way of stealing a wallet is to get the private key, but why do people talk about cold storages like the money is actually sent? like fisically

You're right. No coin is sent to cold storage. This is just a misleading metaphor.
It only means that your private key isn't (and has never been) in contact with internet (stored on a computer connected to internet network)

Hope it helps.

[Carlton Banks]

Could my phone be considered a cold wallet? Because it connects directly to the BTC network and (as far as I can tell) doesn't communicates with anything else (its a sandbox app that has no http privileges).

Short answer: No

Lol. Slightly longer version: your phone is the wallet device you should trust the least. Not cold, not secure

[laurentmt]

Could my phone be considered a cold wallet? Because it connects directly to the BTC network and (as far as I can tell) doesn't communicates with anything else (its a sandbox app that has no http privileges).

Short answer: No

Lol. Slightly longer version: your phone is the wallet device you should trust the least. Not cold, not secure

Your version is better 

[NicosKaralis]

Ty both for the answers. This help a lot

Could my phone be considered a cold wallet? Because it connects directly to the BTC network and (as far as I can tell) doesn't communicates with anything else (its a sandbox app that has no http privileges).

Short answer: No

Lol. Slightly longer version: your phone is the wallet device you should trust the least. Not cold, not secure

Why should i trust the device least?
It is not jailbroken, the app have open source code that i inspected and installed myself (I'm a developer), there is not an easy way to unlock the phone (finger or device passcode, app passcode) and it is always with me.
Is it still not trustworthy?

[laurentmt]

Why should i trust the device least?
It is not jailbroken, the app have open source code that i inspected and installed myself (I'm a developer), there is not an easy way to unlock the phone (finger or device passcode, app passcode) and it is always with me.
Is it still not trustworthy?

The rationale is that something which isn't connected to the network is less risky (malware, virus, keyloggers...). But note that even an usb device temporarily connected to a cold wallet computer might be considered as a risk.

A paper wallet has a big advantage : you can't connect it to the network  
But paper wallets come with their own challenges: you must store them in a secure place (thieves, water, fire, ...).

I guess this is why so many people are excited by hardware wallets which are a good compromise between security & convenience (but you still have to store the "seed" in a secure place).

[teukon]

2. If the wallet is provided by blockchain, what exporting could protect? they already have the key, they are only a target to hackers to get the key

Exporting is for backup.  If blockchain.info gets hacked and goes offline you may need your backup to recover your bitcoins.  The hackers will only get your bitcoins if you've used a weak password or if you give you password to them.

It is not jailbroken, the app have open source code that i inspected and installed myself (I'm a developer), there is not an easy way to unlock the phone (finger or device passcode, app passcode) and it is always with me.
Is it still not trustworthy?

Depends on what you mean by trustworthy.  I assume you're quite comfortable holding a few bitcoins on your phone.  How do you feel about converting your life savings into bitcoins and putting it all on the phone?

Cold storage is an essential tool for Bitcoin businesses such as exchanges and highly recommended to investors who wish to take a sizable position in Bitcoin.  If you're just experimenting with Bitcoin then you should have no problem.

[DeboraMeeks]

A hot wallet is like the wallet in your pocket, and a cold wallet is like your safe at home. If you are robbed on the street or even in your home they will take your wallet that is on you, but they won't be able to steal the safe. It's the same with Bitcoin: if a hacker breaks into your computer they can steal your hot wallet, but to get to your cold wallet they have to go through you.

[Muhammed Zakir]

A hot wallet is like the wallet in your pocket, and a cold wallet is like your safe at home. If you are robbed on the street or even in your home they will take your wallet that is on you, but they won't be able to steal the safe. It's the same with Bitcoin: if a hacker breaks into your computer they can steal your hot wallet, but to get to your cold wallet they have to go through you.

Cold wallets can also be in a PC. Only wallet which they "really" need to go through you is a brain wallet which is memorized by you. Other all can be found either by hacking or by searching. However, CMIIW.

[Abdussamad]

I'm very new to BTC and I'm having some problems to understand why colds wallets are so important to users
In a big company that handles a lot of BTC I could understand, but for me I can't even think in a good reason to use it.

Yes exactly you are just starting out and you don't need a cold wallet.

Use the wallet on your phone or PC. It should be sufficient for a newbie.

[NicosKaralis]

Ty all for the help

I feel like now i can understand better cold wallets

How do you feel about converting your life savings into bitcoins and putting it all on the phone?

Honestly? I don't really know, I guess i would not use the current app because it is not updated often, but i might build one myself and put it all... maybe

[teukon]

How do you feel about converting your life savings into bitcoins and putting it all on the phone?

Honestly? I don't really know, I guess i would not use the current app because it is not updated often, but i might build one myself and put it all... maybe

I was mainly attempting to stress that cold wallets are more useful when the stakes are high.

A modern phone OS will have plenty of extra weaknesses when compared with a security-focussed server/desktop OS.  For phones, security (and transparency/openness) ranks far below concerns such as price, weight, size, spec., mass-appeal, ease-of-use, and being feature-rich.  I'm reminded in particular of an incident where Android-users lost bitcoins, not due to any user or app-developer error, but because Android's SecureRandom function was flawed*.

If you do ever decide to manage serious amounts of money with your own phone app then please be mindful of these extra risks.  Good luck!


*Note that this flaw was found because of Bitcoin.  Bitcoin demands much greater security than most other information systems.  Even a mobile banking app is less appealing to hackers given that profiting anonymously is more difficulty and bank transfers can be reversed.

[NicosKaralis]

I was mainly attempting to stress that cold wallets are more useful when the stakes are high.

A modern phone OS will have plenty of extra weaknesses when compared with a security-focussed server/desktop OS.  For phones, security (and transparency/openness) ranks far below concerns such as price, weight, size, spec., mass-appeal, ease-of-use, and being feature-rich.  I'm reminded in particular of an incident where Android-users lost bitcoins, not due to any user or app-developer error, but because Android's SecureRandom function was flawed*.

If you do ever decide to manage serious amounts of money with your own phone app then please be mindful of these extra risks.  Good luck!


*Note that this flaw was found because of Bitcoin.  Bitcoin demands much greater security than most other information systems.  Even a mobile banking app is less appealing to hackers given that profiting anonymously is more difficulty and bank transfers can be reversed.

I was aware of that flaw, i saw some friends of mine talk about that

But I am an iOS developer and because the sandbox environment that all iOS apps are obligated to run I am really confident in their security.


P.S.: Please I'm not saying that iOS is better or even safe. Please do not take my opinions as anything else

[ashour]

I was mainly attempting to stress that cold wallets are more useful when the stakes are high.

A modern phone OS will have plenty of extra weaknesses when compared with a security-focussed server/desktop OS.  For phones, security (and transparency/openness) ranks far below concerns such as price, weight, size, spec., mass-appeal, ease-of-use, and being feature-rich.  I'm reminded in particular of an incident where Android-users lost bitcoins, not due to any user or app-developer error, but because Android's SecureRandom function was flawed*.

If you do ever decide to manage serious amounts of money with your own phone app then please be mindful of these extra risks.  Good luck!


*Note that this flaw was found because of Bitcoin.  Bitcoin demands much greater security than most other information systems.  Even a mobile banking app is less appealing to hackers given that profiting anonymously is more difficulty and bank transfers can be reversed.

I was aware of that flaw, i saw some friends of mine talk about that

But I am an iOS developer and because the sandbox environment that all iOS apps are obligated to run I am really confident in their security.


P.S.: Please I'm not saying that iOS is better or even safe. Please do not take my opinions as anything else

You have to understand it like this, cold wallets are like vaults they secure your bitcoin unlike a hot wallet. Imagine you have $100 in cash and you would probably put it in your personal wallet or let it laying on a table and that's ok since its not a huge amount of money. Now imagine you  have $100k in cash , would you put in a bag ? Of course not you would need a vault to secure the cash. And that is why cold wallets are so important, if you are going to use small bitcoin  amounts for daily transactions you will just need a hot wallet.

[NicosKaralis]

You have to understand it like this, cold wallets are like vaults they secure your bitcoin unlike a hot wallet. Imagine you have $100 in cash and you would probably put it in your personal wallet or let it laying on a table and that's ok since its not a huge amount of money. Now imagine you  have $100k in cash , would you put in a bag ? Of course not you would need a vault to secure the cash. And that is why cold wallets are so important, if you are going to use small bitcoin  amounts for daily transactions you will just need a hot wallet.

I agree with you. But securing bitcoins are not the same as securing fisical cash.

Besides, in the region I live in right now, people don't even know what bitcoins are, you are more likely to get your wallet and phone stolen just because some petty change you had

The thief will look the btc wallet and be like "wtf is this crazy drawing?" then toss it on garbage


Now that i stop to think about it.... damn I'm in a very good spot to introduce bitcoins to local market

[Dabs]

Isn't vanitygen capable of that? (takes time i know, but in statistic "if it can happen, probably it will someday")

It could happen. Did you check the time it takes to brute force a full public key so you have the private key? A million years? A thousand years?

Vanitygen will get the private key from your cold dead hands, AFTER you've been buried.

[Webnet]

I also have been using blockchain wallet for a year now and it safe. cold wallets are used/recommended  to store bitcoins u don't intend to use in the near future.

[Muhammed Zakir]

I also have been using blockchain wallet for a year now and it safe. cold wallets are used/recommended  to store bitcoins u don't intend to use in the near future.

Sorry to tell but no. Cold wallets are recommended for securing your Bitcoins. A thief need to have physical access to cold wallets to get steal Bitcoins or he need to inject malware to the computer/disk used to broadcast transaction.

You shouldn't store in an online walle. There is always higher risk when storing in an online wallet. Blockchain.info is known for their bugs. However, Blockchain.info is best in an online wallet as you have access to private keys IMHO.

[TYDIRocks]

You have to understand it like this, cold wallets are like vaults they secure your bitcoin unlike a hot wallet. Imagine you have $100 in cash and you would probably put it in your personal wallet or let it laying on a table and that's ok since its not a huge amount of money. Now imagine you  have $100k in cash , would you put in a bag ? Of course not you would need a vault to secure the cash. And that is why cold wallets are so important, if you are going to use small bitcoin  amounts for daily transactions you will just need a hot wallet.

I agree with you. But securing bitcoins are not the same as securing fisical cash.

Besides, in the region I live in right now, people don't even know what bitcoins are, you are more likely to get your wallet and phone stolen just because some petty change you had

The thief will look the btc wallet and be like "wtf is this crazy drawing?" then toss it on garbage


Now that i stop to think about it.... damn I'm in a very good spot to introduce bitcoins to local market

I'm not sure why you're so insistent on using your phone as secure storage. It is a pretty well known fact in the tech community that phones aren't as secure as other computing systems, not to mention the fact that certain 3 letter US agencies probably have backdoors in them (although most popular OSs probably do also..).

[hikedoon]

Spend some time reading the forum's archives about all the hacks,thefts and pure greed that's happened.
I keep having to stop myself from necro-posting it,some of it is pure gold.
I've not read of any cold storage wallets that have been set up correctly being stolen, yet.
That's why i use cold storage now.
I wouldn't keep any more than 1 BTC in a online wallet.