Encrypted wallet on full node OpenVZ cloud VM

[natd]

What are the risks of running a full node with encrypted wallet out of an OpenVZ cloud VM?
I understand a server administrator could retrieve the encryption key (passphrase) from RAM (or from shell history if I use it to unlock the wallet), but what if I unlock the wallet from another computer via RPC, create and broadcast a transaction on that VM, and then lock it again?
Would this leave the wallet encryption passphrase in RAM somehow? What are the risks?
Thanks in advance for any insight.

[1714920443]

1714920443

[1714920443]

1714920443

[1714920443]

1714920443

[natd]

Bump 

[natd]

It seems -stdin included in the new bitcoin core v0.13.0 makes it more secure to run RPC as in

$bitcoin-cli -stdin walletpassphrase mysecretcode

[Quickseller]

Please don't do this. The setup that you are proposing is horribly insecure.

You are correct in saying that a server administrator could trivially access your wallet, and they could get either the decryption key to your wallet, an unencrypted version of your wallet, or both once you decrypt your wallet on your server. The same is true for anyone with physical access to your server.

Since you are proposing using a VPS (or something similar thereto), it is possible that one or some of your "neighbors" could potentially get your private keys by listening very closely to what is in the physical server's (that is for your VPS) RAM. This is less trivial, and I don't think it is very common for people to do this. Although your risk of this happening would probably increase if it was known that your VPS contained private keys associated with large amounts of bitcoin.

One way to mitigate against this would be to have a setup so that your server will only contain an encrypted version of your wallet, and the decryption will only be done locally after you download a copy from your server -- in other words, you should be able to decrypt then sign a transaction after you disconnect your computer from your server. Although I still think this is a bad idea because you can probably get a slightly higher level of security then this using blockchain.info (which I also generally do not recommend, but is probably best among online wallets in which you control the private keys), and your cost would probably be a lot less. If you wanted to, you could still use a VPS full node to verify and broadcast transactions if you are using blockchain.info.

An alternative setup that would give you much more security then any of the above, would be to use a VPS to create a full node that is also running an electrum server (even a private one). You could then use either your electrum seed, or a trezor to store your private keys, and you can even potentially use the same wallet across multiple devices if this was something you wanted to do. Provided that you are hosting your own electrum server, you should probably have the same general level of privacy as if you were running your own full node.

[natd]

Thank you for the comprehensive reply, @Quickseller. I do like your idea of using a Electrum server. However, I believe it needs lots of RAM - not usually available in a VPS plan.
Keeping the VPS idea plus your insights, maybe I can create unsigned transactions on the VPS from watch only addresses and sign them locally. It would be nice to automate that flow.