Bitcoin Forum
December 12, 2024, 09:24:41 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Best practices regarding addresses in online/offline setup?  (Read 220 times)
shogoo9U (OP)
Newbie
*
Offline Offline

Activity: 16
Merit: 0


View Profile
August 08, 2017, 03:59:14 PM
 #1

How do you manage / keep track of your generated addresses in a hot + WO wallet setup?

Generating them on the cold side would be a bit safer, because assuming the hot side is compromised something could substitute the new address for one their own, causing you to give out the wrong address and thus lose any funds sent there.
However, the cold side does seem to keep track of some number of used addresses (how?), but naturally not the actual used addresses themselves. So you could copy & paste from its address pool, but if you're not careful you might end up reusing addresses.

Generate on the hot side, then visually check if they're on the cold side's unused list as well -- as cumbersome and error prone as that is?
A way to mark addressed used manually would help. I'd settle for the ability to comment on addresses (in wallet properties) that weren't officially "generated" by [Receive Bitcoins] yet. Maybe it's there and I just haven't found it yet ...
goatpig
Moderator
Legendary
*
Offline Offline

Activity: 3780
Merit: 1375

Armory Developer


View Profile
August 08, 2017, 07:07:51 PM
 #2

Generating them on the cold side would be a bit safer, because assuming the hot side is compromised something could substitute the new address for one their own, causing you to give out the wrong address and thus lose any funds sent there.

Wallet consistency check on startup would catch this every time. The only this attack vector would work on Armory is if the entire wallet is swapped (you'd notice), or the data is changed in RAM. In both cases, you got yourself in a position you shouldn't be to begin with.

Quote
A way to mark addressed used manually would help. I'd settle for the ability to comment on addresses (in wallet properties) that weren't officially "generated" by [Receive Bitcoins] yet. Maybe it's there and I just haven't found it yet ...

You can add comments to addresses in the Receive dialog.

Generally the best way around this is to create a large key pool on your offline machine, grab the WO and import that to your online machine. This way you don't trust the online machine to compute public keys for you, all the while keeping track of the latest requested address (incrementing a counter).

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!