EDIT: After reading your message again I think the best way to go is to hook up Electrum to a Trezor or a Ledger(whichever you prefer or any other HW wallet out there) then once it's connected to Electrum sweep the BTC first and foremost. Then go back and use Ballet or Coinomi for the forks and rest that may or may not be sitting on that private key. Snagging the BTC is obviously paramount! I'm actually glad we all got into this discussion here again because I believe it's worth discussing from time to time. Sorry for hijacking the thread and good luck with the sale(s) Thoughtfan! I'm rooting for you and your friend!
I fear there may be a misunderstanding here of the process Krogoth and I are advocating. It is not my place to tell anyone what to do or not to do; nor what anyone's risk tolerance ought to be. And I'm going to risk sounding patronising here by getting a bit preachy in the hope you and / or others who see this don't jump into doing this stuff, get it wrong and get robbed.
But above in this thread (here...
... as well as in this post:
https://bitcointalk.org/index.php?topic=5300639.msg55893024#msg55893024 )
...and, I suspect, in countless other threads and videos and books about the basics of Bitcoin, there are processes devised, tried and tested to handle and to use private keys securely. If dealing with anything more than what to you is 'loose change', I highly recommend not only following these processes but also taking the time and effort beforehand to understand what a transaction consists of; what is required to prepare a transaction, how most of the process can be separated from the vulnerable bit (i.e. its signing). Because once it is understood, you will be able to see why what may initially be a daunting many-step processes is necessary; you can follow the purpose of each step and where it belongs in the process; you can get a better appreciation of the design of Bitcoin and the transaction-creating process. And when it's safely done, when you did it, you can get the satisfaction not only of knowing that the funds are safe but also from knowing that, by following an understood step-by-step that you will have consolidated that knowledge by carrying it out yourself. And, as remote a chance as there may have been (see below) that the online machines were compromised, you will know that it was all done without there being a need for a 'hold-your-breath-and-hope' moment when there was a risk of losing the coins*. (The process of using a hardware wallet will also make more sense to you if you hadn't already gotten what that process consists of.)
/soap box rant
Thanks for your input on how you sweep the BTC then the forks afterwards once the most important BTC is swept and secured first!
I think there may be confusion here arising out of a more generalised use of the word 'sweeping' i.e. 'to have moved the funds from a wallet' and the technical term (and the sweeping function in wallets). As far as I understand it, it is not possible to technically sweep a wallet without the wallet being able to ascertain the 'available balance' from the blockchain therefore not possible to do on an air-gapped machine which, by the processes recommended by those who understand, is the only place you want your private keys to be until the BTC balance is safely elsewhere.
After reading your message again I think the best way to go is to hook up Electrum to a Trezor or a Ledger(whichever you prefer or any other HW wallet out there) then once it's connected to Electrum sweep the BTC first and foremost.
Just to be clear, the use of a hardware wallet with Electrum (or with whatever software) is separate and outside the scope of this discussion (unless we extend it further
). For our purposes, all you need with respect to your hardware wallet (if that is to be the destination of the funds you're moving from the Casascius coin) is that you need a verified address for that wallet. In other words, your hardware wallet will be set up with its own seed words and you just need a destination address for that wallet in order to prepare the transaction that will be signed by the physical coin's private key.
The use of Electrum (for the on-line machine) with respect to moving the balance from the physical coin is as a 'watch only' wallet whereby when setting it up, instead of inputting private keys (as you would to restore a low-value wallet with some funds on), you input
only the bitcoin address (the part that was visible prior to peeling the sticker off). This enables that wallet, once you've put in the destination address, to find the balance on the blockchain and figure out how much 'max' is in order to create the transaction that you'll be signing on the air-gapped wallet. But I think we're going round in circles by now. I don't think I have any more to add on this process that hasn't already been said or isn't in the resources Krogoth kindly linked to.
Can you or anyone else in here let me know their thoughts on that very risk you describe above regarding it's just a race to get your BTC off your phone and onto a HW wallet?
I think Krogoth answered that one well.
I mean let's say I use Ballet or Coinomi what are the actual risks vs doing it the way you described above?
The risk is simply that malware on a connected machine could potentially use your private key to move your BTC to their address quicker than your sweeping process does.
I have no doubt your way is likely more secure but for any security experts in here how much more secure would that way be?
You're now asking to quantify risk which is a whole other ballgame. The odds that this could happen vary enormously with each circumstance and would be very difficult, even for a security expert, to ascertain without knowing what devices / OS you're using, what else they're used for and since when, whether you use the same device (or accounts also associated with that device) to send communications relating to cryptocurrency, how good your opsec is etc. etc. Without knowing how big an 'I own crypto' bullseye sign you've digitally drawn on your back, it's impossible to tell what the odds are. But why take that risk if you have an opportunity both to carry out this process without taking that risk and in the process, to progress your learning of what this technology is about?
Sorry for hijacking the thread and good luck with the sale(s) Thoughtfan! I'm rooting for you and your friend!
iBHK8
All good. At least this convo is keeping the thread alive while we're waiting for these photos
*You may even find the process so satisfying that you want to go through it again using Electron Cash for BCH, Electrum SV for BSV before using the simple one-step process in Ballet or Coinomi for anything else.
