Hardware wallets vs paper wallets

[Vampobit]

1. Bitcoin core and electrum are in fact host storage wallets, so it is kind of strange that people refer to them as the best wallets.

What do you mean by "host storage" wallets? With both Core and Electrum, you generate your own private keys and you are the only one who can access them. This is generally referred to as "self custody" or "non-custodial", to differentiate from web wallets or exchanges where a third party holds your private keys for you.

Both Core and Electrum can be used as a simple hot wallet on an online device, which is the least secure way to use them. Similarly, both can also be used as a cold wallet on a permanently airgapped device, which is a much more secure way to use them. And if you are using them on an airgapped machine, you can also use them to generate key pairs or seed phrases that you then print out or write down to create paper wallets.

2. I know that this is private, so feel free not to answer it, but when it comes to you, where do you store the keys to your coins? Do you have a combination of hot storage and cold storage?

Yes, exactly that. I have a small amount of "daily spending" bitcoin which I carry on a mobile wallet. Insecure, but very convenient, and only ever an amount I can easily afford to lose. The vast majority of my coins are in a variety of more secure wallets, including hardware wallets, airgapped cold storage, paper wallets, and some multi-sig wallets involving a combination of these things. All my wallets are synced from my own node to minimize any privacy leaks.

I meant hot wallets. OK so I totally understood how you can use them. In fact I used to own a Trezor wallet which I think also Connects to electrum.

1. Bitcoin core and electrum are in fact host storage wallets, so it is kind of strange that people refer to them as the best wallets.

Are you trying to say hot wallets or maybe software wallets? They are, yes. However, Electrum can be both a hot and cold wallet, meaning you can use it on an internet-connected computer or a permanently airgapped device. Bitcoin Core is a full-node client, which needs internet connection to update and sync the newest blocks. Electrum being a light client that doesn't require downloading the whole blockchain to work is easy to take offline. I think it's still doable with Bitcoin Core, and I could swear I saw an old guide for it in the past. But it's not user-friendly having a full client that is offline.   

Yes, my confusion was that I thought those wallets could be used only as hot wallets. I knew they are software wallets but it never occurred to me that I could use them "offline"

[1714302943]

1714302943

[1714302943]

1714302943

[1714302943]

1714302943

[Pmalek]

Yes, my confusion was that I thought those wallets could be used only as hot wallets. I knew they are software wallets but it never occurred to me that I could use them "offline"

That's OK. When Electrum is used in an offline/airgapped environment, you don't have to fear that your private keys will leak. Assuming, of course, the computer you use is clean and malware free. The device should also be formatted and not be connected to the internet after a clean install of the OS ever. Most people recommend using Linux, but this is your choice. It's also recommended to remove ethernet and wireless cards from the motherboard so no one can try any tricks. Full drive encryption is another noteworthy step.

After that is done, you use the offline machine only for constructing and signing your transactions. The broadcasting takes place on a different online computer. The signed and unbroadcasted transaction can be transferred for signing using a USB drive or via QR codes.       

[Vampobit]

Yes, my confusion was that I thought those wallets could be used only as hot wallets. I knew they are software wallets but it never occurred to me that I could use them "offline"

That's OK. When Electrum is used in an offline/airgapped environment, you don't have to fear that your private keys will leak. Assuming, of course, the computer you use is clean and malware free. The device should also be formatted and not be connected to the internet after a clean install of the OS ever. Most people recommend using Linux, but this is your choice. It's also recommended to remove ethernet and wireless cards from the motherboard so no one can try any tricks. Full drive encryption is another noteworthy step.

After that is done, you use the offline machine only for constructing and signing your transactions. The broadcasting takes place on a different online computer. The signed and unbroadcasted transaction can be transferred for signing using a USB drive or via QR codes.       

So I am guessing that electrum provides you with something like a QR code and you use your device to read it and sign it. Like the seedsigner device, which I absolutely love. Correct ?

Yes, exactly that. I have a small amount of "daily spending" bitcoin which I carry on a mobile wallet. Insecure, but very convenient, and only ever an amount I can easily afford to lose. The vast majority of my coins are in a variety of more secure wallets, including hardware wallets, airgapped cold storage, paper wallets, and some multi-sig wallets involving a combination of these things. All my wallets are synced from my own node to minimize any privacy leaks.

So, speaking of paper wallets, how did you generate them? The whole point of this thread and the fact that I tried to develop something is that I didn't trust bitaddress for example.

[o_e_l_e_o]

So I am guessing that electrum provides you with something like a QR code and you use your device to read it and sign it. Like the seedsigner device, which I absolutely love. Correct ?

Correct. You would create what is called a watch only wallet on your online computer, which contains only your addresses but no private keys. This wallet can be used to watch your addresses, balances, transactions, etc., but cannot be used to actually sign any transaction or send any coins, since it contains no private keys. You use this watch only wallet to create an unsigned transaction, and then either display that unsigned transaction as a QR code on the screen, or export it to a text file. Then with your airgapped computer with your cold Electrum wallet, you either scan this QR code or transfer over the text file using a USB drive or similar, and use your cold wallet to sign the unsigned transaction. Then reverse the process to move the signed transaction back to your online computer and broadcast it to the network.

So, speaking of paper wallets, how did you generate them? The whole point of this thread and the fact that I tried to develop something is that I didn't trust bitaddress for example.

If you want an classical single key paper wallet, then I would simply use Core on an airgapped computer to generate a private key and then copy the private key and address to a piece of paper to be printed with a dumb printer. I prefer to use seed phrases to generate HD wallets, though, rather than individual key pairs. For this I would either use Electrum, or generate the seed phrase manually by flipping a coin. Write that seed phrase down, and then use Electrum to derive the relevant addresses from that seed phrase to either also be written down/printed off, or transferred over to an online machine via QR code. Once you have the seed phrase written down and some addresses to send coins to (and double checked everything!), you can wipe all traces from your airgapped computer.

[hZti]

So, speaking of paper wallets, how did you generate them? The whole point of this thread and the fact that I tried to develop something is that I didn't trust bitaddress for example.

If you want an classical single key paper wallet, then I would simply use Core on an airgapped computer to generate a private key and then copy the private key and address to a piece of paper to be printed with a dumb printer. I prefer to use seed phrases to generate HD wallets, though, rather than individual key pairs. For this I would either use Electrum, or generate the seed phrase manually by flipping a coin. Write that seed phrase down, and then use Electrum to derive the relevant addresses from that seed phrase to either also be written down/printed off, or transferred over to an online machine via QR code. Once you have the seed phrase written down and some addresses to send coins to (and double checked everything!), you can wipe all traces from your airgapped computer.

This is a very good but complicated way. If you really just want to give 10 USD with of bitcoin to a friend, you can also create on with this website: https://www.bitaddress.org The website should be used in an offline mode and the computer should be a fresh install that was never connected to the internet.

[o_e_l_e_o]

This is a very good but complicated way. If you really just want to give 10 USD with of bitcoin to a friend, you can also create on with this website: https://www.bitaddress.org The website should be used in an offline mode and the computer should be a fresh install that was never connected to the internet.

Which is a far riskier way of doing things.

The complicated part of generating a paper wallet is setting up an airgapped computer with a clean install of a reputable open source Linux distro. Once you've done that, you still need to download, verify, and transfer to this computer the software you are going to use. This is the same for either Bitcoin Core or bitaddress. Then the only difference after that is whether you load a piece of software or whether you load an HTML file. It really is not that much more complicated to use Bitcoin Core than it is to use bitaddress.

Further, given the huge number of people who have lost coins from websites generating insecure paper wallets (even when offline), and that bitaddresses uses javascript which is a very poor choice when it comes to generating entropy, I would strongly suggest not using any website to generate a paper wallet.

[Pmalek]

This is a very good but complicated way. If you really just want to give 10 USD with of bitcoin to a friend, you can also create on with this website: https://www.bitaddress.org

The thing is, when you make one shortcut, it might lead you to make a second or a third one in the future. That way you are only making your setup less and less secure.

Some time ago, I asked why is everyone recommending using Linux distros on airgapped systems when your computer won't go online anyway? It was maybe o_e_l_e_o who explained it. There are far more attack vectors and backdoors on Windows than on Linux. Windows is a close-source OS with a wider market share than Linux. More people that can be attacked and more incentive to come up with different ways to break its defenses.

If you start making shortcuts and say I am just going to use Windows, the next thing that might happen is you deciding not to remove the WIFI or network cards to make it easier for yourself. While you at it, you might want to save yourself some time and not format your OS and install a clean version on it. After all, you are not going to connect it to the internet. One day you could decide to connect your "airgapped" computer to the internet just for a little bit because you need to check something, and it's quicker than turning on your other computer.

To avoid all that, you should respect all the recommendations or not do it at all and go for the next best thing - a hardware wallet.

[Vampobit]

Thank you all. I have acquired lot of knowledge discussing with you here. I had underestimated the power of airgaped devices.

I hadn't realised that they could store the keys and only be used to sign transactions.

Furthermore, I have learnt how to use watch-only wallets. Now I can watch my hardware wallet's balance and transactions without risking exposing the private keys.

Finally, I have realised that what I have tried to implement is good for learning and educating myself, but in fact, it is not useful. There are too many options out there and after all, being secure requires proper education, which I have been lucky enough to obtain thanks to you all.

Brilliant people in this forum!

[zasad@]

https://twitter.com/0xCygaar/status/1614742237690171394
"A big misconception I've seen is people believe that hardware wallets keep coins/NFTs in cold storage and offline.
This is not true.
Hardware wallets keep KEYS in cold storage, not the assets. These devices are "secure" because the keys aren't revealed anywhere else."

https://twitter.com/0xCygaar/status/1614742239074455552
"The reason your assets are considered safe in hardware wallets is because even if your computer is hacked, the private keys needed to transfer your assets are never exposed. The keys only live on the devices themselves, they're never seen by your computer."

https://twitter.com/0xCygaar/status/1614742240143998977
"However, if you take the seed phrase from a hardware wallet and import it to your computer, you've effectively rendered your hardware wallet useless because there are now multiple places where your private keys are stored.
Your cold wallet has now become a hot wallet."

https://twitter.com/0xCygaar/status/1614742241226162176
"To be safe, NEVER take the seed phrase (which is used to generate your private keys) from your cold wallet and upload it anywhere else.

Remember, a cold wallet is only cold if the keys to that wallet are stored only on a physical device not connected to the internet."