Securing Electrum seed phrases though Seed Extension

[promise444c5]

A watch-only wallet has no private keys and can't sign transactions. The cold wallet needs private keys, otherwise there is no use for it. The online wallet is the one without private keys, created by importing (master) public keys that belong to the cold wallet.

Yes! I made mentioned  of the watch only wallet because  if he truly  use a cold wallet then he must have the watch only wallet to view his balance and make transactions  which requires  signing from the cold wallets  since its  our main  sturage with the private keys just as you've  said above in your comment.
Sometimes people  think  they are using  a cold wallet because they only connect  to Internet  when they want to make a transaction... and that really  sucks
Let's just admit he's using it on an airgapped device...

[1715197684]

1715197684

[1715197684]

1715197684

[Pmalek]

Sometimes people  think  they are using  a cold wallet because they only connect  to Internet  when they want to make a transaction... and that really  sucks

I have heard that many times. A computer that you disconnect from the Internet doesn't become a cold wallet just like that. It's like saying I am a virgin because I only have sex on Saturday. It doesn't work like that. There are also people who refer to mobile phones as cold wallets with a claim that they keep their phones in airplane mode and turn their WiFi off. When they want to make a transaction, they turn everything on. This is very far from the truth.

[promise444c5]

~

Exactly  my point proven !!
The example was hilarious though she needs to convince any listener without using any word related to s*x    had to laugh while reading  it ,same goes to anyone claiming that too he have to convince us without using any word related to internet .
Why in the first  place  did I point  it out ?? I was also a victim of this same though before joining  the forum and I even went to the extent of showing  it in one of my replies , there I got corrected  on the perfect  procedures  to setup of a cold wallet on an Airgapped  device.
Now, seeing this bring  a flash back and I have to raise it for others to learn too.

[Cricktor]

I'd like to hear an explanation regarding status of cold wallet in the context of here presented backup scheme.

This is what I understood from this case.

Someone has mnemonic recovery words that he fears to loose or have them stolen, therefore he creates at least one distinct wallet with those mnemonic recovery words which are extended by an (optional) mnemonic passphrase (the 13^th or 25^th additional passphrase supplementing the commonly 12 or 24 mnemonic recovery words). Of course, this optional mnemonic passphrase should not be easy to guess and should be complex enough so that brute-forcing it isn't feasible (it should not be any information already available online, no song title, no known dictionary words sequence and so on).

This seed words extended by the supplementary mnemonic passphrase generate a wallet with completely different private keys than a wallet with the seed words (mnemonic recovery words) alone.

Now let's assume this user treats the air-gapped cold part of his wallet with the private keys indeed cold, ie. never touching an online network and internet. An online watch-only hot part of the wallet facilitates broadcasting signed transactions (signing PSBTs with the cold offline part).

When the mnemonic recovery words are saved in GMail, definitely a "hot" environment and not a safe storage if you only have your recovery words not supplemented by an additional mnemonic passphrase, you'd still can't recreate the wallet without the additional mnemonic passphrase.

I don't consider it a good and safe storage if you only try to memorize the additional mnemonic passphrase because this will fail you sooner or later (I had my own bad experience with this even with hints written for a complex supplementory mnemonic passphrase once; no coins were lost when I realized, I can't recover the wallet anymore, I moved funds out of it).

Can you explain me why everybody here says the cold wallet is actually a hot wallet when only the mnemonic recovery words are backed up in a hot environment but the recovery words definitely aren't sufficient alone to recover the wallet. The private keys are kept cold, they don't touch the internet, what touches the internet isn't in any way sufficient to recover the private keys. How is this a hot wallet as you all claim?

I ask because I want to understand it as it clashes with my understanding of cold vs. hot wallet.

We don't need to discuss if the entropy of the additional mnemonic passphrase is sufficient or comparable to e.g. the entropy of 12 recovery words. If I choose to secure a possible disclosure of my mnemonic recovery words with such a supplementary mnemonic passphrase, then of course the entropy of this mnemonic passphrase needs to be large enough so that brute-forcing is unfeasible. We know that it's computationally expensive to brute-force an additional mnemonic passphrase as you have always to go through 2048 rounds of PBKDF2 and further key derivation for each candidate.