Topic: A quick help please (Read 297 times)

Thanks for the brief recap! I read 'Mastering Bitcoin' as a whole once and referenced it a couple times via GitHub, but should read it again completely I think 

That's correct.

The seed phrase (plus any additional passphrase you set) is used to first derive a 512 bit seed number. This seed number is then used to derive a master private key, a master public key, and a master chain code. The master private key is termed "m", which you see appear in derivation paths such as m/44'/0'/0'/0/0. The next private key in the derivation path - 44' - is derived from the master private key combined with the master chain code and the index number (in this case 2³¹ + 44). The next private key in that path is derived from that private key, following a similar process. And so on down the tree (the process is similar but slightly different at non-hardened paths missing the ' symbol) until you reach the end of your derivation path. Then that final private key is converted to an address, which is what your wallet displays.

I'd recommend this link for a detailed explanation of how HD wallets work: https://github.com/bitcoinbook/bitcoinbook/blob/develop/ch05.asciidoc

Soo, when I use a software or hardware wallet, it's not deriving multiple addresses from the same private key, instead it derives multiple private keys from the seed and then one address (or up to 3, technically) per private key?
Damn, I have to re-read my books... Seems like I misremembered something there. Sorry! 

about safety when create a new private key or decide to store it... https://glacierprotocol.org/ take a look on GLACIER Protocol .
the best step by step guide for the safest cold wallet you can generate.
using on-line solution and web-generator for a private key, it's something really weird if you really care about safety of your information.

It's good practice to test a paper wallet to test how to use it before funding one. Obviously, the test-wallet should be considered compromised after importing and not used again.

There's one more address: Legacy addresses can be either compressed or uncompressed, both derived from the same private key. And don't use the uncompressed private key to create a Segwit address, it will be very hard to spend.

I think I might've been a bit wrong with my phrasing. There is nothing wrong with paper wallets as a form of backup, that I agree because there is obviously no downsides to paper wallets as a backup or a storage medium. Paper wallets, as defined by OP seems to be in the sense that they're generated by browser based scripts which can be poorly implemented or have fundamental insecurities. If you were to generate it on Electrum, Bitcoin Core or most of the other wallets, then there should be nothing wrong because they go through rigorous reviews and have test vectors implemented.

Same cannot be said for some paper wallet *generator* (or any web-based generator), where vulnerabilities can potentially be introduced when the user loads the page dynamically and are thus unable to verify if they were indeed reviewed before or if an MITM or the person controlling the website introduces vulnerabilities, which has happened a lot of times. The myth that I was referring to is that users seems to assume that it is safer than your average software wallets, just because they generated it as a paper wallet, but it is just untrue.

Did you actually do this on an air-gapped computer or one running a LiveOS that was offline? Or did you just goto the website and click generate?

If you did it online, you basically removed all the benefits of a properly created paper wallet... rendering if no more secure than a software wallet... and likely worse... given you're using a 3rd party website to do it.

Paper wallets can be secure, but they require a bit of work to create properly so they are actually secure.


That's wrong. Private keys do not provide near infinite addresses... HD wallets and seeds provide near infinite private keys.


No, there is not a large number of valid addresses for each private key. You can generate three addresses. Legacy, Nested SegWit or Native SegWit.


Be aware that is not necessarily true either. While both addresses may indeed have been generated from the same private key... and imToken supports Legacy (as generated by bitaddress.org) and Nested Segwit (what it uses by default)... if a wallet does not, for some inexplicable reason, support all three... then any funds sent to an unsupported address type would not show up in the wallet.

For instance, imToken only appears to support Legacy and Nested SegWit addresses... it does not use native SegWit addresses... So, if you sent to the native segwit address that is associated with a private key that you imported into imToken, then the funds sent to that address would not show in imToken.

The statement is actually true, paper wallets are indeed safer than software wallets. Your arguments are all about wrong creation and wrong usages which don't make the paper wallet concept itself unsafe.
For example the "right way" of creating a paper wallet could be either one of these methods:
1. Downloading a strong and reviewed software (eg. bitcoin core) capable of producing a strong random entropy and verifying its signature, or compiling the source code. Then while being offline, creating a new key pair and writing that down on a piece of paper either as the single private key or the entropy to be used in an HD wallet.
2. Flipping a coin 256 times (128 to 256 times if it is for HD wallet seed) and writing down the results as zeros and ones on a piece of paper.

The only thing that can enter the computer when online is the public key or the address.
If anything is done apart from what I explained above (or similar to it) such as importing the private key in a phone wallet then what was created can not longer be called a paper wallet, instead it becomes a hot wallet.

There is a myth floating around that paper wallets are generally safer than software wallets. That is untrue and quite often it can be the exact opposite. If you were to use it online, or loaded from the website, the contents can be dynamic and the user would be unable to validate the authenticity of them. The general consensus is that it is difficult to implement crypto functions on JS than locally. Ultimately, the main difference comes from how you handle the keys and the environment you're generating it in. Unsanitized browsers are not the best.

Are you perhaps talking about "master private key" instead of "private key"?
Because you can only derive the standard address types from a private key unless the wallet will use it as an "HDSeed".
And bitaddress only generates 'keypairs' not 'HDseed'; imtoken only imports seed phrase for HD wallet / private keys for single address wallet.
Or have you misinterpret the fact that - each private keys has an extremely low chance to generate the same address (collision)?

If not, I'd be happy to be corrected.

If you're wondering how to properly import bitaddress-generated address properly to imToken,
You can follow this: during the import process, tap "Advanced" below and the "Address type" selection will show.

Thanks for the explanation. But I don't think it'd be sensible of me paying higher fees for transaction by using the legacy services when there's alternative that charges low. But honestly I do appreciate your input as it might be useful for me in future


Thanks for making this so crystal clear. I definitely will dive into your guides and try to be guided with it.



If only I knew I wouldn't even bother as I heard legacy addresses charges high in transactions but I think its worth trying after all... At least now I know better, so no regret at all. Thanks for the illustrations and making me understand the differences

Every private key can generate three types of addresses.

Legacy: Addresses starting with 1
Nested Segwit: Addresses starting with 3
Native Segwit: Addresses starting with bc1

bitaddress.org only supports legacy addresses.
imtoken has probably generated another type of address.

---

I just installed imtoken on my android phone to see how it works.
It allows users to have legacy addresses as well.

To OP:
If you want to have a legacy address on imtoken, tap on 3-dots button (Shown in the image below).



After that, tap on "Advanced" and then "Toggle Address Type".
Select "General".

Note that it's not recommended to use legacy addresses. You will have to pay higher fee when sending from legacy addresses.
It would better to use native segwit addresses (which is not supported by imtoken, of course)

First of all, a website with a trojan is not that common to come across and your browser must be really crappy and out of date, as well as your system, to get a trojan from just visiting a website.

Futhermore, http://bitaddress.org/ works and is supposed to be used, offline. Yes, it's a 'web app' but it needs no internet connection. It is downloaded, and preferably transferred to an offline machine, then opened there in a browser and executed.

About insecure wallets I don't know, that may be possible. My personal recommendation is to use open source hardware wallets where the private key is physically on a separate, always offline device, which is much simpler and more air-gapped than any full desktop computer.

Weren't these online wallet generators hacked not so long ago? I wouldn't recommend you to use these services OP. The best practice is setting up your own Bitcoin Core wallet on your PC and get your priv key from there.

These online services might carry trojan horses.

Either this one or the other one was creating unsafe wallets. So... don't take any chances.

That's very questionable, indeed.

Offline paper wallet should not be imported into any hot wallet (software) as long as you don't need to access the funds.

You are supposed to run an offline version of bitaddress.org on an offline PC, preferably booted from a live CD / live USB stick. It should be connected to a printer directly via USB or parallel port (many newer, USB-based printers cache files that have been printed - no good for us - not seen on older models). Then you should run bitaddress, print the deposit address where you can simply receive coins and you should print the private key on another paper & keep it safe & away from any online machine.

There is a quite large number of valid addresses that can be generated from a single private key, so both addresses that you see should be correct and funds sent to either will arrive in your wallet, since both addresses are generated from the same private key which you imported into a wallet software. That software allows you to see funds sent to any address corresponding to your private key and allows you to spend these utxos.

For any more detailed info about the topic, I like to point to this resource: https://en.bitcoin.it/wiki/Technical_background_of_version_1_Bitcoin_addresses

What is the point of generating OFFLINE paper wallet if you are going to import it next moment to some unknown and probably closed source multi coin hot wallet with who knows what derivation path?

Bitaddress gives you two things. I just generated two for myself.

SHARE  
(this is what I send to others to deposit bitcoin; infinite of these are available for my key below)
1QKqKX2UEmdZw4EoEZpT2T97MD5N5PbSQS

PRIVATE KEY
(this is what I import)
Kzp7X5wZ4x2WTPzk4GTKfwNattppccWWHyp9L8PaAK2PNt1i2ziP

edit: Every private key has near infinite (not really, but close to) addresses possible.  When you import a private KEY into a programme, like imtoken or bitcoin core, that programme will generate an address -- from one of the near infinite ones available.The SHARE is meant to be shared so that others can deposit bitcoin to you.

As a point, I don't generally trust things shared over the internet because they can be listened into more easily, and may even be saved in Utah's servers that are using up all of California's water. It is probably better to use a key generated by your programme rather than something online, although 1ninja's website there is very good quality. You should be able to export this from any programme, if having a hard copy is a concern.

I would also watch how your programme handles "change" after a transaction, as it will usually not send the bitcoin left to you to the address or key that you expect. So your key may change on your transactions using that key. One way around this is to send your transaction to the second user, and the leftover amount to your public address. People argue against that for various reasons, but if you are trying to keep a singular key, then you have to do it that way.

Hey buddies. I'm sorry for this as I'm afraid this question might sound silly to the ears but I need your help here.

I read how safe and secured owning a Bitcoin Paper Wallet is, so I decided to give it a try by creating one from bitaddress.org.

That successfully made, I progress to import the private keys into my imtoken wallet but the public address I'm getting is entirely different from the one generated from bitaddress.org.

Please is there anyone who has ever experienced this before? If yes, how did you go about it?

Thanks as you come to my rescue