Best Cold Storage Methods For LTC and BTC - page 3.

jmw74

full member

Activity: 236

Merit: 100

Quote from: justusranvier on April 03, 2013, 07:25:25 PM

You can use cold wallets in this way. You can also use a client like Armory that uses deterministic keys so that your wallet only needs to backed up once but can still contain more keys than you'll use in a lifetime.

This sounds convenient, but doesn't it give up some security?

I mean, let's say you use this deterministic wallet for years. After 6 months you have 10btc and someone compromises it, but you don't realize it. They just bide their time and after 2 years you have 1000 btc, then they just steal them.

If you use wallets generated fresh, then the window to steal coins becomes smaller, doesn't it?

ralree

hero member

Activity: 518

Merit: 500

Manateeeeeeees

I forked this project on my home server and I use it to generate paper wallets:

https://www.bitaddress.org/

Just print them with the QRcodes and keep them safe, and you can cash them in easily with your phone or another scanning device.

SnowDog2003

jr. member

Activity: 41

Merit: 1

Quote from: jmw74 on April 02, 2013, 10:03:11 PM

Quote from: Zangelbert Bingledack on April 02, 2013, 01:54:51 PM

Just watch out: importing private keys is a minefield. Some guy on reddit lost $10,000 because he didn't know about "change" addresses and assumed his unspent coins stayed in his cold wallet address.

I'm trying to figure out what this issue is, exactly, and how to avoid it. Anyone have a link?

If you import a private key, and spend some of the coins, wouldn't the client create a new key to send the change to? I just can't believe a client would ever send change to an address that it couldn't unlock.

Right, but the guy who loads his cold-storage private address into his wallet so that he can spend bitcoins, finds that after he spends them, and then deletes the wallet, that the remaining bitcoins are no longer in his cold-storage private address, but rather, were in a change address in the wallet that he just deleted.

weex

legendary

Activity: 1102

Merit: 1014

Quote from: Zangelbert Bingledack on April 02, 2013, 01:54:51 PM

Just watch out: importing private keys is a minefield. Some guy on reddit lost $10,000 because he didn't know about "change" addresses and assumed his unspent coins stayed in his cold wallet address.

This is not an issue with private keys or importing them. It is perfectly safe to use importprivkey with bitcoind/litecoind. The problem comes when people go creating raw transactions (the brainwallet site let you do this and you can deliberately / not accidentally do it with bitcoind/litecoind). If you create a raw transaction and do not send all of the funds from the old address what's left will become a fee for the miners. The moral of the story is stay away from raw transactions unless you know exactly what you are doing. No need to be afraid of single private keys. If you have a question, ask!

christop

member

Activity: 84

Merit: 10

Quote from: Rincewind on April 03, 2013, 12:24:02 PM

Quote from: jmw74 on April 03, 2013, 09:34:08 AM

Ok so tell me if I understand the "change" issue correctly:

Let's say I have 100btc in a cold wallet, and I want to take 25btc out of my "savings".

If I were naive, I might import the key into some client, send 25btc to my "spending" wallet address. Then I mistakenly think that the remaining 75 bitcoins are still in my cold wallet, when in fact they have been sent to an entirely new change address. The key for this change address is in the wallet of the client I just used.

Then if I think that all I need is my paper copy of the cold wallet, I delete the client's wallet (to destroy extra copies of the cold wallet key) and thereby destroy 75btc.

Do I have that right?

Correct. It's just like fiat money, but in this case the keys are the money.

If you go to McDonalds and buy a $5 combo meal with a $20, you're going to get a $10 and a $5 back. Think of it as a bunch of micro-transactions all bundled together. Five $1s isn't technically equivilent either, because that's five transactions to spend $5 (you hand over a $1, then you hand over a $1, then you hand over a $1 ...). The only way you can spend $5 exactly with one transaction is to have a $5 bill.

A transaction can have multiple Bitcoin "bills" as input so you could do something exactly like paying for something with 5 $1 bills.

A transaction is basically like gathering a bunch of bills together and then sending one "bill" of a single denomination to each recipient. The "change" address is just a regular recipient in the protocol itself. So your example of spending a $20 bill for a $5 meal is like splitting that $20 bill into a $5 bill and $15 bill. The $5 bill goes to McDonalds and the $15 bill goes to your change address.

zenid

newbie

Activity: 52

Merit: 0

Quote from: mrbitbank on April 03, 2013, 10:05:27 AM

What I do is keep my BTC in multiple BTC addresses of say 5BTC each in cold storage. I treat each address as a Banknote, When I want to spend I will import the private key of one of my btc addresses into my MTGOX account and from my mtgox a/c spend what ever I need to and whats left I will transfer to a new cold address thats offline. I use BTCBALANCE.NET to keep a track of each of my btc depoits

That's exactly what I plan to do. As soon as I have enough coins to feel nervous about them all being at a single address, I'll turn them into 'banknotes' divided across a handful of addresses.

Gordonium

sr. member

Activity: 392

Merit: 250

Quote from: Zangelbert Bingledack on April 02, 2013, 01:54:51 PM

Just watch out: importing private keys is a minefield. Some guy on reddit lost $10,000 because he didn't know about "change" addresses and assumed his unspent coins stayed in his cold wallet address.

This is something that should be more clearly stated for all new Bitcoins users.

justusranvier

legendary

Activity: 1400

Merit: 1013

Quote from: chufchuf on April 03, 2013, 07:20:38 PM

I get it, so basically the problem with cold wallets is they don't keep up with the addresses that get eaten up and created with every new transaction, because at any one time, a bitcoin wallet can only contain 100 untouched addresses. I assume by that that the issue would arise by the time we do the 101st transaction from or to a cold wallet, that that is when we would start losing money because the two wallets, the updated live one and the cold storage one, would begin to be different and the use of one in a transaction would invalidate whatever only the other one can see.. Or maybe by 101st transaction, these addresses just disappear from both wallets. That is a doubt I have. Another doubt is that maybe cold wallets dont register change at all if money is sent from a cold wallet. Thats where it shows how unfamiliar I am with btc- it could very well be instead, that bitcoins can only be sent from hot wallets and that the problem is that the cold wallet used to import and create the hot wallet, must be elimipaper wallet Other clients use deterministic wallets so your paper backup is good forever.nated forever and never touched again and if we are to go about storing our wallet again we have to do it from the result of our latest hot wallet. Am I on the right track?

You can use cold wallets in this way. You can also use a client like Armory that uses deterministic keys so that your wallet only needs to backed up once but can still contain more keys than you'll use in a lifetime.

chufchuf

full member

Activity: 205

Merit: 100

I get it, so basically the problem with cold wallets is they don't keep up with the addresses that get eaten up and created with every new transaction, because at any one time, a bitcoin wallet can only contain 100 untouched addresses. I assume by that that the issue would arise by the time we do the 101st transaction from or to a cold wallet, that that is when we would start losing money because the two wallets, the updated live one and the cold storage one, would begin to be different and the use of one in a transaction would invalidate whatever only the other one can see.. Or maybe by 101st transaction, these addresses just disappear from both wallets. That is a doubt I have. Another doubt is that maybe cold wallets dont register change at all if money is sent from a cold wallet. Thats where it shows how unfamiliar I am with btc- it could very well be instead, that bitcoins can only be sent from hot wallets and that the problem is that the cold wallet used to import and create the hot wallet, must be eliminated forever and never touched again and if we are to go about storing our wallet again we have to do it from the result of our latest hot wallet. Am I on the right track?

Rincewind

newbie

Activity: 56

Merit: 0

Quote from: jmw74 on April 03, 2013, 09:34:08 AM

Ok so tell me if I understand the "change" issue correctly:

Let's say I have 100btc in a cold wallet, and I want to take 25btc out of my "savings".

If I were naive, I might import the key into some client, send 25btc to my "spending" wallet address. Then I mistakenly think that the remaining 75 bitcoins are still in my cold wallet, when in fact they have been sent to an entirely new change address. The key for this change address is in the wallet of the client I just used.

Then if I think that all I need is my paper copy of the cold wallet, I delete the client's wallet (to destroy extra copies of the cold wallet key) and thereby destroy 75btc.

Do I have that right?

Correct. It's just like fiat money, but in this case the keys are the money.

If you go to McDonalds and buy a $5 combo meal with a $20, you're going to get a $10 and a $5 back. Think of it as a bunch of micro-transactions all bundled together. Five $1s isn't technically equivilent either, because that's five transactions to spend $5 (you hand over a $1, then you hand over a $1, then you hand over a $1 ...). The only way you can spend $5 exactly with one transaction is to have a $5 bill.

justusranvier

legendary

Activity: 1400

Merit: 1013

John (John K.)

legendary

Activity: 1288

Merit: 1227

Away on an extended break

Quote from: Rassah on April 03, 2013, 11:51:46 AM

Quote from: ?? on ??

Armory.

Definitely Armory. For BTC, Armory is, hands-down, the best option to store your bitcoins. Nothing else even comes close.

Yes, Armory. I keep all escrow funds and my own funds in Offline Armory, and have the seed backed in GPG-encrypted papers at multiple places.

Rassah

legendary

Activity: 1680

Merit: 1035

Quote from: ?? on ??

Armory.

Definitely Armory. For BTC, Armory is, hands-down, the best option to store your bitcoins. Nothing else even comes close.

mrbitbank

newbie

Activity: 48

Merit: 0

What I do is keep my BTC in multiple BTC addresses of say 5BTC each in cold storage. I treat each address as a Banknote, When I want to spend I will import the private key of one of my btc addresses into my MTGOX account and from my mtgox a/c spend what ever I need to and whats left I will transfer to a new cold address thats offline. I use BTCBALANCE.NET to keep a track of each of my btc depoits

jmw74

full member

Activity: 236

Merit: 100

Quote from: franky1 on April 02, 2013, 11:35:58 PM

as soon as you import a private key into a client. treat it as dynamite. very risky
spend the coins you want. but then make a new paper wallet and send the coins in the client to the new paper wallet.

dispose of the old, empty and used key.

don't hold onto your used private key as its hot.. not cold.

anything that has ever touched a client is not considered cold.

Ok so tell me if I understand the "change" issue correctly:

Let's say I have 100btc in a cold wallet, and I want to take 25btc out of my "savings".

If I were naive, I might import the key into some client, send 25btc to my "spending" wallet address. Then I mistakenly think that the remaining 75 bitcoins are still in my cold wallet, when in fact they have been sent to an entirely new change address. The key for this change address is in the wallet of the client I just used.

Then if I think that all I need is my paper copy of the cold wallet, I delete the client's wallet (to destroy extra copies of the cold wallet key) and thereby destroy 75btc.

Do I have that right?

Notanon

sr. member

Activity: 388

Merit: 250

Quote from: ?? on ??

Armory.

Shame there isn't a Litecoin equivalent, but yes, wouldn't settle for less than Armory.

franky1

legendary

Activity: 4410

Merit: 4788

as soon as you import a private key into a client. treat it as dynamite. very risky
spend the coins you want. but then make a new paper wallet and send the coins in the client to the new paper wallet.

dispose of the old, empty and used key.

don't hold onto your used private key as its hot.. not cold.

anything that has ever touched a client is not considered cold.

jmw74

full member

Activity: 236

Merit: 100

Quote from: Zangelbert Bingledack on April 02, 2013, 01:54:51 PM

Just watch out: importing private keys is a minefield. Some guy on reddit lost $10,000 because he didn't know about "change" addresses and assumed his unspent coins stayed in his cold wallet address.

I'm trying to figure out what this issue is, exactly, and how to avoid it. Anyone have a link?

If you import a private key, and spend some of the coins, wouldn't the client create a new key to send the change to? I just can't believe a client would ever send change to an address that it couldn't unlock.

SomeWhere

member

Activity: 71

Merit: 10

Quote from: Zangelbert Bingledack on April 02, 2013, 01:54:51 PM

Just watch out: importing private keys is a minefield. Some guy on reddit lost $10,000 because he didn't know about "change" addresses and assumed his unspent coins stayed in his cold wallet address.

This is not a problem if you use armory or electrum, because they use deterministic address generation. You only ever need the seed or the first address of your wallet to recover all others.

EtherDais

member

Activity: 60

Merit: 10

The customers I've had who buy 3D printed NFC tags generate a private key for a new account and deposit to that directly, rather than trying to import a particular private key from a wallet.

Topic: Best Cold Storage Methods For LTC and BTC - page 3. (Read 9650 times)