Do I need a Coinbase Wallet, as well as the Coinbase account?

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: Mark228 on December 01, 2021, 07:21:21 PM

I just read about the open-source Exodus wallet.
ONLY on a desktop (not mobile), but Desktop is what I want anyway.
Any reason to Not go with Exodus?

As far as I know, exodus isn't open source. Both desktop and mobile versions are close source.
I have used exodus before (only for holding some altcoins in short term) and honestly never experienced any problem. Also, I haven't ever heard of any security issue with exodus till now. But since it's close source, I still wouldn't trust it, especially for long-term holding.

For ethereum, you can also try metamask.

Mark228

newbie

Activity: 15

Merit: 6

Right, Hoss, cannot use Electrum, because I need ETH.
OK, I'll Trust that... wherever I get a wallet from, They won't save the seed-phrase.
My paranoia is probably overkill.

Do not yet want to spend $ for the Hardware wallet.
Hopefully, I'll soon get Big$, and Then I'll get one of those.

I just read about the open-source Exodus wallet.
ONLY on a desktop (not mobile), but Desktop is what I want anyway.
Any reason to Not go with Exodus?

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: Mark228 on December 01, 2021, 06:19:12 PM

I need ETH, 'cause I plan to sell NFTs on Opensea, earning ETH.

For ethereum, you need to use another wallet.
The best is to buy a hardware wallet like Trezor. It's open source and can provide the maximum security.

There are also many multi-currencies wallets. But the problem is they are close source.

Quote from: Mark228 on December 01, 2021, 06:19:12 PM

May I instead create my own seed-phrase, like
ThisIsMySecretPhraseThatNobodyButMeKnowsBecauseIMadeItUpAllByMyself

Technically, it's possible to force electrum to do so. But since that's not a standard seed phrase and you won't be able to generate a same wallet using other wallets, that's not recommended at all.
If you want to have a valid seed phrase with your selected words, you must select 11 words from BIP39 wordlist and brute-force the 12th word.
Of course, it's not a recommended method and you should let the seed phrase to be generated by electrum. Humans are not good at generating random data.

Quote from: Mark228 on December 01, 2021, 06:19:12 PM

Are there Any ETH wallets that would allow me to do that?

For ethereum I don't think there's any.
Again, it's not recommended to have a seed phrase with your selected words, even if it's possible.

Mark228

newbie

Activity: 15

Merit: 6

Crap. I looked at Electrum, and it deals only with BTC.
I need ETH, 'cause I plan to sell NFTs on Opensea, earning ETH.
Crap.

Regardless, this is quite Interesting and Educational. I'm in.
Re: Electrum, I'd download the Installer to my Online machine, copy it to my Offline machine, then run it offline.
That Installer includes the 2048 words to choose from.

May I instead create my own seed-phrase, like
ThisIsMySecretPhraseThatNobodyButMeKnowsBecauseIMadeItUpAllByMyself
Are there Any ETH wallets that would allow me to do that?

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: NeuroticFish on December 01, 2021, 04:34:41 PM

* actually a checksum is also made (and Electrum adds its own version info too) so at least the last word may not be exactly random, still the explanation can be seen as a simplification, not too far from reality.

In an electrum's seed phrase, all words (all 132 bits) are generated randomly.
Electrum's seed doesn't have a checksum same as a BIP39 seed in which the last 4 bits are checksum.
Electrum only checks the first 8 bits of the hash of the seed phrase to see if it can be a valid seed phrase.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: Mark228 on December 01, 2021, 04:21:38 PM

NeuroticFish, thanks for that link.
That explains the process almost as clearly as You just did, but still...
When ORIGINATING / CREATING a non-custodial wallet (for the intended Offline machine),
that machine MUST go momentarily online for that creation process. Correct?
Or am I still missing something?

Aahhh... I just read the reply from Jerome...
With Electrum, I can create my own 12-word-seed-phrase (or any other text?).
Now, THERE's the answer for paranoids like me.
Nobody except ME will initially see that source seed-phrase.

Am I clear, now? Roll Eyes

At creation, a new random seed is generated. Basically a random set* of 12 words from this list is picked: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
It's not your own list of words, but you can add custom words though to it if you want.
It's ... random. For generating random numbers (or lists) a computer doesn't need to go online.

* actually a checksum is also made (and Electrum adds its own version info too) so at least the last word may not be exactly random, still the explanation can be seen as a simplification, not too far from reality.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: Mark228 on December 01, 2021, 04:21:38 PM

that machine MUST go momentarily online for that creation process. Correct?

No.
It's not that the seed phrase is generated by a third party and is given to you.

Any seed phrase is only a representative of a large random number.
For generating the seed phrase from that random number (which can be generated by your operating system), you need to use a tool like electrum. You can even do it yourself, if you have enough mathematical skills.
Electrum doesn't do anything more than this when creating a wallet and doesn't have to be online.
All the process of generating the seed phrase can be done offline and developers don't have any control over your seed phrase, your wallet file, your transactions, etc.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

Quote from: Mark228 on December 01, 2021, 04:21:38 PM

Aahhh... I just read the reply from Jerome...
With Electrum, I can create my own 12-word-seed-phrase (or any other text?).
Now, THERE's the answer for paranoids like me.
Nobody except ME will initially see that source seed-phrase.

Am I clear, now? Roll Eyes

Electrum can be used to generate a 12 word seed phrase even if the machine is not connected online. This could be donr many times you want offline. If you want to receive bitcoins, you can also leave it offline and use other machine to go online and send the wallet address ti receive. It's up to you to keep that 12 word seed safe and the password.

Mark228

newbie

Activity: 15

Merit: 6

NeuroticFish, thanks for that link.
That explains the process almost as clearly as You just did, but still...
When ORIGINATING / CREATING a non-custodial wallet (for the intended Offline machine),
that machine MUST go momentarily online for that creation process. Correct?
Or am I still missing something?

Aahhh... I just read the reply from Jerome...
With Electrum, I can create my own 12-word-seed-phrase (or any other text?).
Now, THERE's the answer for paranoids like me.
Nobody except ME will initially see that source seed-phrase.

Am I clear, now? Roll Eyes

JeromeTash

legendary

Activity: 2338

Merit: 1261

Heisenberg

Quote from: Mark228 on December 01, 2021, 03:42:15 PM

I MUST go online to Receive the seed-phrase in the first place,
and that seed-phrase is sent to me along with the wallet number. Correct?

Thus, THEY (the wallet vendor) have (or had) all relevant details. Correct?

Good wallets like Electrum can let you generate a seed phrase even without you being connected to the internet. You can't do this with a wallet like coinbase wallet you were talking about.

Quote

So, to be Really Safe, we must get only open-source wallets. Correct?

Open source wallets are usually transparent. You get to know if there is malicious code in the source code or not. With close sourced wallets, you are not sure what they do with your seeds, let say when you try to import your account.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: Mark228 on December 01, 2021, 03:42:15 PM

When originating a non-custodial wallet (that will be forever offline / cold / air-gapped),
I MUST go online to Receive the seed-phrase in the first place,
and that seed-phrase is sent to me along with the wallet number. Correct?

A cold wallet NEVER has to go online. You said it. then why would you still go online with it for whatever reason?
You've missed something.

When a wallet is created, a HD wallet, a random seed is generated for it and the private keys and addresses are generated based on that forever. No need for anything online.
If you want to properly use a cold wallet, you need a companion watch only wallet on another device, online.
The link between the two is made through master public key.

The online wallet has all the info to create transactions, but cannot sign them because no private keys available.
The unsigned transactions are transferred to the cold wallet, you sign them there, transfer back to the online wallet and broadcast them.

As you see, the cold wallet remains offline. Its only use is to sign transactions. It won't have up-to-date balance info, for example. But the watch only, online wallet, will have the correct balance and that's good enough.

More details here: https://electrum.readthedocs.io/en/latest/coldstorage.html

Mark228

newbie

Activity: 15

Merit: 6

Apologies if I'm beating this subject to death, but... many years ago,
I was programming Assembler language on IBM mainframes... I'm detail-oriented.

I've read and understood all of the replies.

When originating a non-custodial wallet (that will be forever offline / cold / air-gapped),
I MUST go online to Receive the seed-phrase in the first place,
and that seed-phrase is sent to me along with the wallet number. Correct?

Thus, THEY (the wallet vendor) have (or had) all relevant details. Correct?

So, to be Really Safe, we must get only open-source wallets. Correct?

Hosseinimr93 and Findingnemo, how is Electrum different from that scenario?

Smartvirus, you're assuming that I did delete that photo.
Similarly, I'm assuming and Trusting that the wallet creator / vendor Did Delete (or never saved) the seed phrase.
Hey,... if the vendor (i.e. Coinomi) is stupid or crooked, crap could happen.

Cool. I don't understand Why (I'm only Asking questions, not Answering), but some people gave Me merits.
Thanks. I gave one to Jerome, but his count remained the same. ? Ah, well.

Thanks very much for your expertise, people.

Smartvirus

legendary

Activity: 1554

Merit: 1139

Quote from: Mark228 on November 27, 2021, 04:36:05 PM

And another question:
If that 12-word-seed-phrase COMES FROM Coinbase, then How can they say that they don't KNOW that phrase?
THEY Created it !
I'm just playing devil's advocate here, thinking of Possibilities.

I'll put it simple in this scenario.

Supposing you did take a photo with your cell phone, you send or paste it on any media and then, you delete it from your device. Now, you have the photo on that site, platform or media but now, you don't have it on the source media, neither do you have a way of regenerating that same photo.

It's almost the same thing with seed phrases and private keys. In order to ensure its that discrete and to maintain a high level of privacy and transparency, the seed phrases or private keys comes without any backup. This is why your always warned to write it down, keep it private and ensure it never goes missing. To ensure you took a means to follow up on there instructions, your given the chance to verify by a first time usage before getting to access the wallet proper.

Findingnemo

hero member

Activity: 2366

Merit: 793

Bitcoin = Financial freedom

Quote from: Mark228 on November 29, 2021, 03:26:35 PM

Sheenshane, I think I do understand the difference.

The question remains...
Regardless of where the non-custodial wallet comes from (Coinbase, or anywhere else),
THEY create that seed-phrase and send it to me,
so therefore They have (or had at one time) knowledge of that seed-phrase.
I hafta' Trust that they didn't Save that seed-phrase somewhere. Correct?

.

First of all Electrum is not creating our private keys, its generated by our OS and it picks the random words depends on what kind of wallet we are creating, and its different for legacy,segwit and 2FA as far as I know so you can trust that only you know the keys and that's why you have to keep it safe and never let it go online.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: Mark228 on November 29, 2021, 03:26:35 PM

A programmer can see the Open-source code,
to hopefully determine if they are saving that seed-phrase. Correct?

Exactly.
For example, when you use electrum, you can be sure that you are the only one who has access to the seed phrase. (Of course, there's still the chance of getting hacked, if you generate the wallet or store the wallet file on an online computer).

A good example showing why you shouldn't trust close-source wallets is coinomi.
They were sending users seed phrase to google servers. (Click here to see how the vulnerability caused a user to lose his fund)
Coinomi has solved the issue, but we still can't be sure that users seed phrases aren't stored on any server. This applies to all other close-source wallets as well.

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: Mark228 on November 29, 2021, 03:26:35 PM

The question remains...
Regardless of where the non-custodial wallet comes from (Coinbase, or anywhere else),
THEY create that seed-phrase and send it to me,
so therefore They have (or had at one time) knowledge of that seed-phrase.
I hafta' Trust that they didn't Save that seed-phrase somewhere. Correct?

No, I do not think so. There are no "THEY" in non-custodial wallets, just software. The software generates a seed phrase and, if the software is legit, no one else has access to it except you.

Quote from: Mark228 on November 29, 2021, 03:26:35 PM

Hosseinimr93, THAT's where the Open-or-closed-source attribute comes in.
A programmer can see the Open-source code,
to hopefully determine if they are saving that seed-phrase. Correct?

Of course. You can look at it that way. I personally do not like closed source (proprietary) wallets, but you know you can run software on an offline (air-gapped) machine as well? Even if you do not trust the creator of the software, your seed cannot leak from a computer that never goes online.

Mark228

newbie

Activity: 15

Merit: 6

Sheenshane, I think I do understand the difference.
The Coinbase.com wallet that I now have is Custodial, wherein THEY host it
and have control of it, and there is no seed-phrase for it.

When I create a Non-custodial wallet (from Coinbase, or from anywhere else),
I'll get a seed-phrase, and I'll control that.

The question remains...
Regardless of where the non-custodial wallet comes from (Coinbase, or anywhere else),
THEY create that seed-phrase and send it to me,
so therefore They have (or had at one time) knowledge of that seed-phrase.
I hafta' Trust that they didn't Save that seed-phrase somewhere. Correct?

Hosseinimr93, THAT's where the Open-or-closed-source attribute comes in.
A programmer can see the Open-source code,
to hopefully determine if they are saving that seed-phrase. Correct?

Thanks for the discussion, people.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: nakamura12 on November 28, 2021, 12:52:39 AM

..........I have a custodial wallet and i don't know where it is stored......

Custodial wallets work in a completely different way than a HD wallet. So when it comes to a custodial wallet, there is no seed phrase at all it doesn't make sense to say where the seed phrase is stored.
Whenever you send a fund to a custodial wallet or an exchange, you actually send the fund to an address owned by them, not your own (HD) wallet.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

Quote from: JeromeTash on November 27, 2021, 04:05:29 PM

I would suggest you to use a noncustodial wallet to keep your coins like coinbase wallet, though you can still store them in the coinbase account alone, but it's not safe since you don't own the private keys.

I do not recommend Coinbase to people because instead to download the non-custodial Coinbase wallet they always download the custodial Coinbase wallet. And as you have implied, if not their keys, it is not there coins.

I will better prefer people to use the ones that can not confuse newbies, I recommend Electrum for bitcoin which is online wallet but can still also be used on airgapped devices. For multiple coins (bitcoin and altcoins) better secure wallets are hardware wallets.

noorman0

hero member

Activity: 1778

Merit: 709

[Nope]No hype delivers more than hope

Quote from: Mark228 on November 27, 2021, 04:36:05 PM

If that 12-word-seed-phrase COMES FROM Coinbase, then How can they say that they don't KNOW that phrase?
THEY Created it !

I think it belongs to a Coinbase (exchange) account because you said email and password to access, more precisely it is a backup of seed phrases to restore authenticator. Just found information that coinbase once had a 2fa regenerate feature to seed phrases, but it has been disabled for now. (Source)

Topic: Do I need a Coinbase Wallet, as well as the Coinbase account? (Read 274 times)