Author

Topic: How does an encrypted wallet.dat file compare to Ledger/Trezor? (Read 156 times)

legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
The problem with a wallet.dat and a password is that it's a single point of failure.

If whatever you wind up putting that file on when you want to send funds whenever in the future has any sort of malware / keylogger it's all over since they now have the file and your password.

But, with an external hardware wallet you avoid that risk.

-Dave
legendary
Activity: 4466
Merit: 3391
Thanks for sharing that. I tried to see if I could find a step by step tutorial on how to do this and came across this post. Is that the same process you've outlined?
https://bitcointalksearch.org/topic/bitcoin-core-create-a-watch-only-wallet-and-sign-transactions-offline-tutorial-5392824
You don't need Bitcoin Core and those instructions go beyond what you need. Any wallet that gives you a recovery phrase and extended public key will do.

Tails is a good way to do a clean boot, but I don't know what wallets can be used with it. Electrum is probably your best choice of wallets. Just remember that Electrum does not use a recovery phrase BIP-39 by default.
newbie
Activity: 7
Merit: 5
You don't need to maintain an air-gapped computer or even sync the block chain. With an extended public key imported into a wallet, you will always have a new address available for depositing bitcoins to your cold wallet, but they cannot be spent without using the recovery phrase.

1. Create a wallet on a clean computer.
2. Write down the recovery phrase or store it on a USB drive.
3. Copy the extended public key to another USB drive.
4. Wipe the computer.
5. Import the extended public key into a wallet.


Thanks for sharing that. I tried to see if I could find a step by step tutorial on how to do this and came across this post. Is that the same process you've outlined?
https://bitcointalksearch.org/topic/bitcoin-core-create-a-watch-only-wallet-and-sign-transactions-offline-tutorial-5392824
legendary
Activity: 4466
Merit: 3391
You don't need to maintain an air-gapped computer or even sync the block chain. With an extended public key imported into a wallet, you will always have a new address available for depositing bitcoins to your cold wallet, but they cannot be spent without using the recovery phrase.

1. Create a wallet on a clean computer.
2. Write down the recovery phrase or store it on a USB drive.
3. Copy the extended public key to another USB drive.
4. Wipe the computer.
5. Import the extended public key into a wallet.
sr. member
Activity: 385
Merit: 266
Both options are really good compared to a hot wallet however 'self-custody' it may be. I have personally seen Ledger being used for cold storage. It is quite small, so as long as you don't lose it, then there is no problem. Smiley
hero member
Activity: 868
Merit: 737
I want to move away from a self-custody hot wallet to cold storage. Instead of going with Ledger/Trezor, I plan on installing Bitcoin Core on an airgapped laptop and encrypting the wallets. That way I can just copy the wallet.dat file to many USB drives and keep them in different locations and I'd just have to remember the passphrase. I know I'd have to take a few extra steps if I needed to send funds out of those wallets, but don't plan on it as they are long term holds.

Would like to hear your thoughts on how that compares to going with a Ledger/Trezor.
using electrum is easier without downloading any data blockchain like you use core. So if you use electrum, keep the seed in different location like your planning, and don't forget to write in paper or steel.

and don't remember the passphrase, write it because the human memory has limited to remembering all things such as passwords, seeds, billing, girl friend phone number, and the passphrase. 
newbie
Activity: 7
Merit: 5
I want to move away from a self-custody hot wallet to cold storage. Instead of going with Ledger/Trezor, I plan on installing Bitcoin Core on an airgapped laptop and encrypting the wallets. That way I can just copy the wallet.dat file to many USB drives and keep them in different locations and I'd just have to remember the passphrase. I know I'd have to take a few extra steps if I needed to send funds out of those wallets, but don't plan on it as they are long term holds.

Would like to hear your thoughts on how that compares to going with a Ledger/Trezor.
Jump to: