Topic: How to send from "cold" electrum wallet? (Read 2952 times)

OK, as long as you actually PRINT your paper wallets and are using secure printing procedures you're fine. Paper wallets are a very powerful tool.

Your Master Private Key will never be found out if you do one thing:
1. Don't ever export a single private key from your Electrum wallet.

It's not hard to be safe with Electrum. Just don't export private keys, and don't let your seed online.

Paper Wallets are better for individual key management, physical security, and long term storage.
Electrum is better for frequent re-use. Aka, I have a cold wallet, but I want to use it to top up my hot wallet occasionally, etc.

Stay calm, and learn about each method, and how to use it safely. If you are paranoid and scared about everything you hear, you will get nervous and make a big mistake that loses all your bitcoins. So stay calm, learn about your options, and remember to BACK UP EVERYTHING. If it doesn't exist in two or more physical locations, one fire in your house can wipe out all your bitcoin holdings.

Yeah but the main reason I am going to do this is because I don't have to worry about so many things with them, I don't have to worry about master public key and where to input them or not. I would make a bunch of them, keep them offline and also print them offline as well and still continue doing what I do, which is keep my keys secure and when I perform a transaction, transfer my rest of the funds to the next one and not worry about my other keys being revealed because someone was able to find out my Master Private Key by getting hold of my Master public key and a Private key.

Paper wallets have their uses... but their main usefulness is that you can physically protect them and they don't rely on hardware (like hard disks and computer operating systems) that can fail.

If you are going to keep the paper wallets only on your offline computer, you are no more safe than using Electrum offline. And Electrum offline wallet is easier to use.

Thanks, I guess I am just going to opt for paper wallets from now on-wards, print them offline, keep them offline and only bring them to light when and if to perform a transaction and send the reaming to the next one.

I have not personally verified offlineaddress.com so I can't speak for them.

However, I assume it is similar to bitaddress.org.

With bitaddress.org, all calculations are performed on your computer, on the browser. When you generate the paper wallets, you are generating a new private key from a random number generator every time you generate them, so nothing is deterministic.

If you save the html file of the website on to an offline computer and then open the html file in a browser, generate a paper wallet and print it up, there is no way that anyone can know your private key.

If your printer is super smart and connects to the internet and caches everything ever printed on it for some reason, you might be slightly vulnerable, but if you're super paranoid, disconnect the printer from the internet, connect to the offline computer via USB, and after printing up, look up a way to clear the printer's spool. Google "secure home printing" for tips.

A little off-topic but what are your views on paper wallets like one you get from offlineaddress.com, if a user creates a paper wallet offline using the html they provide, do they use some sort of Master Private/Public key, can the people who created this offline paper wallet creation tool know what addresses and private keys were generated by users?

BIP32 is basically Electrum's Deterministic Wallet version 2.0

Thomas, the lead dev for Electrum, helped design the BIP32 protocol and it was inspired and based on the Electrum deterministic model.

http://bip32.org/
This website allows you to mess around with BIP32 and switch around the branches and whatnot to see what kind of addresses are made.

Many wallets are now supporting BIP32, in fact Electrum 2.0 will support BIP32 and on top of that supports 2of2 and 2of3 Multisig addresses generated deterministically

Ok. Thank you for this lesson man! I learnt a lot!!

And my Master public key never came online, I can confirm that, also my pc is very secure so I think I'll be ok for now.

What's BIP32?

Yes, it is very easy. But no, they will not discover your SEED, but they will discover your MASTER PRIVATE KEY. Using this, you can generate all private keys in the wallet, just like seed, but it is not exactly the seed.

If you use the master public key on an online client, your seed and private keys are on an offline computer. This is safe.

If you are talking about a normal online wallet (with seed on the online computer) then your seed will get stolen directly if someone has enough control of your PC to see your RAM, no need to steal your master public key, they just take your seed... so Master Public Key is not an added risk.


btw, this vulnerability also affects BIP32, so be careful.

Thanks for clarifying Debura.  You da man.

The inference I get is:

Don't use the same wallet as a watch only device and also for use importing some address into another wallet because then you've exposed both the MPK and private key of single address to an online system.

Yes.

But you keep your seed offline, so it is OK. No one can know your seed if you keep it, and ALL PRIVATE KEYS OFFLINE.

ie. DO NOT export a single private key from your seed and bring it online to import into some service.

As soon as you do this, anyone who knows that the private key belongs to one of the addresses generated by the master public key, they can combine them to create your master private key (which is what your seed is used to make)

Remember: When you click "Export Private Key" a huge warning message appears. Please read the warning messages and do not ignore them.

Wow, ok thanks for warning me, I am pretty sure my master public key never went online but is it really that easy, if someone finds out my master public key and private key of any of my addresses it will discover my seed?

So then how is it when one uses a master public key on an online client to send some coins, doesn't at any point the private key is inserted to sign off the transaction for it to go through?

I thought we have to copy the master public key to online computer to set up watching only wallet.

... something way more complicated imo. Not to mention dangerous.

As long as you don't ever copy your Master Public Key from your offline computer you should be safe with your method.

Why?

Because if I have a master public key and any one of the private keys of an individual address derived from that master public key, I can calculate the master private key.

To make it easy to understand: Master Public Key + Private Key of any address from it = I now know your seed.



So I hope you never touched the Master Public Key button on your offline wallet... because you've got private keys all over the place, and the one's you've used up, you're probably not too careful with anymore now that they have no balance...

But, if your Master Public Key has never touched an online computer, you're fine.

You know I couldn't understand this raw transaction, watch wallet etc mumbo jumbo, so here is what I did, installed electrum on an offline machine, which never ever comes online, it doesn't even knows what google looks like. I created bunch of addresses. got their keys and saved them on that computer itself and on other usbs (they also never go online).

Send my coins to one of those addresses and they're secure and when I feel the need to perform a transaction, install electrum on an online computer, let it sync, import the key to the address who has the bitcoins. send to whomever I need to send. for ex. I have 1 Btc and I need to send someone 0.1 Btc. I send 0.1 to him and the rest of coins I send to myself to the other address which again hasn't seen the lights of the day. And never ever use the old address again.

And I feel it's pretty secure.

Is it possible to sign the 'seedless' transaction via a QR code, without breaching the air gap with a USB drive ?

How to make offline transactions using your Master Public Key:

Get an offline computer. This can be a physical device or a separate installation on your current computer. I would advice a Debian installation with encrypted home folder for extra security.

    [Offline PC] Install Electrum via a USB-Key.
    [Offline PC] Create a new wallet. Write down the seed and memorize it, after which you should probably destroy the seed or keep it safe in a lockbox.
    [Offline PC] Go to Settings -> Import/Export and copy your "Master Public Key" and put it in a text file on your USB-Key.
    [Online PC] Install Electrum and select Restore in the dialog box shown on the first start up, use the "Master Public Key".
    [Online PC, existing Electrum installation] See below how to make Electrum to restore or open alternative, non-default, wallet.

You now have an online wallet where you can check your balances and give out new addresses, but you can't however spend the coins. So if an attacker would be able take over your online computer your coins can't be lost.

To make a transaction do the following:

    [Online PC] Go to the send tab and make a transaction. Instead of sending it, Electrum will detect a seedless wallet and query for a location to save the transaction. Select your USB-Key.
    [Offline PC] Go to Settings -> Import/Export -> "Load raw transaction". Select your transaction from the USB-Key. It will detect it's not signed and will prompt you to do so now. Fill in your password and sign the transaction. Save the new, signed, transaction to your USB-Key.
    [Online PC] Go to Settings -> Import/Export -> "Load raw transaction". Select the signed transaction and it will ask you if you want to broadcast it.

I exaggerate a bit, but being offline so I can't look up how to increase the gap limit in the console was problematic.  I also, had made a big deal in my mind of it being the first time I'd restored my seed entirely from memory, so there were a few 'aw...'. 

In any case, Electrum truly is a very impressive system. 

No, I'm not.

very cool.  Thank you Abdussamad. 

This is a great feeling, knowing my coins are secure in cold storage now.

Are you part of Electrum dev team?