Is there a security risk in reusing paper wallets?

AgentofCoin

legendary

Activity: 1092

Merit: 1001

Quote from: helloeverybody on January 07, 2016, 02:16:15 PM

Quote from: AgentofCoin on January 07, 2016, 02:13:41 PM

...

So when the private key is exposed it doesnt make it easier to hack from the outside world it just makes it more likely that you will be hacked due to keyloggers etc?

Also you say they will then be able to backwards engineer you private key? what does that involve and whats the likely hood of that?

thx

Yes, it makes it more likely for loss, because of things like keyloggers and such.
Private keys are safe and can not be hacked. Only you can be hacked and as a result, eventually reveal your private key.

When it comes to backward engineering your private key from address reuse, this is based on what I have read previously.
Another forum member who is an expert can expand and explain it more properly than I.

My understanding, is that the more you reuse an address, the higher a chance for a hacker to "figure out" your private key.
My understanding, is that it isn't simple and would take a good amount of resources and time to do so.
My understanding, is that they are able to "figure out" your private key, by finding patterns from your multiple transactions out of that address.
My understanding, is that the minimum about of transactions out of your wallet a hacker would need is about 30 individual outputs.

But ultimately, if you kept your address reuse to below 29 transactions, out of that address, you are very safe.

AgentofCoin

legendary

Activity: 1092

Merit: 1001

Quote from: helloeverybody on January 07, 2016, 02:08:02 PM

Ive always kind of wondered about this too, whats the difference in privacy if i saend 1 btc to a paper wallet or send 1 btc to my phone wallet. You can see both transactions on the blockchain can you not?

On the phone wallet, your private key is stored on the phone and is potentially exposed to malware/virus/hackers on your phone.
This is why it is advised to store a low about of bitcoins on your phone, and store the rest on a computer wallet, offline or cold storage.

On the paper wallet, your private key is only on that piece of paper and is potentially exposed to natural events (fire,flood,physical theft).

There is no real difference in privacy.
You can see both transaction on the blockchain, but that is irrelevant as to how their private key is stored.

helloeverybody

legendary

Activity: 1008

Merit: 1000

★YoBit.Net★ 350+ Coins Exchange & Dice

Quote from: AgentofCoin on January 07, 2016, 02:13:41 PM

Quote from: tss on January 07, 2016, 02:05:13 PM

Quote from: gentlemand on January 07, 2016, 12:17:39 PM

I think the sole issue is exposing the private key to the interweb when you sweep it. I'm unfamiliar with how stuff like Trezor works but perhaps it bypasses that risk. Nowt wrong with sending multiple transactions to it. It's the taking out that might sting.

how is the private key exposed? hypothetically if i were on the same lan as the device doing the sweep.. would i be able to sniff out the key?

Simply, when you expose the private key at any time, on any computer, connected to internet or not,
the fact that you have now "revealed" your private key, is the issue everyone is addressing.

The purpose of a paper wallet is that the private key is not stored in a wallet program or ever used on a computer.
Your private key is only on that piece of paper and is entirely safe from any computer "thief".

As soon as you use the private key to make a transaction, now you are potentially exposed to hackers/malware/etc.
For that reason, it is recommend to use a different address each time, because you private key may have been exposed.
There are two possible ways of exposure,
(1) from malware or hackers, and
(2) from address reuse to the point of being able to backwards engineer your private key. (min 30 internal address transactions)

So, basically, that is why you are recommended to transfer any remaining bitcoins to a new paper wallet.

So when the private key is exposed it doesnt make it easier to hack from the outside world it just makes it more likely that you will be hacked due to keyloggers etc?

Also you say they will then be able to backwards engineer you private key? what does that involve and whats the likely hood of that?

thx

AgentofCoin

legendary

Activity: 1092

Merit: 1001

Quote from: tss on January 07, 2016, 02:05:13 PM

Quote from: gentlemand on January 07, 2016, 12:17:39 PM

I think the sole issue is exposing the private key to the interweb when you sweep it. I'm unfamiliar with how stuff like Trezor works but perhaps it bypasses that risk. Nowt wrong with sending multiple transactions to it. It's the taking out that might sting.

how is the private key exposed? hypothetically if i were on the same lan as the device doing the sweep.. would i be able to sniff out the key?

Simply, when you expose the private key at any time, on any computer, connected to internet or not,
the fact that you have now "revealed" your private key, is the issue everyone is addressing.

The purpose of a paper wallet is that the private key is not stored in a wallet program or ever used on a computer.
Your private key is only on that piece of paper and is entirely safe from any computer "thief".

As soon as you use the private key to make a transaction, now you are potentially exposed to hackers/malware/etc.
For that reason, it is recommend to use a different address each time, because you private key may have been exposed.

There are two possible ways of exposure,
(1) from malware or hackers, and
(2) from address reuse to the point of being able to backwards engineer your private key. (min 30 internal output address transactions)

So basically, that is why you are recommended to transfer any remaining bitcoins to a new paper wallet.

helloeverybody

legendary

Activity: 1008

Merit: 1000

★YoBit.Net★ 350+ Coins Exchange & Dice

Ive always kind of wondered about this too, whats the difference in privacy if i saend 1 btc to a paper wallet or send 1 btc to my phone wallet. You can see both transactions on the blockchain can you not?

tss

hero member

Activity: 742

Merit: 500

Quote from: gentlemand on January 07, 2016, 12:17:39 PM

I think the sole issue is exposing the private key to the interweb when you sweep it. I'm unfamiliar with how stuff like Trezor works but perhaps it bypasses that risk. Nowt wrong with sending multiple transactions to it. It's the taking out that might sting.

how is the private key exposed? hypothetically if i were on the same lan as the device doing the sweep.. would i be able to sniff out the key?

AtheistAKASaneBrain

hero member

Activity: 770

Merit: 509

It's bad for your privacy, as people could in theory know that you are storing money in a single address, that's why you should get as many news addresses as possible (for each transaction). I can't wait until the new BIP47 makes it all easier and we don't need to keep creating new addresses each time to retain privacy which is a pain in the ass.

siameze

legendary

Activity: 1064

Merit: 1000

You can, assuming you didn't expose your private keys. Although address reuse is generally discouraged.

See: https://en.bitcoin.it/wiki/Address_reuse

gentlemand

legendary

Activity: 2590

Merit: 3015

Welt Am Draht

I think the sole issue is exposing the private key to the interweb when you sweep it. I'm unfamiliar with how stuff like Trezor works but perhaps it bypasses that risk. Nowt wrong with sending multiple transactions to it. It's the taking out that might sting.

tss

hero member

Activity: 742

Merit: 500

I would like to know if there's a security risk in reusing paper wallets?

Both ways.

Is it risky to send multiple transactions to the paper wallet? How so? Why?

After a paper wallet has been swept, is it safe to keep using it again (put more coin on it)?
How so? Why?

Topic: Is there a security risk in reusing paper wallets? (Read 666 times)