Topic: Paper Wallet vs Desktop Wallet and security? - page 2. (Read 3150 times)

I would suggest something like a trezor so that it has the security of a hardware wallet, but you can actively see your balances without having to physically connect it each time. The recovery is also super easy if you break it or lose it.

I think that a Paper Wallet is much easier to secure because it does not have to be online in order for it to be used. If I wanted to get Bitcoins then I would just try to load up the paper wallet and get the cash, that’s pretty much all there is with a Paper Wallet. A desktop wallet requires electricity.

I agree, having a desktop wallet is much better than having a paper wallet because you can load the desktop wallet at any time if there is a computer nearby with an active Internet connection. Paper Wallets are usually for people that prefer to keep their money safe by burying it in something or hiding it somewhere though in most cases if someone finds the Paper Wallet then the money is good as gone.

Desktop wallets work best with a password, of course.

What if I create a paperwallet for a random coin. How do I know I will be able to sweep it anywhere? Does there not have to exist a dedicated site with a sweep function to be able to redeem the private key on the paper wallet?

Still not sure what sweep actually mean? I assume it means to transfer my funds from the paper wallet to another wallet.

If the paper wallet and the desktop wallet will be compared . I will prefer the desktop wallet because the paper wallet is not secured especially on public areas like market and other public areas. Compared to the desktop wallet it is electronic and it is so hard to be stolen, so for me desktop wallet is more advisable.

I'd strongly encourage anybody to use bip38 encryption... If you don't use encryption, anybody who finds your paper wallet will be able to sweep it



I would advise against using online wallets... Since you're experimenting with paper wallets, i can only assume you care about the security of your wallets, and in my honest opinion, online wallets are the most insecure type of wallets that exist.



I know dogecoin has an electrum clone that is an SPV HD wallet with a sweeping function. I don't have initmate knowledge about digibyte, but as a rule of thumb, allmost all coins that are based on the bitcoin codebase can run a "core" version in deamon mode and have an importprivkey command (either from the command line or inside the QT wallet)

Oh ok, I have done it with a BTC paper wallet in the past and I wont use bip38. I did it on https://blockchain.info/ and it was very easy to just import adress and then put in the private key and done. (Is this what is called sweeping because I still did not get that fully?)

But yes, how do I do this with other coins besides btc? On https://walletgenerator.net/ you can create paper wallets for tons of different coins. Say for example I create one for Doge coin or DigiByte, where do I go then to put in the private key to unlock the wallet?

It's more of a procedure thing... If you create one paper wallet, load it with a very small amount, try sweeping it, you are sure that you have all software and all techniques to sweep a paper wallet... If you have never tested out the procedure before, you might get stuck trying to decrypt a bip38 encrypted private key, or you might be stuck trying to figure out which QR code to scan,... If you did a testrun, you'll be 100% sure everything works as planned.
BTW: bitcoin is about freedom... If you don't want to do a trial run, nobody is forcing you to do one... It's completely up to you...


No... Sweeping = using an automated process programmed by your wallet vendor to create a transaction using all unspent outputs from your paper wallet to create a new transaction whose outputs can be spent by the keys that are managed by your wallet.

Importing = actually starting to manage the outputs to a certain address whose private keys you imported into a wallet.

The difference is that when you sweep a paper wallet, the wallet gets "emptied" (for the lack of a better word). If you import a wallet, it gets imported (it's still funded, but now it gets managed by the wallet in  which you imported the private key)

Hmmm I get a little confused by this "If you mean loading the wallet and then using a block explorer to see if the output is added to the address' balance, that would be OK. However, this procedure will not guarantee that you'll be able to spend outputs. If you do this, you might end up with a loaded paper wallet and no knowledge on how to spend your outputs..."

If I send coins to the adress I have, and I can see they land on the adress, why would I not be guaranteed to be able to spend that money later? And what do you mean by "you might end up with a loaded paper wallet and no knowledge on how to spend your outputs"?

Also why does it help create two wallets and only test one of them? How do I know the second one will work if the first one does?

By the way, with "sweeping" do you mean importing the private address to a wallet?

If you mean loading the wallet and then using a block explorer to see if the output is added to the address' balance, that would be OK. However, this procedure will not guarantee that you'll be able to spend outputs. If you do this, you might end up with a loaded paper wallet and no knowledge on how to spend your outputs...

However, if you load the wallet, then try to spend some of the outputs (but not all), in order to test your paper wallet, you have 2 risks:
1) you will have entered the private key onto some sort of wallet software, this is not good
2) as soon as you create a transaction to spend outputs from your paper wallet, you will have broadcasted your public key, this is not good

That is why you can create 2 paper wallets, load one with a minimal amount, try to sweep it... If everything goes well, load the rest of the funds onto the second paper wallet whose private key has never touched an online machine.

As for your second question: it seems most wallets do not support bip38 encrypted private keys. However, you can use the offline sourcecode of bitaddress.org (the wallet details-tab) to decrypt an encrypted key, then sweep the decrypted key.

Hmm not sure, as long as you send a small amount and you can see that amount actually reached the address it should be all good to send more to it? It must be what they meant?

By the way, when I want to sweep (if that is what restoring my coins is) the paper wallet and it has a bip48 on it, where do I put in the bip48? I have restored a regular paper wallet before, but I never saw any option to put in a bip48 password?

put plastic around the paper, so it's water-proof (i hope lament was the correct term, i'm not a native speaker myself )

i always use https://www.bitaddress.org , this paper wallet generator allows you to use bip38 encryption


Well, i would advise against spending part of the unconfirmed outputs that are controlled by the private key on your paper wallet... Either sweep it completely, or don't touch it at all.. Maybe they mean that you should generate a test-paper wallet, put a small amount on it, then sweep it, then generate a NEW paper wallet to actually use...

Also do you undertand what they mean with this?

"Step 5. Keep your private key secret

The private key is literally the keys to your coins, if someone was to obtain it, they could withdraw the funds currently in the wallet, and any funds that might be deposited in that wallet.

Please test spending a small amount before receiving any large payments."

What do they mean by spend a small amount? Once I create a paper wallet and send funds to it I cant spend it until I have extracted the private key, which I should only do once I actually do want to spend the funds again? Do they actually mean to SEND a small amount to the address before sending a bigger amount to the address?

How do you mean you "lament" your paper and how is this done and why? (sorry not native english)

How do you bip38 encrypt a wallet? I looked in https://walletgenerator.net/ but I could not see such an option on the single wallet? I only saw it on the paper wallet section, but there you don't get to input any random words to generate the private key, but instead just press a button that give key, that does not feel nearly as safe?

Btw, is bip38 when you also put a password on your paper wallet, and does that work with all coins that can have a paper wallet?

If you're really paranoid, you could indeed make a tails usbstick and boot from an airgapped machine without harddisks... But personally, i do think that's overkill
As for storing your paper wallet on an usbstick: i also print it out on an offline printer and laminate this paper.

I would suggest to bip38 encrypt your paper wallet, if you pick a strong password, it would be very hard for anyone to steal your coins

I'm going to try to formulate an answer here... altough there seem to be a lot of questions mingled together... Remember, i can only give you my personal opinion, what works for me doesn't necessarily work for you:

- if you store the same amount of BTC, and not looking for extra security, i would defenatly go for a desktop wallet... Easyer to use, and already pretty safe out-of-the box (most of the time)
- i have no idear if it's an extra security issue if an HD wallet forces you to repeat the seed... I guess on an infected PC, it might be completely unsecure... you're right
- personally, i don't boot using an usb bootable os when generating a paper wallet... I just download bitaddress's sourcecode, turn off my internet, generate a paper wallet, put the wallet on an USB stick and then reboot my pc before i turn the internet back on
- i think most desktop wallet will allow you to generate your wallet while you're offline... I'm sure about core and electrum, but i don't think other wallet would turn out to be a problem... However, if you want to start syncing the blocks (or block headers in case of electrum), it's obvious you'll need to be online. It is possible for you to only keep the xprv (or private keys in case of a non HD wallet) on an offline pc, while importing the xpub (or addresses) on an online PC... This way you actually implemented a cold storage technique


Most paper wallet generators give you a private key and an address... I don't see any security issues when looking up your balance using your address by using a block explorer. The only thing that might happen is that you lose a bit of anonimity (your ip could potentially be tracked). The only moment your private key should be scanned (or typed into) an online pc is when you sweep your paper wallet tough!!!!
I would also recommand not to enter your public key on an onine PC, only your address.

Without all technical aspects, and the many different forms it actually goes like this:

private key =(hashing function)=> public key =(hashing function)=> address
So, if the first hashing function ever gets compromised, it should (theorecitally) be possible to re-calculate your private key starting from your public key... IF a hacker wants to calculate your private key while he only has your address, he has to reverse-engineer 2 different hashing algo's...

Also a practical question. When you create your paper wallet you get a public and a private key. Can you do searches on your public key or put in some program like cointracker to keep track of your balance in your paper wallet, or is that also a risk? Should you just send money into the paper wallet adress and hope it is there, or how do you check it actually arrived since there is no gui on it?

If we are talking about the same amount stored though? Do the Paper wallet need to be safer than the desktop wallet in that case?

And because you never type anything in to the computer when creating a paper wallet, and many dektop wallets actually make you type in your seed which is your password when you send coins, does that mean the paper wallet is safer even when always connected to the internet?

If that is the case, creating the paper wallet with the internet off on the same computer that you normally have your coins in a desktop wallet should be like 10X more secure vs using a desktop wallet? Or should you always setup your desktop wallets also in offline mode? (I have never seen any instructions though when initializing a desktop wallet that you should turn out the internet so if that is much safer I dont understand why there would be no such instructions during the setup, I have always thought you need to be connected to the internet to setup desktop wallets? There is something that needs to be sent to a server an initialize your key in the system? It can't all be done offline?)

I feel like I am missing something here.

I don't think it's an EXTRA security risk (depending on which software you use to generate the paper wallet)... However, in my personal opinion, paper wallets are used for long term storage of bigger amounts... A paper wallet needs to be safer than a desktop wallet, that's why you should take extra precautions when generating it.

If you were using an online machine to generate a paper wallet, you could just have used a desktop wallet instead...