Paper wallet withdraw security question

Captain-Cryptory

newbie

Activity: 23

Merit: 853

Quote from: mrkfdr on April 03, 2020, 03:58:36 AM

Hi all
Trying to figure out something,

Have a certain amount in a paper wallet and i want to withdraw half of it.

Using an HD wallet on my mobile and i scan the private code of the paper wallet.

at this stage the private code has been scanned and it's on my device so its not really private anymore.

Am i missing something ?
Or the thumb rule is to withdraw all the amount from the paper wallet to avoid this situation ?

thanks
Mark

You still have all out safe option to scan priv code with QR scanner installed on air-gaped PC which prevents it from leaking outside. Then that code should be imported into cold wallet living on the same machine. Cold wallet in turn could sign relevant transaction. The latter can be broadcasted via online services. As it was said in above comments the use of HD wallet on mobile device may compromize you private key.

hatshepsut93

legendary

Activity: 2954

Merit: 2145

Quote from: mrkfdr on April 03, 2020, 03:58:36 AM

at this stage the private code has been scanned and it's on my device so its not really private anymore.

"Private key" comes from cryptography terminology and it means a key that is only known to the user and is not shared with anyone, because it's knowledge is all that is needed to do some operation, in our case spending coins. So, strictly speaking, when you move it to your smartphone, it's still a private key. You're right to be worried, because it's more dangerous to store private keys on an online device, but if you are worried about malware, then you might as well be worried that your device is already compromised and the keys will be snatched as soon as they touch the device.

If you have really high security requirements, you should research hardware wallets or cold storage setup.

hosseinimr93

legendary

Activity: 2380

Merit: 5213

Quote from: odolvlobo on April 04, 2020, 02:50:29 PM

2. You cannot send an arbitrary amount from a paper wallet. The bitcoins stored at an address are stored in discrete amounts and you can only send those amounts. For example, an address may contain 10 BTC, but if the bitcoins were sent to the address in two transactions of 3 BTC and 7 BTC, you can only send 3 or 7 or 10 BTC. If you want to send 5 BTC, the wallet will send 7, but 5 will go to the receiver and 2 will go to a "change" address, and the paper wallet will now have only 3 BTC. See https://en.bitcoin.it/wiki/Change

Generally you are right about not reusing a paper wallet since it has been used online. But there will be no problem with change address if you use an imported private key wallet in Electrum. The remaining fund will be sent to the paper wallet address. In other words, in an imported private key wallet in Electrum, the change address will be same as paper wallet address.

So, if you receive 3 BTC in one transaction and 7 BTC in another transaction into your paper wallet and use an imported private key wallet in Electrum (only Electrum, no other wallet) to send 5 BTC, after the transaction you will have 5 BTC in your wallet.

Despite of this, I agree that the paper wallet shouldn't be reused especially if the transaction is made through a tool other than Electrum.

odolvlobo

legendary

Activity: 4298

Merit: 3209

Quote from: mrkfdr on April 03, 2020, 03:58:36 AM

Have a certain amount in a paper wallet and i want to withdraw half of it.

Using an HD wallet on my mobile and i scan the private code of the paper wallet.

at this stage the private code has been scanned and it's on my device so its not really private anymore.

Am i missing something ?
Or the thumb rule is to withdraw all the amount from the paper wallet to avoid this situation ?

A paper wallet should not be reused. There are two issues.

1. The primary benefit of a paper wallet is physical security, and that benefit is gone once the private key has been scanned.

2. You cannot send an arbitrary amount from a paper wallet. The bitcoins stored at an address are stored in discrete amounts and you can only send those amounts. For example, an address may contain 10 BTC, but if the bitcoins were sent to the address in two transactions of 3 BTC and 7 BTC, you can only send 3 or 7 or 10 BTC. If you want to send 5 BTC, the wallet will send 7, but 5 will go to the receiver and 2 will go to a "change" address, and the paper wallet will now have only 3 BTC. See https://en.bitcoin.it/wiki/Change

mrkfdr

jr. member

Activity: 41

Merit: 3

Got it , Thnx !!

mocacinno

legendary

Activity: 3402

Merit: 5004

https://merel.mobi => buy facemasks with BTC/LTC

Quote from: mrkfdr on April 03, 2020, 03:58:36 AM

Hi all
Trying to figure out something,

Have a certain amount in a paper wallet and i want to withdraw half of it.

Using an HD wallet on my mobile and i scan the private code of the paper wallet.

at this stage the private code has been scanned and it's on my device so its not really private anymore.

Am i missing something ?
Or the thumb rule is to withdraw all the amount from the paper wallet to avoid this situation ?

thanks
Mark

You are right, as soon as your private key touches a device that's been online, you should consider your paper wallet to be compromised.

If you have multiple unspent outputs funding the address on your paper wallet, you should use them all...

Make a new paper wallet, import the private key of your paper wallet into electrum (for example, do check electrum's signature before using it, download only from the official site), create a new transaction spending all unspent outputs, pay whoever you have to pay and send the change to the NEW paper wallet.

If you're really security-contious you can even use an airgapped setup: create a watch-only online wallet where you import the ADDRESS, create the transaction spending all unspent outputs funding this address (change going to a NEW paper wallet that was created in a SECURE fashion), then install electrum on an offline machine where you import your private key, transport the unsigned tx from the online machine to the offline machine for signing, and back to the online machine for broadcasting.

I'm having a meeting right now, i'll try to answer any extra questions in ~0.5-1 hr.

mrkfdr

jr. member

Activity: 41

Merit: 3

Hi all
Trying to figure out something,

Have a certain amount in a paper wallet and i want to withdraw half of it.

Using an HD wallet on my mobile and i scan the private code of the paper wallet.

at this stage the private code has been scanned and it's on my device so its not really private anymore.

Am i missing something ?
Or the thumb rule is to withdraw all the amount from the paper wallet to avoid this situation ?

thanks
Mark

Topic: Paper wallet withdraw security question (Read 218 times)