Author

Topic: Paper wallet withdraw security question (Read 237 times)

newbie
Activity: 23
Merit: 853
April 05, 2020, 01:27:51 AM
#7
Hi all
Trying to figure out something,

Have a certain amount in a paper wallet and i want to withdraw half of it.

Using an HD wallet on my mobile and i scan the private code of the paper wallet.

at this stage the private code has been scanned and it's on my device so its not really private anymore. 

Am i missing something ?
Or the thumb rule is to withdraw all the amount from the paper wallet to avoid this situation ?

thanks
Mark


You still have all out safe option to scan priv code with QR scanner installed on air-gaped PC which prevents it from leaking outside. Then that code  should be imported into cold wallet living on the same machine.  Cold wallet in turn could sign relevant transaction. The latter can be broadcasted via online services. As it was said in above comments the use of HD wallet on mobile device may compromize you private key.
legendary
Activity: 3038
Merit: 2162
April 04, 2020, 04:30:25 PM
#6
at this stage the private code has been scanned and it's on my device so its not really private anymore. 


"Private key" comes from cryptography terminology and it means a key that is only known to the user and is not shared with anyone, because it's knowledge is all that is needed to do some operation, in our case spending coins. So, strictly speaking, when you move it to your smartphone, it's still a private key. You're right to be worried, because it's more dangerous to store private keys on an online device, but if you are worried about malware, then you might as well be worried that your device is already compromised and the keys will be snatched as soon as they touch the device.

If you have really high security requirements, you should research hardware wallets or cold storage setup.
legendary
Activity: 2380
Merit: 5213
April 04, 2020, 02:36:03 PM
#5
2. You cannot send an arbitrary amount from a paper wallet. The bitcoins stored at an address are stored in discrete amounts and you can only send those amounts. For example, an address may contain 10 BTC, but if the bitcoins were sent to the address in two transactions of 3 BTC and 7 BTC, you can only send 3 or 7 or 10 BTC. If you want to send 5 BTC, the wallet will send 7, but 5 will go to the receiver and 2 will go to a "change" address, and the paper wallet will now have only 3 BTC. See https://en.bitcoin.it/wiki/Change
Generally you are right about not reusing a paper wallet since it has been used online. But there will be no problem with change address if you use an imported private key wallet in Electrum. The remaining fund will be sent to the paper wallet address. In other words, in an imported private key wallet in Electrum, the change address will be same as paper wallet address.

So, if you receive 3 BTC in one transaction and 7 BTC in another transaction into your paper wallet and use an imported private key wallet in Electrum (only Electrum, no other wallet) to send 5 BTC, after the transaction you will have 5 BTC in your wallet.

Despite of this, I agree that the paper wallet shouldn't be reused especially if the transaction is made through a tool other than Electrum.
legendary
Activity: 4522
Merit: 3426
April 04, 2020, 01:50:29 PM
#4
Have a certain amount in a paper wallet and i want to withdraw half of it.

Using an HD wallet on my mobile and i scan the private code of the paper wallet.

at this stage the private code has been scanned and it's on my device so its not really private anymore.  

Am i missing something ?
Or the thumb rule is to withdraw all the amount from the paper wallet to avoid this situation ?

A paper wallet should not be reused. There are two issues.

1. The primary benefit of a paper wallet is physical security, and that benefit is gone once the private key has been scanned.

2. You cannot send an arbitrary amount from a paper wallet. The bitcoins stored at an address are stored in discrete amounts and you can only send those amounts. For example, an address may contain 10 BTC, but if the bitcoins were sent to the address in two transactions of 3 BTC and 7 BTC, you can only send 3 or 7 or 10 BTC. If you want to send 5 BTC, the wallet will send 7, but 5 will go to the receiver and 2 will go to a "change" address, and the paper wallet will now have only 3 BTC. See https://en.bitcoin.it/wiki/Change
jr. member
Activity: 47
Merit: 3
April 03, 2020, 06:16:45 AM
#3
Got it , Thnx !!
legendary
Activity: 3612
Merit: 5297
https://merel.mobi => buy facemasks with BTC/LTC
April 03, 2020, 02:59:34 AM
#2
Hi all
Trying to figure out something,

Have a certain amount in a paper wallet and i want to withdraw half of it.

Using an HD wallet on my mobile and i scan the private code of the paper wallet.

at this stage the private code has been scanned and it's on my device so its not really private anymore.  

Am i missing something ?
Or the thumb rule is to withdraw all the amount from the paper wallet to avoid this situation ?

thanks
Mark




You are right, as soon as your private key touches a device that's been online, you should consider your paper wallet to be compromised.

If you have multiple unspent outputs funding the address on your paper wallet, you should use them all...

Make a new paper wallet, import the private key of your paper wallet into electrum (for example, do check electrum's signature before using it, download only from the official site), create a new transaction spending all unspent outputs, pay whoever you have to pay and send the change to the NEW paper wallet.

If you're really security-contious you can even use an airgapped setup: create a watch-only online wallet where you import the ADDRESS, create the transaction spending all unspent outputs funding this address (change going to a NEW paper wallet that was created in a SECURE fashion), then install electrum on an offline machine where you import your private key, transport the unsigned tx from the online machine to the offline machine for signing, and back to the online machine for broadcasting.

I'm having a meeting right now, i'll try to answer any extra questions in ~0.5-1 hr.
jr. member
Activity: 47
Merit: 3
April 03, 2020, 02:58:36 AM
#1
Hi all
Trying to figure out something,

Have a certain amount in a paper wallet and i want to withdraw half of it.

Using an HD wallet on my mobile and i scan the private code of the paper wallet.

at this stage the private code has been scanned and it's on my device so its not really private anymore. 

Am i missing something ?
Or the thumb rule is to withdraw all the amount from the paper wallet to avoid this situation ?

thanks
Mark


Jump to: