Pages:
Author

Topic: Possible method for cold wallet spend with bitcoin core. - page 2. (Read 399 times)

legendary
Activity: 1512
Merit: 7340
Farewell, Leo
if you send a tx from a bitcoin core wallet that is not synced up from a laptop that has no internet connection then close the core qt and copy that bitcoin app data folder to an internet connected machine and install bitcoin core.
The Bitcoin AppData directory contains the wallet files. So, yes. If you expose that directory in an Internet connected computer, you introduce some risk.

Why would you just transfer the signed transaction to the Internet connected computer? You don't need to transfer the AppData.

But I just wanted to understand other than cracking the password what could go wrong?.
Isn't that enough of a reason?  Tongue

Is it best to

A keep the old core wallet.dat
keep a record of the private key
Keep a record of the 12 words from the electrum wallet.
You need to study more on how it works. If you import separate private keys in Electrum, you don't have a seed phrase for back up. Only if you create an Electrum wallet, you get a seed phrase. You can't import a separate private key in such a wallet, because creating a new one means it is deterministic (and therefore, all private keys have a connection, so they can be derived by a single seed phrase).
member
Activity: 103
Merit: 18
Thank you very much for the guide with tails and all of the links.

I'm going to go for the technique you describe. I'm just learning how to verify pgp signatures at this stage.
The links you provided are very helpful.

I know I'm pressing reply button  but I just mean can any person comment as you dont personally have time to just answer endless questions from novice users I know that.

Just for my own curiosity and accumulation of new knowledge

Can anyone explain to me a couple of things I dont currently understand.

1  .

 if you send a tx from a bitcoin core wallet that is not synced up from a laptop that has no internet connection then close the core qt and copy that bitcoin app data folder to an internet connected machine and install bitcoin core.
Is the private key (from the offline laptop) ever directly exposed in a useable way on the internet connected laptop to broadcast that tx that was sent from the out of sync offline wallet?

I mean I know the private keys will be on there inside wallet.dat but without cracking the password would the private keys ever be exposed

To maybe ask this question differently -

If I sent a tx from an encrypted  bitcoin core wallet.dat that wasnt synced up and my machine ran out of battery before it could sync and send.

If the laptop was then stolen and he took out my internal ssd scanned it and noticed there was a bitcoin folder in the appdata folder.
What is the worst he could do right up until he broke the password?

If he loaded it into his own laptop and synced up core ( using my appdata folder) then would my original tx spend and that would be it, he has to crack the password before he can send more coins?:


Let me say again I will not use this method because I can see this person helping me is an expert.

But I just wanted to understand other than cracking the password what could go wrong?
Most uxto based pos alt coins like black coin or peer coin seem to hold their wallets on a live internet connected machine to stake and gain rewards. They are unlocked for staking only but presumably they are 24/7 and their private keys are only protected by the password encrypting their private keys in their wallet.dat

I'm trying to understand where the attack points are.


2. .

When you import a bitcoin core private key into an offline electrum wallet or rather create an electrum offline wallet using the private key from dumpprivatekey on bitcoin core.

Then you get the xpub and send the internet connected machine so you can create psbt.

Imagine you make some tx in this way.

Is it best to

A keep the old core wallet.dat
keep a record of the private key
Keep a record of the 12 words from the electrum wallet.


3. .

I finally also found a new guide to the descriptors technique

It looks almost as simple as doing a command listdescriptors and choosing 2 different ones and then pasting those results into a command saying import descriptors in a online descriptor wallet. Then you can make psbt tx like electrum.

Am I correct in thinking that so long as you 0.1 btc is all stored on one wallet address then so long as you always have that private key you can restore you funds ? Because I see people saying they messed up inputs /change and all kinds of things and then their private key didnt seem to have all the info required or their tx got stuck forever.


4. .

Lastly when people say if your cold wallet ever makes a spend even via airgapped  electrum or descriptors core technique then it can be hacked and you need a new wallet. Something about a supercomputer can more likely reverse engineer your private key if you ever use it to make a spend. Or even if you receive on a cold wallet address more than 1x.  Not that small holders would be the first use of super computer owning hackers I would imagine.

Do they mean you need to make a new entire wallet.dat and get a new password to protect it,  or can you simply generate a new address inside your original wallet.dat and now use that as a cold storage. Are new Waller addresses generated inside the same wallet.dat bound together so all become poisoned by a spend on 1 of them?


I know here on this forum most people are technically trained and know what they are doing but those that are not familiar to computers and things like that should probably try to understand how it all works as best as possible

Is this even the correct part of the forum or is this mostly for experts to talk about complicated stuff.
Is there a beginners sub section for total novice questions about wallets and things or a known reddit sub.


legendary
Activity: 1512
Merit: 7340
Farewell, Leo
If you don't feel like you've got the technical parts involved in Bitcoin Core, then I suggest you to migrate to either Sparrow or Electrum, both of which are excellent for having cold storage and are fairly simple to setup (and understand what you're doing along the way).

Your setup will look like this:

- Offline laptop will have Electrum or Sparrow (only for signing).
- Online laptop will run Electrum or Sparrow and connect to full node that runs on the same device.



In fact, judging by your experimenting ideas below, I strongly recommend you to follow my advice, or you risk losing coins. And by the way, in case you think this is airgapped or "cold storage", this is not. If your private keys are held in an Internet connected computer, it is a hot wallet.

Copy then entire bitcoin folder over to laptop 2 which is connected to the internet and when it syncs up it will broadcast the tx
The only problem with this easier way is that now the airgapped laptop can not sign any further tx in the future  until I update its blockchain to later date that the spend takes place. So in theory I will need to later copy the synced appdata file back from the internet connected laptop to the airgapped laptop.
I'll work out the safest way to get the updated bitcoin folder back over to the airgapped machine in a few years when I may need to spend the last 0.005. I suppose this is the most risky part.

Do me a favor, and follow this. This should be your airgapped environment. An Internet disconnected, Tails running computer.
  • Close your curtains.
  • Download Tails (a privacy and security focused Linux distro)
  • Verify the binaries <- Important step, you need to ensure the integrity of the OS. Do it on a clean environment.
  • Burn the OS image to a USB.
  • Take the device and physically remove any Wi-Fi antennas (and obviously, Ethernet cables if any).
  • Plug the USB to that device, and start up.

You can see that Electrum comes pre-installed. The device will not connect in any network. It's also recommended to encrypt the electrum part of the USB (as shown in the Tails start screen), in case someone gains access to the USB.
member
Activity: 103
Merit: 18
Thanks for your help.

Yes. Laptop 1 was once used to receive my bitcoin a couple of years ago. But since then has stayed offline. Has v21

Laptop 2 is connected to the internet but only for the purpose now of broadcasting my spending tx.
Will have V23 or can just keep v21.

I was just confused how to sign the offline tx on the airgapped laptop 1.

I was told that since I'm not technical and seem unable to understand the descriptor process or making a manual raw tx.

Then my only other way was to simply send (signed, where I type my wallet passphrase in) as normal with core unsynced on latop1 then close v21 down.

Copy then entire bitcoin folder over to laptop 2 which is connected to the internet and when it syncs up it will broadcast the tx
So although my keys will be on laptop 2 which is connected to the internet they are actually encrypted by my password that I dont need to enter because the tx was signed on the air gapped laptop 1 unsynced wallet.

The only problem with this easier way is that now the airgapped laptop can not sign any further tx in the future  until I update its blockchain to later date that the spend takes place. So in theory I will need to later copy the synced appdata file back from the internet connected laptop to the airgapped laptop.

I just wanted to check there are no big issues with this way.

I was thinking about sweeping to an electrum wallet and using the watch only psbt guide.
But if I can do this with core just have to copy over the appdata bitcoin folder and no programming with the bitcoin core console instructions. Then I'll stick with bitcoin core.

I'll work out the safest way to get the updated bitcoin folder back over to the airgapped machine in a few years when I may need to spend the last 0.005. I suppose this is the most risky part.

Thanks for the help. I see what you mean laptop 1 isnt a real cold wallet because it has been on the internet to receive the btc a couple of years ago.

If you think it's going to work I'll give it a try.

Edit. Also I'm not sure if I just need to copy the wallet.dat or the entire bitcoin folder over from airgapped to internet connected machine for the tx to be sent? 

Has anyone else used this method for a little bit of extra security over just sending straight from a hot wallet?

I suppose this just stops you from having to enter your password that encrypts your priv key on an internet connected machine.  So give some extra security.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
The offline  laptop actually uses an external drive plugged with usb to store bitcoin full chain (at the time of recieve), wallet.dat. So bitcoin core 21 installed to external ssd never used for anything else.
How can the laptop be offline and synchronize with the network simultaneously?

Can I just spend 0.05 on the unsynced offline wallet only unlocking to sign on the offline wallet so only expose the password there?
What's your setup, exactly? Is it a laptop that is sometimes online and syncing, and others offline for signing transactions only?

Based on the following, I assume you have two computers; one for signing only (airgapped), and the other Internet connected, holding your watch-only wallet:
I was advised to use V23 on the internet connected wallet but just stick with V21 on the offline laptop and it should still work?

So v23.0 as a full node, and v0.21.x for signing only. I don't see why this wouldn't work. Sounds good.
member
Activity: 103
Merit: 18
Hi folks.

I'm wondering what to do.

I have an old core wallet.dat with bitcoin core v 21
This is stored on an old laptop that was only used to receive my bitcoin and been offline since.
There is under 0.1 btc which I know is a small amount compared with some.
I wanted to spend 0.05 without brining this laptop online.
I looked at an electrum watching wallet method but I was hoping I can do this with sticking to the core wallet.

I was thinking of going this route and wanted to know if it would actually work.

The offline  laptop actually uses an external drive plugged with usb to store bitcoin full chain (at the time of recieve), wallet.dat. So bitcoin core 21 installed to external ssd never used for anything else.

Now I could install core V23 and try these descriptor instructions but I feel I could mess that up and I would like to not add anything new to the offline laptop if possible.

Would this work since I know I've never made any other tx with this wallet?
Can I just spend 0.05 on the unsynced offline wallet only unlocking to sign on the offline wallet so only expose the password there?
Then shut core down  and then copy over this bitcoin appdata folder to a hot that can sync up and broadcast from the hot wallet?

I know that sounds like a lot of hassle, but I really I dont mind time consuming stuff rather than doing something more technical like using descriptors which I think I would get wrong.

To later spend the remaining 0.05 bitcoin then I would need to copy and updated bitcoin appdata file via usb to the offline wallet before trying to spend since the inputs and outputs will have changed ?

Is this a crude attempt to cold spend that would work the first time but for future spends opens up some strong vulnerabilities? With having to copy files to the offline machine.

Is a wallet.dat that is strongly encrypted with a 30+ character pass thought of as vulnerable? Especially if online for just a few seconds to broadcast? Then laptop shut down once again.

A lot of pos coins are constantly online to produce rewards ?
I just want to know is that reasonably safe?

I dont want to get a hardware wallet at this time because I've used core before and have not had an issue.

Are there any other ways with core to cold spend that are not pretty technical.
Someone tried to explain making a raw manual tx but it was confusing and actually I didnt understand it at all.

I was advised to use V23 on the internet connected wallet but just stick with V21 on the offline laptop and it should still work?
I appreciate a lot of people will think just send it over this amount but I do want to reduce the chances of getting hacked if possible.

If this very insecure I will just wait and try to learn another way.

Thank you for some advice.


Pages:
Jump to: