Topic: Question On Sweeping Private Key (Read 289 times)

Once on paper it's the savest 

Keep your private keys in different backup, and I don't see any threat of security there as long as you don't exposed your keys towards untrusted sites.
Avoid using your emails for shady transactions like kyc registrations and other potential risk that may breach your security. Having printed paper wallet, should be done together with it's QR code and that's reliable and safe. But, I don't try to generate btc private keys yet, only for erc20 tokens.

I don't think that's strictly necessary. Two separate geographical locations, sure, but two mediums of storage? If I have inscribed my seed phrase on to two separate titanium plates and have one stored in a safe in my house and one stored in safe deposit box in another city, I don't see how changing one of those titanium plates to digital storage makes me any safer. If anything, I'm just exposing myself to a bunch of new processes and the risks that come with them I otherwise wouldn't be to get my seed phrase on to a USB drive.

If a device is already compromised, then simply plugging in the USB drive is enough for your keys to be stolen. I would argue that is more likely than taking out your paper wallet and standing their idly for 5-10 seconds while you watch someone right beside you reach in to their pocket, take out and unlock their phone, open the camera app, and snap a photo.

Just don't use cameras and you eliminate this altogether. I only use entire seed phrases rather than individual private keys for my paper wallets, so I never need to use a camera to import them back on to an electronic device.

At the end of the day there are risks inherent to both, but I just don't agree that long term paper storage is inherently more risk than long term digital storage.

You can use a paper wallet as a backup to address the issue of hardware degradation (you should keep your private keys in at least two mediums of storage for this reason).

Accidentally exposing private keys to an internet-connected device does increase risk, but does not guarantee loss of funds, and if this happens, it is a sign of carelessness. On the topic of carelessness, if you accidentally show someone your paper wallet, the risk of loss of funds is much higher because they could take a picture of the paper in seconds without having prior intent to steal your funds. Exposing private keys to an internet-connected device requires the device to be previously compromised to result in a loss of funds.

There is also the issue of transferring your paper wallet private keys back onto a computer when you are ready to spend your bitcoin. This will require one to potentially allow a camera to take a picture of the private key -- precautions can be taken to reduce this risk, but the risk is still there. If you store your private keys digitally, there is no risk that taking out a USB stick will result in a camera being able to copy the private key. You have the same risk of leaking data between your air-gapped and non-air-gapped devices regardless of if you are using a paper wallet or storing your keys digitally. (you should really not be using your air-gapped device for anything except for signing messages/transactions).   

And there are additional risks you incur when you store private keys long term on digital storage rather than on paper or some other physical medium. Hardware degradation is one, as I have mentioned above. You can choose fireproof paper or laminate it to protect against mild water damage, which could destroy digital storage. The risks of accidentally exposing a digitally stored wallet to the internet is much greater (plugging in the wrong USB drive or CD to an internet enabled device, leaking data between your airgapped and non-airgapped computers) than a paper wallet.

I use both digital airgapped wallet and paper wallets. I prefer airgapped wallets for money I might want to spend in the next 6 months or so, and I prefer paper wallets for money I am planning not to touch for several years.

You increase your risk when using a paper wallet versus using a wallet stored digitally. Regardless of how the private keys are stored, you have a set of risks when creating a private key on a computer. When you move that private key from your computer to paper, you have to incur additional risks.

This is also true for when you are spending your bitcoin. You have risks with both mediums of storage, but have additional risks when moving your private key from paper back into your computer.

Also, if you are going super paranoid and using an old computer and printer which you plan to destroy after creating your paper wallets, it's also much cheaper to create them in batches rather than destroy multiple devices.

You obviously have to make sure you store your unused paper wallets just as securely as your loaded ones, though.

If you are going to import your private key to a wallet on a permanently airgapped computer, then it is no more risky using a paper wallet than using electronic storage. If I'm planning to store a wallet for 10+ years, I don't want to be concerned about hardware degradation or failure which could corrupt my wallet file in that time.

I would rather generate multiple paper wallets in advance than generate them on an ad-hoc basis. Generating paper wallets in batches means that you are never having to consider compromising on security or best practices because you are in need of a new paper wallet.

I would advise against using paper wallets though. It would be better to store your private keys in a USB stick or computer that never touches the internet. When you are ready to spend (some of) your bitcoin, you can sign the transaction offline. 

Additionally:

• Verify both your Electrum download and your Linux OS download against the provided GPG signature files to ensure authenticity. This is very important and shouldn't be skipped.
• Optionally, I would also physically open my computer and unplug/disconnect/remove any connectivity hardware such as WiFi or Bluetooth chips, as well as any hard drives or other storage, in between the online and offline steps.

You can always add more security. Depending on the amount I can think of several ways to improve it:

• Don't reuse the same paper wallet
• Verify the signed transaction offline using different software (different OS and for instance coinb.in downloaded) and maybe even different hardware
• Let a trusted person (such as your spouse) verify everything offline before broadcasting to make sure you don't overlook something

This applies to paper wallets too. Ideally, I wouldn't use a QR-scanner (see malicious QR code readers), just type the private key.

Thank you. Do you have a link to detail the safest way to sweep a paper wallet offline?

Thank you. Is what you have outlined the most secure method to moving coins from a paper wallet?

A paper wallet doesn't have to be a single private key, it can also be a master private key or a mnemonic. Nowadays all the bitcoin wallets are HD and they support BIP32 and BIP39 (or an alternative to it). You can simply create the mnemonic and store those 12 or 24 words on a piece of paper calling it "paper wallet". Then each time you use a key you simply send the change to a new address and don't use the old one again. If the old one received any bitcoin in the future you still have access to it because you have your seed to generate all child keys.

P.S. When sweeping/spending coins from paper wallet you should also do it offline.

If you do insist on using the same paper wallet again, you'll have to create a transaction that sends the change back to your paper wallet.
Ideally, your private key should never touch an online computer:

Alternatively, if you decide to create a new paper wallet to store the change and your old paper wallet is empty:

It's still valid, you can send bitcoins to the paper wallet after sweeping its private key.
If you're not aware, "sweep" creates a transaction that sends all of the paper wallet's funds to the wallet where it was swept.

The downside is you're basically stripped off the benefits of using a paper wallet because the private key was already touched the internet.
Another is you're going to reuse an address that's bad for your privacy.

You must use a paper wallet only once.

Good afternoon,

Once a paper wallet private key has been sweeped, can Bitcoin still be safely sent and stored to the address of the sweeped private key? And therefore can that priavte key be sweeped again in future? Or after a private key has been sweeped does the address become invalid?

Thank you.