Pitfalls and solutions of paper wallets
Creating paper wallets:
Problematic action: Use a wireless printer.
Reason: It's insecure because wireless networks are insecure.
Solution: Use a wired printer.
Problematic action: Use a printer with a hard drive.
Reason: It is insecure because the private key of the paper wallet printed may be stored in the hard drive, therefore may be recovered if the printer is sold or scrapped.
Solution: Smash the printer, including and especially the hard drive, after printing.
Problematic action: Leave the printer open for other people to access without turning it off.
Reason: It's insecure because the private key printed may still be in the memory of the printer.
Solution: Turn the printer off after printing.
Problematic action: Use a shared printer (at work or school, for example).
Reason: It's insecure because 1) the printer may have a glitch and someone else may get your printouts; 2) the printing jobs may be centrally logged.
Solution: Don't. Use your own printer.
Problematic action: Use a printer to print the private key or the QR code of the private key.
Reason: See above.
Solution 1: Don't use a printer for private key stuffs. Handwrite the private key. Handdraw the QR code of the private key. Double check, then check it again, then get someone you trust to check it again. (Testing the private key in a wallet app can make it sure. But it comes with risks and the private key is no longer cold storage.)
Solution 2: Don't use a printer for private key stuffs. Use brain wallet. Write down the passphrase and the relevant information, e.g., the name of the tool used (bitaddress.org/WarpWallet/etc.) and the instructions. Store it the same way as a paper wallet. Save and store some copies of the tool, in case the future versions become incompatible. (There are pitfalls for creating secure passphrases. It is beyond the coverage of this post. In a nutshell, don't create passphrases with your brain.)
Spending from paper wallets:
Problematic action: Import a paper wallet private key into a wallet app, then spend directly from the paper wallet address.
Mistake: Expect the paper wallet automatically receives/holds changes, similar to a real-life wallet, which may not be the case.
Reason: Early wallet apps didn't handle the changes correctly. The changes became the transaction fees of the miners.
Explanation: It's a misunderstanding of how Bitcoin works. There is no account balance of any kind in Bitcoin. There is only Unspent Transaction Output (UTXO). The receiving addresses of changes, which will become the new UTXOs, must be specified when BTC is spent. Otherwise, the changes will become the transaction fees. This depends on the implementation of the wallet app, which should not be trusted.
Mistake: Think nothing is wrong if changes are handled correctly.
Reason: It's address reuse, which is not recommended in Bitcoin because: 1) it reduces anonymity of both the sender and all the consecutive receivers; 2) it reduces the security by exposing the public key, which is vulnerable to quantum computing. Addresses are hashes of public keys, which are safe from quantum computing.
Mistake: Destroy the paper wallet after it's imported into an HD wallet, thinking that it has become a part of the HD wallet and it's safe to destroy because the master seed of the HD has been backed up.
Reason: It is not a part of the HD wallet. If the paper wallet (the paper) is destroyed and the app is uninstalled, the BTC is gone even if the HD wallet is recovered from its master seed.
The right way: Spend (transact) all BTC in a paper wallet to an address of your wallet app. Spend BTC from there. After all the spending is finished, create a new paper wallet and transact all the remaining BTC to it. Store the new paper wallet. Keep the old one for future reference.
Destroying paper wallets
Problematic action: Destroy a paper wallet after it is used.
Reason: You may need to prove you had control of that address some day, e.g., for taxation purpose. In the case of a chain split, you may have a balance on the other chain.
Solution: Don't ever destroy a paper wallet. Keep it on file. Mark it with the relevant information, e.g., "Used in April 2017".
Additions and corrections are welcome.
Edit: multiple editing for additions, corrections and clarifications.
submitted by /u/exab [link] [comments] Read more /u/exab