Bitcoin Q&A: Key Storage Best Practices - YouTube

"Why do paper wallets behave differently from hardware wallets?"

"If you send a portion to another wallet, the remaining balance [in the paper wallet] is not correct or is lost."

"The remaining balance must also be sent to another address."

That is a great question. Paper wallets are different from hardware wallets because...

the [latter uses] hierarchical deterministic (HD) wallets, whereas paper wallets have one public and private key.

A hierarchical deterministic (HD) wallet is built upon a [mnemonic] seed, a set of 12 to 24 English words.

This seed is used to generate an enormous number of keys [and addresses]. In fact, it can generate,

at each account level, more than two billion private keys in sequence.

These can all be generated from the same seed, not only for receiving but also for change addresses.

Any HD wallet, whether software, mobile, or hardware, where you are backing up 12 to 24 English words,

will generate a new [change] address for every transaction you do.

It can generate billions of these addresses, all from a single seed, without any problems whatsoever.

That is the fundamental difference. A paper wallet only has one key, with one address.

That means when you spend from a paper wallet, some strange things can happen.

The other big difference is, a paper wallet only exists on paper. A hardware wallet [allows you to]...

back it up as a mnemonic phrase, and has a process for importing that mnemonic phrase.

That process is defined in BIP-39, the Bitcoin Improvement Proposal [for mnemonic codes].

The hardware wallet can import the seed in such a way that it can re-generate all of the keys and addresses.

On the other hand, if a paper wallet is made "hot" (online) and you decide to make a transaction,

you can import it into a software wallet.

Some wallets will allow you to import private keys, which means your software wallet will spend...

directly from the private key on the paper wallet.

You must consider what happens to change.

Theoretically, wallets should be smart enough to notice that when you have imported a private key...

from an external source, the change should go back to that private key, to ensure there are no problems.

However, most wallets don't do this. In fact, if you import a private key from an external source,

most wallets assume that you will no longer using that private key.

They will spend from it and return the change to a different address managed by the software wallet,

not the address that is on the paper wallet.

In practice, many people don't understand that this is happening.

They don't understand that change is being [accounted for] in a transaction.

They will download a software wallet on their phone, import their paper wallet, spend a small amount,

and put the paper wallet back in a safe when they are finished.

They assume that the rest of the money is still on there, and then delete the software wallet,

assuming it is no longer needed.

However, there is no longer any money on the paper wallet. The rest went into a change address.

That change address was generated by the software wallet; it is not the same as the paper wallet address.

As a result the paper wallet is now empty. The software wallet has been deleted.

The money has been lost. This has happened numerous times.

The problem with paper wallets is that the user experience is counter-intuitive.

If you know exactly what you are doing with the paper wallet, then you can make a paper wallet work for you.

But for 99% of people who do not have the technical expertise to understand how the UTXO set works,

how change addresses are generated, how paper wallets work, how wallet import works,

and how transactions work, paper wallets end up being very dangerous [for most users].

They are a cheap way to [handle] cold storage, but they have a lot of associated risks.

They require you to set up a secure computer in order to generate them,

and a secure printer in order to print them out, which are [tasks] that most users cannot handle.

By comparison, a hardware wallet has an intuitive user experience, which 99% of users can handle securely.

A paper backup of the mnemonic seed is sufficient for cold storage.

There is no chance of losing money due to [a misunderstanding of] change addresses.

As a result, for 99% of users, hardware wallets are a far superior solution [compared] to paper wallets.

Yes, people keep insisting on paper wallets. If you try to do this, please be very careful.

Make sure you understand, in every transaction, where the change went.

If possible, try to follow the advice that is given: load a paper wallet once,

and when you spend it, spend it all.

Move it [deliberately] to a different address or wallet, and destroy the paper wallet.

Assume that there won't be any money on it.

"Among the various Bitcoin clients and wallets, which is top-notch for storage and transacting?"

I have been changing Bitcoin wallets, on average, once every six months.

While there is a lot of development [in Bitcoin], these wallets are often not maintained long-term.

Many of the companies that make wallets fail to develop sufficiently robust business models.

[Eventually], they either go out of business, or they stop maintaining the wallet and become distracted...

by other features [or products], like ICOs. Maintaining a crypto wallet is very difficult.

The space is constantly changing. Wallet developers need to keep moving along...

with the standards, and that requires funding.

So far, I have found that many wallets are not keeping up.

I use a number of mobile and desktop wallets; for the most part, I use a combination of...

hardware wallets, desktop software wallets, and mobile wallets that work with the hardware wallets.

What I use to store my keys and sign transactions is almost always a hardware wallet.

I do have a mobile wallet with a tiny amount of petty cash, about $100 [worth].

I use it for transactions when I am out and about. Most of my cryptocurrency is on hardware wallets...

that I keep separately.

I access these hardware wallets through a variety of desktop and mobile wallets.

Think about where you store keys and sign transactions (hardware wallets)...

as separate from the software you use to construct transactions and sync with the blockchain.

This could either be full node software like Bitcoin Core, or any capable software wallet.

I quite like Electrum as a desktop wallet, but your mileage may vary.

"What about the new Bluetooth enabled wallets," mentioning one of the hardware wallet manufacturers.

There are a number of hardware wallets with various forms of connectivity, other than plugging through USB.

I haven't studied the security of such wallets. However, I would personally be concerned...

about storing my funds on a device that has wireless connectivity.

Wireless protocols are very rich in features, and in the past have been found to contain many bugs.

They can be accessed by more than the device you just plugged it into.

That increases the exposure and attack surface of the hardware wallet.

That doesn't mean it is not secure; it just means I would not trust that type of hardware wallet,

one that has WiFi or Bluetooth connectivity in addition to USB, for cold storage.

I might trust it as a warm wallet, for my spending money, but I wouldn't trust it for cold storage...

where I might have my savings.

"Regarding desktop wallets and storing funds, what [should you do] if your hard drive fails?"

This is a great question. As I mentioned in the previous answer, I make a very big distinction between...

the wallet software I use to construct transactions and sync with the blockchain,

and the device I use to store keys and sign transactions.

That may be a bit confusing. I use hardware wallets to store my keys and sign transactions.

That gives me the highest degree of security.

It also allows me to create paper backups of the mnemonic phrases,

to achieve resilience and continuity in case something happens to me.

I don't trust the software running on my desktop. In fact, I don't trust my desktop at all, to be secure.

I assume that my mobile smartphone and laptop [could be] compromised. I don't trust these devices.

I assume that any information stored on them could have been accessed, including keys for bitcoin wallets.

I use hardware devices for second-factor authentication and signing bitcoin transactions...

so that I don't rely on the security of my laptop, desktop, and mobile devices to protect me from losses.

Basically, I don't put keys [for a lot of bitcoin] in online devices, ever.

All of my keys are on offline devices, with the exception of a mobile wallet that has $100 in spending money.

What if your computer hard drive fails? It shouldn't matter if there are no keys on it.

[Everything] of importance that is stored on my laptop, has encrypted backups elsewhere, in multiple locations.

[I can] recover if I lose or damage my mobile device and laptop.

In the case of my cryptocurrency keys, I have multiple copies of mnemonic phrases...

that I can recover onto other devices, including the petty cash on my smartphone,

even though it is not a lot of money, because it wasn't hard to do.

Therefore, if I lose these devices, I can recover from the seeds.

When I upgrade my mobile phone or my laptop every two to three years, I don't copy the information over.

I use the opportunity to run a recovery exercise and re-build from data backups, to ensure they are working.

I would still have the old phone and laptop, so if the backups are not working, now is a good time to find out.

That way, I can test my backup system.

One thing I would like to point out: a few people will [say] that you can store backups of keys...

in encrypted drives, password managers, or [cloud storage systems]. This is not a good idea.

There is a reason it is not a good idea. First of all, if you make backups on encrypted drives,

Google Drive, Truecrypt, a password manager, or something like that, you are creating an online copy.

It is encrypted, but that encryption and its security depends on a lot of factors.

When you run that software and decrypt it, if that laptop has been compromised,

then you have exposed your keys and could lose your money.

The process of encrypting and decrypting these files happens on a laptop.

Finally, you still have the problem of backing up the password so you don't lose the encryption key.

Essentially, you have just [shifted] the problem of backups one step further.

Instead of backing up your crypto keys, you are backing up the encryption keys for your encrypted backups.

You [still] need to back those up. What form do those take?

The best form of backup for keys is a 12 to 24-word mnemonic phrase.

If you have more concerns, you can add a passphrase and back that up separately.

It is much easier to remember and record 24 English words, on paper, in your own handwriting.

Put them in a secure location.

[It is easier] than backing up an alphanumeric password...

of arbitrary length, that you may or may not have generated with sufficient entropy.

There are so many pitfalls in rolling your own security, in a way that is not compliant with the standards.

There are many risks you may not be aware of. Be careful when you hear about suggestions like this.

Do not backup your keys online. Do not use encryption [as an excuse] to back up your keys online.

Use the recommended mechanisms. In the case of HD wallets, write down the 24 words.

Do not cut them up and store them as separate pieces. Do not try to hide them in fancy ways.

Do not obfuscate them, like hiding each [word] in the page of a book or something like that.

Write the 24 words down, in sequence, and store them [together] in one place.

Then make another copy and store it in a different place.

If you are concerned about the physical security of your environment, that someone could access them,

then use a passphrase and write that down too.

Store it in another location, separately from where you store your mnemonic seed.

But that may be excessive. In 99% of scenarios that most of us face,

the greatest risk is [accidental] loss due to computer failure, natural disaster such as flood or fire,

or damage to your backups.

Therefore, the best balance for your security, risk against theft versus accidental loss,

is to follow the standard instructions and make a paper backup of the 24 words in your own home.

That is sufficient for 99% of cryptocurrency users.