You may want to add an explanation of air-gapped spending . Use an SD card to sign a transaction and then physically move the SD card to an online computer to broadcast, or sign then scan a QR code and broadcast via the scanning device (presumably a phone).
Also, I'm a bit confused about why you would go to all this trouble, then restore the seed in an unsafe computer (electrum & blue wallet in your examples).
Also, I'm a bit confused about why you would go to all this trouble, then restore the seed in an unsafe computer (electrum & blue wallet in your examples).
I made these cold wallets mainly for long-term savings, not for daily spending ( I use LN for spending).
The BW case is if I need to use more funds than what I have in LN when I am out and about, then I can just spend or swap those emergency funds.
reply
79 sats \ 0 replies \ @joda 11 Jun
OK everyone has different trust assumptions and security models, and I'm also not following precisely what you are trying to do, so I may be misunderstanding.
Keep in mind if you save all your funds in the safest, coldest wallet imaginable, then one day import your private keys into an unsafe/online wallet, you have instantly lost all the security and opened yourself up to every vulnerability you were trying to avoid.
One thing you can do is "test" a wallet and a device to see if your funds get taken or something else is awry. You can, for example, deposit some funds and wait a week or so to see if the funds "disappear"; this also helps if you were uneducated enough to try to make your own entropy, or just made insufficient entropy with whichever method you used.
I also like to test wallets to make sure they generate the right addresses. Use both Electrum AND Sparrow (or Blue Wallet, etc), and make sure they show the same receive addresses. One benefit of a dedicated hardware device with a screen is that it can show you the addresses in the transaction it received from the software wallet, so if they are not the same, something is wack.
If not using a dedicated hardware signing device, I would also manually inspect the transaction before broadcasting. Paste the signed transaction here:
Check to make sure the address is what you intend. You can also use that website to broadcast the transaction, from any online computer. Use a VPN over Starbucks wifi while wearing a fake mustache and sunglasses if you're paranoid.
reply