reply on: Questions about your cold wallets rotation \ stacker news ~bitcoin

pull down to refresh

1256 sats \ 5 replies \ @pillar 27 Oct \ on: Questions about your cold wallets rotation bitcoin_beginners

I've found one very important practice is to regularly, on a schedule, sign a transaction from important wallets. It could be weekly, monthly, quarterly. Just gather yourself to go through the process of preparing a consolidation TX within the same wallet and sign it. No need to broadcast it.

This ensures that:

You actually check the balance periodically.
You verify keys, HWWs, documents, backups, etc. are still in place.
You make sure that all the details are fresh on your mind. This is probably the most important reason to me. In my opinion, people underestimate how, despite how deeply familiarized you might be with your setup, time erases everything from your brain. I've seen people not touch a cold wallet for two years and then have a real hard time making it work again despite having designed the setup very carefully and thoughtfully at the start. Making a TX every now and then prevents this brain rot.

@DarthCoin, regarding your idea on rotating UTXOs, I don't think it's a good idea in general. I understand the motivation is similar to the one in general IT security for key rotation.

I personally believe your setup should allow you to be confident nobody has ever managed to take a look at your keys. If your current setup makes you wonder if someone has looked at your keys successfully and you can't tell... I think you need to improve it.

If you have any suspicion at all that they might be compromised, I do believe you should rotate ASAP.

Why do you still keep that legacy wallet? Ask yourself.

Well, I can think of one reason, even if you truly don't intend to use that wallet anymore: someone in the future could send sats to the old wallet. If that happens and you don't have the private keys, you'll pull your hair out.

142 sats \ 2 replies \ @Scroogey 27 Oct

That's a very good point!

I used an old laptop with a read-only Tails stick like a hardware wallet (Electrum, offline, sign-only, xpub exported to the online computer).

What I didn't realize is that the updated Electrum on the online eventually produced unsigned transactions that the offline couldn't understand anymore.

No problem, update the offline. Huh, new Tails doesn't run on 32-bit anymore, and the offline laptop doesn't run 64-bit.

Sure, I solved it after cursing a few hours ("how the fuck can you make PBST incompatible?"). But it got me thinking about myself in 20 years. Sign a transaction as exercise every couple of months is excellent advice!

22 sats \ 0 replies \ @pillar 27 Oct

100%. Scenarios like yours are the exactly the kind of stuff that's hard to predict before hand and can throw you off.

0 sats \ 0 replies \ @Scroogey 27 Oct

deleted by author

0 sats \ 0 replies \ @Bell_curve 27 Oct

good response

I use Casa for multi-sig

0 sats \ 0 replies \ @DarthCoin OP 27 Oct

I wasn't saying to throw away the old keys... I said only to move the old stash into a new wallet. That's all. You can keep the old keys into a password manager just fine. Important is to compartmentalize your stash. Think about decoys.