security - Is this a good recommendation as secure way to generate paper wallet via iOS app for non-technical user?

security – Is this a good recommendation as secure way to generate paper wallet via iOS app for non-technical user?

 

I have suggested to a non-technical friend to use this as a way to generate a paper wallet using an iphone. I’m trying to see if there are any pitfalls. I have used the air-gapped PC method for myself but for my friend who is not technical I recommended the below approach. I then thought that this approach is probably just as secure as using air-gapped PC and considered doing this for any new wallets I generate in the future. I realize that this technique is not good for doing any transactions but my friend just wants to buy some BTC periodically and hold for a long time. Here are the steps I provided him:

  1. Install MyCellium iOS app from the app store
  2. Turn on iPhone Airplane mode to take iPhone offline
  3. Run MyCellium and generate the private key
  4. Write down the private key on paper
  5. Generate the receive address QR code and save it on the Notes app
  6. Delete MyCellium app
  7. Turn Airplane mode off
  8. Re-install MyCellium and generate private keys again (to overwrite any possible saved cache. This step may be overkill – not sure if this step is even required).

Assuming MyCellium is a trustworthy app, how is above step any less secure than using an air-gapped computer and installing Electrum via USB stick?
I am not up to speed on the most secure and trustworthy iOS wallet app.
I am aware that MyCellium generates 12 seed words instead of 24 words but the official word (pun unintended) is that 12 is good enough. I prefer 12 as less words and can even memorize them.

Question to the group. How do we know if MyCellium or any app for that matter, will not “fake” generate a private key that the creator of the app has stored in their library of private keys that they will at some later time go in and take all the crypto out of it. I supposed this is where using an open source wallet and using download verification comes into play? That is the only weakness of my steps above that I can think of.

Appreciate your comments



Source link

Leave a Comment

Your email address will not be published. Required fields are marked *