Why doc says importing private keys is so dangerous?

There are a lot of applications when someone would like to import a private key. However in wiki documentation they say it is very dangerous: https://en.bitcoin.it/wiki/How_to_import_private_keys

WARNING Before reading this page, users should note that messing with ECDSA private keys is very dangerous and can result in losing bitcoins, even long after the import. It is recommended that outside of self-generated vanity addresses, users should never import (or export) private keys.

and

Note that importing a key to bitcoind and/or Bitcoin-Qt may be dangerous and is not recommended unless you understand the full details of how it works.

Why is it that dangerous and what are the alternatives if you are using cold storage, a paper wallet or generating vanity addresses?

Related: Why so many warnings about importing private keys? (but it is about warnings on blockchain.info and not bitcoind). I'm not sure if the warnings are due to the same reason.

Felipe

Posted 2014-08-09T09:23:01.877

Reputation: 1 511

Answers

Key import by itself (from a trusted source of keys, such as your own cold storage or backups) isn't a dangerous thing. However, the vast number of ways one can cause problems for themselves through key import leads to these warnings.

Many such warnings appear to address more complex situations beyond bitcoind's scope. In this case, there can be many situations in which a weak key (e.g. from a brainwallet with bad password), or leaked key (suspicious origin, or generated by someone else) might be imported into bitcoind.

For example, the following may happen (with sample keys, of course):

5KVFiYbW5qbFfuDwrhPdsA3ALH3PmrEdQnQrpDWrqpygncbpPY4 is generated insecurely someplace (used on a physical coin, or otherwise bad origin), translating to address 1CD2nyv22gAGs8GAsdNa1rW3KinkCHgTFd.
User imports 5KVFiYbW5qbFfuDwrhPdsA3ALH3PmrEdQnQrpDWrqpygncbpPY4 and uses it in their wallet, as 1CD2nyv22gAGs8GAsdNa1rW3KinkCHgTFd in the UI.
Dumpster-diver digs up improperly-erased hard disk owned by FooPhysicalCoinForge, digs up 5KVFiYbW5qbFfuDwrhPdsA3ALH3PmrEdQnQrpDWrqpygncbpPY4 and sweeps it. Even if the address had 1 BTC on it originally and received 20BTC more, the attacker now has access to all of the funds received to it and currently spendable.

ζ--

Posted 2014-08-09T09:23:01.877

Reputation: 316

2This doesn't seem to answer the OP's question, as you don't really mention why /importing/ is dangerous... rather you talk about why leaving a key unerased is dangerous. – nmz787 – 2016-03-30T02:27:20.390

@nmz787 That's precisely the danger of importing a key provided to a user in any way except for an immediate sweep followed by never using said key again. It can be unerased at the level of the sender/party that generated it. – ζ-- – 2016-03-30T10:16:17.997

what if the private key was dumped by your own system (i.e. you created a new wallet locally, transferred in funds, then put that priv key into cold storage), and later you want to revive that by importing? – nmz787 – 2016-03-30T17:05:06.170

1@nmz787 I specifically state I am speaking about situations where weak or compromised keys are imported from outside. Although this answer is quite old I can edit it for you if you'd still like. – ζ-- – 2016-03-30T21:42:50.157

Perhaps a distinction between importing and sweeping a key needs to be considered. The aforementioned warnings deal with the importing of keys, and does not refer to the sweeping of keys, which moves all the coins to a new address. This method is inherently secure.

nirguna

Posted 2014-08-09T09:23:01.877

Reputation: 21