0
Any of a kind Bitcoin wallet need to share private key on the internet-connected machine.
Bitcoin client has no responsibility for to keep private key secure. If your's machine connected to the internet, your keys can be hijacked, because your machine can be hacked before you import keys.
The questions is, how to trust any of existing wallets to store private keys?
0
Private keys are never (!) ever shared - no way. Private keys need to be kept secure. If you have operating system, that is known for it‘s vulnerabilities and spyware, then you cannot trust it. Use a secure OS, and cold storage with MultiSig to raise the barrier of loosing private key information. So it is not the wallet software, that you need to trust. It is your operating system. You can use an open source OS, and downsize to the minimum, to get optimized security. On wallets: some wallets allow to add an additional encryption layer, and would serve as the second security approach. First is your OS! In general: small amounts can work with an online wallet, medium amounts need a full node wallet, and high values need cold storage with multisig. It is a question of trust, and the trade-off against the security.
I leave it to the specific wallets fans, to add on wallet specific protection layers.
1
Any of a kind Bitcoin wallet need to share private key on the internet-connected machine.
This is false. You can keep private keys on a completely offline computer, but still submit transactions to the network. To do this:
Create a wallet that will store your private keys on an offline computer. This wallet will be used to sign txs
Create a wallet on an internet-connected computer. This wallet will be used to generate (unsigned) txs, and submit (signed) txs to the network
Generate an unsigned transaction on the internet-connected computer
Transfer the unsigned transaction to the offline computer (eg. via a fresh USB drive).
Sign the tx using your offline wallet
Transfer the signed transaction back to your internet connected device, and broadcast the transaction to the network.
This way, your private keys are kept offline, so an attacker would need physical access to the machine in order to steal your funds.
Note that hardware wallets follow a similar scheme: the private keys are isolated within the device so that the computer you plug your hardware wallet into cannot access them directly.
A less secure but still good solution is mobile wallets, seeing as a mobile OS will generally have a smaller attack surface than a desktop OS (eg compare iOS to Windows). Generally, there is a smaller chance of having a phone infected with malware than your desktop machine. For best practises, you could run a full node and point your mobile wallet at it, but I would generally not advise storing large amounts of cryptocurrency on a phone.
how can you get UTXOs for all of your -offline- addresses? – D L – 2018-02-13T01:57:05.730
@Denis I’ve edited my answer to explain in full, please see the above, or for more info: https://en.bitcoin.it/wiki/How_to_set_up_a_secure_offline_savings_wallet
MultiSig did not provide such security! – D L – 2018-02-12T19:40:05.697
Even if multisig doesnt combined with cold storage you can secure the private key ! – f4r4 – 2018-02-12T19:45:33.503
Yes, multisig is not directly a security layer to protect your wallet. More to protect your keys. You can crate 2of2 or 2of3 for yourself, and have each transaction be signed with such a condition. Then you can sign a tax on your home PC, and the second signature from your office PC. This protects your funds at a higher level, cause a thief would have to know / compromise both of your PCs. – pebwindkraft – 2018-02-12T20:40:47.357
Security in OS? Really? – D L – 2018-02-13T00:42:59.377
so the answer is "no trust"? – D L – 2018-02-13T02:06:22.270