He will always need some Bitcoins to send it away/burn the maidsafecoins.
Absolutely right. I only meant that until he wants to send or burn, he can dream for free.!
Iâm waiting for a Coindesk headline like âResident Wallet Expert Recommends, Unrecomends Online Wallet and Secure Email ProvidersââŚ
And your private key is stored in the same PC where you have your address. Marvelous.
If it wasnât for 2FA that you enabled to let the government know whoâs the owner of that wallet (and how they can recover the pass phrase from you should they ever want to do that), youâd be exposed to various risks.
1 Like
I personally generated my private keys on a bootable usb stick with a fresh Linux Mint install on it, while my HDDâs and internet connection were decoupled. Copied it to three other USB sticks as well, that I spread over three different buildings where I trust theyâll be safe. Of course they are also password protected. The USB sticks will never be plugged into any system until Iâm ready to immediately send them to MaidSafeâs burn address to exchange for actual SafeCoin.
2 Likes
You can run any open source wallet on your desktop and itâs not going to be âexposedâ to the Internet. Most of them communicate only with Bitcoin Core.
Sounds good. Is that safer than simply remembering oneâs 12 word pass phrase?
I NEVER keep a privatekey on a PC⌠I always save it to a USB 3x or chop up the privkey on 3 different email addresses.
Actually your MaidSafeCoin might be save on blockchain.info because itâs wallet doesnât show your MaidSafeCoin.
1 Like
Why not do both? Use my method or something similar and protect the wallet/private key export with a 12 word passphrase?
The idea behind my approach is that even if there was malware on my USB Linux install, the private keys cannot be transmitted to anyone because itâs never connected to the internet, and thereâs no intermediary medium (like one of my HDDâs) that the malware could have used as a bridge.
I also turned off my power supply unit after shutting down from linux and drained the capacitors of power by holding my power button pressed for a while, before reconnecting the HDDâs and network cable. That way Iâm sure no traces could be left in RAM somehow. Most likely an unreasonable paranoid measure, but at least it canât hurt.
Thatâs like security through obscurity, I wouldnât rely on it.
1 Like
The more data you have the more difficult it is to keep it safe. The more passwords and pass phrases you have, the more likely it is youâll forget one of them (and thereby lose access to your funds, assuming you picked a complex password in the first place).
Iâm not trashing the approach, those are fine measures of precaution.
I just wondered aloud if that is safer than to remember (or write down) a 12 word wallet pass phrase.
In other words, thereâs a choice:
- 3 email providers who hold the chunks of your private key in plain text on their servers + three passwords (I hope itâs not just one!) each of which is probably 12 characters or less
- 12 word pass phrase for a wallet thatâs not online (Iâm referring to discussion from SafeNet App Funding Through Koinify)
And your conclusion is the first approach is safer. Is that because of 2FA that you have?
That is absolutely hilarious!
Your 12 word wallet pass phrase could be vulnerable to a key logger/rootkit.
I personally donât put too much trust in anti-malware software, too often incredibly sophisticated viruses are found lately that have often been around for many years without detection. Of course most of those super viruses come from governments that have other goals than looting your wallet, but still. Itâs incredibly hard, if not next to impossible, to be 100% sure that your system isnât compromised in some way.
Therefore, an âair gapâ approach is safer in my eyes than super long passwords.
Your USB keys are also protected by a password, but you think your keystrokes wonât be busted, while my entered directly in the browser would.
There are known security flaws of USB devices (on the firmware, not the OS, level), but letâs ignore them for now. My Web wwallet software would run basically the same s/w that your OS runs, so it could be made to run locally from a bootable USB stick with a fresh Linux Mint install.
So basically youâre using them as offline wallet, which is equivalent to me not logging in to my (online) wallet.
That seems about equally, not more, secure.
My USB drive may very well be infected, thatâs what the air gap is for. If a malware would have pickup on the private key when it was generated and/or logged the keystrokes when I typed my password, what can it do with it? It canât transfer it anywhere, there is no network connection. It canât copy it to another HDD that may be connected to the internet later, since all HDDâs are uncoupled. The RAM will be whiped when the system is turned off. The USB drive itself will only be used when I immediately transfer the MaidSafeCoins myself.
If malware would have been present at the time of generating the key and/or entering the password, and if that same system at any time later would get a connection to the internet, it wouldâve had an opportunity to transfer the key/password to itâs owner. I guess thatâs the only difference. If that has not happened you and I are equally safe I guess.
Then weâre in agreement!
Note that itâs possible to generate a wallet completely offline (with scripts) without actually accessing a real Web wallet, and also a set of addresses. Then you can have coins sent to those while watching them from any blockchain explorer without ever logging in. But of course that requires a bit of fiddling around, although not too much (itâs not a whole lot more complicated than setting up bootable USBs, IMO).
I recall someone made a wallet generator a bit like a USB drive. Never plugged into a PC, you connect it to a printer and it prints a new cold storage address and private keys, with QR codes.
Yes we have on in the office I Cannot remember the name now, but its a cool wee stand alone printer driven by a rasbery pi. Cost .5 BTC
1 Like
Thatâs the one, I can confirm its pretty good and does what it says.
1 Like
This is the gadget I was on about:
Mycelium Entropy paper wallet printer.
You plug it into a printer and it generates and prints a graphic file.
1 Like
Yep, thatâs what it is.
In my example thereâs no QR code (unless the code is accessed over HTTP(S)): you download Web wallet code, go to the shell, in your walletâs code find and run the same address-generating script, execute it and get the same output (without QR codes (I donât believe it can produce QE code in the CLI mode, although anythingâs possible)).
The difference vs. having a full Linux OS on USB stick is that you can use a minimal Linux or BSD environment with just wget and JavaScript or Python support (or whatever language the script is written in) which may be an added plus in terms of security.
I tried getting my coins from block chain to omniwallet but get an error message saying âinvalid walletâ when I paste in the private key. Anyone have any idea why this would be? Btw I can see my coins on masterchest.info so know theyâre there.
@Luke this just means that you are not typing the private key in correctly. Otherwise, make sure you are using google chrome.
1 Like