Cold Storage Options for MAID in 2017?

Send to me and ill store for you for a fee. I am not kidding.

6 Likes

Has anyone successfully secured MAID using Electrum 2factor?

I’m looking for wallets that can hold MAID that don’t require a full Blockchain download.

What are the current options?

There’s a long thread about options here Buying Maidsafecoin & storage - #99 by BIGbtc and elsewhere if you search for ‘omniwallet’. Basically any wallet (online or offline) that can hold BTC can store MAID, but if you want to move them around you need to use one based on the OMNI protocol, such as omniwallet.org.

4 Likes

I said I’d come back with some further explanation on hardware wallets. It’s only taken me 9 days! Please, if you’re reading this don’t rely on what I say without verifying it for yourself!

The issue was to do with using a hardware wallet to store MAID, when the wallet doesn’t natively support MAID transactions on the Omni protocol. When the time comes to move the MAID, will the act of retreiving the private keys compromise the security of any other coins stored on the hardware wallet? I’ve gathered information specifically relating to the Ledger Nano S with the 1.3 update. (@neo - I still haven’t actually tested this on a device, so for the time-being this is just how it is claimed to work).

With some provisos I would say that the desired outcome can be achieved with acceptable security. Here’s a description of the architecture and necessary steps…

  • During setup, the Nano S produces a 24 word BIP39 recovery phrase which you need to record and kept safe.

  • The user needs to set up a 4 to 8 digit PIN to allow subsequent access to the everyday wallet on the device. Entering an incorrect PIN three consecutive times results in the device being restored to factory settings. (You’d then need to restore using the 24 word mnemonic phrase).

  • Don’t use the default ‘everyday’ wallet for your most valuable funds. Treat it as a hot wallet (or as a decoy if an attacker is trying to coerce you to give them access).

  • The way the Nano S gives you the necessary flexibility is by allowing you to use BIP39 passphrases in order to create/open/manage wallets. The device allows passphrases to be up to 100 characters, and for proper security they need to be long (this is one of the provisos I mentioned).

  • When you use a BIP39 passphrase it is combined with the 24 word recovery phrase to generate a root key. This is the key which is used to generate your public and private key pairs deterministically. The passphrase acts as a salt for the hashing of the recovery phrase during root key generation. Because of the way that hashing functions work, the slightest change in the salt (your passphrase) results in a completely different root key being generated.

  • The Nano S allows you to create and access as many wallets as you wish by using different “temporary passphrases”. You can, however, only access one wallet at a time in any given session, thus the word “temporary”. Each time you turn on the Nano S (beginning a new session), if you wanted to access a wallet created with a “temporary passphrase”, you would have to enter the long passhrase again.

  • It’s important to note that there is another convenient function called “passphrase attached to a PIN”. You already have your main PIN which gives you access to the ‘everyday’ wallet, but you can setup a second PIN. You have to attach a passphrase to this PIN, thus achieving a wallet with a different root key from the ‘everyday’ wallet. You can then easily access this second (‘hidden’) wallet by using the second PIN (no need to enter the long passphrase).

If you’re having trouble visualising all of this, try playing around with a BIP39 tool such as this coinomi one.

Is this secure? What are the provisos? When the time comes to move your MAID, assuming support has not been added to the Nano S by then, you may need to use a BIP39 tool to get your private keys for the wallet on which you’ve stored your coins. This should definitely be done OFFLINE. You would have to input your 24 word BIP39 recovery phrase, which is not ideal (it risks exposing your ‘everyday wallet’ to a bad actor for starters). Assuming your recovery phrase was compromised during this step, the security of the rest of your wallets would hinge entirely on the strength of your passphrases. If you used very long passphrases WITH GOOD ENTROPY (i.e. RANDOM) and kept the passphrases safe (offline), the other wallets can in my opinion be considered secure. To put it in perspective the maximum passphrase length of 100 characters, for example, is I think longer than the length of the variable portion of a BIP32 root key!

I intend to get my hands on a Ledger Nano S hardware wallet to test the operations I’ve described above. I need more time!

Comments, criticisms and corrections welcome!

5 Likes

I’ve also read about this feature in the last 9 days and agree with your assessment.
FYI, NanoS is backordered until end of July. Trezor is in stock, but not sure how this feature works on it.

1 Like

I’m curious about recovery from losing your hardware key and the advantages of using a hardware wallet in general.

I’m a bit confused because looking at the nano FAQ it says if you lose you nano, you can restore your wallet to another nano or any BIP39 software wallet.

In which case, what’s the point of your nano? How does it differ from using an equivalent software wallet?

  • Is it just that you can use a PIN for the ‘everyday’ wallet?

  • Or to do with the password access to ‘temporary’ wallets? BTW Am I alone in thinking ‘temporary’ is misleading?!

With a paper wallet everything hinges on safely backing up the private key. With nano hardware wallet or a similar software wallet everything hinges on backing up the ‘seed’. So little practical difference there?

So what are the particular advantages of the nano? Is it that you can use it safely on a machine that is not secure (eg entering the pin directly into the nano) or is there something else?

Thanks.

Yes, it’s exactly that. There’s a chip in the nano that they claim makes the wallet secure, even if your pc is compromised.

2 Likes

In HW wallets the Private Key has never seen the internet and signs transactions offline. Spend directly from a hardware wallet for convenience. Bit IMO a hardware wallet should not be a hot-wallet. Storage only. Move monthly spend allowance to hot-wallet from cold storage.

The Ledger team reckon it’s safe to buy from Amazon, saying that the device is tamper proof, so people could look at other vendors:

Why isn’t it any anti-tampering sticker on the Nano S box?

Ledger is using cryptographic attestation to make sure that the devices you receive are genuine; A cryptographic procedure checks the integrity of the hardware wallet’s internal software each time it is powered on. The Secure Element chip prevents any interception or physical replacement attemps.

Anti-tampering stickers are security theater: any attacker capable of reproducing a device can print new shiny stickers. Ledger’s products are engineered to be natively tamper-proof and cannot be counterfeited.

I would say that realistically, for average people, it its easily safe enough to buy from other sources such as Amazon.

I did look at Trezor at one point, and I’m pretty sure private keys can be obtained from that in a similar way. I don’t recall how it competes in terms of other features though. I know it’s significantly more expensive.

1 Like

The hardware wallet does all of the proper paper wallet procedures for you in a user friendly way. Offline key generation, offline storage, offline transaction signing. Following this procedure exactly with paper wallets can be a bit arduous, leading people to cut corners, and in so doing sacrifice some security. How many people really import their private paper wallet key into an offline computer and sign the transaction from that offline PC? A common trade off here was to split your coins across multiple paper wallets so you could import them as needed into an online PC without risking losing all of them if the PC was compromised, but then you have the added inconvenience of managing all these different wallets, etc. So in general the hardware wallets are just much more user friendly.

3 Likes

Ya, Amazon is fine, but at least in my country the prices from the resellers are insane!

1 Like

edit: aargh! sorry @drehb, I didn’t see you’ve already replied.

Good questions! I forgot to mention the idea of hardware wallets is isolation from the possibly infected operating system of a p.c. or mobile (cell phone). They also tend to have screens and hardware buttons so that transaction information can be safely verified.

I won’t say that the security of hardware wallets is perfect, because with enough resources people come up with some very clever ways of hacking things. It’s soooo much more secure than general software wallets though. Here is more detail about some aspects which spring to mind:

  • Hardware wallets (HW wallets) isolate the private keys from your desktop or mobile operating system. When you carry out a transaction it is the HW wallet which signs the transaction, using the private keys contained within. The signed transaction can be safely passed to the software wallet because it cannot be tampered with. The cryptography involved means that amounts, addresses et cetera cannot be adjusted.

  • On a good HW wallet the amount and the addresses have to be verified before the transaction is signed. For example on the Nano S there is a screen which shows you this information, and you must use the hardware buttons on the HW wallet to confirm. Again, this is isolated from the general operating system for security. Software wallets are vulnerable here. For example there are reports that there is malware which on Windows can monitor the clipboard, looking for bitcoin addresses. It can replace an address with one belonging to the attacker, therefore stealing money. I think it can even hide, in the UI, that it has changed the address!

  • The hardware buttons on the HW wallet also have to be used when entering the PIN or the wallet passphrase. This should avoid the keyloggers which are so dangerous with software wallets.

I think it could be worded better, but it’s hard to convey information concisely sometimes. It’s possibly more difficult for the LedgerWallet team because it’s a French company.

I’d agree there’s little practical difference. You do have to trust the hardware and it’s firmware though. I need to look into whether or not there are good ways to verify the integrity. With a new device I would do small test transactions for starters. When generating keys for paper wallets the software should be verified too. (Is there anyone attempting to generate keys by hand by the way? I wonder how long this would take?!:dizzy_face:).

You’ve got the gist.

By the way I feel like a fraud! I’m a manual worker. I don’t even know how any programming languages. I have intended to learn for years, but I STILL haven’t done it. How lame!..

Still trust my information?:fearful:

3 Likes

This makes sense, but you could argue it depends upon which attack angles most worry you. From @drehb 's earlier post:

If this is the threat it may be a good idea to have one wallet on your HW wallet which is used as a hot wallet. You can then have hidden wallets and some ‘plausible deniablity’. I probably shouldn’t be saying this in case I get a HW wallet and someone decides to track me down! :scream:

I’m only pointing out pros and cons, I don’t disagree with you @BIGbtc

As a point of interest I think I’m right in saying that any bitcoin address from which a transaction has ever been sent is inherently less secure than one which has only ever received bitcoin. Even if the transaction was made offline and then broadcast to the bitcoin network. This is not currently a concern however. I believe that this is a theoretical issue relating to the nature of the cryptography, and could only become a real world threat in the future (quantum computing). If anyone wants me to elaborate, or disagrees with me please say so. I’ll have to dig up the information then though!

2 Likes

Well, in that there is really no “from” address in Bitcoin, that argument can be made as we refer to the risks of a public address linking to private key during import on a paperwallet. In a hard ware wallet the private key does not see the internet. Or am I not understandi g your point? I think I do, maybe not.

I’ve found the information to back up this claim in this podcast with Arthur Falls and cryptographer Dan Boneh. The whole podcast is very informative and I recommend listening to the whole thing, but the link points to the appropriate section. The explanation is about one and a half minutes long.

To sum it up - in the future quantum computers should be able to use Shor’s algorithm to break bitcoin’s transaction signatures. The weak point is the public key of the sending address, which is published on the blockchain as part of a transaction. There is a distinction between a bitcoin address and it’s public key. The address is generated by hashing the public key. When you create a cold wallet and send bitcoin to it there is no need to broadcast the public key, only the address, so it is safe from this specific attack. If you ever send bitcoin from a cold wallet, even signing the transaction offline, the public key is revealed on the blockchain, and the address hypothetically becomes vulnerable to this attack. I must stress that this is not currently a problem, and I’m sure this attack will be mitigated by the time we get there!

edit: I hope I’ve got this information right!
I’d like to add that the crucial part is to not reveal your public key. It doesn’t matter if you reveal your address.

3 Likes

My questions were about equivalent software wallets not paper wallets :slight_smile:

From what I’ve learned so far I’ll try to summarise:

  • whatever wallet you use, you will have to keep something secure (passphrase, seed words, private key etc), usually physically printed on paper because a secure enough seed / phrase / password is unfeasible to remember.
  • a paper wallet is simple in functionality and operation, but a bit too technical for many to handle safely with confidence (as @drehb points out in his reply to me from which I have quoted). Signing a transaction for a paper wallet normally makes the wallet insecure because there is a risk that the private key was compromised by exposing it on the machine used to broadcast the transaction on the Internet, so once used any coins remaining at the address should immediately be swept to a new paper wallet and the address discarded.
  • a BIP39 hardware or software wallet simplifies the user interface and also adds the ability to generate and manage multiple wallets (addresses) which can all be recovered from a single ‘seed’, and can also sign transactions without exposing the private keys. In the case of a hardware wallet this can be done on any machine whereas to do this with a software wallet one needs an isolated machine (old laptop, raspberry pi etc) which you never allow to be connected to a network (so you transfer signed transactions from the isolated /offline machine to the online machine using a USB stick, or for truly maintaining the air-gap, by capturing a QR code displayed by the isolated/offline machine).
  • a BIP39 hardware wallet has the advantage that you can sign transactions on any machine without exposing your private key, and without needing to use two machines (one offline and one online). The ledger nano s for example: using a PIN for a default wallet, or passwords for the other wallets also accessible on the device.

How’s that?

EDIT: PS Thanks @Runswick for your expansion. Your study and sharings are helpful and show that you don’t need to be a programmer to learn about this. If you didn’t get everything right in a forum like this I’m sure somebody would politely, or not :wink: point it out :slight_smile:. Also thanks @MerkleTree & @drehb for helping me out. :slight_smile:

1 Like

Perfect. But they key to paperwallet is they get used once. So let’s say you have $100,000 to store for an extended period of time but may need some to live in an emergency… Always plan for some spending of cold-storage Split the storage across 5 or 10 wallets with one wallet being equal to an emergency fund like $5k. Sweep that wallet when needed. Send anything remaining back to a new wallet if necessary. Paper wallets are all or nothing.

1 Like

I did mention that paper wallets should be ‘once only’ :wink: but I think your point about how to manage them is also worth noting. Depends on the expected use though.

1 Like