Jump to content
unick

Best practices to secure your wallet... and your HBN

Recommended Posts

unick

Okay, 

 

Since I want to make sure I have done everything I can to ensure that my coins are safe and secure in case of computer lost/theft, wallet corruption or other unwanted hazardous incidents, I wanted to start this topic so we could list/debate what are the best practices one can apply to make sure his/her HBN remain safe in case of misfortune.

 

I personally have some confusion about the benefits of encrypting the wallet AND the coins being able to stake at the same time.  While I think now it's ok to encrypt the wallet and the coins will still be able safely stake and will only be locked down for sending out... I am still uncertain of that.

 

So I wish that we all contribute the correct, responsible and safest ways of achieving secure holding of the coins in this thread. I will sort out what is being said and then update this post with the relevant information. 

 

Furthermore, once we have gotten sorted out all that is to be considered to secure our HBN, I will update the official wiki for future HBNers and investors to look into.

 

So I am looking for 2 main things.

 

The methods to look for AND the way to set it up.

 

For instance, if we say that we need to backup the wallet.  We should say how often would be considered a good frequence. And how many backups should we keep/rotate. Let's say weekly backups / last 4 weeks.

Also if there is an RPC command or special way to start the method, post that also, along with every step required to achieved the desired outcome.

 

Think of this as an How-to.

 

It might be basic stuff and simple things, but I think it's important to have the correct information without any doubt on this matter since we wouldn't want to brick our wallet or lose access to all our coins by lack of backups or decent and preventive security.

 

Thanks to all for contributing to this

 

  • Like 1

Share this post


Link to post
Share on other sites
Tranz

Good questions. I'll try to sort some of this out.

 

An encrypted wallet is good, for the fact that if someone was able to break in, either remotely or physically to your computer, they could take the wallet.dat file, but would not be able to use it until they also acquired your password.

 

If you have a trojan on your computer and they capture your password, well you are in trouble.  This is where an offline, cold wallet comes into play.

 

The best backup policy depends on how often you use the wallet. Staking will re-use the same key, but adding new send addresses, and when you send and receive change new keys are used from the pool of keys in the wallet. Eventually new keys are generated.

 

I also suggest using the dumpwallet feature, and saving that text file along with your wallet.dat file. For me these are done using the backupwallet feature onto a thumb drive. Offline is best.

 

Hope this helps.

Share this post


Link to post
Share on other sites
Meska

I'm running some dedicated servers, so it's always with RAID, and usually the hosting company provide some FTP space to backup the data.

So for the "data loss" I'm "clear" I think. No one is going to "steal" a dedicated server from an hosting company (I think & hope)

 

It was a service idea at one point I can "sell"/"offer", I was thinking about this, one daemon/user on one big server, with a basic PHP file displaying balance/stakes stuffs like this... dumpwallet options etc... 

I don't have the time to do something like this, but I think it can be a really good idea. The main trouble will still be the "online" security... 

For now, my security is more "no one" knows where are my HBN...

 

For the computer steal/loss trouble, I'm still trying to put my wallet into the RAM, so if the computer is reboot, the wallet disappear. It's not difficult to do, but it's more boring in case of reboot to reimport for a USB drive or something like this...

 

I don't like the "encrypted" wallet, because it's more a "fake security" (you think you're safe, but keylogger can still get your password)...

The offline/cold wallet is the best, but for HBN, there is still this stake trouble ;)

Share this post


Link to post
Share on other sites
unick

You guys have brought up some valid points. So far we have:

 

1. Backup to thumb drive (schedules depends on ones uses of the wallet)

2. Cold Wallet storage

3. Run wallet from RAM

4. Encrypted wallet

5. Trojan/Key logger issues

6. dumpwallet feature

 

I can see how this is going to be a great conversation for an important topic. I'll try to think and sort this out more, since we are still in a big "it depens" state.  But we need a solid backup/security process (at least this is what I aim for). Simple enough for everyone to use (like run from RAM is not for regular joe to implement or the true issue with keyloggers/trojan) but yet don't mess up the staking ability.

 

If it were an non PoS coin, I think the solution would be somewhat around the lines of x% kept in cold storage and y% for regular spending (where x > y). I can't seem to wrap my head around how to get maximum security without affecting too much the staking process.

 

side question.  Does encrypting a wallet prevents from staking? Does it need a special procedure once it's encrypted... I think before ver x you couldn't stake an encrypted walet but was fix in some latest release, am I correct?

Share this post


Link to post
Share on other sites
Tranz

Encrypting a wallet does prevent staking. To allow an encrypted wallet to stake you must unlock it. Currently you can only unlock it via the rpc command walletpassphrase.  I will be adding in functionality to the gui to help with this in the future as well.

 

You can also keep HBN in cold storage. Just bring it out every few months for a nice bump.

Share this post


Link to post
Share on other sites
presstab

I keep my cold storage rar'd two layers deep with two different passwords and no wallet encryption.  I should probably add wallet dumps to the rars too.  But that is just backup and not security.  My wallets are all up 24/7 with little extra security outside of windows standard firewall.

Share this post


Link to post
Share on other sites
unick

I had an idea.  Would it be possible to add 2FA (like google authenticator or authy) to authorize a withdrawal?  Would it be something simple to implement or completely out of reach? 

Share this post


Link to post
Share on other sites
Meska

I had an idea.  Would it be possible to add 2FA (like google authenticator or authy) to authorize a withdrawal?  Would it be something simple to implement or completely out of reach? 

For me, it will be the "worst" idea, because it will be : we are dependant from another provider.

Share this post


Link to post
Share on other sites
unick

For me, it will be the "worst" idea, because it will be : we are dependant from another provider.

Well it's more that you will be "dependant" of another device.

 

And like other settings, it could be set on or off. But it would be the "best" solution against keyloggers and trojan as it would require a second layer of authentication to send out the coins. Witch is perfect for stake wallet as we don't make that much outgoing transactions.

Share this post


Link to post
Share on other sites
Tranz

There is a 2FA of sorts already built into the client. The RPC command is addmultisigaddress

 

I be honest I have not played with it at all, so I won't be the best help for now.  I'm not even sure how this would work with PoS.

 

Here is a quick explanation.

http://bitcoin.stackexchange.com/questions/3718/what-are-multi-signature-transactions

Share this post


Link to post
Share on other sites
unick

This looks interesting. 

 

I managed to create a multisig address 4HUv8wz5VTaJPS7eLxfAHGKiCTDf9UAADS

 

I sent 5.1 HBN to that address.  But they never arrived to the destination.

 

If you check that multisig address on the block explorer. you won't find it and it say it never was used on the network (odd, why?)

If you check the transaction ID from that transaction you will find it's been sent to an unknown address (the other output is the change from the input)

 

Transaciont ID: 8087aea0bc4106b6b983a307c475020412b7ca0bdd681761016130be558aa775-000

Receiving address from that transaction: Ewk4gZZjz2CF1SqgL9adowMruHiSV8PzSr (change from input)

the 5.1 HBN sent to multisig address... seems lost!

 

 

 

So what happened here?  Did I lose the 5 HBN ?

 

I would test this on testnet but I never setup a testnet before, so I have no clue how this is done.

Share this post


Link to post
Share on other sites
presstab

With the dumpwallet method, how would one load a dumpwallet txt file into the client?  would it be loadwallet wallet.txt?  What is the benefits of using dumpwallet instead of exporting the private keys?

Share this post


Link to post
Share on other sites
Tranz

You would use importwallet to bring in a dumpwallet to another wallet.  It is the same as using dumpprivkey, but it is every private key and their associated label(account) if you have it.

  • Like 1

Share this post


Link to post
Share on other sites
Tranz

This looks interesting. 

 

I managed to create a multisig address 4HUv8wz5VTaJPS7eLxfAHGKiCTDf9UAADS

 

I sent 5.1 HBN to that address.  But they never arrived to the destination.

 

If you check that multisig address on the block explorer. you won't find it and it say it never was used on the network (odd, why?)

If you check the transaction ID from that transaction you will find it's been sent to an unknown address (the other output is the change from the input)

 

Transaciont ID: 8087aea0bc4106b6b983a307c475020412b7ca0bdd681761016130be558aa775-000

Receiving address from that transaction: Ewk4gZZjz2CF1SqgL9adowMruHiSV8PzSr (change from input)

the 5.1 HBN sent to multisig address... seems lost!

 

 

 

So what happened here?  Did I lose the 5 HBN ?

 

I would test this on testnet but I never setup a testnet before, so I have no clue how this is done.

I think you might of. I just started reading about the subject. I got to here.

 

https://gist.github.com/gavinandresen/3966071

 

 

Regarding testnet.

I run it off 2 machines. I just start clients up using the following parms.

 

-testnet -addnode=IPHOST1 -irc=0  -conf=C:\Users\Me1\AppData\Roaming\HoboNickels\testnet2\HoboNickels.conf -gen=1

and on the other.

-testnet -addnode=IPHOST2 -irc=0  -conf=C:\Users\Me2\AppData\Roaming\HoboNickels\testnet2\HoboNickels.conf -gen=1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Cryptocurrenytalk Logo

 

News, information, and discussions about cryptocurrencies, blockchains, technology, and events. Blockchaintalk is your source for advice on what to mine, technical details, new launch announcements, and advice from trusted members of the community. Cryptocurrencytalk is your source for everything crypto. We love discussing the world of cryptocurrencies.

 

   
×
×
  • Create New...

Important Information

By using CRYPTOCURRENCYTALK.COM, you agree to our Terms of Use.