You are viewing a single comment's thread from:

RE: The Ledger Nano S: Peace of mind

in #cryptocurrency8 years ago

I disagree with this line:

(NOT on any kind of device! Old-school pen and paper can not be hacked!)

Paper can't be hacked, but it can be lost, found, burnt, faded etc. It's not a good way to ensure availability of your private key.

Consider a solution that includes utilising something like KeePass, which is a highly encrypted self managed password storage solution, stored on a cloud service that offers 2fa

Also a good idea for that cloud service to not be linked to the email address that you use everyday (if people don't know what email you used they can't hack it.

8 years ago in #cryptocurrency by
$0.00
    Reply 2
    Sort:  
  • Trending
    • [-]
     8 years ago 

    We're going to have to agree to disagree on this one. Make multiple copies on paper in secure places - this is still far more secure than any digital version of your private keys.

    If you digitize your private keys in any way, there literally is no point to cold storage. Your keys are no longer in cold storage if they are stored digitally, so the cold storage wallet is pointless.

    $0.00
      Reply
      [-]
       8 years ago 

      Thinking paper is more secure than an encryption method is quite contrary to the thinking I would expect of someone keen on the technology behind cryptocurrency

      KeePass supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish algorithm to encrypt its password databases. Both of these ciphers are regarded as being very secure. AES e.g. became effective as a U.S. Federal government standard and is approved by the National Security Agency (NSA) for top secret information.
      The complete database is encrypted, not only the password fields. So, your user names, notes, etc. are encrypted, too.
      SHA-256 is used to hash the master key components. SHA-256 is a 256-bit cryptographically secure one-way hash function. No attacks are known yet against SHA-256. The output is transformed using a key derivation function.
      Protection against dictionary and guessing attacks: by transforming the master key component hash using a key derivation function (AES-KDF, Argon2, ...), dictionary and guessing attacks can be made harder.
      Process memory protection: your passwords are encrypted while KeePass is running, so even when the operating system dumps the KeePass process to disk, your passwords aren't revealed.
      [2.x] Protected in-memory streams: when loading the inner XML format, passwords are encrypted using a session key.
      Security-enhanced password edit controls: KeePass is the first password manager that features security-enhanced password edit controls. None of the available password edit control spies work against these controls. The passwords entered in those controls aren't even visible in the process memory of KeePass.
      The master key dialog can be shown on a secure desktop, on which almost no keylogger works. Auto-Type can be protected against keyloggers, too.
      See also the security information page.

      All of this is stored on a cloud service, an account which is not known to anybody, and protected by 2FA.

      So somebody would have to first hack my cloud, which is extremely difficult with 2FA. And then they'd have to find the database, and then get through that strong encryption.

      The benefit to me is that I can get to it whenever I want. If my house burns down tonight, no problem.

      If you're going to store a piece of paper in multiple places, how are you going to ensure the security of that paper?

      $0.00
        Reply

        Coin Marketplace

        STEEM 0.13
        TRX 0.34
        JST 0.035
        BTC 110710.32
        ETH 4315.89
        SBD 0.84