I've been trying to get a hold of one of those cold storage thumb drive wallets for a month. Everywhere I look is sold out. I guess people really are catching on to all the advantages you point out in favor of them. Great write up.
The shortage of these is so extended that many people (myself included) are trying to profit from it; most hardware wallets are going for 2x-3x retail on AMZN/eBay.
I'm arguably part of the problem; I bulk-ordered some Ledger Nano S some time back in hopes of flipping them above retail before they're reliably restocked. Since they're so far backordered, though, I might just end up out my capex (sans the part where I'd have bought one or two for myself anyway).
There seems to be a shortage of Ledgers, yes. I wouldn't pay 3x the price (which means I'd sell you mine if I didn't have coins on it), but it's easily the best purchase if you have more than a few hundred dollars' worth of coins, or if you're a geek like me.
I especially love how it supports multiple cryptocurrencies with the same keys, so I can just store everything in the same place with no hassle.
I browse without cookies enabled most of the time. A very large number of blog-style sites like this one have become nearly unusable because of these damned popups. I'd guess I'm seeing them on 2/3 of these sites now.
I'd love to see a uBlock Origin block list for these elements. Hell, I'd pay for it.
A great example of why the whole 'be your own bank' feature of cryptocurrency is not so great a feature after all.
These 'how to protect your coins' guides get longer and longer each time another weakness in the system is found. Next month's security guide will have even more steps, and you'd better follow them too...
Cryptocurrencies have only been around for 8 years. It's no wonder that we're still figuring out if being your own bank is possible. There's a long road ahead, a lot of innovation to be had. But being your own bank is a worthwhile and potentially achievable goal. Assessing the current state of the system and saying it has failed, at such an early stage, is folly.
Cryptocurrencies were easy to use day 1, for people who know what they're doing. The level of technical expertise needed is dropping over time, and will continue to do so.
Just as computers were the domain of computer scientists when they first appeared, but nowadays everyone has a smart phone in their pocket.
(BTW, let us not forget that everyone thought the idea of a Personal Computer was crazy. It's no wonder that people today think the idea of a Personal Bank is crazy.)
I agree that it's complex for the layman, but in reality it's really simple for anyone familiar with how crypto works. Even if they didn't, I usually just explain it like this:
Your account number is made up of two parts - one part lets you view and deposit, the other lets you withdraw. You can give the first part of your account number to anyone (if you don't mind seeing how much money you have), but you should keep the second part you keep very safe.
In fact, once people hear that the second part (the private key) allows you to withdraw, they don't even need to hear the rest.
For many people though, they don't like the idea that people who can deposit can also view amounts and transactions. I guess that's why cryptos like Monero are worth looking into.
Understanding the difference between private and public keys is not the whole story. Users need to know about backing these up, but they also need to know how to clear them off of their computer in the first place.
You can go as far as having your private key carved into a metal plate so it'll never get destroyed, but if a copy of it happens to still be sitting on your hard drive, your coins are still at risk. Very few people will know how to securely purge their computer of this critical data.
Even worse, the 'offline' approach in this guide means downloading random javascript from different web services that you are just meant to trust with your private key. It's a disaster.
I was referring to the idea of a "paper wallet". I don't know of many (any?) people who store their Bank PINs on their PCs, so I don't see how anything you mentioned is relevant.
If crypto currency is ever going to replace cash and credit cards, you need to make it easy for 8 year old Timmy and his 80 year old grandma. At the moment neither of them have any concept of what crypto currency is or how to use it, but the sure can go down to the gas station and buy some candy from them with cash.
This doesn't really have anything to do with security, and there's nothing inherent in the way that crypto currencies are designed that would prevent this.
Secure messaging was the same for a long time but now it's improving rapidly. I don't think managing keys will get harder and harder. Already using a Ledger Nano is pretty nice, and I imagine in a couple of years it will be very nice. But I also imagine the ecosystem for hosted keys will stay, so you can choose to be your own bank or to trust some other actor. With cryptocurrency it will be much easier and cheaper to move to a competing service, too.
The main issue I have with wallets, which is not really addressed in the article, is that the wallet formats seem to be continually changing. Will the software work with your wallet format in 10 years time when you finally want to cash in your coins? What do you do if it doesn't?
You stick with open source wallets; problem "solved". Obviously having to dig up old software and potentially having to make modifications to extract what you need from them is not ideal, but at least it's possible.
That said, the lowest common denominator methods of storing coins long term are pretty stable. They're just paper/metal/stone tablets/flesh with a 256-bit key encoded on them. Hard for that encoding to age any worse than, say, floppy disks which you can _still_ buy drives for today.
While yes it's prone to various known/unknown attack vectors, and each crypto has a different surface area (like ethereum's smart contracts) The public/private key being one of them is unlikely. Computationally, cracking that takes a monumental amount of computing power that doesn't exist yet.
Recently there has been an influx of scam attacks using forged myetherwallet URLs in all the altcoin slack channels. Using your own is really the better way to go about this.
The article mentions ways to run both solutions offline but going to the source is probably the safest way.
You download and unzip files from those websites and then run them with the Internet turned off. You can inspect the source code to make sure it's ok. This article is targeted at non-technical users so a solution that relies on downloaded software is good enough. If you'd like a better solution, then I'm sure some research would serve you well.
Realistically, we both know that hardly anyone will check the source code, let alone be capable of spotting security problems or backdoors. Unplugging your machine from the network doesn't protect you either - who knows if the software leaves some temp files around containing your private keys?
This site is banned for using a well-known upvote-selling and comment-selling service. Obviously this is a capital offence on HN.
I wish everyone would realize that when they do this, it is obvious in the data and not worth the risk. Perhaps someone could communicate to the upvote-
and comment-sellers that they're wasting their time?
All: Spam votes and spam comments will get your accounts and sites banned on HN, so please don't.
Out of curiosity, how do you establish the identify association between the person who submitted the story, the person who manages the site, and the person who engages with the seller that you mentioned?
To me it looks like they could be unrelated different parties or even competitors.
44 comments
[ 2.9 ms ] story [ 103 ms ] threadI'm arguably part of the problem; I bulk-ordered some Ledger Nano S some time back in hopes of flipping them above retail before they're reliably restocked. Since they're so far backordered, though, I might just end up out my capex (sans the part where I'd have bought one or two for myself anyway).
I especially love how it supports multiple cryptocurrencies with the same keys, so I can just store everything in the same place with no hassle.
Surely the conversion on these can't be good?
I'd love to see a uBlock Origin block list for these elements. Hell, I'd pay for it.
Edit: Though it didn't block the one on this article...
These 'how to protect your coins' guides get longer and longer each time another weakness in the system is found. Next month's security guide will have even more steps, and you'd better follow them too...
Cryptocurrencies were easy to use day 1, for people who know what they're doing. The level of technical expertise needed is dropping over time, and will continue to do so.
Just as computers were the domain of computer scientists when they first appeared, but nowadays everyone has a smart phone in their pocket.
(BTW, let us not forget that everyone thought the idea of a Personal Computer was crazy. It's no wonder that people today think the idea of a Personal Bank is crazy.)
Your account number is made up of two parts - one part lets you view and deposit, the other lets you withdraw. You can give the first part of your account number to anyone (if you don't mind seeing how much money you have), but you should keep the second part you keep very safe.
In fact, once people hear that the second part (the private key) allows you to withdraw, they don't even need to hear the rest.
For many people though, they don't like the idea that people who can deposit can also view amounts and transactions. I guess that's why cryptos like Monero are worth looking into.
You can and should create a new keypair for each transaction.
That way you avoid the issue of someone else prying into your expenses.
This is the default behaviour of most wallets
You can go as far as having your private key carved into a metal plate so it'll never get destroyed, but if a copy of it happens to still be sitting on your hard drive, your coins are still at risk. Very few people will know how to securely purge their computer of this critical data.
Even worse, the 'offline' approach in this guide means downloading random javascript from different web services that you are just meant to trust with your private key. It's a disaster.
If on the other hand, you want to use a decentralized, trust less, electronic currency, there is Bitcoin.
Step 2: back up the seed for the hardware wallet
Step 3: send your coins to an address managed by said hardware wallet
Step 4: kick back and relax
That said, the lowest common denominator methods of storing coins long term are pretty stable. They're just paper/metal/stone tablets/flesh with a 256-bit key encoded on them. Hard for that encoding to age any worse than, say, floppy disks which you can _still_ buy drives for today.
https://github.com/MyEtherWallet/MyEtherWallet or https://github.com/MichaelMure/WalletGenerator.net
Recently there has been an influx of scam attacks using forged myetherwallet URLs in all the altcoin slack channels. Using your own is really the better way to go about this.
The article mentions ways to run both solutions offline but going to the source is probably the safest way.
To add insult to injury, filling it out and submitting, it took a good 15 seconds for my submit to be processed and their modal to autoclose.
I wish everyone would realize that when they do this, it is obvious in the data and not worth the risk. Perhaps someone could communicate to the upvote- and comment-sellers that they're wasting their time?
All: Spam votes and spam comments will get your accounts and sites banned on HN, so please don't.
To me it looks like they could be unrelated different parties or even competitors.