Author Topic: Is there a danger from keyloggers  (Read 4587 times)

0 Members and 1 Guest are viewing this topic.

Offline Riverhead

Also since TITAN makes it impossible for a hacker to target "rich" BTSX holders it's more difficult for them to pick their targets.

Although I run Windows on my computers I run XUbuntu VM's that are encrypted (option during install). This won't protect you from a key logger but it makes getting your private keys more difficult.

Offline gamey

  • Hero Member
  • *****
  • Posts: 2253
    • View Profile
I was a bit confused by the system Bitshares uses.  I think it is like Bitcoin type wallets, but they force you to lock it.  It is not a brain-wallet like NXT.

Your password is only used to encrypt your private key on disk.  It is not a brain key.  So a simple keylogger would do little good unless they were also able to intercept a file (or access memory) to obtain the private key.

Now if this was a brain key like NXT then a simple keylogger would suffice. 

If you own a windows machine, I'd suggest a subscription to Kapersky, maybe something else.  Some sort of virus scanner.  That will help most cases.  Trojans/keyloggers are quite a bit less likely in MacOS/Linux, but always a concern.  Especially when you run unknown executables.

« Last Edit: September 08, 2014, 11:51:27 pm by gamey »
I speak for myself and only myself.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc

Offline soniq

  • Full Member
  • ***
  • Posts: 181
    • View Profile
There is no information in wiki to register the cold storage name.

 Made a huge mistake tonight by not doing that step.
Pr7V9GUm59dtKWXG6RJSymPsyCaCKWwNEj
Soniq on Bitcointalk -- Verified
Bitshares btsx:soniq


Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1725
    • View Profile
Thank you Xerox. Really appreciate your efforts in explaining.

As aloha said a Trezor for BitsharesX will be awesome... Just plug the thing and you are done...All this scan blockahains, offline pcs etc are not really my cup of tea and I will most certainly fuck up if I tried that... :)

I don't understand what that means
Quote
You need to add a local account for xxx and the BTSX public key fist
...how do I do that?...lol..

Quote
To be able to import any balance from the blockchain to the offline computer
you need to copy the blockchain (folder "chains") to an USB stick and carry it
to your offline computer. Rescan .. blabla .. and then you should see your
balance there too.

How can I rescan the blockchain since I am offline? Anyway I better try that my self if I want to figure this out..

Anyway I don't want to waste your time anymore with that so don't bother to answer me anymore... :)

Again thanks for your efforts.
« Last Edit: September 07, 2014, 06:32:46 pm by mf-tzo »

Offline vegolino

  • Sr. Member
  • ****
  • Posts: 450
  • Reality is Information
    • View Profile
Thanks xeroc, your answers are very helpful to me. I use to keep my wallet back up on my laptop and usb, but now it is going to be only usb. I know about Trezor as I bought one, but in meantime I sold all of my bitcoins and replaced them with BTSX.  :)
 Something like Trezor would be great for BTSX.
Regards
aloha  :)

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
2. I open GUI online and type wallet_account_register "xxx" "mf-tzo". What
happens if by the time I do that someone else registers "xxx"?. Will I get an
error message that the account is registered?
You need to add a local account for xxx and the BTSX public key fist .. then you can register if

3. Assuming 1,2 are ok, I have registered a new account "xxx" with a public and
private key that the network hasn't seen?
The public key has to be registered on the blockchain .. hence PUBLIC!

4. Can I now go offline again, open the GUI and import my wallets under the
"xxx" account from the 28th snapshots? Do I miss something here?
To be able to import any balance from the blockchain to the offline computer
you need to copy the blockchain (folder "chains") to an USB stick and carry it
to your offline computer. Rescan .. blabla .. and then you should see your
balance there too.

5. Whenever now I choose to go online, I open the GUI, dump the private key of
"xxx" , rescan the blockchain and my balances will be there? but now the wallet
is no longer offline? basically when I dump the private key of "xxx" I am
getting out of cold storage and I am online right?
Right .. whenever you want to use your coldstorage key you need to make it HOT
.. Currently there is no solution like in btc available where you can sign your
transaction offline. ... yet

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1725
    • View Profile
I have a couple of questions regarding the cold storage:

1. I open the GUI offline and create an account "xxx" and obtain a public and a private key for that account. So far so good...

2. I open GUI online and type wallet_account_register "xxx" "mf-tzo". What happens if by the time I do that someone else registers "xxx"?. Will I get an error message that the account is registered?

3. Assuming 1,2 are ok, I have registered a new account "xxx" with a public and private key that the network hasn't seen?

4. Can I now go offline again, open the GUI and import my wallets under the "xxx" account from the 28th snapshots? Do I miss something here?

5. Whenever now I choose to go online, I open the GUI, dump the private key of "xxx" , rescan the blockchain and my balances will be there? but now the wallet is no longer offline? basically when I dump the private key of "xxx" I am getting out of cold storage and I am online right?

Sorry for the silly questions...Just try to understand basic security here...

Thanks in advance!


Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1725
    • View Profile
Yes I 've heard about it but I don't care about it since I don't have a single bitcoin. Just a few bitshares which I bought quite expensive anyway and which I am planning to sell only a few when we reach at least bitcoin's market cap...

If there was however something similar for Bitshares X then I would most definitely move all my fiat in bitshares. ;)

So far all these is very hacky and technical for me and security wise I don't feel safe to invest a lot...

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I think that the most important thing in cryptos is security and no one seems to find a very easy way to store cryptos offline...

I mean something really easy and stupid..Like a small usb stick that you plug into your pc and stores all your coins offline and once saved on that stick no one can ever ever get control of them unless he can steal this usd stick from you and also your passphrase and maybe other security questions etc... If something so easy like that is invented then I would be very confident to just move all my bank accounts into this usb stick, convert them to Bitshares, biteur,bitusd,bitbtc and never use any bank ever again...Until that day comes unfortunately cryptos will have to be just a small bet of money that I wouldn't care if I lose them anyway and I am pretty sure a lot of people out there feel the same as me...

How difficult is something like that to be invented?
you do know about the bitcointrezor?

http://www.bitcointrezor.com/

Offline soniq

  • Full Member
  • ***
  • Posts: 181
    • View Profile
I think that the most important thing in cryptos is security and no one seems to find a very easy way to store cryptos offline...

I mean something really easy and stupid..Like a small usb stick that you plug into your pc and stores all your coins offline and once saved on that stick no one can ever ever get control of them unless he can steal this usd stick from you and also your passphrase and maybe other security questions etc... If something so easy like that is invented then I would be very confident to just move all my bank accounts into this usb stick, convert them to Bitshares, biteur,bitusd,bitbtc and never use any bank ever again...Until that day comes unfortunately cryptos will have to be just a small bet of money that I wouldn't care if I lose them anyway and I am pretty sure a lot of people out there feel the same as me...

How difficult is something like that to be invented?

Armory has an application like this for BTC, but does not exist yet for BTSX.

Trezor too is an secure way of storing coins offline and is about the  size of a USB stick
Pr7V9GUm59dtKWXG6RJSymPsyCaCKWwNEj
Soniq on Bitcointalk -- Verified
Bitshares btsx:soniq

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1725
    • View Profile
I think that the most important thing in cryptos is security and no one seems to find a very easy way to store cryptos offline...

I mean something really easy and stupid..Like a small usb stick that you plug into your pc and stores all your coins offline and once saved on that stick no one can ever ever get control of them unless he can steal this usd stick from you and also your passphrase and maybe other security questions etc... If something so easy like that is invented then I would be very confident to just move all my bank accounts into this usb stick, convert them to Bitshares, biteur,bitusd,bitbtc and never use any bank ever again...Until that day comes unfortunately cryptos will have to be just a small bet of money that I wouldn't care if I lose them anyway and I am pretty sure a lot of people out there feel the same as me...

How difficult is something like that to be invented?

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
somehow .. for cryptocurrencies .. a secure system is a requirement ... on the internet you can find PLENTY of people loosing money because of malware
only other chance is a off-line computer for signing .. pretty much what armory/trezor is doing .. but for btsx this does not yet exist