Author [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] [EN] [ZH] [ES] [PT] [IT] [DE] [FR] [NL] [TR] [SR] [AR] [RU] Topic: Is there a danger from keyloggers  (Read 620 times)

0 Members and 1 Guest are viewing this topic.

Offline aloha

  • Sr. Member
  • ****
  • Posts: 394
  • Reality is Information
    • View Profile
Is there a danger from keyloggers
« on: September 07, 2014, 01:13:09 PM »

Hi guys,

I was wondering is there any danger from keyloggers and if it is how to avoid it?

Thanks
aloha  :)

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12058
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BTS: xeroc
  • GitHub: xeroc
Re: Is there a danger from keyloggers
« Reply #1 on: September 07, 2014, 01:20:25 PM »
Hi guys,

I was wondering is there any danger from keyloggers and if it is how to avoid it?

Thanks
aloha  :)
keyloggers can only capture why you type on the keyboard .. they cannot capture the random private key .. so the only thing you need to make sure is that you store you JSON backup file somewhere safe .. that file together with the keylogged passphrase can make an attacker access your funds

keyloggers are difficult to identify and avoid:
you can have a keylogger plugin in between your keyboard and the computer .. it can also be implemented as a chip in your keyboard (!!)
then there comes the software keylogger .. either in BIOS, kernel space or Operating system space .. sometimes very difficult to identify :(
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline Akado

  • Hero Member
  • *****
  • Posts: 2747
    • View Profile
  • BTS: akado
Re: Is there a danger from keyloggers
« Reply #2 on: September 07, 2014, 01:26:14 PM »
If im not mistaken, virtual keyboards can help you avoid some keyloggers, but not all
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12058
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BTS: xeroc
  • GitHub: xeroc
Re: Is there a danger from keyloggers
« Reply #3 on: September 07, 2014, 01:27:50 PM »
somehow .. for cryptocurrencies .. a secure system is a requirement ... on the internet you can find PLENTY of people loosing money because of malware
only other chance is a off-line computer for signing .. pretty much what armory/trezor is doing .. but for btsx this does not yet exist
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1633
    • View Profile
Re: Is there a danger from keyloggers
« Reply #4 on: September 07, 2014, 01:37:26 PM »
I think that the most important thing in cryptos is security and no one seems to find a very easy way to store cryptos offline...

I mean something really easy and stupid..Like a small usb stick that you plug into your pc and stores all your coins offline and once saved on that stick no one can ever ever get control of them unless he can steal this usd stick from you and also your passphrase and maybe other security questions etc... If something so easy like that is invented then I would be very confident to just move all my bank accounts into this usb stick, convert them to Bitshares, biteur,bitusd,bitbtc and never use any bank ever again...Until that day comes unfortunately cryptos will have to be just a small bet of money that I wouldn't care if I lose them anyway and I am pretty sure a lot of people out there feel the same as me...

How difficult is something like that to be invented?

Offline soniq

  • Full Member
  • ***
  • Posts: 181
    • View Profile
Re: Is there a danger from keyloggers
« Reply #5 on: September 07, 2014, 01:54:15 PM »
I think that the most important thing in cryptos is security and no one seems to find a very easy way to store cryptos offline...

I mean something really easy and stupid..Like a small usb stick that you plug into your pc and stores all your coins offline and once saved on that stick no one can ever ever get control of them unless he can steal this usd stick from you and also your passphrase and maybe other security questions etc... If something so easy like that is invented then I would be very confident to just move all my bank accounts into this usb stick, convert them to Bitshares, biteur,bitusd,bitbtc and never use any bank ever again...Until that day comes unfortunately cryptos will have to be just a small bet of money that I wouldn't care if I lose them anyway and I am pretty sure a lot of people out there feel the same as me...

How difficult is something like that to be invented?

Armory has an application like this for BTC, but does not exist yet for BTSX.

Trezor too is an secure way of storing coins offline and is about the  size of a USB stick
Pr7V9GUm59dtKWXG6RJSymPsyCaCKWwNEj
Soniq on Bitcointalk -- Verified
Bitshares btsx:soniq

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12058
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BTS: xeroc
  • GitHub: xeroc
Re: Is there a danger from keyloggers
« Reply #6 on: September 07, 2014, 02:02:47 PM »
I think that the most important thing in cryptos is security and no one seems to find a very easy way to store cryptos offline...

I mean something really easy and stupid..Like a small usb stick that you plug into your pc and stores all your coins offline and once saved on that stick no one can ever ever get control of them unless he can steal this usd stick from you and also your passphrase and maybe other security questions etc... If something so easy like that is invented then I would be very confident to just move all my bank accounts into this usb stick, convert them to Bitshares, biteur,bitusd,bitbtc and never use any bank ever again...Until that day comes unfortunately cryptos will have to be just a small bet of money that I wouldn't care if I lose them anyway and I am pretty sure a lot of people out there feel the same as me...

How difficult is something like that to be invented?
you do know about the bitcointrezor?

http://www.bitcointrezor.com/
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1633
    • View Profile
Re: Is there a danger from keyloggers
« Reply #7 on: September 07, 2014, 02:16:49 PM »
Yes I 've heard about it but I don't care about it since I don't have a single bitcoin. Just a few bitshares which I bought quite expensive anyway and which I am planning to sell only a few when we reach at least bitcoin's market cap...

If there was however something similar for Bitshares X then I would most definitely move all my fiat in bitshares. ;)

So far all these is very hacky and technical for me and security wise I don't feel safe to invest a lot...

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12058
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BTS: xeroc
  • GitHub: xeroc
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1633
    • View Profile
Re: Is there a danger from keyloggers
« Reply #9 on: September 07, 2014, 05:14:45 PM »
I have a couple of questions regarding the cold storage:

1. I open the GUI offline and create an account "xxx" and obtain a public and a private key for that account. So far so good...

2. I open GUI online and type wallet_account_register "xxx" "mf-tzo". What happens if by the time I do that someone else registers "xxx"?. Will I get an error message that the account is registered?

3. Assuming 1,2 are ok, I have registered a new account "xxx" with a public and private key that the network hasn't seen?

4. Can I now go offline again, open the GUI and import my wallets under the "xxx" account from the 28th snapshots? Do I miss something here?

5. Whenever now I choose to go online, I open the GUI, dump the private key of "xxx" , rescan the blockchain and my balances will be there? but now the wallet is no longer offline? basically when I dump the private key of "xxx" I am getting out of cold storage and I am online right?

Sorry for the silly questions...Just try to understand basic security here...

Thanks in advance!


Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12058
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BTS: xeroc
  • GitHub: xeroc
Re: Is there a danger from keyloggers
« Reply #10 on: September 07, 2014, 05:48:55 PM »
2. I open GUI online and type wallet_account_register "xxx" "mf-tzo". What
happens if by the time I do that someone else registers "xxx"?. Will I get an
error message that the account is registered?
You need to add a local account for xxx and the BTSX public key fist .. then you can register if

3. Assuming 1,2 are ok, I have registered a new account "xxx" with a public and
private key that the network hasn't seen?
The public key has to be registered on the blockchain .. hence PUBLIC!

4. Can I now go offline again, open the GUI and import my wallets under the
"xxx" account from the 28th snapshots? Do I miss something here?
To be able to import any balance from the blockchain to the offline computer
you need to copy the blockchain (folder "chains") to an USB stick and carry it
to your offline computer. Rescan .. blabla .. and then you should see your
balance there too.

5. Whenever now I choose to go online, I open the GUI, dump the private key of
"xxx" , rescan the blockchain and my balances will be there? but now the wallet
is no longer offline? basically when I dump the private key of "xxx" I am
getting out of cold storage and I am online right?
Right .. whenever you want to use your coldstorage key you need to make it HOT
.. Currently there is no solution like in btc available where you can sign your
transaction offline. ... yet
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline aloha

  • Sr. Member
  • ****
  • Posts: 394
  • Reality is Information
    • View Profile
Re: Is there a danger from keyloggers
« Reply #11 on: September 07, 2014, 06:07:35 PM »
Thanks xeroc, your answers are very helpful to me. I use to keep my wallet back up on my laptop and usb, but now it is going to be only usb. I know about Trezor as I bought one, but in meantime I sold all of my bitcoins and replaced them with BTSX.  :)
 Something like Trezor would be great for BTSX.
Regards
aloha  :)

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1633
    • View Profile
Re: Is there a danger from keyloggers
« Reply #12 on: September 07, 2014, 06:30:49 PM »
Thank you Xerox. Really appreciate your efforts in explaining.

As aloha said a Trezor for BitsharesX will be awesome... Just plug the thing and you are done...All this scan blockahains, offline pcs etc are not really my cup of tea and I will most certainly fuck up if I tried that... :)

I don't understand what that means
Quote
You need to add a local account for xxx and the BTSX public key fist
...how do I do that?...lol..

Quote
To be able to import any balance from the blockchain to the offline computer
you need to copy the blockchain (folder "chains") to an USB stick and carry it
to your offline computer. Rescan .. blabla .. and then you should see your
balance there too.

How can I rescan the blockchain since I am offline? Anyway I better try that my self if I want to figure this out..

Anyway I don't want to waste your time anymore with that so don't bother to answer me anymore... :)

Again thanks for your efforts.
« Last Edit: September 07, 2014, 06:32:46 PM by mf-tzo »

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12058
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BTS: xeroc
  • GitHub: xeroc
Give BitShares a try! Use the http://testnet.bitshares.eu provided by http://bitshares.eu powered by ChainSquad GmbH

Offline soniq

  • Full Member
  • ***
  • Posts: 181
    • View Profile
Re: Is there a danger from keyloggers
« Reply #14 on: September 08, 2014, 05:10:04 AM »
There is no information in wiki to register the cold storage name.

 Made a huge mistake tonight by not doing that step.
Pr7V9GUm59dtKWXG6RJSymPsyCaCKWwNEj
Soniq on Bitcointalk -- Verified
Bitshares btsx:soniq

 

Google+