BitShares Forum

Main => General Discussion => Topic started by: masterofmyself on March 22, 2015, 09:58:12 pm

Title: Bitshares Cold Storage
Post by: masterofmyself on March 22, 2015, 09:58:12 pm
Working on an article covering Bitshares for an investment newsletter. Would like to advise investors on purchasing their shares and putting them immediately into cold storage. Are there any resources out there that go over this process?

Alternatively, I'm curious what the security level is like for an online wallet on the Bitshares platform. Is it dangerous to keep your Bitshares on a live wallet similar to how having Bitcoin in a hot wallet opens you up to being hacked? Or is there a different level of security with Bitshares that sets it apart from Bitcoin?
Title: Re: Bitshares Cold Storage
Post by: BunkerChainLabs-DataSecurityNode on March 22, 2015, 10:42:42 pm
paging @xeroc

Title: Re: Bitshares Cold Storage
Post by: xeroc on March 23, 2015, 07:09:28 am
Working on an article covering Bitshares for an investment newsletter. Would like to advise investors on purchasing their shares and putting them immediately into cold storage. Are there any resources out there that go over this process?
I wrote a rather old wiki article about cold storages and how to do it ages ago .. I wouldn't recommend it any more ..

It happened that I just yesterday tested my coldstorage solution with QR-codes and offline signing. The process is rather simply and explained in the README
https://github.com/xeroc/bitshares-pytools/tree/master/coldstorage
Though it is in an early stage I would consider it safe (users should test the offline signing with small funds prior to putting masses of money there)
The documentation also needs some more love :)

When I find more time, I might built a nice user interface for it .. it currently runs in a terminal only ..

Quote
Alternatively, I'm curious what the security level is like for an online wallet on the Bitshares platform. Is it dangerous to keep your Bitshares on a live wallet similar to how having Bitcoin in a hot wallet opens you up to being hacked? Or is there a different level of security with Bitshares that sets it apart from Bitcoin?
The crypto behind BTS is the very same as in Bitcoin .. it's elliptic curve crypto with private keys accessing funds .. If you can store your private key safely, your funds are safe. Also note, that BitShares has built-in BIP32 (HD-wallets) support and private keys can be BIP38-encrypted .. you can also use any of the available Shamir Secret Sharing tools to split your private key into N-of-M keys ..
Title: Re: Bitshares Cold Storage
Post by: masterofmyself on March 29, 2015, 04:58:06 pm
So there doesn't exist an easy, non-terminal way to offline your BTS? I'm going to be suggesting to investors that they put money into BTS, and these are likely people that have no idea how to protect themselves against spyware, malware, viruses, etc. Having them store their BTS online isn't ideal, because that could lead to backlash against me and my partner if their BTS are stolen.
Title: Re: Bitshares Cold Storage
Post by: xeroc on March 29, 2015, 05:13:07 pm
So there doesn't exist an easy, non-terminal way to offline your BTS?
Please define "easy, non-terminal"?
Download
https://github.com/xeroc/jshares/archive/master.zip

open "generateRandomKeysAddresses.html" in firefox
print the page
send all your stuff to the address that is shown there (last qr code/text field)

Now your stuff is offline.
To get your funds back just 'import' the private key (first code) into your account using the web_wallet and wait for the automatic rescan to finish.
your funds should almost immediately show up
Title: Re: Bitshares Cold Storage
Post by: masterofmyself on March 29, 2015, 05:17:25 pm
Sorry, "non-terminal" meaning not having to type a bunch of stuff into Terminal in order to offline the BTS.

Thanks for the link - looks like this might solve the issue.
Title: Re: Bitshares Cold Storage
Post by: xeroc on March 29, 2015, 05:23:23 pm
Sorry, "non-terminal" meaning not having to type a bunch of stuff into Terminal in order to offline the BTS.

Thanks for the link - looks like this might solve the issue.
I will write a new html page for the coldstorage purpose .. give me some time .. working on this stuff in my spare time ..
Title: Re: Bitshares Cold Storage
Post by: masterofmyself on March 29, 2015, 05:27:33 pm
I appreciate what you're doing, for sure.

I tried your suggestion, and when I opened the "generateRandomKeysAddresses.html" it came up blank for each field.

Did I miss something?
Title: Re: Bitshares Cold Storage
Post by: xeroc on March 29, 2015, 06:07:14 pm
I appreciate what you're doing, for sure.

I tried your suggestion, and when I opened the "generateRandomKeysAddresses.html" it came up blank for each field.

Did I miss something?
My fault .. I fixed the repo .. could you redownload and try again?
Title: Re: Bitshares Cold Storage
Post by: xeroc on March 29, 2015, 06:13:59 pm
I just saw this issue on github: https://github.com/BitShares/web_wallet/issues/637#issue-59305622

it basically says that with the next version a coldstorage solution will be a lot easier and you won't need to use the terminal/console at all
Title: Re: Bitshares Cold Storage
Post by: masterofmyself on March 29, 2015, 06:18:58 pm
I tried it again, and still only blank fields. I even went to your Github page and downloaded it straight from there just to be sure I had downloaded the right thing.

Btw, you specified Firefox earlier - just realized that. Is that essential? Because I've been opening it on Chrome (don't have Firefox).
Title: Re: Bitshares Cold Storage
Post by: xeroc on March 29, 2015, 06:20:00 pm
I tried it again, and still only blank fields. I even went to your Github page and downloaded it straight from there just to be sure I had downloaded the right thing.

Btw, you specified Firefox earlier - just realized that. Is that essential? Because I've been opening it on Chrome (don't have Firefox).
It should work in ANY browser as it is just javascript .. not sure why the page is empty for you :(
Title: Re: Bitshares Cold Storage
Post by: masterofmyself on March 29, 2015, 06:21:15 pm
I tried it again, and still only blank fields. I even went to your Github page and downloaded it straight from there just to be sure I had downloaded the right thing.

Btw, you specified Firefox earlier - just realized that. Is that essential? Because I've been opening it on Chrome (don't have Firefox).
It should work in ANY browser as it is just javascript .. not sure why the page is empty for you :(

Let me try on my laptop - one moment!
Title: Re: Bitshares Cold Storage
Post by: masterofmyself on March 29, 2015, 06:24:00 pm
Also, do you know of any web wallets for BTS? Like a Blockchain.info type wallet?
Title: Re: Bitshares Cold Storage
Post by: xeroc on March 29, 2015, 06:26:15 pm
Also, do you know of any web wallets for BTS? Like a Blockchain.info type wallet?
wallet.bitshares.org

Current version does not yet support market transactions (like, ask, bid, short,... ) but I guess it will take at most a week for the dev to complete these
Title: Re: Bitshares Cold Storage
Post by: masterofmyself on March 29, 2015, 06:27:35 pm
I tried it again, and still only blank fields. I even went to your Github page and downloaded it straight from there just to be sure I had downloaded the right thing.

Btw, you specified Firefox earlier - just realized that. Is that essential? Because I've been opening it on Chrome (don't have Firefox).
It should work in ANY browser as it is just javascript .. not sure why the page is empty for you :(

Okay, it works on my laptop. Not sure why it doesn't work on my PC. Just to be clear, should a person send their funds to the Public Key or to the Address?
Title: Re: Bitshares Cold Storage
Post by: xeroc on March 29, 2015, 06:32:03 pm
I tried it again, and still only blank fields. I even went to your Github page and downloaded it straight from there just to be sure I had downloaded the right thing.

Btw, you specified Firefox earlier - just realized that. Is that essential? Because I've been opening it on Chrome (don't have Firefox).
It should work in ANY browser as it is just javascript .. not sure why the page is empty for you :(

Okay, it works on my laptop. Not sure why it doesn't work on my PC. Just to be clear, should a person send their funds to the Public Key or to the Address?
to the address (should be shorter) .. though currently there is no non-terminal way to do so .. this is what will change in the future release ...

The GUI transfer method only allows to send funds to a registered name.. not an address ..
you could send your funds to your address using the terminal with the following command

$ wallet_transfer_to_address <amount> <asset> <from_account> <to_address>

or you wait for the next release which will make this alot easier
Title: Re: Bitshares Cold Storage
Post by: masterofmyself on March 29, 2015, 06:39:13 pm
I tried it again, and still only blank fields. I even went to your Github page and downloaded it straight from there just to be sure I had downloaded the right thing.

Btw, you specified Firefox earlier - just realized that. Is that essential? Because I've been opening it on Chrome (don't have Firefox).
It should work in ANY browser as it is just javascript .. not sure why the page is empty for you :(

Okay, it works on my laptop. Not sure why it doesn't work on my PC. Just to be clear, should a person send their funds to the Public Key or to the Address?
to the address (should be shorter) .. though currently there is no non-terminal way to do so .. this is what will change in the future release ...

The GUI transfer method only allows to send funds to a registered name.. not an address ..
you could send your funds to your address using the terminal with the following command

$ wallet_transfer_to_address <amount> <asset> <from_account> <to_address>

or you wait for the next release which will make this alot easier

Oh, I see. So I couldn't, for instance, purchase BTS from ShapeShift or Metaexchange and have the funds sent straight to the paper wallet address?
Title: Re: Bitshares Cold Storage
Post by: xeroc on March 29, 2015, 06:41:18 pm
I tried it again, and still only blank fields. I even went to your Github page and downloaded it straight from there just to be sure I had downloaded the right thing.

Btw, you specified Firefox earlier - just realized that. Is that essential? Because I've been opening it on Chrome (don't have Firefox).
It should work in ANY browser as it is just javascript .. not sure why the page is empty for you :(

Okay, it works on my laptop. Not sure why it doesn't work on my PC. Just to be clear, should a person send their funds to the Public Key or to the Address?
to the address (should be shorter) .. though currently there is no non-terminal way to do so .. this is what will change in the future release ...

The GUI transfer method only allows to send funds to a registered name.. not an address ..
you could send your funds to your address using the terminal with the following command

$ wallet_transfer_to_address <amount> <asset> <from_account> <to_address>

or you wait for the next release which will make this alot easier

Oh, I see. So I couldn't, for instance, purchase BTS from ShapeShift or Metaexchange and have the funds sent straight to the paper wallet address?
doesn't seem so .. would be a nice feature request though.

@dannotestein
@monsterer

could you add that feature once "wallet_transfer" can take BTS-addresses? please?
Title: Re: Bitshares Cold Storage
Post by: xeroc on March 29, 2015, 07:48:31 pm
I tried it again, and still only blank fields. I even went to your Github page and downloaded it straight from there just to be sure I had downloaded the right thing.

Btw, you specified Firefox earlier - just realized that. Is that essential? Because I've been opening it on Chrome (don't have Firefox).
It should work in ANY browser as it is just javascript .. not sure why the page is empty for you :(

Okay, it works on my laptop. Not sure why it doesn't work on my PC. Just to be clear, should a person send their funds to the Public Key or to the Address?
to the address (should be shorter) .. though currently there is no non-terminal way to do so .. this is what will change in the future release ...

The GUI transfer method only allows to send funds to a registered name.. not an address ..
you could send your funds to your address using the terminal with the following command

$ wallet_transfer_to_address <amount> <asset> <from_account> <to_address>

or you wait for the next release which will make this alot easier

Oh, I see. So I couldn't, for instance, purchase BTS from ShapeShift or Metaexchange and have the funds sent straight to the paper wallet address?

How do you like this:
https://delegate.xeroc.org/coldstorage.html
Title: Re: Bitshares Cold Storage
Post by: masterofmyself on March 29, 2015, 08:36:23 pm
I tried it again, and still only blank fields. I even went to your Github page and downloaded it straight from there just to be sure I had downloaded the right thing.

Btw, you specified Firefox earlier - just realized that. Is that essential? Because I've been opening it on Chrome (don't have Firefox).
It should work in ANY browser as it is just javascript .. not sure why the page is empty for you :(

Okay, it works on my laptop. Not sure why it doesn't work on my PC. Just to be clear, should a person send their funds to the Public Key or to the Address?
to the address (should be shorter) .. though currently there is no non-terminal way to do so .. this is what will change in the future release ...

The GUI transfer method only allows to send funds to a registered name.. not an address ..
you could send your funds to your address using the terminal with the following command

$ wallet_transfer_to_address <amount> <asset> <from_account> <to_address>

or you wait for the next release which will make this alot easier

Oh, I see. So I couldn't, for instance, purchase BTS from ShapeShift or Metaexchange and have the funds sent straight to the paper wallet address?

How do you like this:
https://delegate.xeroc.org/coldstorage.html

Thanks for putting this together! This should do the trick to solve the problem of easy cold storage. You did a great job of walking through the process step-by-step.
Title: Re: Bitshares Cold Storage
Post by: Chronos on March 29, 2015, 11:13:27 pm
I get a certificate warning in Chrome at https://delegate.xeroc.org/coldstorage.html: " Server's certificate is not trusted. Your connection to delegate.xeroc.org is encrypted with obsolete cryptography."

Maybe it's using Bitcoin.  :P
Title: Re: Bitshares Cold Storage
Post by: xeroc on March 30, 2015, 06:00:18 am
I get a certificate warning in Chrome at https://delegate.xeroc.org/coldstorage.html: " Server's certificate is not trusted. Your connection to delegate.xeroc.org is encrypted with obsolete cryptography."

Maybe it's using Bitcoin.  :P
Hehe .. it a CAcert signed cert. default browsers wont trust it. Anyway, the page is a demo and people should download the page. I will make it more clear. Maybe even harden the webserver a little .. not gonna buy a cert for now
Title: Re: Bitshares Cold Storage
Post by: kenCode on April 30, 2015, 07:58:41 pm
good stuff xeroc! bump
Title: Re: Bitshares Cold Storage
Post by: infovortice2013 on May 01, 2015, 01:57:13 pm
I get a certificate warning in Chrome at https://delegate.xeroc.org/coldstorage.html: " Server's certificate is not trusted. Your connection to delegate.xeroc.org is encrypted with obsolete cryptography."

Maybe it's using Bitcoin.  :P
Hehe .. it a CAcert signed cert. default browsers wont trust it. Anyway, the page is a demo and people should download the page. I will make it more clear. Maybe even harden the webserver a little .. not gonna buy a cert for now

good job bro