BitShares Forum

Specific Projects => Peerplays => Topic started by: biophil on June 09, 2017, 03:01:09 pm

Title: Security best practices for claiming BTS sharedrop in Peerplays?
Post by: biophil on June 09, 2017, 03:01:09 pm
Howdy all - I just posted the following on Steemit: https://goo.gl/H0LdfX

I'm cross-posting here because I'm sure people here will know the answers:

What I'd like to do, but am not sure how:
I want to save my old BTS owner key somewhere and then update the BTS owner key to a new one. Once it's updated, the old key won't give access to the account, so I can go and drop the old key into the peerplays wallet without fear of unforseen security leaks.

How is the BTS owner key changed? I've looked at the permissions tab in the bitshares.org wallet and it's not obvious enough to me to be worth going and modifying all my permissions.
Title: Re: Security best practices for claiming BTS sharedrop in Peerplays?
Post by: Methodise on June 09, 2017, 03:59:09 pm
I believe you have to add a new (2nd) key, then you'll be able to delete the original one.
Title: Re: Security best practices for claiming BTS sharedrop in Peerplays?
Post by: biophil on June 09, 2017, 04:27:22 pm
I believe you have to add a new (2nd) key, then you'll be able to delete the original one.

I figured it would be something like that... but I'm scared. Maybe I try it on a throwaway account and see how to do it.
Title: Re: Security best practices for claiming BTS sharedrop in Peerplays?
Post by: biophil on June 09, 2017, 06:35:26 pm
I believe you have to add a new (2nd) key, then you'll be able to delete the original one.

One question I have is how to generate the new 2nd key. The web wallet doesn't seem to be giving me the option anywhere.
Title: Re: Security best practices for claiming BTS sharedrop in Peerplays?
Post by: Methodise on June 10, 2017, 12:13:33 am
I believe you have to add a new (2nd) key, then you'll be able to delete the original one.

One question I have is how to generate the new 2nd key. The web wallet doesn't seem to be giving me the option anywhere.

That's a very good point. I've previously resorted to creating throw-away accounts, then borrowing the keys generated for those accounts by the software, to repurpose elsewhere. That would be my recommended approach.

Otherwise there was a bitshares paper wallet generator that also spat out fresh keys, although it would seem best to take the former approach.
Title: Re: Security best practices for claiming BTS sharedrop in Peerplays?
Post by: robo on June 13, 2017, 08:36:23 am
Would it be safer to create a new Bitshares account and
transfer your bitshares to that account? Then use the
private key of the original (now empty) account to claim
your Peerplays. If that private key gets compromised/revealed
to a third-party it doesn't really matter because the account
it controls is now empty.
Title: Re: Security best practices for claiming BTS sharedrop in Peerplays?
Post by: biophil on June 13, 2017, 08:08:29 pm
Would it be safer to create a new Bitshares account and
transfer your bitshares to that account? Then use the
private key of the original (now empty) account to claim
your Peerplays. If that private key gets compromised/revealed
to a third-party it doesn't really matter because the account
it controls is now empty.

That would certainly work if you're not too in love with your original account. There is better way to do it, but I haven't dug enough yet to be sure I know what that way is.
Title: Re: Security best practices for claiming BTS sharedrop in Peerplays?
Post by: Frodo on July 15, 2017, 10:04:43 am
Has anyone tried the reset brainkey functionality? Seems like it would replace all private keys.

(https://i.imgur.com/aqbsOvL.png)
Title: Re: Security best practices for claiming BTS sharedrop in Peerplays?
Post by: biophil on July 17, 2017, 09:53:07 pm
Has anyone tried the reset brainkey functionality? Seems like it would replace all private keys.



I have not; I've never put forth any effort to understand what that does. You're thinking it replaced all keys for all accounts in the wallet? That sounds useful.