BitShares Forum

Main => General Discussion => Topic started by: bitmeat on July 26, 2014, 06:47:14 am

Title: Cold storage?
Post by: bitmeat on July 26, 2014, 06:47:14 am
What is the safest way to store BTSX in a cold storage offline? (in terms of how to generate target address, best way to send, etc.)
Title: Re: Cold storage?
Post by: bytemaster on August 19, 2014, 04:25:46 am
We will be producing a cold storage guide this week.
Title: Re: Cold storage?
Post by: bitmeat on August 19, 2014, 05:31:22 am
Very good!!! With exchanges and computers being hacked left and right, it would be great to be able to split up into chunks and store safely offline.
Title: Re: Cold storage?
Post by: mf-tzo on August 19, 2014, 08:16:01 am
 +5%
Title: Re: Cold storage?
Post by: xeroc on August 19, 2014, 08:40:24 am
Maybe I find the time to quickly write down how I made my coldstorage this evening
Title: Re: Cold storage?
Post by: cass on August 19, 2014, 08:59:20 am
Maybe I find the time to quickly write down how I made my coldstorage this evening

this would be great :)
Title: Re: Cold storage?
Post by: missing64001 on August 19, 2014, 03:42:15 pm
We will be producing a cold storage guide this week.
how to vote?
Title: Re: Cold storage?
Post by: missing64001 on August 19, 2014, 03:47:25 pm
We will be producing a cold storage guide this week.
how to vote form a cold storage offline?
Title: Re: Cold storage?
Post by: bytemaster on August 19, 2014, 04:13:10 pm
We will be producing a cold storage guide this week.
how to vote form a cold storage offline?

You can't. 
Title: Re: Cold storage?
Post by: missing64001 on August 19, 2014, 05:52:04 pm
We will be producing a cold storage guide this week.
how to vote form a cold storage offline?

You can't.
I wish, safe and vote are resolved in the future,or coin in the cold storage offline is unnecessary to vote for no trade.
Title: Re: Cold storage?
Post by: xeroc on August 19, 2014, 06:46:08 pm
Give it a try:
http://wiki.bitshares.org/index.php/ColdStorage
Title: Re: Cold storage?
Post by: bitmeat on August 25, 2014, 07:01:55 am
Give it a try:
http://wiki.bitshares.org/index.php/ColdStorage

I generated a key using the command line utility.

I then transferred 2 BTSX to that address.

Now trying to restore it following your instructions, however wallet_resync_blockchain is no longer a valid command.

I did try rescan. In any case, let's work on making this process more robust. I'm here to experiment if you want me to.
Title: Re: Cold storage?
Post by: bitmeat on August 25, 2014, 07:09:39 am
Silly me, I suppose the entire blockchain needs to be scanned for the balance...

I just did "info" and I noticed this:

 "wallet_scan_progress": "30.26 %",

I'll wait to make sure it's finished, and will report back here. May be even update the Wiki. (Not sure if I need to be an editor or what there)
Title: Re: Cold storage?
Post by: xeroc on August 25, 2014, 07:30:21 am
I'll wait to make sure it's finished, and will report back here. May be even update the Wiki. (Not sure if I need to be an editor or what there)
Good idea, .. will do so when I have the time ..
Title: Re: Cold storage?
Post by: bitmeat on August 25, 2014, 08:24:12 am
Well after rescan, the balance from the cold storage is still not available. Does the account need to be registered before it can import a private key or something?
Title: Re: Cold storage?
Post by: xeroc on August 25, 2014, 09:26:31 am
Well after rescan, the balance from the cold storage is still not available. Does the account need to be registered before it can import a private key or something?
registering is highly recommended ..

Does your the public key that corresponds to your private key also correspond to the public key of the local account you sent the funds to?
Title: Re: Cold storage?
Post by: cass on August 25, 2014, 09:50:49 am
AFAIK - if you don't register your account, you have to note/write down your public keys for every unregistered acct. for later restore purposes ... (pls correct if i'm wrong)
Title: Re: Cold storage?
Post by: bitmeat on August 25, 2014, 10:12:57 am
AFAIK - if you don't register your account, you have to note/write down your public keys for every unregistered acct. for later restore purposes ... (pls correct if i'm wrong)

You are missing the point.

What I did was

1. Generate public BTSX address using the utility.
2. Send 2 BTSX to that addres
3. [problem] importing the private key for that address works, but there is no balance, whatsoever when I run wallet_account_balance.

Title: Re: Cold storage?
Post by: puppies on August 25, 2014, 10:14:11 am
I was just able to retrieve from cold storage.  One thing I would recommend to speed things up as you are trouble shooting is just scanning the transactions that the transfers are in rather than the entire chain.  My transaction was in block 311671 so I did a wallet_rescan_blockchain 311670 2 (since I'm not sure if it scans the block of or the next in line.  That would be useful information if anyone in the know can provide it.)

Other than that I'm pretty sure its just a matter of the public key being registered on the blockchain as a contact account before you import the private key.  You could a) create local contact account. >> transfer to it. >> register it >> import private key >> rescan transaction blocks >> profit
or b) create local contact account >> register it >> transfer to it >>  Import private key >>  rescan transaction blocks >> profit

P.S. I am really really tired right now.  If I am wrong or am just being stupid please let me know.
Title: Re: Cold storage?
Post by: bitmeat on August 25, 2014, 10:17:39 am
I was just able to retrieve from cold storage.  One thing I would recommend to speed things up as you are trouble shooting is just scanning the transactions that the transfers are in rather than the entire chain.  My transaction was in block 311671 so I did a wallet_rescan_blockchain 311670 2 (since I'm not sure if it scans the block of or the next in line.  That would be useful information if anyone in the know can provide it.)

Other than that I'm pretty sure its just a matter of the public key being registered on the blockchain as a contact account before you import the private key.  You could a) create local contact account. >> transfer to it. >> register it >> import private key >> rescan transaction blocks >> profit
or b) create local contact account >> register it >> transfer to it >>  Import private key >>  rescan transaction blocks >> profit

P.S. I am really really tired right now.  If I am wrong or am just being stupid please let me know.

So what you are saying is the reason it didn't work for me was because I haven't registered the local account.

Is there a reason for that restriction, if that is the case?
Title: Re: Cold storage?
Post by: puppies on August 25, 2014, 10:32:00 am
I was just able to retrieve from cold storage.  One thing I would recommend to speed things up as you are trouble shooting is just scanning the transactions that the transfers are in rather than the entire chain.  My transaction was in block 311671 so I did a wallet_rescan_blockchain 311670 2 (since I'm not sure if it scans the block of or the next in line.  That would be useful information if anyone in the know can provide it.)

Other than that I'm pretty sure its just a matter of the public key being registered on the blockchain as a contact account before you import the private key.  You could a) create local contact account. >> transfer to it. >> register it >> import private key >> rescan transaction blocks >> profit
or b) create local contact account >> register it >> transfer to it >>  Import private key >>  rescan transaction blocks >> profit

P.S. I am really really tired right now.  If I am wrong or am just being stupid please let me know.

So what you are saying is the reason it didn't work for me was because I haven't registered the local account.

Is there a reason for that restriction, if that is the case?

I am not exactly sure.  The reason I think that is the case is because of something that happened to me a while back when I was playing with my demo wallet private key. 

I was resyncing the blockchain, and I had the bright idea to import the private key of my demo wallet into my personal wallet.  I was at a point in the blockchain prior to the registration time of my demo wallet so it threw an error when I tried to import it.  So being the smart guy that I am I created an account called demo-wallet, imported demo-wallets private key, and then watched demo wallet magically go from unregistered to registered as my client caught up that point in the blockchain. 

Problem was that even when fully synced there was no balance.  I still had the account open on my demo wallet so I could see that was wrong.  But it got weirder.  When I tried to send from my personal wallet to demo wallet it would send it locally to the franken demo wallet that didn't have any funds in it.  Those new funds would show up, but I was unable to send to the demo-wallet that was registered on the blockchain.  My local account was blocking it.  Even worse I couldn't rename the local account because it was a registered account.

Someone that understands titan better than I do will have to explain why this happened to me, and it might be totally unrelated.  It seems similar to the issue you are having though.  I would try on another wallet to create contact account.  register contact account.  import priv key, and rescan.  Funds should still be there.

***edit*** scratch that.  If that public key isn't registered.  I would just register it as a contact account on the same wallet, and then import priv key and rescan.
Title: Re: Cold storage?
Post by: Riverhead on August 25, 2014, 10:46:55 am
You can also create an account as a parameter of wallet_import_private_key. This may get around the registration issue.
Title: Re: Cold storage?
Post by: xeroc on August 25, 2014, 10:51:16 am
It doesnt really matter if you register it or have it as a local contact as long as you can ensure that you name does not get registered by s.o. else in the meantime .. registering an account prevents the hurdles you described.
Title: Re: Cold storage?
Post by: puppies on August 25, 2014, 10:52:01 am
You can also create an account as a parameter of wallet_import_private_key. This may get around the registration issue.

That should work too, and would be way less of a pain.  Shouldn't even require being registered on the blockchain, right?
Title: Re: Cold storage?
Post by: Riverhead on August 25, 2014, 10:54:39 am
You can also create an account as a parameter of wallet_import_private_key. This may get around the registration issue.

That should work too, and would be way less of a pain.  Shouldn't even require being registered on the blockchain, right?
Correct.
It doesnt really matter if you register it or have it as a local contact as long as you can ensure that you name does not get registered by s.o. else in the meantime .. registering an account prevents the hurdles you described.
If you register it's no longer cold storage. I'm going off the assumption cold storage and paper wallet are different terms for the same thing?
Title: Re: Cold storage?
Post by: puppies on August 25, 2014, 10:59:50 am
It could be registered on the blockchain under its public key without the private key ever touching your wallet.
Title: Re: Cold storage?
Post by: xeroc on August 25, 2014, 11:08:02 am
It doesnt really matter if you register it or have it as a local contact as long as you can ensure that you name does not get registered by s.o. else in the meantime .. registering an account prevents the hurdles you described.
If you register it's no longer cold storage. I'm going off the assumption cold storage and paper wallet are different terms for the same thing?
That statement is wrong .. as you can pay for the registration using a different account ..

account A tells (and pays) the blockchain that account "B" corresponds tthe public key BSX.....
Title: Re: Cold storage?
Post by: Riverhead on August 25, 2014, 11:08:40 am
It doesnt really matter if you register it or have it as a local contact as long as you can ensure that you name does not get registered by s.o. else in the meantime .. registering an account prevents the hurdles you described.
If you register it's no longer cold storage. I'm going off the assumption cold storage and paper wallet are different terms for the same thing?
That statement is wrong .. as you can pay for the registration using a different account ..

account A tells (and pays) the blockchain that account "B" corresponds tthe public key BSX.....
I stand corrected! That is great to know  +5%
Title: Re: Cold storage?
Post by: puppies on August 25, 2014, 11:12:24 am
It doesnt really matter if you register it or have it as a local contact as long as you can ensure that you name does not get registered by s.o. else in the meantime .. registering an account prevents the hurdles you described.

If the public key is in your local contacts could you import its private key with wallet_import_private_key <wif_key> without the [account_name] [create_new_account] [rescan] portion just like it was registered on the blockchain?  I just created a local contact account named local-coldstorage, sent funds to it.  and then entered
Code: [Select]
wallet_import_private_key <wif_key> completelydifferent true false  it pulled in the name local-coldstorage instead of completelydifferent.

Am I understanding you.  In order to successfully import I need to have the public key either in my local contacts or registered on the blockchain?
Title: Re: Cold storage?
Post by: xeroc on August 25, 2014, 11:15:09 am
It doesnt really matter if you register it or have it as a local contact as long as you can ensure that you name does not get registered by s.o. else in the meantime .. registering an account prevents the hurdles you described.

If the public key is in your local contacts could you import its private key with wallet_import_private_key <wif_key> without the [account_name] [create_new_account] [rescan] portion just like it was registered on the blockchain?  I just created a local contact account named local-coldstorage, sent funds to it.  and then entered
Code: [Select]
wallet_import_private_key <wif_key> completelydifferent true false  it pulled in the name local-coldstorage instead of completelydifferent.

Am I understanding you.  In order to successfully import I need to have the public key either in my local contacts or registered on the blockchain?

In short:

Registered accounts:
wallet_import_private_key <wif_key>

Non-registered accounts:
wallet_import_private_key <wif_key> localaccountname true false

If you have sent funds to that 'local' or registered account IT DOES NOT HELP if you just import that private key to an EXISTING account! You need to make sure that a new (or reghistered) account uses that key as account key
Title: Re: Cold storage?
Post by: puppies on August 25, 2014, 11:17:12 am
Awesome.  Thanks Xeroc.
Title: Re: Cold storage?
Post by: Riverhead on August 25, 2014, 11:23:10 am
Great thread. Now I can create riverhead-coldstorage for reals :).
Title: Re: Cold storage?
Post by: xeroc on August 25, 2014, 11:27:21 am
Great thread. Now I can create riverhead-coldstorage for reals :).
or maybe coldstorage.riverhead !?!


Anyway .. during my tryouts ... I also fell into the trap of simply importing the privatekey into an existing account just to realize that TITAN just doesn't work that way ...
think of the account key (private/public) to be the Master key for your TITAN transactions for THAT PARTICULAR account name ..
All private keys that you import into that account ... are just stored there and have nothing to do with the MASTER keys of that account.

Further, the wallet also has a WALLET MASTER KEY (that you cannot simply export in clear-text, but is part of the backupJSON) ... that key is used to derive the account keys ...
once you loose one of your accounts .. but still own the wallet in which you created it you can recreate it with a command I just forgot :)
Title: Re: Cold storage?
Post by: Riverhead on August 25, 2014, 11:56:39 am
I have had success retrieving funds for an account with just the private key so I'm happy there. It works as you say.


So the advantage of a sub account is that no one can register it, right? Yes, I still need to read the wiki :). Riverhead just RTFM already!
Title: Re: Cold storage?
Post by: bytemaster on August 25, 2014, 12:19:33 pm
Looks like you guys are figuring it out.    The primary idea that needs to sink in is that an AccountKey is different than a key in the account. 
Title: Re: Cold storage?
Post by: Riverhead on August 25, 2014, 12:26:34 pm
Looks like you guys are figuring it out.    The primary idea that needs to sink in is that an AccountKey is different than a key in the account.


My working assumption is that an ACCOUNT private key can be imported into a new wallet and retrieve all the funds for that ACCOUNT. Any wallet that has that ACCOUNT private key imported would also have access to that ACCOUNT's funds (like a shared bank account).
Title: Re: Cold storage?
Post by: xeroc on August 25, 2014, 12:50:02 pm
nope ..

the account key is the master key that is used by TITAN to scan for transactions that go to keys that were DERIVED from the account key
the imported (into the account) keys are just some extra keys that ARE NOT used by TITAN to scan for dereived keys

//edit: I guess this only makes sense to my brain :)
Title: Re: Cold storage?
Post by: merockstar on August 25, 2014, 01:10:08 pm
if I had the programming chops I'd whip up a brainwallet utility a la bitaddress.org
Title: Re: Cold storage?
Post by: xeroc on August 25, 2014, 01:13:34 pm
wallet_create <wallet_name> <new_passphrase> [brain_key]

(not adviced to use -- you all know why)
Title: Re: Cold storage?
Post by: Riverhead on August 25, 2014, 01:17:28 pm
wallet_create <wallet_name> <new_passphrase>

(not adviced to use -- you all know why)


Actually I don't :). Why?
Title: Re: Cold storage?
Post by: xeroc on August 25, 2014, 01:18:44 pm
wallet_create <wallet_name> <new_passphrase>

(not adviced to use -- you all know why)


Actually I don't :). Why?
http://www.reddit.com/r/Bitcoin/comments/1c13ld/i_invested_all_of_my_bitcoin_to_a_brain_wallet/
http://www.reddit.com/r/Bitcoin/comments/1zti1p/17956_hacked_brainwallet_passwords/

plenty of storys on da internet
Title: Re: Cold storage?
Post by: merockstar on August 25, 2014, 01:19:36 pm
wallet_create <wallet_name> <new_passphrase> [brain_key]

(not adviced to use -- you all know why)

cool! i'll have to sit down and figure this out.

memorizing a brainwallet is hard, and that's how I prevent myself from spending money I want to save.

is it a requirement that a corresponding account name be registered on the blockchain?
Title: Re: Cold storage?
Post by: xeroc on August 25, 2014, 01:20:54 pm
random > brain
when it comes to security!!!!
Title: Re: Cold storage?
Post by: Riverhead on August 25, 2014, 01:24:16 pm
wallet_create <wallet_name> <new_passphrase>

(not adviced to use -- you all know why)


Actually I don't :) . Why?
http://www.reddit.com/r/Bitcoin/comments/1c13ld/i_invested_all_of_my_bitcoin_to_a_brain_wallet/ (http://www.reddit.com/r/Bitcoin/comments/1c13ld/i_invested_all_of_my_bitcoin_to_a_brain_wallet/)
http://www.reddit.com/r/Bitcoin/comments/1zti1p/17956_hacked_brainwallet_passwords/ (http://www.reddit.com/r/Bitcoin/comments/1zti1p/17956_hacked_brainwallet_passwords/)

plenty of storys on da internet


Ah yes. There are ways to make it much harder. Like have in your seed your first and last name. Then the attack would have to come after you specifically rather than a sequential brute force scan.



But I agree, humans suck at random. What I typically do is blindly flip to random parts of a paper dictionary about nine times and then throw in the first/last name of a couple cousins.
Title: Re: Cold storage?
Post by: xeroc on August 25, 2014, 01:26:12 pm
wallet_create <wallet_name> <new_passphrase>

(not adviced to use -- you all know why)


Actually I don't :) . Why?
http://www.reddit.com/r/Bitcoin/comments/1c13ld/i_invested_all_of_my_bitcoin_to_a_brain_wallet/ (http://www.reddit.com/r/Bitcoin/comments/1c13ld/i_invested_all_of_my_bitcoin_to_a_brain_wallet/)
http://www.reddit.com/r/Bitcoin/comments/1zti1p/17956_hacked_brainwallet_passwords/ (http://www.reddit.com/r/Bitcoin/comments/1zti1p/17956_hacked_brainwallet_passwords/)

plenty of storys on da internet


Ah yes. There are ways to make it much harder. Like have in your seed your first and last name. Then the attack would have to come after you specifically rather than a sequential brute force scan.
If your name was Foo Bar you can probably find someone in the phonebook to be called foo and some othere guy to be called bar .. computers do the rest

google for "johnTheRipper" you will be surprised

edit:
The have a GUI already:
http://openwall.info/wiki/john/johnny
Title: Re: Cold storage?
Post by: Riverhead on August 25, 2014, 01:27:36 pm
All good points.


Also, this :)


http://xkcd.com/936/
Title: Re: Cold storage?
Post by: merockstar on August 25, 2014, 01:33:09 pm
wallet_create <wallet_name> <new_passphrase> [brain_key]

(not adviced to use -- you all know why)

so wallet_name is a temporary wallet name until I register something on the blockchain, new_passphrase can be anything because the client is only being run once offline, and brain_key is where I put my seed?
Title: Re: Cold storage?
Post by: xeroc on August 25, 2014, 01:37:24 pm
some idiot sent 10BTC to the address that belongs to that passphrase some months ago
http://cryptocoinstoday.com/2014/06/26/who-the-fuck-sent-10-8-btc-to-the-correct-horse-battery-staple-brainwallet-via-rbitcoin/
Title: Re: Cold storage?
Post by: merockstar on August 25, 2014, 01:41:28 pm
some idiot sent 10BTC to the address that belongs to that passphrase some months ago
http://cryptocoinstoday.com/2014/06/26/who-the-fuck-sent-10-8-btc-to-the-correct-horse-battery-staple-brainwallet-via-rbitcoin/

wow. just wow.

that really makes me feel like I'm not reaching my potential :(
Title: Re: Cold storage?
Post by: Riverhead on August 25, 2014, 01:44:48 pm
wallet_create <wallet_name> <new_passphrase>

(not adviced to use -- you all know why)

so wallet_name is a temporary wallet name until I register something on the blockchain, new_passphrase can be anything because the client is only being run once offline, and brain_key is where I put my seed?


If you are exporting the private key that's all you need. It is completely unprotected on its own. You would create a new wallet with a new passphrase and import the private key. The private key itself does not have a passphrase.

Title: Re: Cold storage?
Post by: merockstar on August 25, 2014, 01:52:24 pm
wallet_create <wallet_name> <new_passphrase>

(not adviced to use -- you all know why)

so wallet_name is a temporary wallet name until I register something on the blockchain, new_passphrase can be anything because the client is only being run once offline, and brain_key is where I put my seed?


If you are exporting the private key that's all you need. It is completely unprotected on its own. You would create a new wallet with a new passphrase and import the private key. The private key itself does not have a passphrase.

so i understand the use of each of those fields correctly?
Title: Re: Cold storage?
Post by: xeroc on August 25, 2014, 03:39:06 pm
wallet_create <wallet_name> <new_passphrase> (BRAINKEY)

(not adviced to use -- you all know why)

so wallet_name is a temporary wallet name until I register something on the blockchain, new_passphrase can be anything because the client is only being run once offline, and brain_key is where I put my seed?


If you are exporting the private key that's all you need. It is completely unprotected on its own. You would create a new wallet with a new passphrase and import the private key. The private key itself does not have a passphrase.

so i understand the use of each of those fields correctly?
Interestingly there is sth missing in your quote :) .. odd

type
help wallet_create
in the console to be sure