Open Ledger Wallet Security

[xeroc]

The keys stored in your browser are AES256 encrypted and only accessible via the password ...
Make sure you have a backup of your wallet, then you are secure against loss or browser screwups ..
Trezor can certainly be an option .. another option is to use the rather sophisticated multisig-scheme available in BitShares

1) Just for the sake of argument, how easy would it be to brute fore attack the file with a password over 28 random charterers/numbers/symbols. I don't understand encryption enough to know how secure the file is if someone has it, is a skilled hacker and has mal intent.

2) I am setting up muiltsig wallet(s) currently, but the system will not work correctly.

a) I created two dummy accounts to test the process on.
b) I then changed the owner permission on one to need both accounts set account 1 @ 50, accounts 2 @ 50 and left the BTSXXXXXXXX code @ 1, I then changed the threshold to 100. I submitted this and all went well.
c) where I have problems is in undoings these permissions. I go to the account that is now limited (account 1) and propose that account 2 be removed and change the threshold to for account 1 to 50. This proposal is accepted, but I can not get it approved by either account.
d)I go to account 1 and click "approve", It gives me a serious of options of which I have tried every combination of and they all fail. Where am I going wrong?       

1. not easy .. 28 chars is quite secure
2. it sounds as if you are doing everything right .. all you need to understand is that you need to PAY for any transaction from an account that is NOT multisig secured. That means that you pay from your full account and add the approval for another account.
However, I am not sure you can actually easily add the approval of a "KEY" to a proposal.

I would recommend something different:

1) create two regular accounts with keys etc ... let's call it A and B
2) create a third account - the secured account ... put A and B into its active (and owner) permissions and remove the public key ... increase the threshold.
3) now A and B have joint control ... you should be able to create a new proposal using A or B and add the corresponding approvals (TWO approvals need to be added .. for A and B - even if you create the proposal with A or B)

[mr-whitekey]

The keys stored in your browser are AES256 encrypted and only accessible via the password ...
Make sure you have a backup of your wallet, then you are secure against loss or browser screwups ..
Trezor can certainly be an option .. another option is to use the rather sophisticated multisig-scheme available in BitShares

1) Just for the sake of argument, how easy would it be to brute fore attack the file with a password over 28 random charterers/numbers/symbols. I don't understand encryption enough to know how secure the file is if someone has it, is a skilled hacker and has mal intent.

2) I am setting up muiltsig wallet(s) currently, but the system will not work correctly.

a) I created two dummy accounts to test the process on.
b) I then changed the owner permission on one to need both accounts set account 1 @ 50, accounts 2 @ 50 and left the BTSXXXXXXXX code @ 1, I then changed the threshold to 100. I submitted this and all went well.
c) where I have problems is in undoings these permissions. I go to the account that is now limited (account 1) and propose that account 2 be removed and change the threshold to for account 1 to 50. This proposal is accepted, but I can not get it approved by either account.
d)I go to account 1 and click "approve", It gives me a serious of options of which I have tried every combination of and they all fail. Where am I going wrong?       

[karnal]

I will be at the Trezor2 hackathon in late september.
On of my most recent articles on steem has the purpose to let people know the basics of transaction signing in graphene.
However, I can't promise that we will be able to deliver anything useable right after the hackathon but we can at least figure out how to best approach things.

Keep us posted

[xeroc]

I will be at the Trezor2 hackathon in late september.
On of my most recent articles on steem has the purpose to let people know the basics of transaction signing in graphene.
However, I can't promise that we will be able to deliver anything useable right after the hackathon but we can at least figure out how to best approach things.

@xeroc have we reached out to trezor, ledger, etc, with the intent to get graphene supported on the device(s)?

Sure would be nice to have Smartcoins and Steem USD protected by one of those things. It has been on my mind this week!

edit: if we have not, I will organize the initiative!

[karnal]

@xeroc have we reached out to trezor, ledger, etc, with the intent to get graphene supported on the device(s)?

Sure would be nice to have Smartcoins and Steem USD protected by one of those things. It has been on my mind this week!

edit: if we have not, I will organize the initiative!

[xeroc]

The keys stored in your browser are AES256 encrypted and only accessible via the password ...
Make sure you have a backup of your wallet, then you are secure against loss or browser screwups ..
Trezor can certainly be an option .. another option is to use the rather sophisticated multisig-scheme available in BitShares

[mr-whitekey]

Hi, I am sure this has been addressed before, so feel free to point me to the relevant thread, but I looked and could not find it.

I am wondering the best practice scenario for protecting your OpenLedger browser wallet. As I understand it, the keys are stored on your personal computer/browser. This leaves me open to anything from a ransom ware attack to a key-logger. Any ideas? Is there a Trezor like solution I can use? thx.