Author Topic: Security best practices for claiming BTS sharedrop in Peerplays?  (Read 5857 times)

0 Members and 1 Guest are viewing this topic.

Offline biophil

  • Hero Member
  • *****
  • Posts: 880
  • Professor of Computer Science
    • View Profile
    • My Academic Website
  • BitShares: biophil
Has anyone tried the reset brainkey functionality? Seems like it would replace all private keys.



I have not; I've never put forth any effort to understand what that does. You're thinking it replaced all keys for all accounts in the wallet? That sounds useful.
Support our research efforts to improve BitAsset price-pegging! Vote for worker 1.14.204 "201907-uccs-research-project."

Offline Frodo

  • Sr. Member
  • ****
  • Posts: 351
    • View Profile
  • BitShares: frodo
Has anyone tried the reset brainkey functionality? Seems like it would replace all private keys.


Offline biophil

  • Hero Member
  • *****
  • Posts: 880
  • Professor of Computer Science
    • View Profile
    • My Academic Website
  • BitShares: biophil
Would it be safer to create a new Bitshares account and
transfer your bitshares to that account? Then use the
private key of the original (now empty) account to claim
your Peerplays. If that private key gets compromised/revealed
to a third-party it doesn't really matter because the account
it controls is now empty.

That would certainly work if you're not too in love with your original account. There is better way to do it, but I haven't dug enough yet to be sure I know what that way is.
Support our research efforts to improve BitAsset price-pegging! Vote for worker 1.14.204 "201907-uccs-research-project."

Offline robo

  • Newbie
  • *
  • Posts: 8
    • View Profile
Would it be safer to create a new Bitshares account and
transfer your bitshares to that account? Then use the
private key of the original (now empty) account to claim
your Peerplays. If that private key gets compromised/revealed
to a third-party it doesn't really matter because the account
it controls is now empty.

Offline Methodise

I believe you have to add a new (2nd) key, then you'll be able to delete the original one.

One question I have is how to generate the new 2nd key. The web wallet doesn't seem to be giving me the option anywhere.

That's a very good point. I've previously resorted to creating throw-away accounts, then borrowing the keys generated for those accounts by the software, to repurpose elsewhere. That would be my recommended approach.

Otherwise there was a bitshares paper wallet generator that also spat out fresh keys, although it would seem best to take the former approach.
BTS: methodise

Offline biophil

  • Hero Member
  • *****
  • Posts: 880
  • Professor of Computer Science
    • View Profile
    • My Academic Website
  • BitShares: biophil
I believe you have to add a new (2nd) key, then you'll be able to delete the original one.

One question I have is how to generate the new 2nd key. The web wallet doesn't seem to be giving me the option anywhere.
Support our research efforts to improve BitAsset price-pegging! Vote for worker 1.14.204 "201907-uccs-research-project."

Offline biophil

  • Hero Member
  • *****
  • Posts: 880
  • Professor of Computer Science
    • View Profile
    • My Academic Website
  • BitShares: biophil
I believe you have to add a new (2nd) key, then you'll be able to delete the original one.

I figured it would be something like that... but I'm scared. Maybe I try it on a throwaway account and see how to do it.
Support our research efforts to improve BitAsset price-pegging! Vote for worker 1.14.204 "201907-uccs-research-project."

Offline Methodise

I believe you have to add a new (2nd) key, then you'll be able to delete the original one.
BTS: methodise

Offline biophil

  • Hero Member
  • *****
  • Posts: 880
  • Professor of Computer Science
    • View Profile
    • My Academic Website
  • BitShares: biophil
Howdy all - I just posted the following on Steemit: https://goo.gl/H0LdfX

I'm cross-posting here because I'm sure people here will know the answers:

What I'd like to do, but am not sure how:
I want to save my old BTS owner key somewhere and then update the BTS owner key to a new one. Once it's updated, the old key won't give access to the account, so I can go and drop the old key into the peerplays wallet without fear of unforseen security leaks.

How is the BTS owner key changed? I've looked at the permissions tab in the bitshares.org wallet and it's not obvious enough to me to be worth going and modifying all my permissions.
Support our research efforts to improve BitAsset price-pegging! Vote for worker 1.14.204 "201907-uccs-research-project."