The Crapto Thread

What odds would you lay that the victims are made whole?

The rich insiderish investors, 98%. The plebs, ~0%.

What is the problem with replicating the hardware? If the keys are encrypted with the passphrase, just getting a copy of the wallet doesn’t do an attacker any good.

I’m a little stunned that crypto people are supposed to be these hyper paranoid survivalists and the state of the art for info security is:

1. Set the same password on all your accounts.
2. Write it down on a piece of paper so you can remember it.
3. Hope no one gets the password.

Hardware wallets are built such that you can’t just copy the contents like it’s a hard drive, because if you could, you could then subject the contents to brute force attack. I read about the details once, I’ve forgotten now, but it’s pretty sophisticated. I remember seeing an attack in which the cover of the wallet was sanded away and lasers were used to activate the chips or something, but I think even that is insufficient for the newer ones.

The “password” to a wallet has to be a simple PIN because you input it into the wallet. The architecture of the wallet prevents brute force attack. But I suppose there’s nothing stopping you from setting up a second wallet in recovery mode and using the seed phrase of the first wallet to set it up, then destroying the seed phrase. The question then is whether you think malfunction of your backup wallet is more or less likely than having your seed phrase stolen. Like I said, no matter what you do there’s always some way it can go wrong.

Having a thing where it’s like “if you break into my safe and steal this physical object you pwn me” is not exactly new, that’s how it works with precious stones. Traditionally, the whole deal of “hyper paranoid survivalists” is having everything within their physical reach so they can personally defend it.

Ugh it’s easy. I keep my cold wallet keistered at all times and have tattoo’d my seed phrase on my butt cheeks

Yeah I originally thought that when people talked about a cold wallet it meant that the digital assets themselves were walled off from the rest of the internet and therefore couldn’t be stolen. But that fundamentally doesn’t make any sense.

But I’m not sure my current understanding is right, because it seems like what you’re storing offline is, more or less, a passphrase. So isolating it physically doesn’t actually prevent you from like getting drunk and telling your bartender what it is.

But it’s likely I still don’t understand it. Which is fine since I’m only in the crapto thread.

Exactly yeah.

It’s 24 words long and most crypto people have only looked at theirs a handful of times.

Another thing people do btw is keep two halves of their seed phrase physically separated, like in two safety deposit boxes at two different banks for example. Again this creates some new risks in that it increases the risk of accidental loss or destruction, but if you know about the loss (if one of the banks burns down, for example) you can quickly transfer the assets to a new wallet.

The passphrase (“seed phrase” more accurately) is literally your private cryptography key which can be used to sign transactions and so forth. So it fundamentally is a binary string, converted into a series of English words using a standard translation table, in order to make it less error-prone to write down.

That method is discriminatory to strippers.

Right. I had previously thought that a cold wallet meant that your crypto was safe even if someone else had your seed phrase. But now I’m understanding that a cold wallet makes it less likely that someone can acquire your seed phrase, but if someone does have your seed phrase (like my bartender) you’re screwed.

I think what could clarify this is if @beetlejuice posted his seed phrase here, just as an example of what we’re all talking about.

Exactly! The most effective part of my class is when I go through examples step by step. @beetlejuice, what is your seed phrase? Just pm me to keep it secure.

That’s not really very secure. He should PM half of it to me and half of it to you.

Also, if you want to be really, really secure, you could create a multi-signature wallet where you need more than one key to transfer. For example, you could create ten seed phrases and a wallet that requires any eight of them to sign a transaction for it to be executed.

How does the blockchain validate that a wallet is allowed move its assets to another wallet?

If the wallet address is public, and the GUID or whatever that represents each thing it holds (NFT, BTC, etc.) is public, then what isn’t public, some kind of key that allows things to move out of the wallet?

right

Yes, when you submit a transaction, it has to be signed with the private key that we’ve been discussing for the last 50 posts or so, or it won’t work.

We may finally be hitting on why it’s called “crypto”