Jump to content

ripple cold wallet (node.js)


joy
 Share

Recommended Posts

Hi  

I am not a programmer and I am trying to learn how the coldwallets js works 

 

can someone explaine this part ?  var seed = (process.argv.length==3) ? process.argv[2]

how the randomness works? 

is there any changes that i can make to increase the security ? 

 

"If you have access to a machine with node and npm, you always use the quick+dirty method. This is not really a cold wallet unless you keep the machine offline. And I don't know who wrote this code or who checked it, but it appears to be obviously safe and correct, at least to me. (I'm not a JS guy, but it's really simple).

1) Create a file called "coldwallet.js" in its own directory with these contents:

var keypairs = require ('ripple-keypairs');
var seed = (process.argv.length == 3) ? process.argv[2] : keypairs.generateSeed();
var keypair = keypairs.deriveKeypair (seed);
console.log ("Ripple-address: " + keypairs.deriveAddress (keypair.publicKey));
console.log ("Ripple-secret:  " + seed);

2) Type "npm install ripple-keypairs". Errors about a missing package.json file are normal.

3) If you're paranoid, take the machine offline now.

4) You can create a cold wallet by typing "node coldwallet.js". Run it a few times and make sure you get a different output each time. Make sure you save the secret!

5) You can test a secret or get the corresponding Ripple address by typing "node coldwallet.js <secret>". You should test any secret you plan to use.

No warranty here, I don't even know who wrote this. But it seems to work when I tried it and the code seems obviously safe."

 

 

Link to comment
Share on other sites

That line takes the seed from the command line if one was supplied. Otherwise it calls "keypairs.generateSeed" to generate a random seed. The randomness comes from an internal source that is seeded by the system and should be sufficiently secure. If you're truly paranoid, you can modify the script to pass an Array<integer> to generateSeed to be used to help seed the random number generator. I'm not a JS programmer, so I can't help you much more than that.

(For incredibly silly reasons, I must point out that I am speaking only for myself here and am not acting on behalf of Ripple.)

Link to comment
Share on other sites

3 minutes ago, JoelKatz said:

(For incredibly silly reasons, I must point out that I am speaking only for myself here and am not acting on behalf of Ripple.)

Is a shame what happens in the last rumor (episode), there are some people that hype any word in order to earn some money by speculating.

But hey!!....Ripple is becoming an a very important company and so are you, so from now on your words are very important to the community.

Regards

 

Link to comment
Share on other sites

32 minutes ago, JoelKatz said:

That line takes the seed from the command line if one was supplied. Otherwise it calls "keypairs.generateSeed" to generate a random seed. The randomness comes from an internal source that is seeded by the system and should be sufficiently secure. If you're truly paranoid, you can modify the script to pass an Array<integer> to generateSeed to be used to help seed the random number generator. I'm not a JS programmer, so I can't help you much more than that.

(For incredibly silly reasons, I must point out that I am speaking only for myself here and am not acting on behalf of Ripple.)

So if i don't supply the seed in the cmd i can erase that line and use: 

var keypairs = require ('ripple-keypairs');                                              var seed=keypairs.generateSeed();
var keypair = keypairs.deriveKeypair (seed);
console.log ("Ripple-address: " + keypairs.deriveAddress (keypair.publicKey));
console.log ("Ripple-secret:  " + seed);

 

@JoelKatz thanks for taking the time to help and explain.

 

Edited by joy
Link to comment
Share on other sites

That will do the same thing if no seed is supplied on the command line. You've just removed the ability to specify the seed. I like having that because it enables me to confirm that I've written down a seed correctly by specifying it on the command line and seeing if I get the correct address back.

Link to comment
Share on other sites

On 20.12.2017 at 2:42 PM, JoelKatz said:

That will do the same thing if no seed is supplied on the command line. You've just removed the ability to specify the seed. I like having that because it enables me to confirm that I've written down a seed correctly by specifying it on the command line and seeing if I get the correct address back.

@JoelKatz

Can you please explain how you do the confirmation  ? 

How do you know that its a correct address? 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.