Jump to content
xrp_india

How to escrow your XRPs

Recommended Posts

Going by such a huge success of Ripple XRP, many people will definitely like to make their XRP safety foolproof.

The best methods known are Paper Wallet and Ledger Nano S.

Still, I feel if we add escrow on top that, it will be the ultimate secure way of storing your XRPs.

Let us have a discussion on this with people sharing their knowledge on how to escrow your XRPs.

One such way is using Secure Block Chains reservoir app.

But somewhere I do not want to go via any third party ( like SBC ) for this and instead would like to use the escrow feature over xrp ledger directly.

Do we have any such mechanism/tools/APIs available.

Would be great if JoelKatz and Nikb can also provide some light on this.

 

 

 

 

 

Share this post


Link to post
Share on other sites

There are APIs in the ripple server that would allow you to create an escrow on the Ripple ledger.  I'd point you to transactions like EscrowCreate.  

Given the interest in Escrow, I've been trying to figure out a safe way of building this into a service for those who do not want to program on their own against Ripple WebSocket APIs. 

But it all comes back to the trust issue.  I can't see a user saying "oh, here's my secret key, please use this to create an escrow".  Or, "Here's some XRP I'm sending you.  Please escrow it until this date".  Both would obviously be foolish to expect a user to do.  Unless they really, really trust the company.

I think Ripple expects escrow to be done either by companies or individuals for their own account using programming APIs like the one above, or perhaps by Gateways which users already trust because the gateways have their XRP already.

Share this post


Link to post
Share on other sites

Thanks ChrisW and Sukrim for your inputs.Going through what you mentioned.

Meanwhile, would like to add that it would be great if escrow can be done by signing the transaction offline and then submitting the signed transaction through online wallet. I know it can be done for payments , not sure about the escrow.

Share this post


Link to post
Share on other sites

As security was mentioned by the OP, can we discuss if there are any security benefits of using Escrow - from the point of view of not getting your XRP stolen.

My initial thoughts are that it's a bit of a false sense of security, because although the XRP are safe while the escrow in in place, you still need to protect the secret key of the destination wallet just as much as a wallet with XRP in it - because an attacker who knows the key will also know exactly when the escrow expires and can execute an attack immediately after.

Thoughts?

Share this post


Link to post
Share on other sites

Agree wit at3n, I don't see how escrow makes more secure. Imagine you escrow a certain amount, to be released after a year or so to account X. Whether or not put in to escrow, you still are in trouble when the secret key for account X is compromised. In case of escrow, the attacker will wait for the moment that the amount is coming out of escrow. The timing is known, it is in the public ledger.

In the favorable case that you know your key has been compromised, you must make sure you are quicker then the attacker to take out all XRP from account X. What more can you do then try to place a send order in exactly the correct ledger, with a very high fee and hoping that the attacker will use a lower fee..

Edited by jn_r

Share this post


Link to post
Share on other sites

Yes I agree to at3n and jn_r, that still its not safe if our private keys are compromised and the hacker tries to execute the transaction as soon as escrow expires.

But yes it adds one more layer to security and no one can touch the XRPs till escrow finishes.

 

 

Share this post


Link to post
Share on other sites

Exactly @jn_r

Even worse, if the key of the destination wallet is compromised, the attacker could disable the master key of the wallet, set a regular key, and then you've already lost control of the wallet and you can do nothing but watch as the escrow expires and disposes of your XRP...

Share this post


Link to post
Share on other sites

Hmm.In that case I just hope for a day when funds can be transferred not just by using the secret key but other parameters like mobile/email OTP or confirmation and your own passwords as in Banks today.

Share this post


Link to post
Share on other sites
11 minutes ago, at3n said:

Exactly @jn_r

Even worse, if the key of the destination wallet is compromised, the attacker could disable the master key of the wallet, set a regular key, and then you've already lost control of the wallet and you can do nothing but watch as the escrow expires and disposes of your XRP...

ouch, that would be really painfull to watch :ireful1:

So what if you disable the master key yourself and use your own regular key. But then again, this regular key can also be compromised, which leaves us with the same situation. Imo, unless you are very up to date with all techniques in ripple and think you can outsmart a hacker in this type of situation, it will still not make your account more save... 

Multi-Sig would be the better option I think. Perhaps that, combined with escrow, so that in worst case a third party can make your XRP available after a certain time?

Edited by jn_r

Share this post


Link to post
Share on other sites

There are conditional escrows that are not just time-based, where you could choose to never release the escrow funds, so at least you could deny the attacker the XRP. There also seems to be an optional feature that allows you to cancel escrow, but then you're back to needing to protect the secret key to the original wallet, as well as the destination, as the compromise of either would lose your escrowed funds.

Multi-sig is a definite security feature, but I'm really thinking that Escrow is not a benefit to security, and in a bad situation could actually make things worse. Escrow has its uses but I think security is not one of them.

Interesting discusison.

Share this post


Link to post
Share on other sites

Yes multi signature combined with escrow may be better.

This crypto world feels so unsafe sometimes.

I hope one day we have a XRP storage service provided by banks which is completely offline.The ripple address should be marked as such ( OFFLINE use only ) on the XRP ledger.The person should go to the bank and fill an offline form for the transaction and the bank should check all his details in person before sending the form for transaction completion over the XRP ledger.The private key should serve as no more than one of the many ways for identification.This will really help huge number of people because many people are afraid of investing in cryptos because of hacking issues.

 

Share this post


Link to post
Share on other sites
38 minutes ago, xrp_india said:

Thanks ChrisW and Sukrim for your inputs.Going through what you mentioned.

Meanwhile, would like to add that it would be great if escrow can be done by signing the transaction offline and then submitting the signed transaction through online wallet. I know it can be done for payments , not sure about the escrow.

Any transaction, including escrow, can be signed offline and then submitted.

Share this post


Link to post
Share on other sites
41 minutes ago, xrp_india said:

I hope one day we have a XRP storage service provided by banks which is completely offline.The ripple address should be marked as such ( OFFLINE use only ) on the XRP ledger.The person should go to the bank and fill an offline form for the transaction and the bank should check all his details in person before sending the form for transaction completion over the XRP ledger.The private key should serve as no more than one of the many ways for identification.This will really help huge number of people because many people are afraid of investing in cryptos because of hacking issues.

I believe that a bank could effectively implement that by using a conditional escrow. But it doesn't change the fact that the final proof of ownership lies with the secret key(s), and if they're compromised, then all of the traditional forms of identification you want to use would be bypassed, that's the nature of the system. The blockchain can't use things like names and phone numbers for authentication, because they would need to be stored on the blockchain first, visible to everyone!

Share this post


Link to post
Share on other sites

×