Jump to content

How to escrow your XRPs


xrp_india
 Share

Recommended Posts

Going by such a huge success of Ripple XRP, many people will definitely like to make their XRP safety foolproof.

The best methods known are Paper Wallet and Ledger Nano S.

Still, I feel if we add escrow on top that, it will be the ultimate secure way of storing your XRPs.

Let us have a discussion on this with people sharing their knowledge on how to escrow your XRPs.

One such way is using Secure Block Chains reservoir app.

But somewhere I do not want to go via any third party ( like SBC ) for this and instead would like to use the escrow feature over xrp ledger directly.

Do we have any such mechanism/tools/APIs available.

Would be great if JoelKatz and Nikb can also provide some light on this.

 

 

 

 

 

Link to comment
Share on other sites

There are APIs in the ripple server that would allow you to create an escrow on the Ripple ledger.  I'd point you to transactions like EscrowCreate.  

Given the interest in Escrow, I've been trying to figure out a safe way of building this into a service for those who do not want to program on their own against Ripple WebSocket APIs. 

But it all comes back to the trust issue.  I can't see a user saying "oh, here's my secret key, please use this to create an escrow".  Or, "Here's some XRP I'm sending you.  Please escrow it until this date".  Both would obviously be foolish to expect a user to do.  Unless they really, really trust the company.

I think Ripple expects escrow to be done either by companies or individuals for their own account using programming APIs like the one above, or perhaps by Gateways which users already trust because the gateways have their XRP already.

Link to comment
Share on other sites

Thanks ChrisW and Sukrim for your inputs.Going through what you mentioned.

Meanwhile, would like to add that it would be great if escrow can be done by signing the transaction offline and then submitting the signed transaction through online wallet. I know it can be done for payments , not sure about the escrow.

Link to comment
Share on other sites

As security was mentioned by the OP, can we discuss if there are any security benefits of using Escrow - from the point of view of not getting your XRP stolen.

My initial thoughts are that it's a bit of a false sense of security, because although the XRP are safe while the escrow in in place, you still need to protect the secret key of the destination wallet just as much as a wallet with XRP in it - because an attacker who knows the key will also know exactly when the escrow expires and can execute an attack immediately after.

Thoughts?

Link to comment
Share on other sites

Agree wit at3n, I don't see how escrow makes more secure. Imagine you escrow a certain amount, to be released after a year or so to account X. Whether or not put in to escrow, you still are in trouble when the secret key for account X is compromised. In case of escrow, the attacker will wait for the moment that the amount is coming out of escrow. The timing is known, it is in the public ledger.

In the favorable case that you know your key has been compromised, you must make sure you are quicker then the attacker to take out all XRP from account X. What more can you do then try to place a send order in exactly the correct ledger, with a very high fee and hoping that the attacker will use a lower fee..

Edited by jn_r
Link to comment
Share on other sites

Yes I agree to at3n and jn_r, that still its not safe if our private keys are compromised and the hacker tries to execute the transaction as soon as escrow expires.

But yes it adds one more layer to security and no one can touch the XRPs till escrow finishes.

 

 

Link to comment
Share on other sites

Exactly @jn_r

Even worse, if the key of the destination wallet is compromised, the attacker could disable the master key of the wallet, set a regular key, and then you've already lost control of the wallet and you can do nothing but watch as the escrow expires and disposes of your XRP...

Link to comment
Share on other sites

11 minutes ago, at3n said:

Exactly @jn_r

Even worse, if the key of the destination wallet is compromised, the attacker could disable the master key of the wallet, set a regular key, and then you've already lost control of the wallet and you can do nothing but watch as the escrow expires and disposes of your XRP...

ouch, that would be really painfull to watch :ireful1:

So what if you disable the master key yourself and use your own regular key. But then again, this regular key can also be compromised, which leaves us with the same situation. Imo, unless you are very up to date with all techniques in ripple and think you can outsmart a hacker in this type of situation, it will still not make your account more save... 

Multi-Sig would be the better option I think. Perhaps that, combined with escrow, so that in worst case a third party can make your XRP available after a certain time?

Edited by jn_r
Link to comment
Share on other sites

There are conditional escrows that are not just time-based, where you could choose to never release the escrow funds, so at least you could deny the attacker the XRP. There also seems to be an optional feature that allows you to cancel escrow, but then you're back to needing to protect the secret key to the original wallet, as well as the destination, as the compromise of either would lose your escrowed funds.

Multi-sig is a definite security feature, but I'm really thinking that Escrow is not a benefit to security, and in a bad situation could actually make things worse. Escrow has its uses but I think security is not one of them.

Interesting discusison.

Link to comment
Share on other sites

Yes multi signature combined with escrow may be better.

This crypto world feels so unsafe sometimes.

I hope one day we have a XRP storage service provided by banks which is completely offline.The ripple address should be marked as such ( OFFLINE use only ) on the XRP ledger.The person should go to the bank and fill an offline form for the transaction and the bank should check all his details in person before sending the form for transaction completion over the XRP ledger.The private key should serve as no more than one of the many ways for identification.This will really help huge number of people because many people are afraid of investing in cryptos because of hacking issues.

 

Link to comment
Share on other sites

38 minutes ago, xrp_india said:

Thanks ChrisW and Sukrim for your inputs.Going through what you mentioned.

Meanwhile, would like to add that it would be great if escrow can be done by signing the transaction offline and then submitting the signed transaction through online wallet. I know it can be done for payments , not sure about the escrow.

Any transaction, including escrow, can be signed offline and then submitted.

Link to comment
Share on other sites

41 minutes ago, xrp_india said:

I hope one day we have a XRP storage service provided by banks which is completely offline.The ripple address should be marked as such ( OFFLINE use only ) on the XRP ledger.The person should go to the bank and fill an offline form for the transaction and the bank should check all his details in person before sending the form for transaction completion over the XRP ledger.The private key should serve as no more than one of the many ways for identification.This will really help huge number of people because many people are afraid of investing in cryptos because of hacking issues.

I believe that a bank could effectively implement that by using a conditional escrow. But it doesn't change the fact that the final proof of ownership lies with the secret key(s), and if they're compromised, then all of the traditional forms of identification you want to use would be bypassed, that's the nature of the system. The blockchain can't use things like names and phone numbers for authentication, because they would need to be stored on the blockchain first, visible to everyone!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.