Jump to content
Tomram

Question for expert on transactions created and signed offline

Recommended Posts

Hello all, long time reader here who has learned a lot from the forum.

I have a question for someone who is an expert in the vulnerability of transactions made and signed off line.

This is my situation.

I have substantial holdings of XRP, acquired a number of years ago, which I am now beginning to liquidate. Not all, just some. More than ever I think Ripple and XRP are going to be a global game changer.

When things started to heat up last year, I purchased a computer specifically to put a wallet on, and leave it off line permanently, and use this for all transactions. I use the Rippex wallet. If I need to move XRP, I make the transaction offline, then write this to a CD. I then make the transaction by taking this CD to an online computer, which also has the Rippex wallet (but no accounts, passwords, etc) and submit the transaction. The CD then gets thrown in the garbage.

My question. If I were to load the signed transactions (the text files) from the CD onto the online computer, but not submit them (for use at a later time), is there any vulnerability of those signed transactions? My assumption is they are cryptographically sealed, and even if malware or by some other method the files got into the hands of someone else, they are unable to be altered in any way, and no details secret key, etc could be acquired.

Is this correct?

Thanks in advance.

Share this post


Link to post
Share on other sites

Correct, once signed, then that transaction can not be modified. And if someone gets ahold if it then there is nothing they can do other than submit it. It won't reveal your keys or anything.

So the only two issues could be:

1) You sign the transaction, write it to CD, change your mind and bin it. Someone recovers it and submits the transaction. It would just be the same as if you submitted it, ie the same amount would be transferred to the same account you specified.

2) The transaction has the account sequence number in. So if you made several transactions, but didn't submit one, then the subsequent ones would fail. You'd have to either submit them in order, or re-sign the subsequent ones with the correct sequence number.

3) The transaction you are submitting is an OFFER_CREATE to exchange 1000 XRP for, say $2000. You create it, and then don't submit it and bin it. Someone finds it and by now 1000 XRP is worth $20,000 and they submit it. You have just sold your XRP for a fraction of it's value. (I think... might be the ledger would still get you the best price)

-Matt

Share this post


Link to post
Share on other sites
22 minutes ago, Tomram said:

My assumption is they are cryptographically sealed, and even if malware or by some other method the files got into the hands of someone else, they are unable to be altered in any way, and no details secret key, etc could be acquired.

I'd say you are correct. @Xilobyte please confirm.

Share this post


Link to post
Share on other sites
1 hour ago, hammertoe said:

Correct, once signed, then that transaction can not be modified. And if someone gets ahold if it then there is nothing they can do other than submit it. It won't reveal your keys or anything.

So the only two issues could be:

1) You sign the transaction, write it to CD, change your mind and bin it. Someone recovers it and submits the transaction. It would just be the same as if you submitted it, ie the same amount would be transferred to the same account you specified.

2) The transaction has the account sequence number in. So if you made several transactions, but didn't submit one, then the subsequent ones would fail. You'd have to either submit them in order, or re-sign the subsequent ones with the correct sequence number.

3) The transaction you are submitting is an OFFER_CREATE to exchange 1000 XRP for, say $2000. You create it, and then don't submit it and bin it. Someone finds it and by now 1000 XRP is worth $20,000 and they submit it. You have just sold your XRP for a fraction of it's value. (I think... might be the ledger would still get you the best price)

-Matt

50687445-482E-44D0-B8A4-683DF0937C38.gif.190c6e98271c104156d937fb917defb4.gif

Share this post


Link to post
Share on other sites

Thanks for the prompt replies.

The transactions are transfers to an exchange for sale. The XRP is sent to a unique account within the exchange that goes to me only, so I'm happy that even if someone does get hold of the transaction file, all they can do is send it to my account for sale.

The reason for the question was that I sometimes need to go away for work, and I don't want take a CD drive and the transaction CD with me. I'd prefer to have a bunch of transaction files prepared and loaded onto my computer and use them if/when required. It sounds like this is perfectly safe.

Thanks again.

Share this post


Link to post
Share on other sites
Guest
15 minutes ago, Tomram said:

I'd prefer to have a bunch of transaction files prepared and loaded onto my computer and use them if/when required. It sounds like this is perfectly safe.

 

That's fine but they won't work out of sequence....  or if other trans are done on that account in between them.  So just keep the sequence right and all is good.

 

Now the advice:       DONT DO IT!!!!         :)     

  HODL      THEN HODL SOME MORE.       :) 

Share this post


Link to post
Share on other sites

Happy with the sequence and how that all works. When I create a transaction off line, it names it with the sequence number included, so it is obvious which one is next. If I get confused, a simple explore of the account using bithomp lets me know which is the next transaction.

Thanks for the advice. Been holding since 2014. I have no intention of selling out, but not securing my financial future by selling a portion now would be pretty brainless. Whilst I think the future of Ripple is far more secure now than when I initially purchased over 3 years ago, it still not guaranteed. There is still risk.

Share this post


Link to post
Share on other sites

CD-R isn't considered archive-safe, google Disc Rot for more information

If you want to store data long term, magnetic tape is better - remember the rule of thumb, data doesn't exist unless it's stored in at least 3 places concurrently.

Share this post


Link to post
Share on other sites

True. It also might be cheaper and easier to buy very small USB flash drives in bulk then use those instead of CDs. Single use for ultimate paranoia, if not then just format between uses. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...