alexisonsmith Posted June 17, 2018 Share Posted June 17, 2018 So having read a lot on this in the last couple of days here are the steps I believe to create a cold wallet and to verify your private keys. Please correct me if I am wrong on this... 1. Generate a paper wallet by going to one of the two sites (do not use Safari) - https://bithomp.com/paperwallet/ - http://www.ripplepaperwallet.com Go offline, use a private window, generate a couple of pairs ( do not use the first set of pairs) 2. Write down the pair, close the window 3. Go to https://www.theworldexchange.net go offline 4. Enter your secret key, leave the account address blank click log-in 5. You can then verify that the pair you generated above is valid. I believe no xrp needs to be transferred for this check to occur 6. Once you have validated that the pair is valid you can then go and activate your wallet Let me know if the above makes sense, thanks! noucktourno 1 Link to comment Share on other sites More sharing options...
Skippy Posted June 17, 2018 Share Posted June 17, 2018 You can use toast/rippex wallets offline to "check" if the generated pair is valid. I guess your worldexchange method works too, but these two can easily check the same offline (I think..) Theoretically there is no reason NOT to use the first pair you generate. Because if there was ANY chance they could generate already used keypairs... no thanks Also, you can check the public key in eg. https://bithomp.com/ to see it is not already activated. Which probability is zero anyway. Link to comment Share on other sites More sharing options...
at3n Posted June 17, 2018 Share Posted June 17, 2018 1 hour ago, alexisonsmith said: So having read a lot on this in the last couple of days here are the steps I believe to create a cold wallet and to verify your private keys. Please correct me if I am wrong on this... Your steps are a valid way of generating a cold wallet, but I would add to the end of the list: 7. After activation, send a small transaction from the new wallet as a final verification step (using offline wallet software), before sending all of your funds to the wallet. Just in case you get hit by an unknown bug in the key generation/verification sites. Some people disagree with this step; I think it's a good idea as long as you don't risk exposure of your secret key in the process. 8. Make sure to create a second copy of the secret key and store it in whatever way you think is safe. And if you want to be more secure, don't run the key generation tools on a PC that will ever be online again. Copy the website code to a fully offline PC before running it, and then wipe the PC when you're done, or keep it offline forever and use it for all of your crypto offline signing needs. 30 minutes ago, Skippy said: Because if there was ANY chance they could generate already used keypairs... no thanks Well, let's be pedantic, there's ALWAYS an infinitesimally small chance you'll get a keypair that someone else has... ? And there's no way to check it, just because a wallet isn't activated doesn't mean no-one else has the keys. But no-one should lose any sleep over that possibility, as long as you're taking as many steps as possible to stop third-party interference or spying on the key generation process. Link to comment Share on other sites More sharing options...
Warbler Posted June 17, 2018 Share Posted June 17, 2018 https://bithomp.com/ripple-tools you can download this page and use it offline, enter secret which would generate a ripple address (offline) - to verify that pair is correct. and you can sign a small transaction, like assign a gravatar or small payment (sign offline) submit online. Link to comment Share on other sites More sharing options...
alexisonsmith Posted June 17, 2018 Author Share Posted June 17, 2018 Thanks all, if I am on a MAC could I just clear my cache and then use a private browser go offline to generate the pair? I do not have a PC Link to comment Share on other sites More sharing options...
at3n Posted June 17, 2018 Share Posted June 17, 2018 7 minutes ago, alexisonsmith said: Thanks all, if I am on a MAC could I just clear my cache and then use a private browser go offline to generate the pair? I do not have a PC You could, and it's better than nothing, but if you had malware running that's watching what you do, it could capture the keys and send them back to its owner when you go back online. Unlikely maybe, but possible. It's a question of how safe do you think your Mac is vs how valuable your XRP wallet will be. You can boot Linux off a USB key onto a Mac, you could look at that as an offline option if you have no other physical machine. Link to comment Share on other sites More sharing options...
alexisonsmith Posted June 17, 2018 Author Share Posted June 17, 2018 26 minutes ago, at3n said: You could, and it's better than nothing, but if you had malware running that's watching what you do, it could capture the keys and send them back to its owner when you go back online. Unlikely maybe, but possible. It's a question of how safe do you think your Mac is vs how valuable your XRP wallet will be. You can boot Linux off a USB key onto a Mac, you could look at that as an offline option if you have no other physical machine. BAsed on your comments I am thinking a ledger will be safer....what are your thoughts? Link to comment Share on other sites More sharing options...
at3n Posted June 17, 2018 Share Posted June 17, 2018 1 hour ago, alexisonsmith said: BAsed on your comments I am thinking a ledger will be safer....what are your thoughts? I like Ledgers. If you're not comfortable that your environment is safe enough to be using a cold wallet, then a Ledger (or other hardware wallet) would probably be a better alternative. alexisonsmith 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now