Troote Posted December 21, 2020 Share Posted December 21, 2020 (edited) Hi guys, I had nose into to the database that was stolen from Ledger and it's not looking pretty. Ledger said in July that the information of 9.5k people were compromised. They got it wrong by a factor of 2863. It turns out that the list includes detailed personal information of 272k and the email address of 1M people. The fact that they have discovered the full extent of the hack in the last 48h, almost 6 months after the hack, just adds insult to the injury. I have no trust whatsoever in this company anymore and want nothing to do with them. I am doing a full security audit, refreshing all my passwords, enabling 2FA and even switching mobile phone providers to protect myself from a SIM swap. I want to move my crypto out of my Ledger wallet. Can anyone please share a tutorial that explains step by step how to create an air-gapped paper wallet? Command line using the most basic XRP Ledger APIs is fine, I don't want to rely on any third-party's software. Thanks in advance Troote Edited December 21, 2020 by Troote Flintstone 1 Link to comment Share on other sites More sharing options...
Skippy Posted December 21, 2020 Share Posted December 21, 2020 You do not need to interact with the XRP ledger to create a wallet. You can create public/secret pairs offline. I honestly just used this when I created a paper wallet. Opening in an offline computer (which will never connect to the internet anymore) protects from 3rd party threats but you still have to trust the generator that the codes are not pre-generated. https://bithomp.com/paperwallet/ I would like to be able to create my own also seeing the whole code etc "being sure" I can trust the code so the keys are not pre-generated or sent online to some thief. I recommend interacting with the ledger creating the transaction blobs offline, then broadcasting them with eg. your mobile phone. This way it should be secure. Bithomp tools were my go-to, and still work, but are no longer updated. https://github.com/Bithomp/bithomp-tools . Open index.html on an offline computer Insert secret/mnemonic to your address Insert what you want to do, eg. payment Tools will give you a link (QR code) which you open on your online device and you will locate the Sequence Number needed to create the next transaction. This online link also the place where you will insert the next step's blob Insert the Sequence Number to the tools and it will create a transaction blob QR code. You will copy this from the offline computer with an online device and broadcast it, this blob only works for this very specific transaction you have created. There are other tools that are updated, perhaps XRP toolkit can do the same or XUMM. Explore and find your own way. SimpleXRPTools, Flintstone and Troote 3 Link to comment Share on other sites More sharing options...
Flintstone Posted December 21, 2020 Share Posted December 21, 2020 What Skippy said ^ Or if you fancy it: On 11/23/2017 at 10:55 AM, JoelKatz said: If you have access to a machine with npm and node, do this: 1) Create a new directory. Go into it. 2) Create a filed called "coldwallet.js" with the following contents: 3) Type "npm install ripple-keypairs". An error about a missing manifest is normal. Now type "node coldwallet.js" to generate a cold wallet. The output will look like this: 4) Run it a few times and make sure you get different output each time. If paranoid, you can test one of the secrets in an online or desktop wallet to make sure you get the matching Ripple address back. Don't use that one, of course. JASCoder and BillyOckham 2 Link to comment Share on other sites More sharing options...
Flintstone Posted December 21, 2020 Share Posted December 21, 2020 1 hour ago, Skippy said: There are other tools that are updated, perhaps XRP toolkit can do the same I think this is on the roadmap: https://towo.io/ “A new version of the XRP Toolkit will be implemented as a progressive web application, with offline support for Windows, Linux, macOS, Android and iOS.“ I hope so anyways Skippy and Julian_Williams 1 1 Link to comment Share on other sites More sharing options...
JASCoder Posted December 21, 2020 Share Posted December 21, 2020 ( Re: Generating your own "XRP Vanity address" - aka 'wallet' ) Our very own esteemed overachiever hero Wietse Wind @Wietse once gifted the community a GitHub repo back in 24AUG2019 (see link below). You can peruse the source code, and run it offline and acquire a special public key you can be proud of and always revel in your mastery of the arcane I did haha - Wietse-san even put in the extra effort to provide excellent hand-holding tutorials too. Cheers, good luck, and always have a disaster recovery plan !! Ref: https://github.com/WietseWind/xrp-vanity-generator Skippy, Flintstone and BillyOckham 2 1 Link to comment Share on other sites More sharing options...
Flintstone Posted December 21, 2020 Share Posted December 21, 2020 14 minutes ago, JASCoder said: You can peruse the source code, and run it offline and acquire a special public key you can be proud of and always revel in your mastery of the arcane 4 characters took ages on a RPi JASCoder 1 Link to comment Share on other sites More sharing options...
JASCoder Posted December 21, 2020 Share Posted December 21, 2020 (edited) 10 minutes ago, Flintstone said: 4 characters took ages on a RPi rotfl - I should have mentioned the computational load issue - I ran this (off line mode) on a pretty beefy quad core system, and had like six CPUs maxed out for about an hour - got about 50 "hits" on a three-character pattern ("JAS"). YOMMV (your own mileage may vary) Edit: Re my procedure - I ran the launch script in multiple console windows, watching my resources display app until I decided to cap off the concurrent processes count. Edited December 21, 2020 by JASCoder Clarify my procedure Flintstone 1 Link to comment Share on other sites More sharing options...
Flintstone Posted December 21, 2020 Share Posted December 21, 2020 42 minutes ago, JASCoder said: Edit: Re my procedure - I ran the launch script in multiple console windows, watching my resources display app until I decided to cap off the concurrent processes count. Ditto. Took 5 days with 3 scripts running Link to comment Share on other sites More sharing options...
SimpleXRPTools Posted December 22, 2020 Share Posted December 22, 2020 I can't claim they are better than other options, but I think my browser-based tools might be the simplest for individuals to check whether the code is safe or not. See here: https://github.com/SimpleXRPTools/SimpleXRPTools Specifically generate_new_xrp_account.html and generate_new_xrp_account_using_entropy.html Skippy 1 Link to comment Share on other sites More sharing options...
Wietse Posted December 22, 2020 Share Posted December 22, 2020 11 hours ago, JASCoder said: ... Cheers, good luck, and always have a disaster recovery plan !! Ref: https://github.com/WietseWind/xrp-vanity-generator Thank you for the kind words @JASCoder Please note that this repo generates X-addresses these days, the r-address generation is on a separate branch: https://github.com/WietseWind/xrp-vanity-generator/tree/r-address BillyOckham, Flintstone and JASCoder 2 1 Link to comment Share on other sites More sharing options...
liemmayer Posted December 27, 2020 Share Posted December 27, 2020 Comments on this topic helped me, thank you! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now