Guest EffinXRP Posted May 17, 2017 Share Posted May 17, 2017 (edited) Creating a Cold Wallet On an Active MAC This is a new topic for those of us that have MACs. Technically you can create a cold wallet environment even while your MAC is not cold. THe main issue is securing your wallets from hackers. A hacker can gain access to your machine either through the internet or via physical access. YES there is a such a thing as a MAC virus for you funny smart guys that are saying that right now. So yes a virus can attack your wallet BUT here is what is great about a OSX or Unix System.... it is a closed system which means that if your Adobe gets infected, then just throw it away because your OS is fine. But there is a little bit more to be considered and that is the action of the User. Some things to remember when your Wallet is Open in the Wild: 1. You must disconnect from any network and Bluetooth. 2. You must not copy and paste anything to your wallet except possible the address but definitely NOT the secret key as it will be save in your clipboard and possibly in your Keychain. 3. Finally you NEVER "Remember" and data involved with your Wallet. otherwise there is no point. A mac is much harder to acquire data than a Windows computer but still, the bad guy must know that you have a wallet first then they must know where to find it. Then they can jump through your security loops. Now I only recommend doing this if you at least have FileVault on and if you have the personal firewall on and set to stealth. You can also install LilSnitch to tell you when something is outgoing and make sure it gets blocked. But if you disconnect from networks prior to decrypting your wallet, then make sure that you lock it again before you reconnect, then you will be fine. So this is how I have my MACs setup. THis is of course what I recommend the most. I actually have two separate passwords to open my User partition. I have a FileVault password which encrypts the entire SSD drive. Then I have a separate User Password which encrypts my User fold or account. THen I have a dynamic Encrypted Folder that holds my Wallets. Here are the specs for my Wallet Folder: Dynamic DMG (means it is resizable) 256bit encryption with a PINCODEKEY combination which is a pincode that I know combined with a physical password key. Combined they form the password to decrypt the DMG folder. Then in side of that are my BTC Armory Wallets that have their own passwords and encryption along with now my Ripple wallets. Hell with all of that, I would post my Encrypted DMG on the internet for the world to download because it will take a full time of NEVER to open any of it . So lets get to it: Step ONE: Lets (further) secure your Mac by separating the User Account form the FileVault. First a variable for you. Lets say my combination of a PIN code that I know with a YUBIKEY code usb will represent my entire password (25 char) as PINYUK. First we must change the entire user account to the same password as the FileVault password which will be the really inconvenient PINYUK. (don't worry we will fix that later). Open your System Setting App and select User & Groups. Change your password. (If you want to know more about how a YUBIKEY functions, let me know) but make this password really long and very hard to remember. And do not worry, If you forget it, you will just NEVER get back into your MAC I of course forgot to tell you to do this after you enable Filevault but if you did not already have it enabled, now is the time to do it. Here is the bad news, if you did not have it enabled before, then you must wait until it is completed with the encryption before we can move on. You can still use your MAC but you can not make and more of these changes until it is done. Once all is done, you must shutdown the computer fully and then reboot. This is where you must enter that really inconvenient password to make sure that it works. At this point I do believe it will only ask you once as your filevault and user password are still connected. Apple wanted to convenience you but as far as I am concerned that have denied you of a possible second layer of security. If iCloud or anything else wants you to update or if your keychain wants to update, then deny them and we do not want this password to go out in the wild nor do we want the convenience of using such a fine password for our other accounts. Step Two: Resetting the User account password. So now lets separate your User account. For this you will need to open the Terminal App. Open your Finder -> Utilities -> Terminal. Now enter this: sudo -i You will be asked to enter your CURRENT user password which is still that really long bad one. Next enter this command passwd USERNAME Now you will be asked to enter the new password. Enter whatever your user password was before or make a new one but this does not have to be so impossible because you will use it constantly. [[ OPTIONAL: while we are at it, this is an extra step but I highly recommend it. We should change the ROOT password also as that will command and override your entire computer. It should be a different password then your User password and your Filevault pass. But it should be rememberable because the one time you might need it, you will want it. Enter in the terminal: passwd root And now enter the new password for the ROOT user. ]] Now completely shutdown and then restart. Now you should first be asked for your PINYUK password. It will decrypt your MAC and then ask for the password to the USER account. It should be the new password that we just gave at the terminal. If it works, then Perfect!!! If not, then maybe you need to ask me or a MAC buddy. Step Three: Creating your Encrypted Directory So now we can create this awesome encrypted directory called a Sparse Bundle DMG. Go to Finder -> Applications -> Utilities -> Disk Utility Next go to File -> New Image -> Blank Image Now make all of the settings like you see in the Pic Finally We must select the Encryption Type and of course we are going to pick the best Enter the password. Thats It !! Now on your desktop you will find your Crypto DMG Folder that will act like a Hard Drive. Double click on it and you will be asked for your password to open it. Once you open it, you will see the CryptoE Hard Drive on the Desktop. It should look like an external hard drive or USB stick. There is where you will save your full wallets for now and in the future. Best of all is that it is already 500mb but it will automatically grow. Even better is that you do not have to keep it on the MAC, though I would, but you can make a copy on a USB stick and then lock that stick away when you bury Grandma or use it to beat some gun wielding bad guy so that it will get locked up in Police Evidence. At least you will have a secure backup. Even better you can easily just do what I do when my Windows Hard Drives fail and I really need my pictures and music back: Dear NSA Managers, I have recently lost my hard drives due to Windows errors. Would you please send me your copy of my data? Thanks Ken For an actual full Cold Linux Machine, check out my other tutorials here. Send some Ripple my way if you feel the need to upgrade my coffee fund Edited May 18, 2017 by EffinXRP Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now