Cold Wallet Mac OS

[Guest EffinXRP]

Creating a Cold Wallet On an Active MAC

This is a new topic for those of us that have MACs. Technically you can create a cold wallet environment even while your MAC is not cold. THe main issue is securing your wallets from hackers. A hacker can gain access to your machine either through the internet or via physical access. YES there is a such a thing as a MAC virus for you funny smart guys that are saying that right now. So yes a virus can attack your wallet BUT here is what is great about a OSX or Unix System.... it is a closed system which means that if your Adobe gets infected, then just throw it away because your OS is fine. But there is a little bit more to be considered and that is the action of the User.  Some things to remember when your Wallet is Open in the Wild:

1. You must disconnect from any network and Bluetooth.

2.  You must not copy and paste anything to your wallet except possible the address but definitely NOT the secret key as it will be save in your clipboard and possibly in your Keychain.

3.  Finally you NEVER "Remember" and data involved with your Wallet.

otherwise there is no point. A mac is much harder to acquire data than a Windows computer but still, the bad guy must know that you have a wallet first then they must know where to find it. Then they can jump through your security loops.

Now I only recommend doing this if you at least have FileVault on and if you have the personal firewall on and set to stealth.  You can also install LilSnitch to tell you when something is outgoing and make sure it gets blocked. But if you disconnect from networks prior to decrypting your wallet, then make sure that you lock it again before you reconnect, then you will be fine.

So this is how I have my MACs setup. THis is of course what I recommend the most.

I actually have two separate passwords to open my User partition. I have a FileVault password which encrypts the entire SSD drive. Then I have a separate User Password which encrypts my User fold or account. THen I have a dynamic Encrypted Folder that holds my Wallets.

Here are the specs for my Wallet Folder:

   Dynamic DMG (means it is resizable)

   256bit encryption with a PINCODEKEY combination which is a pincode that I know combined with a physical password key. Combined they form the password to decrypt the DMG folder.

   Then in side of that are my BTC Armory Wallets that have their own passwords and encryption along with now my Ripple wallets.

   Hell with all of that, I would post my Encrypted DMG on the internet for the world to download because it will take a full time of NEVER to open any of it  .  

So lets get to it:

 

Step ONE: Lets (further) secure your Mac by separating the User Account form the FileVault.

First a variable for you. Lets say my combination of a PIN code that I know with a YUBIKEY code usb will represent my entire password (25 char) as PINYUK.

First we must change the entire user account to the same password as the FileVault password which will be the really inconvenient PINYUK. (don't worry we will fix that later).  Open your System Setting App and select User & Groups.

Change your password. (If you want to know more about how a YUBIKEY functions, let me know) but make this password really long and very hard to remember. And do not worry, If you forget it, you will just NEVER get back into your MAC

I of course forgot to tell you to do this after you enable Filevault but if you did not already have it enabled, now is the time to do it. Here is the bad news, if you did not have it enabled before, then you must wait until it is completed with the encryption before we can move on. You can still use your MAC but you can not make and more of these changes until it is done.

Once all is done, you must shutdown the computer fully and then reboot. This is where you must enter that really inconvenient password to make sure that it works. At this point I do believe it will only ask you once as your filevault and user password are still connected. Apple wanted to convenience you but as far as I am concerned that have denied you of a possible second layer of security.

If iCloud or anything else wants you to update or if your keychain wants to update, then deny them and we do not want this password to go out in the wild nor do we want the convenience of using such a fine password for our other accounts.

Step Two: Resetting the User account password.

So now lets separate your User account. For this you will need to open the Terminal App. Open your Finder -> Utilities -> Terminal. Now enter this:

    sudo -i

You will be asked to enter your CURRENT user password which is still that really long bad one. Next enter this command

   passwd USERNAME

Now you will be asked to enter the new password. Enter whatever your user password was before or make a new one but this does not have to be so impossible because you will use it constantly.

[[

OPTIONAL: while we are at it, this is an extra step but I highly recommend it. We should change the ROOT password also as that will command and override your entire computer. It should be a different password then your User password and your Filevault pass. But it should be rememberable because the one time you might need it, you will want it. Enter in the terminal:

   passwd root

And now enter the new password for the ROOT user.

]]

Now completely shutdown and then restart. Now you should first be asked for your PINYUK password. It will decrypt your MAC and then ask for the password to the USER account. It should be the new password that we just gave at the terminal.  If it works, then Perfect!!! If not, then maybe you need to ask me or a MAC buddy.

Step Three:  Creating your Encrypted Directory

 

So now we can create this awesome encrypted directory called a Sparse Bundle DMG. Go to Finder -> Applications -> Utilities -> Disk Utility

 

Next go to File -> New Image -> Blank Image

 

Now make all of the settings like you see in the Pic

 

 

Finally We must select the Encryption Type and of course we are going to pick the best

 

Enter the password.

Thats It !! Now on your desktop you will find your Crypto DMG Folder that will act like a Hard Drive.  Double click on it and you will be asked for your password to open it. Once you open it, you will see the CryptoE Hard Drive on the Desktop. It should look like an external hard drive or USB stick. There is where you will save your full wallets for now and in the future. Best of all is that it is already 500mb but it will automatically grow. Even better is that you do not have to keep it on the MAC, though I would, but you can make a copy on a USB stick and then lock that stick away when you bury Grandma or use it to beat some gun wielding bad guy so that it will get locked up in Police Evidence. At least you will have a secure backup. Even better you can easily just do what I do when my Windows Hard Drives fail and I really need my pictures and music back:

 

Dear NSA Managers,

I have recently lost my hard drives due to Windows errors. Would you please send me your copy of my data?

 

Thanks

Ken

 

For an actual full Cold Linux Machine, check out my other tutorials here. Send some Ripple my way if you feel the need to upgrade my coffee fund

 

Edited May 18, 2017 by EffinXRP

[mike91]

Thanks. For a bit technical users its good to know Jatchili's Minimalist Ripple Client (see links section) runs well on Mac.
Of course be aware that malware / keyloggers are simply able to steal your secret key, so be sure what you do and the mac is clean.

The latest version of 2015 at github is trusted by many.
It's a html/javascript based client that uses an official Ripple .js file to communicate with the Ripple Consensus Ledger (RCL) that can locally be run in for example Firefox.

You can use that one to generate a secret key / ripple address and then transfer the XRP to (by withdrawing from exchange for example).
You can also make payments with it and view the balance.
Note that the client is very minimalistic and more for technical persons; always save the secret key first (in the encrypted storage as explained above for example), and transfer a little amount of XRP first to see things go well.

Read a tutorial about it first (can be found on the forum), and read the FAQ at the Jatchili Minimalist Client github site.

There probably will be better wallet software in the future, maybe there already is, but it's good to know there's at least one option to handle your XRP on a mac.

 

Quote

but you can make a copy on a USB stick and then lock that stick away

Just an addition: usbsticks are NOT trustable. The internal chips sometimes just fail or there may be an error when writing / partition damage.
 

Edited May 17, 2017 by edwin90

[nikb]

The minimalist client may have some issues on certain versions of Mac or Safari.

I would not use that on Mac until such time as we understand what the issue is.

[Guest EffinXRP]

7 hours ago, edwin90 said:

Thanks. For a bit technical users its good to know Jatchili's Minimalist Ripple Client (see links section) runs well on Mac.
Of course be aware that malware / keyloggers are simply able to steal your secret key, so be sure what you do and the mac is clean.

The latest version of 2015 at github is trusted by many.
It's a html/javascript based client that uses an official Ripple .js file to communicate with the Ripple Consensus Ledger (RCL) that can locally be run in for example Firefox.

You can use that one to generate a secret key / ripple address and then transfer the XRP to (by withdrawing from exchange for example).
You can also make payments with it and view the balance.
Note that the client is very minimalistic and more for technical persons; always save the secret key first (in the encrypted storage as explained above for example), and transfer a little amount of XRP first to see things go well.

Read a tutorial about it first (can be found on the forum), and read the FAQ at the Jatchili Minimalist Client github site.

There probably will be better wallet software in the future, maybe there already is, but it's good to know there's at least one option to handle your XRP on a mac.

 

Just an addition: usbsticks are NOT trustable. The internal chips sometimes just fail or there may be an error when writing / partition damage.
 

 

Be careful about using distribution from GitHub. You will notice that nowhere in any of my documents is a recommendation to down load from there. Those file are from jokers like me so you never know what you are getting.  I would rather recommend Rippex as it is a well known company with a victim in charge that we can blame.

No media is totally safe, but unless you are using Quartz Crystal deep from the inner mines of the Earth to store your data, USB sticks will be fine. Making a recommendation such as this user has done to a "Beginner" is inconsiderate. They have absolutely nothing else to use.  Really guys, USB will always be just fine. I recommend Sandisk as the hardware matters also.  Do you know why USB will always be fine....... BECAUSE WE ALL HAVE OUR PAPER BACKUPS don't we.

Edited May 18, 2017 by EffinXRP

[Guest EffinXRP]

6 hours ago, nikb said:

The minimalist client may have some issues on certain versions of Mac or Safari.

I would not use that on Mac until such time as we understand what the issue is.

 

Now that you have made such a statement, lets go ahead and back it up with some intellectual facts shall we.......  This tutorial is for those users that have a MAC and do not want to create or buy a whole brand new machine to keep Cold.  I have been in IT since DOS was used to program and I have no idea what you are talking about.  So do you think the new guys will?

First if you are using a MAC you are already a better user than any Windows guy. Second MAC users as well as Windows or Linux users already have or are searching for wallet managers that run on their machines.

   For Bitcoin I would use Armory

   For Ripple I would use Rippex.

I use them, they are secure enough, especially when properly stored and so far are reliable. These wallet managers will also work just fine in Windows. They DO NOT however run well on a Raspberry Pi, Rasbian or Ubuntu Mate (Arm) but they DO run just fine in any Intel standard Linux distribution.  I did get the Armory to work well in RPi but since this is a XRP forum, kinda does not matter.

So ok to make comments, lets just make smart ones or none at all. The problem with it is that you are dishing out too mush fragmented information to the people who are searching how to do these things and you are causing a lot of confusion.

[Guest EffinXRP]

One more thing too. The reason that I talk so bad about Windows and the reason you will never find me writing a tutorial using Windows is because it is so unsecure from so many directions that it is un-trackable. I am not trying to talk bad about Windows Users because the average person simply does not know. Windows is used to train counter hackers or Penetration Specialists. We also use web technologies and certain software vulnerabilities to get to you, but as an operating system, Windows is the worst. We do not use MAC nor Linux to train as they are simply designed better. That does not mean that I am saying they are bullet proof, but I am saying there is a reason that you find all of the bad guys using Linux or Embedded Linux to do their evils deeds. Just be careful using Windows as an operating system which should protect your wallets and transactions. Especially if it is being used as a Cold Wallet. 

[Tikrp]

I updated my mac recently to sierra and I had a nightmare of a time when somehow my filevault got turned on during the process. My mac was continuously freezing at every turn that i couldnt even type.I left my mac on for about a week and waited for filevault to finish its task but it didnt. Its like it was stuck so I had to do a full reset and re installl mac OSX. It was finally installed properly and filevault was turned off this time. I would love to follow these steps to the letter but I am worried I will have another file vault issue especially after swearing that I would neva turn it back on. Yes. I was literally in pain when i read where you say "turn file vault on". Any advice wil be welcome as i am very interested in improving my security. 

[SlyCrypto]

Hi everyone,

EffinXRP, you have mention Rippex for Mac user as a Desktop Wallet for Ripple, I did install and start using it to store my Ripple bought on different exchange market.

My question, is it safe? 

I have seen it's a OpenSource and we can download it on GitHub, but there is any one had review it so far ? I'm looking for a trusted code reviewer!

Thanks for all!