Jump to content

Cold storage still "essential"?


panmores

Recommended Posts

The recent demonstration of accountability by CoinPayments and GDAX is encouraging, to say the least.

They were basically stating that coin deposits are protected, similar to banks.

Now let's take GateHub exchange and its two Ripple storage systems:

GateHub gives its customers access to native Ripple wallets which are not accessible by them. The only person that can decrypt and use them is the user himself. It's the same way as Ripple stores many of its coins.

Then there are the hosted wallets, storing the funds in air-gapped cold wallets operated by GateHub.

Both sound reasonably safe to me, assuming that the important keys are stored securely?

Edited by panmores
Link to comment
Share on other sites

If your GH password is captured, all bets are off...Ripple or hosted wallet. Adding 2FA is essential to this weakest link, same goes for any exchange. 

I'd like to see some kind of password lockout delay policy too on user authentications. And if users can opt in for forced password reset periods, all the better. 

Link to comment
Share on other sites

7 hours ago, panmores said:

GateHub gives its customers access to native Ripple wallets which are not accessible by them. The only person that can decrypt and use them is the user himself.

One thing to note in the case of Ripple wallets from what I've read: The secret key is stored on Gatehub's servers, although encrypted.

The other way to access a Gatehub wallet is if someone manages to log in into your Gatehub account.

Link to comment
Share on other sites

7 hours ago, panmores said:

GateHub gives its customers access to native Ripple wallets which are not accessible by them. The only person that can decrypt and use them is the user himself. It's the same way as Ripple stores many of its coins.

 

AFAIK GateHub (still) has access to your (unencrypted) password and can decrypt your Ripple account secrets with this password.

 

Link to comment
Share on other sites

9 minutes ago, panmores said:

Guess we'll never find this out for sure.

Just audit their JavaScript code and you'll see.

It is easy to see that they have access to your (unencrypted) password in Chome/Firefox/IE developers tools (network tab). Therefore, GateHub has access to all info that your browser has and your browser is capable of decrypting your secret keys.

 

 

Link to comment
Share on other sites

1 hour ago, T8493 said:

Just audit their JavaScript code and you'll see.

It is easy to see that they have access to your (unencrypted) password in Chome/Firefox/IE developers tools (network tab). Therefore, GateHub has access to all info that your browser has and your browser is capable of decrypting your secret keys.

 

 

That means not a single Internet connection / login is safe.

Link to comment
Share on other sites

11 hours ago, panmores said:

They were basically stating that coin deposits are protected, similar to banks.

No. Your bank deposit is guaranteed by the special fund of your government as clearly stated in law. 
Your balance on an exchange is guaranteed by the "honest word" of its owners. 

Link to comment
Share on other sites

11 hours ago, panmores said:

The recent demonstration of accountability by CoinPayments and GDAX is encouraging, to say the least.

They were basically stating that coin deposits are protected, similar to banks.

Now let's take GateHub exchange and its two Ripple storage systems:

GateHub gives its customers access to native Ripple wallets which are not accessible by them. The only person that can decrypt and use them is the user himself. It's the same way as Ripple stores many of its coins.

Then there are the hosted wallets, storing the funds in air-gapped cold wallets operated by GateHub.

Both sound reasonably safe to me, assuming that the important keys are stored securely?

Sorry bud but who said they do not have access to your wallets on Gatehub? Was it maybe Gatehub?  As root on any server you have no idea what I have altered and what I have access to. You can be sure that a bunch of angry girlfriendless nerds are responsible for maintenance on the servers. You nor I have any idea what they are doing when not being watched. Do not trust a single exchange or online entity. Do not use an online wallet provider to restore the keys to your cold wallet. Rememebr Mt. Gox? Bet they all thought there wallets could not be access too.

Link to comment
Share on other sites

3 hours ago, T8493 said:

Just audit their JavaScript code and you'll see.

It is easy to see that they have access to your (unencrypted) password in Chome/Firefox/IE developers tools (network tab). Therefore, GateHub has access to all info that your browser has and your browser is capable of decrypting your secret keys.

 

 

FINALLY someone who gets it ! :)

Link to comment
Share on other sites

  • 2 weeks later...

Maybe not the right thread, but what is the deal with hardware wallets? I have been looking into the NANO S, but not much detail on the process and procedures for its use  I have some questions that I hope I can get clear answers for  

1. Is there a wallet that can hold my entire portfolio (btc, etc, eth, xrp, xem, ltc)?

2. How do I get the coins in there? And how do I get them out?

3. Do I need to send these to my gateway (coincheck) in order to trade them?

4. What about cash at my exchange account. Can this fiat be stored in my hardware wallet?

thanks so much fellow zerpies. 

Kyur

Link to comment
Share on other sites

The Ledger is nothing but a physical "key" that provides your access to manage coin balances for the respective online blockchain ledgers of the currencies you own. 

For the major coins, the Ledger has small wallet app support that allow for sending and receiving. 

In a storage use case, you use your Ledger public keys for receiving currencies off an exchange or online purchase. The Ledger can sit in a shoebox and never be turned on or connected unless you want to send any balances back to an exchange for cash or trade. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...