Jump to content
Guest

Official Cold Wallet From Ripple.com?

Recommended Posts

Guest

So after a while I have wanted to create a new cold wallet (like in the clip above). But now I can't seem to find one on Ripple.com?

Edited by Michael Scott

Share this post


Link to post
Share on other sites
Guest
4 minutes ago, Twarden said:

The old ripple.com/client isn't in service, it was discontinued and replaced with RippleTrade.  See here for instructions to create a cold wallet.

Il give that one a try thanks. But I have to ask, is the XRP in my now discontinued cold wallet safe or? Will I be able to send the XRP out from it in the future iregardless?

Share this post


Link to post
Share on other sites
Just now, Michael Scott said:

Il give that one a try thanks. But I have to ask, is the XRP in my now discontinued cold wallet safe or? Will I be able to send the XRP out from it in the future iregardless?

As long as you have a copy of the secret key, you can spend your XRP, make trades, create trust-lines, and etc.  If you did not migrate your walle to RippleTrade, I am not sure how you may be able to retrieve your secret, you may have to contact support@ripple.com for an issue such as that.

Share this post


Link to post
Share on other sites

Ripple trade is being phased out too.

There is an official wallet:

https://github.com/ripple/ripple-client-desktop

You can download builds from:

https://rippex.net/carteira-ripple.php#/

 

To create a cold wallet, copy the app into a USB, in a disconnected computer choose create new account, choose a password, save the wallet file in that computer and save your secret key (in the computer and / or in a paper).

To access the account, just use the wallet file you saved and password or use the secret key in any ripple client / server.

Share this post


Link to post
Share on other sites
Guest
12 minutes ago, Twarden said:

As long as you have a copy of the secret key, you can spend your XRP, make trades, create trust-lines, and etc.  If you did not migrate your walle to RippleTrade, I am not sure how you may be able to retrieve your secret, you may have to contact support@ripple.com for an issue such as that.

Yes, I have several copies of the secret key. I don't understand that last part, "retrieve your secret" as in the secret key? I have it written down on a piece of paper, how/why would i need to retrieve it? or, how would I be unable to retrieve it?

Edited by Michael Scott

Share this post


Link to post
Share on other sites
8 minutes ago, Michael Scott said:

Yes, I have several copies of the secret key. I don't understand that last part, "retrieve your secret" as in the secret key? I have it written down on a piece of paper, how/why would i need to retrieve it? or, how would I be unable to retrieve it?

That is good to hear, in that case, you can access your cold wallet's funds whenever you wish by using that key.

 A lot of users who did not migrate from the old client did not save their secret/secret key, so they had issues with accessing their wallets because they forgot their wallet's password (regular key) during the migration to RippleTrade an therefore could not retrieve their secret key (which is what signs all of your transactions to interact with the ripple network).  

Share this post


Link to post
Share on other sites
Guest
7 minutes ago, Twarden said:

That is good to hear, in that case, you can access your cold wallet's funds whenever you wish by using that key.

 A lot of users who did not migrate from the old client did not save their secret/secret key, so they had issues with accessing their wallets because they forgot their wallet's password (regular key) during the migration to RippleTrade an therefore could not retrieve their secret key (which is what signs all of your transactions to interact with the ripple network).  

Thank you so much for clearing that up   :beach:

Share this post


Link to post
Share on other sites
On 2/18/2016 at 10:33 AM, Twarden said:

That is good to hear, in that case, you can access your cold wallet's funds whenever you wish by using that key.

 A lot of users who did not migrate from the old client did not save their secret/secret key, so they had issues with accessing their wallets because they forgot their wallet's password (regular key) during the migration to RippleTrade an therefore could not retrieve their secret key (which is what signs all of your transactions to interact with the ripple network).  

One little clarification, your password to Ripple Trade (or another wallet) is not actually a "regular key" in RCL terms. A regular key is another secret key (in the same format) that can be used to send almost any transaction, but can also be changed out for a different regular key. The master secret key to your account is directly tied to the address, so you can't change that.

Share this post


Link to post
Share on other sites
3 minutes ago, mDuo13 said:

One little clarification, your password to Ripple Trade (or another wallet) is not actually a "regular key" in RCL terms. A regular key is another secret key (in the same format) that can be used to send almost any transaction, but can also be changed out for a different regular key. The master secret key to your account is directly tied to the address, so you can't change that.

Thank you for clarifying this for the both of us (especially linking the documentation).  

Regarding the link you shared, did regular keys always have to be a base58 number?  I swear that when I was reading through the developer portal several months ago that I came across the mention of setting a regular key as just an alphanumeric 'password' to sign transactions.

Share this post


Link to post
Share on other sites
On 2/19/2016 at 0:19 PM, Twarden said:

Thank you for clarifying this for the both of us (especially linking the documentation).  

Regarding the link you shared, did regular keys always have to be a base58 number?  I swear that when I was reading through the developer portal several months ago that I came across the mention of setting a regular key as just an alphanumeric 'password' to sign transactions.

base58 is just one way of representing a number. There are lots of others, including decimal, hexadecimal, and even an alphanumeric passphrase can be interpreted as a number. There are a number of places where rippled accepts several formats and guesses which one you provided.

It's probably easiest to clarify this with the wallet_propose command which generates the keys for a wallet. (This is an offline operation -- all it does is some math.) If you don't specify a seed value, rippled chooses one randomly. However, if you do specify a seed value, it'll tell you both the secret key and the public address for that key in several different formats. Example:

Quote

$ rippled wallet_propose 'masterpassphrase'
Loading: "/home/mduo13/.config/ripple/rippled.cfg"
Connecting to 127.0.0.1:5005
{
   "result" : {
      "account_id" : "rHb9CJAWyB4rj91VRWn96DkukG4bwdtyTh",
      "key_type" : "secp256k1",
      "master_key" : "I IRE BOND BOW TRIO LAID SEAT GOAL HEN IBIS IBIS DARE",
      "master_seed" : "snoPBrXtMeMyMHUVTgbuqAfg1SUTb",
      "master_seed_hex" : "DEDCE9CE67B451D852FD4E846FCDE31C",
      "public_key" : "aBQG8RQAzjs1eTKFEAQXr2gS4utcDiEC9wmi7pfUPTi27VCahwgw",
      "public_key_hex" : "0330E7FC9D56BB25D6893BA3F317AE5BCF33B3291BD63DB32654A313222F7FD020",
      "status" : "success"
   }
}

If you run the same command but specify 'snoPBrXtMeMyMHUVTgbuqAfg1SUTb' instead of 'masterpassphrase' the results will be the same. You can even use the RFC-1751 format from the response to generate the same key. And if I'm not mistaken, you can also use any of those three formats as the value of the "secret" field when signing a transaction.

Here's a breakdown that should help:

  1. Seed value: Just about any number (including anything that can be represented as a number). Trim this to size and you have a secret key.
  2. Secret key: A 128-bit (16 byte) number that you keep secret, and use to sign transactions. Anyone who knows the seed value for an account has full control over that account*. When rippled represents these in base-58 it prefaces them with the value 33 which maps to the letter s in Ripple's base-58 dictionary, so secrets look like this in base-58: "snoPBrXtMeMyMHUVTgbuqAfg1SUTb". You use this to generate a public key.
  3. Public key: A 264-bit (33-byte) number that can be used to "easily" validate any signature from the corresponding secret key. It's "hard" to figure out a secret key or to create a valid signature using just a public key and past signatures. (Basically you have to make a completely insane number of guess-and-check attempts.) Typically these are represented in hexadecimal. (See the SigningPubKey field of a transaction.) You always have to tell people your public key eventually in order for them to be able to validate your signatures. However, both Bitcoin and Ripple actually put the public key behind one more layer of abstraction:  You use the public key to generate an account address.
  4. Account ID: a 160-bit (20 byte) number that is derived from a public key using a hash function (technically two, the RIPEMD160 of SHA256) and prefixed with the value 0 which maps to the letter "r" in Ripple's base58 dictionary.
  5. Account Address: the Account ID, encoded in base58 with a 4-byte checksum (SHA-256 of SHA-256 of the account ID). This is an easily reversible step that just makes it easier to read and write addresses (big numbers) for human consumption.

*The exception is that the owner of an account can disable the master key if they have a regular key(pair) set, in which case you have to know the regular keypair's secret key to control the account.

All it takes in order to create an account in Ripple is sending 20 XRP to a validly-formed address (that is, it's a number that fits in 160 bits and the error checking is good). If an account hasn't been created yet, it's not in the ledger, and you'll get a not-found error if you try to check its account info, trust lines, transaction history, etc. However, you can subscribe to an account that doesn't exist yet (and if your subscription is still active when the account gets funded, you'll get notified).

Sending a transaction just requires a seed value or secret key, and access to a rippled server. You write some transaction instructions, use ECDSA to sign the message** (curve=secp256k1), and attach your signature, valid pubkey and address to the transaction. Then RCL checks several things:

  1. The signature matches the transaction instructions
  2. The signature matches the pubkey
  3. The pubkey matches either (a) the address of the account sending the transaction, or (b) a regular key address previously stored in the ledger by the account sending the transaction
  4. In the case of 3a, it also checks that the account hasn't disabled its master key.

** rippled also has experimental support for the EdDSA algorithm using the ed25519 curve. It works basically the same way. Technically the Ed25519 public keys are 32 bytes instead of 33, so they're prefixed with the byte 0xED to make them a consistent size with the secp256k1 keys.

A note on "black hole" addresses: Typically if you have a validly formed address, that's because you started with a seed value and went through all the steps. But it's also possible to just start with a public key and generate a valid address from there. Addresses are typically pretty random because they're based on hash function output, which is basically indistinguishable from random noise. If an address seems incredibly unlikely to be random (for example, rrrrrrrrrrrrrrrrrNAMEtxvNvQ) then it's likely that you generated that address from something that wasn't a real output of RIPEMD160 of SHA-256, which means it's a guessing game to figure out what input could generate that output -- and again, that's a problem that's incredibly hard to solve, involving a ridiculous number of guess-and-check attempts. (Bitcoin mining is based on a variation of that same problem.) And even if you figured out what public key could generate such a nicely ordered output, you still have to solve a ridiculously-hard elliptic curve problem to figure out what the secret key is. So, chances are, nobody in the world actually knows or will ever guess the secret key that would give them full control over rrrrrrrrrrrrrrrrrNAMEtxvNvQ or other "unlikely" accounts like that. We call these addresses black holes, because in all likelihood, any XRP they receive is lost forever.

Now if you've read this far, here's a fun side project you can try:

  1. Start with a list of most common passwords.
  2. Use those as seed values to generate Ripple keys and addresses (wallet_propose).
  3. Check the ledger to see if any ill-advised schmucks have funded those addresses. (Here's a freebie: rU1HdiNbCJTdBJhGa22B76QCuDSVBCWGNj is the address for the secret key 'trustno1' but it doesn't exist.)
  4. If you find one that does exist, check whether the master key is disabled. (If it is, the Flags value of the account bitwise-AND 0x00100000 is a nonzero value)
  5. If the master key is not disabled, then you have full control over that account, and you can take any XRP or other currencies it holds. Now, actually taking it might be legally considered theft and/or computer fraud, so maybe think twice about actually taking it. (Personally, I would view it as the digital equivalent of picking up money from the street, but a jury might think differently.)
  6. There are plenty of other things you can do with full control of an account, like sending embarrassing Memos or setting the account's Domain field to point back at your favorite website.

Share this post


Link to post
Share on other sites

Thank you @mDuo13 for providing this great wealth of information full of documentation!  I have been meaning to learn more about how the RCL manages its encodings, so this is a great set of resources to begin researching.  Regarding your fun project, I am aware that there are people with bot-nets which 'mine' the blockchain for accounts with accounts that are in a like state which are you describing within the RCL.  I can think of a few ways of how to accomplish steps 1-4 through Ruby an rippled, I have no interest in 'mining' the RCL for XRP however.

Share this post


Link to post
Share on other sites
1 hour ago, Twarden said:

Thank you @mDuo13 for providing this great wealth of information full of documentation!  I have been meaning to learn more about how the RCL manages its encodings, so this is a great set of resources to begin researching.  Regarding your fun project, I am aware that there are people with bot-nets which 'mine' the blockchain for accounts with accounts that are in a like state which are you describing within the RCL.  I can think of a few ways of how to accomplish steps 1-4 through Ruby an rippled, I have no interest in 'mining' the RCL for XRP however.

Yeah, from what I have heard, I would be mildly surprised if no one else had already done that same thing to RCL, actually.

I have even heard that in the really old days, when wallet_propose was a non-admin command (so you could call it on public servers), people would sniff the HTTP traffic to rippled servers for wallet_propose responses, so they could learn people's secret keys and steal their XRP before those people even barely got to test stuff out on the network.

Share this post


Link to post
Share on other sites
33 minutes ago, mDuo13 said:

Yeah, from what I have heard, I would be mildly surprised if no one else had already done that same thing to RCL, actually.

I have even heard that in the really old days, when wallet_propose was a non-admin command (so you could call it on public servers), people would sniff the HTTP traffic to rippled servers for wallet_propose responses, so they could learn people's secret keys and steal their XRP before those people even barely got to test stuff out on the network.

I made this math before, and I dont remember exactly but winning the lottery was dozens of orders of magnitude easier.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...