create account

RE: Tomshwom's Advanced Crypto Security Guide (Part 3) - Creating a Secure Wallet by rephill

View this thread on: hive.blogpeakd.comecency.com

Viewing a response to: @tomshwom/tomshwom-s-advanced-crypto-security-guide-part-3-creating-a-secure-wallet

· @rephill ·
$0.04
Thanks for this three part guide! Well written, concise and really informative! I have a question regarding BIP 39/ BIP 44 standards, to which I cannot find a clear recommendation anywhere online. 

For security reasons, do you recommend testing the newly generated addresses within your wallet (e.g. bitcoin, ethereum, ripple) with a small in- and outbound transaction, or will the risk of having your public key exposed outweigh the risk of "corrupt" private/public key pairs being falsely generated through the BIP 39/ BIP 44 standard?
Thanks for your reply!
👍  ,
properties (23)
authorrephill
permlinkre-tomshwom-tomshwom-s-advanced-crypto-security-guide-part-3-creating-a-secure-wallet-20170924t111424666z
categorycryptocurrency
json_metadata{"tags":["cryptocurrency"],"app":"steemit/0.1"}
created2017-09-24 11:14:24
last_update2017-09-24 11:14:24
depth1
children4
last_payout2017-10-01 11:14:24
cashout_time1969-12-31 23:59:59
total_payout_value0.033 HBD
curator_payout_value0.005 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length561
author_reputation748,738,011
root_title"Tomshwom's Advanced Crypto Security Guide (Part 3) - Creating a Secure Wallet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id15,785,317
net_rshares11,200,977,213
author_curate_reward""
vote details (2)
@tomshwom ·
$0.04
There's no security risk with exposing your public address, but it is a privacy risk.  If you don't want that address to be connected to another public address you use, then transfer the amounts from an exchange (they mix coins and give new addresses for every transaction on many exchanges.) 

Really though, as long as you can access the public key through the private key multiple times, there's no reason to test it through transactions.  You're only testing to make sure the network functionality works for your wallet by doing that, not whether or not you can access the wallet.  It's pretty safe to just double/triple check that your private key accesses the same public key.

I say private key, but it could be mnemonic seed phrase or whatever else is used to derive the private key too.
👍  ,
properties (23)
authortomshwom
permlinkre-rephill-re-tomshwom-tomshwom-s-advanced-crypto-security-guide-part-3-creating-a-secure-wallet-20170925t004455803z
categorycryptocurrency
json_metadata{"tags":["cryptocurrency"],"app":"steemit/0.1"}
created2017-09-25 00:44:57
last_update2017-09-25 00:44:57
depth2
children3
last_payout2017-10-02 00:44:57
cashout_time1969-12-31 23:59:59
total_payout_value0.027 HBD
curator_payout_value0.008 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length795
author_reputation1,713,446,395,686
root_title"Tomshwom's Advanced Crypto Security Guide (Part 3) - Creating a Secure Wallet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id15,839,429
net_rshares10,370,530,666
author_curate_reward""
vote details (2)
@rephill ·
$0.04
Thanks for your answer! So if I understand this correctly, you are saying that there is no risk that private/public key pairs are falsely generated (do not match!) through the BIP 39/ BIP 44 standard? So if I generate any public key within my wallet there is no need to test whether I can actually access it with the private key (e.g. sign messages, transfer funds)?
👍  
properties (23)
authorrephill
permlinkre-tomshwom-re-rephill-re-tomshwom-tomshwom-s-advanced-crypto-security-guide-part-3-creating-a-secure-wallet-20170925t124326429z
categorycryptocurrency
json_metadata{"tags":["cryptocurrency"],"app":"steemit/0.1"}
created2017-09-25 12:43:33
last_update2017-09-25 12:43:33
depth3
children2
last_payout2017-10-02 12:43:33
cashout_time1969-12-31 23:59:59
total_payout_value0.027 HBD
curator_payout_value0.008 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length366
author_reputation748,738,011
root_title"Tomshwom's Advanced Crypto Security Guide (Part 3) - Creating a Secure Wallet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id15,882,833
net_rshares10,529,510,781
author_curate_reward""
vote details (1)
@tomshwom ·
$0.04
I was thinking specifically with MEW in mind, where you input the private key/seed phrase into the "View Wallet Info"  tab.  With this, you know your private key -> public key without having to send a transaction.

> if I generate any public key

Sorry if it was just bad wording, but this is incorrect.  You generate a private key, and the private key's Keccak-256 hash (last 20 bytes) is what ends up being your public key.  You do need to make sure that the private key accesses the same public key for every instance of storing your private key, not because the math won't work, but because the private key could've been corrupted or copied wrong.
👍  , ,
properties (23)
authortomshwom
permlinkre-rephill-re-tomshwom-re-rephill-re-tomshwom-tomshwom-s-advanced-crypto-security-guide-part-3-creating-a-secure-wallet-20170925t132725286z
categorycryptocurrency
json_metadata{"tags":["cryptocurrency"],"app":"steemit/0.1"}
created2017-09-25 13:27:24
last_update2017-09-25 13:27:24
depth4
children1
last_payout2017-10-02 13:27:24
cashout_time1969-12-31 23:59:59
total_payout_value0.028 HBD
curator_payout_value0.007 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length651
author_reputation1,713,446,395,686
root_title"Tomshwom's Advanced Crypto Security Guide (Part 3) - Creating a Secure Wallet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id15,886,215
net_rshares10,504,879,029
author_curate_reward""
vote details (3)