How secure is Cardano Wallet


#1

I have my wallet on my desktop with a very small amount of ADA… but I guess my private key is stored on my own hard drive, correct?

Isn’t there some way to make paper wallets to get the private keys off of our hard drives?


#2

An official paper wallet is on the roadmap, due some time in Q2, but meanwhile, as long as your seed phrase is safely stored, probably best on paper (if not metal), you can uninstall Daedalus and delete the data files if that’s not done by the uninstall process.


#3

Aha… so then yes, the current wallet, if installed on my PC, is in fact vulnerable to hackers… so the only way to make it safe is to write down the private key phase on paper, then totally delete Daedalus. Then when I want to transact with my ADA I reinstall Daedalus and get back my ADA with my private key?


#4

Not particularly, no. It’s a matter of degree. Everything is vulnerable to sufficiently determined bad actors. Daedalus stores your private key in an encrypted file. If a hacker could get access and decrypt the file they could steal your coins. It’s quite a “big if” though. Of course a burglar could do the same with a paper wallet.


#5

So the private key is stored on your computer in an encrypted file, and you can delete this file (once you’ve written down your private key) by deleting Daedalus?

But the private key is also on the ADA blockchain so that that wallet can be re-activated (accessed) at a later date? Works like this?


#6

Yes, that’s right. Except I’m not sure the key file is always deleting by uninstalling Daedalus, best to check that. Also, you’d write down the 12 word seed phrase which encodes the private key, but it comes to much the same thing.


#7

I think its important to understand, that any person in the world can access your wallet if he knows, steal or guess your 12 word seed. It doesn’t matter if you at that time have Daedalus uninstalled or if you have the 12 word seed in the safe place on the paper. If someone manage to guess it, he can access your ADA and take it. This seems to me as big weakness currently. Especially, when the list of words used in the seed is know and there is no limit on the recovery options.

Unless some better security options are introduced, I am afraid of:

  1. someone guessing 12 word seed of random ADA holder by using random 12 words from the list of words
  2. how well is the 12 word seed secured within the blockchain

would be glad if anyone can comment on that and correct me if I am wrong

I saw the list of words on github earlier, but cant find it again. Maybe someone can link it so we can check how many words exactly is in the list? Based on that number we could calculate the chance of guessing the 12 words, if we know approximate ADA holders.

El Ven


#8

Think of it as like guessing a 12 character password, where the alphabet used has as many different characters as there are words in the list. Don’t know about this particular list but others have 2k words so: very big numbers.

Edit: found this, estimating 172,526,360,392,901,089,291,137,276.56 Years at 1B passwords tried per second, for 12 words out of a 2k list: https://bitcointalk.org/index.php?topic=1623339.0 (post #12 for these numbers but others in the thread also worth reading)


#9

But hasn’t also the spending password a role in the security issue?
I mean, if someone knows your seed and then tries to send the ADA in your wallet where he wants he should know the spending password right?
Secondly, how difficult is decrypting the file in your computer where the seed is stored? Can it be deleted? Where can it be found?

David


#10

Yes, good questions!


#11

No, the spending password is only on your local computer, it is not related to the seed. Anyone who gets your seed can restore your wallet without a spending password. If you forget your spending password, all you have to do is restore your wallet from seed and set a new password.


#12

Btw, does anyone know when finally it will be possible to store ADA on Ledger Nano S?
Because there are a lot of news about it but it’s not clear when this exactly will happen…


#13

The estimate is April-May… ledger is finishing up phase 1 of 3 this month.


#14

News on the paper wallet in the latest Weekly Technical Report:

Implementation of paper wallet certificate generator for Cardano wallet kicked off. This feature will be delivered within the scope of the Daedalus 0.10 and the Cardano 1.2 release. Testing for the upcoming Daedalus 0.9 and Cardano 1.1 release was completed, and the release is ready to be shipped.


#15

Nothing is more ‘safe’ than money. I’m not comfortable with that specific cryptocurrency but rather having stakes in bitcoin myself, I believe it’s smarter to put down wagers on Russian Roulette instead of putting resources into cryptographic forms of money starting at now.


#16

What are you talking about?


#17

Hello @sandrajames. Thank you for sharing your opinion. I think it all depends on the context and perspective as well as geographical location (and a lot of other factors).

For example, how safe is a currency that you cannot control, Venezuela and its massive inflation debacle doesn’t seem to be a very safe situation to be in.

A four code PIN number is easier to crack than a cryptographic protocol. Cards are easier to copy than wallet data (yes, now they just need to hold a machine close enough to your pocket and your credit card falls into the wrong hands.

Not to mention Quantum computers will make all SWIFT systems (read current banking systems) vulnerable to those who have access to these machines, note that the citizens are highly unlikely to own a quantum computer. You can guess who that leaves in charge of YOUR money.

How about some money you keep under the bed, fire breaks out, money gets burned. Granted, the fire could burn the seed password for the wallet you wrote down, unless you etch it into metal or memorise it.

Burglars will have a harder time stealing a seed password since it’s one small sheet of paper or metal, and if they steal your laptop they would still need the spending password to do anything.

When you have a lot of money, banks know, goverments know, the IRS knows…

There are civil forfeiture laws in a lot of countries that allow their goverments to seize assets and money from citizens. Banks will gladly help out governments to do so.

What about during an economic crisis, think Cyprus and Greece, banks either shut down or limited the possible withdrawal amount ATM machines could dispense. In a lot of cases they froze peoples assets.

Goverments have little control over cryptocurrencies and little knowledge on the people who use them.

The only thing safe about “money”, is the safety that protects oneself from his/her own stupidity (Make a wrong transaction and it gets refunded after some hassle. Forgot your PIN, bank will send a new card to you, etc…)

Money has been around for centuries, cryptocurrency for a decade or so. I’d argue its pretty safe to predict which one will be the new paradigm as time goes by.


#18

@Bullish
Magnificent explanation, totally agreed!


#19

Don’t know how a quantum computer could hack my cash. Currently more likely a quantum computer could compute private keys than USD hyperinflation


#20

It could hack the bank from where you get your cash!