How to mitigate private key/seed phrase exposure when creating a daedalus wallet


#1

I’m wondering what the safest way to create a daedalus wallet is? Because the key is displayed right on the computer, isn’t it vulnerable? All my other currencies are stored in Trezor and ledger, and I just want to be sure I’m creating the wallet in the safest way possible. Can you do it when the computer is offline? It seems Daedalus has to be synced to the network?

Thanks for your help


#2

During installation, yes you need to be online so it can download the entire blockchain. After it’s installed and you have your wallet address you don’t need to stay connected. Also, if you look at the roadmap, support for the Ledger is coming…

https://cardanoroadmap.com/


#3

Hello @arjmsh, You do have to be connected to the network. I think the largest threats would be key-logging and screen-capture software. There are a couple of different methods to protect yourself against keyloggers. First you can use an on-screen virtual keyboard where your mouse will be used to select the keys when entering your password instead of typing it from the physical keyboard that is logged. A good antivirus can also recognize some of the known and unknown keyloggers through virus definition or heuristic analysis.

Finally, a dedicated anti keylogging tool that constantly monitors the behavior of running applications and notifies you if it detects any potential keylogging activity.
If you have a Mac, it comes with malware protection built in. (XProtect)

Avoid MacKeeper, CleanMyMac or any of these aftermarket solutions. Some of these actually have malware-like problems and actually reduce security.

Most so-called virus-scanners for the Mac just sit there looking for Windows malware which isn’t going to infect your system in the first place.

This is how you protect your Mac.

  1. Stick to running software from trusted sources. The Mac App store probably being the safest way to get new apps. By default the Mac will not run software from un-safe sources. Leave the settings in the safest configuration.

  2. Keep the system up to date. If new vulnerabilities are found, then you want the updates.

  3. Do not install Adobe Flash.

  4. Do not install the Java Runtime. (Java is not Javascript)

There have been very few malware attacks on the Mac. But the only ones worth mentioning have arrived via Flash or Java.

You should use the spending password for obvious reasons. And because your wallet is stored on the blockchain it is possible to delete it after you transferred your ADA, this way you mitigate the risk of someone coercing you to open the wallet.

Don’t forget to write down the seed password and wallet name. Do not store screenshots or documents containing the seed password on the computer.


#4

thanks so much. this is very helpful. I really appreciate it. I had planned to install OSX on an external bootable SSD, fresh install and run daedalus from there. Once i create the wallet, transfer the coins and have the key safely written down, (using a virtual keyboard for the confirmation stage), I can disconnect the SSD. I plan to hold the currency for awhile, so I don’t need to transact.

Thanks again! I’m feeling better about moving my coins off the exchange.


#5

Glad I could help :slight_smile: