Wallet Security

What about hiding it in the open? (memory wise) Let’s say that there’s a wallet somewhere below that has an undisclosed sum of something in it. This way I only have to remember one word and some kind of pattern.

blood stand among clutch blush month inch slide lens need behave wife satoshi air skill actual cushion expose inmate keen smoke bench assault cricket buffalo fork lizard segment olympic source spell output fatal upset trip hip dish oxygen start random enact garbage review twin main pride tomato under road spike crisp coil column marble hundred year caught cargo round unveil neutral margin truth involve jelly vehicle regular damage degree share recall scrub pluck funny worth what wing nut panic often various slot vehicle theme exotic maximum balcony total old burden shove arena tackle boil rail pizza script absent oblige virus concert pepper junk boring squirrel fruit merit guilt guilt coil blame kiss kiss lesson pull wage nice elegant dwarf lemon lens alert bulb flower pole volcano excite immense increase rack vast floor sentence dog depart win put path slim book crunch fatigue thunder number ethics achieve harsh lyrics section lyrics leader scale lecture bridge often deputy business rack long enough tube vintage spike ticket list hungry embody load other point page card upper venture result kiss talk ranch chimney also below worth feel switch foil tray antique champion pause light choose glide corn apart review february magnet rival child balance great slush ugly either easily clog relief system riot book category rural mercy inhale guitar mushroom false twist reason equip manage puppy grant enable badge gap slab below survey shop solid ramp desk digital all goose sponsor practice police erode snack material column calm shy magnet anxiety alpha shoe bind average loud yard credit lion nose public girl diesel crane place wonder brisk spring grid pioneer slot pear march poem grab cart plug tonight negative field lion maple coyote tuna muffin pipe celery rescue ride hurt model pencil abstract sport salt nature input ostrich canoe creek opinion dog lend benefit infant million super result access nice often media assault noise twice hollow wet divorce reflect emerge

You still have reduced the word list from 2048 words to 316 words (probably less, haven’t checked your list for repetitions, edit: have checked for repetitions: 293). And “pattern” is another hint.

Could still be infeasible to check all pattern anyone could invent, but it is a reduction in security. And if enough people use this method and are careless with their “in the open” list, it becomes worthwhile to write a tool that tests a lot of easier to guess patterns.

Ok, so, how quickly can you actually ‘test’ restore wallets? and does this put load on the network?

It’s faster than one might think at first. Only a fraction of the seed phrases fulfils the checksum. And if those were ever used can be checked with one call to an API like blockfrost.io or koios.rest (I have done that for GitHub - HeptaSean/PySeedRecover).

If I would want to do it professionally, I would build a specialised database with all used stake addresses from the blockchain directly. Then, it can be done completely offline. (Actually, I would build a database of previously active Bitcoin, Ethereum, and Cardano addresses and check all seeds against all of them.)

All combinations from your word list will still be infeasible, I guess.

No, only on the used API.

Cardano4Seniors is a funded F8 project. Educational platform with emphasis on Risk Management for Seniors.

Wallets for Seniors- Should a different system be developed to keep Seniors Safe?

If so, What features should/could be designed into a wallet for Seniors?

Specifically, how can C4S educate (in your opinion) our Seniors to be safe with Wallets? We are asking you to Brainstorm, so no wrong answers-no criticism of the suggestions, Please!

Do you have any ideas how a wallet app could be different for seniors?

Would you market it as “for seniors”? I’d guess it could be useful for other people to.

I’m very hesitating if such plans aim to hide complexity completely. Some wallet apps already tried that (single address mode of Nami, e.g.) and the amount of help people need if something goes wrong tends too grow if the complexity was hidden, but you have to explain the details and have to explain them too late and in a stressful moment.

So, I’d rather try to better visualise the complexity and workings of the blockchain without hiding it completely. (Again, could be beneficial to other user groups.)

Automatically identifying to whom addresses belong (if it is possible and known) could be really helpful. “Here, you got x ADA from Binance. Here, you transferred y ADA to Coinbase. And here, you offered this NFT on CNFT.” A lot of it is known somewhere in the community and it’s not that complicated to identify automatically, I think.

Do you want to manage secrets differently? Seed phrases already are a quite ingenious way, in my opinion. More explanations right in the user interface? With graphics instead of walls of text?

Perhaps an option/question to not store the master key on disk, but instead give the seed phrase every time (like Adalite), would give a better feeling for what happens. (Something, a lot of people – not only seniors – just begin to grasp, when they have lost seed phrase, spending password, wallet installation, …)

A risk-free test if I still have the correct secrets at a prominent location would perhaps be reassuring. “Do you still know your seed phrase/spending password? Verify here.”

Protection from known scams has been requested often. It really is a hard problem, because they use new addresses very often.

@HeptaSean thanks for this. Your ideas and how you state them get my creative juices going. For some reason I immediately thought of that cell phone that came out years ago for Seniors. Big buttons, limited fx but ez calls.

We are just beginning to think on it, in part because of your comments on Security in a different thread.

Stay tuned.

According to me we should choose Trezor as the best hardware wallet for security because it has the most robust security measures and a proven track record of any hardware wallet we studied. Trezor, like Ledger, is a brand name associated with cryptocurrency cold wallet storage. Its Model T is the company’s second generation of hardware wallets.

We all are rather experienced securing our fiat money, so let’s try reuse that experiences too.

Loosing your private key is similar to loosing cash. That’s why we limit the amount of cash that we have in our pockets or at home. I consider simple paper wallets good enough for amounts that I can comfortably carry around in my pocket. If I loose that paper I lose that money, just like cash.

For bigger amounts I prefer to use a bank. Banks are probably won’t fail to give me back my money when I need it. Banks are usually dependable but they are not certain. For example two month ago a Russian owned bank went bankrupt in my country and wasn’t able to pay out clients above a certain limit. Again, the more money you put in a bank, the more carefully you have to choose which one you trust. Banks and exchanges are not the same. I consider exchanges more risky than banks, mainly because there is less time record, and because their business is related to a pretty risky market. Don’t get me wrong: a proper exchange shouldn’t go bankrupt if the crypto market crashes.

If you want to avoid the risks associated with banking you would get out your money from the bank and build a safe at home and put it there. I know it sounds funny, but it’s because this is where the differences of fiat and crypto start to stretch this analogy. Keeping millions of dollars at home is a pretty expensive and complicated process if you want it to be safe. That’s what you can do with a properly set up hardware wallet.

So I always think about what would I do with the same amount of fiat money and that gives me an idea what I want to do with my crypto. I also found it better to move and learn gradually. First I kept most of my crypto on the exchange, then started to get a feel for managing my own wallets with smaller amounts. When I felt confident I started to move more. Not all of them, so If I fail I don’t want to lose it all.

Keep it cool!

If you have millions you should be able to afford splitting this across thousands of hardware wallets or some other even better custom solution. That said anyone who has that kind of money laying about to put into crytpo sure as hell isn’t putzing around on these forums anyway so this is conjecture if I ever won the lottery that I do not play