I agree that none of these three methods provide absolute security.

1) With the first method you need to trust the Live CD image provider that it's free from malware and security holes.
Open source makes it easier to monitor, but I think there might be a few loopholes when the software is built and the image is created.
I need to look closer into this. Do you know if Ubuntu/Mint Live CD image creation process is completely transparent?

2) With the second method, yes some advanced loggers would likely capture everything you interact with including sceenshots, mouse clicks and moves. You can probably make their life harder if you scroll/resize the page a few times while you type your password with injections.
They would need to capture your screen several times to determine the offsets of injections within your password properly.

3) Yes if keylogger has root access then the third method doesn't really bring much security to online operations. So users should be careful when installing random software from the Internet. It might be wise to keep a small partition on your hard drive with some trusted and well tested clean Linux installation for just the purposes of dealing with sensitive data online. Can you recommend a good one for that?

The only rock solid secure method is to keep your secret/private keys on the protected offline computer and transfer signed transactions via clean USB flash drive or QRcode printer/reader. But that luxury is only available for BItcoin with Armory at the moment, so Ripple users are left with what we have.

Updated OP with a few more methods. I will bump this thread a couple more times before I leave for vacation in about a week.
Please feel free to keep it alive.

Yes, I hope most bitcoiners have some idea how to protect their systems, but looking at the amount of newbies rushing in to get some free XRP I bet most of them use Windows with tons of bloatware and likely many old bitcoiners still do. So it's better to take some precautions from the start.

I wonder if upcoming Bitcoin hardware wallets are capable of storing Ripple secret keys and sign transactions with them? Hopefully some advanced ones will be able to do that since ECDSA is the same for both Bitcoin and Ripple. But at the moment there is no cold wallet alternative for Ripple as we know it, so the approach described in OP is the only sane way to keep your ripples safe.

/********** Method 1 ********** applicable to Ripple and Bitcoin in blockchain.info MyWallet **********/

Since Ripple doesn't require storing your wallet locally (it keeps an encrypted copy in a cloud if Payward is selected), wouldn't it be much safer to advertise using Ripple from Ubuntu (or Mint) Live CD session? And if people want to use Bitcoins at the same time (for trading) then suggest to keep small amount of them in a hot wallet in one of the exchanges or blockchain.info MyWallet (which is safer), so that live session with a browser is still enough.

NOTE: It seems that Ripple and blockchain.info MyWallet work the same way: https://blockchain.info/wallet/how-it-works

Even though encryption of the wallet itself might be strong in Ripple it won't protect careless users from trojans/keyloggers that can steal your password the moment you type it in. Booting from clean Live CD every time you need to access your funds protects you from keyloggers and leaves your normal OS installation (Windows or Linux) unchanged. Something like "best security advice" on the Ripple's wallet creation page with a few easy steps would suffice.

It might take a bit more time to boot from a Live CD and you might need to change the boot order (only once) in your computer's BIOS setup to be able to do that, but in the end the added security is well worth the time and effort.

/********** Method 2 ********** applicable to Ripple and Bitcoin in your normal OS installation **********/

If you still find it cumbersome to play with Live CDs and prefer to work with sensitive data in your normal OS installation here is a trick how to fool the most primitive keylogger:

1) type one third* of your password
2) then type a fixed amount (1-5) of random keys**
3) then carefully delete them with your mouse (select last N symbols in the text field, right-click->Delete)
4) type another third of your password
5) repeat 2) and 3) with a different key sequence
6) type the last third of your password
7) press login

* you can divide your password into as many parts as you like, but one third is good enough for simplicity of the demonstration

** it's better to use the same (from one login to another login) pre-defined key sequences but different for their respective injection points in the password, so that they cannot be figured out by textual analysis from multiple stolen password strings for the same account.

From the keylogger's perspective your typed password would contain some garbage and won't work with your account.
Of course some keyloggers might attempt to intercept your mouse moves and clicks as well, but it seems much more difficult to figure out exactly what you typed with the approach described above.

/********** Method 3 ********** applicable to Ripple and Bitcoin in your normal OS installation **********/

Yet another way to protect yourself from malicious software is to create a separate secure user/workspace within your normal OS installation. Use your normal user account for day-to-day operations like reading news, working with email, chatting with friends, installing software from the Internet, etc. Use your secure user account to access your locally stored bitcoins and other sensitive information (Ripple account, Bitcoin exchanges, bank account etc). You can use this method in conjunction with method 2 described above for stronger security.

NOTE: More information on how to create secure user/workspace can be found here: https://en.bitcoin.it/wiki/Securing_your_wallet

For absolute security use offline cold wallets for storing bitcoins safely: http://bitcoinarmory.com/using-offline-wallets-in-armory/
This method is not currently applicable to Ripple but it might change once Ripple software is opensourced.

/******************************************************************************************************/

If you're new to Ripple/Bitcoin and you find these practices useful, please bump this thread (by posting in it) every once in a while so that other people can see it as well. Alternatively moderators might choose to make it a sticky thread on top of the board.

Remember that a few dozens of dollars worth of bitcoins or ripples right now might be a lot of money a few years down the road. So we'll be much better off as a community if we develop a good sense of discipline towards best security practices early on.

Copy-Paste is a nasty thing... you forgot to change XRP address from the other guy's post!

I bet ASICMINER is in a pretty good shape to compete with the above in terms of a total hashrate deployed before summer.
However the situation changes drastically around June as the new player joins the game with 28nm SOI state of the art technology and around petahash of aggregate performance for their first production wafer run.

"Looking for system integrators for new asic"
https://bitcointalk.org/index.php?topic=146371.0

They are looking for partners and system integrators to bring their chip to consumer market or build systems for self-mining.
They have already chosen two primary partners and are going to cooperate with more companies in a few weeks time.
Avalon has publicly expressed interest in that thread. Maybe ASICMINER should too!

I have another conspiracy theory!

Bitcoin was created by benevolent ETs to save us from an alien reptilian civilization that used people for millennia as a cheap labour to mine gold.

Watch the first half of this small video (recorded before 2005) and see what I mean!
http://www.youtube.com/watch?v=8LQp7Or1GNU

Pay attention to the words: New systems, Network, sprouting up rapidly, excited and creative people.
If that's not about Bitcoin, I don't know what it's about...

EDIT: and yes, Bashar is an ET

That was funny. Thanks!


I understand. I didn't mean to insult PPCoin or anything, was just thinking that it's pretty much the only alive coin with the name that doesn't clearly speak for itself and you have to look it up to decipher.  With the names like Bitcoin, Namecoin, Litecoin heck even Terracoin and Novacoin you kinda get the idea the moment you look at it. Honestly I got a few funny looks talking to somebody about PPCoin. It's not much about how you write it, but rather how you pronounce it You know what I mean.

I also thought, that PPC could stand for Personal Privacy Coin or something like that

I like the idea of PPCoin's hybrid design, the innovation that comes with it and the way Sunny King provided support for the client and nicely scheduled updates. However I always felt that the name and the way people pronounce it (pee pee) isn't extremely marketable.

So the idea just crossed my mind to call it pePPerCoin! Or at least pronounce it that way...
Looking at the revival of interest for BBQCoin, it seems that eatable coin names might get popular!
What do you guys think?

I prefer to view XRP as shares in the company that helps develop Bitcoin payment stack by providing the first implementation of a much needed clearing system on top of Bitcoin's settlement system. Would you buy shares in something like BitPay if they held 50% of them and were selling or giving away the rest?

In the same way as CC companies like VISA and MasterCard provide clearing for wire transfer settlement, Ripple helps Bitcoin handle much larger volumes of low-value transactions which can be settled for BTC in batches. Think of selling pizzas the whole day for BTC IOUs of your trusted gateway and then settle with that gateway for actual BTC at the end of the day. Also think of RIpple as an automated system to trade all those various MtGox codes, BTC-E codes and have exchange rates between them. That's what those BTC IOUs are in essence - redeemable codes.

So in that regard, it is fair that the founders of the company hold 50% of shares of their business. The fact that they promised to opensource the server is a bonus and an act of good will, they could have opted to keep it closed. They probably won't be the only clearing system for Bitcoin and that's ok, but from the looks of it they have a pretty good chance of grabbing a large portion of that market.

PS:

I must admit that I really like the Ripple UI - very sleek, clean and simple, hope it stays that way!
Also consensus system seems interesting, but I need to look a bit closer at it before jumping to any conclusions.

This is great!

I wanted to ask you about exactly this thing a few months ago, but somehow managed to forget about it.

How did you determine the birth date?
The official public hashing started on October 13th, but genesis block was probably created a bit earlier.

The same question about the place.
Did coblee tell you where he lives?

There was an article about a year ago from Amir Taaki titled
"Roadmap for the revolution: the future"
http://bitcoinmedia.com/roadmap-for-the-revolution-the-future/
where he described Bitcoin as settlement system while highlighting the necessity for clearing system as well.

He could not imagine at a time how those other parts of the whole ecosystem would look like, but now a year later we can already see how Ripple can become a clearing system that would offload low-value transactions volume from Bitcoin.

So the question boils down to what is bigger - settlement or clearing system?

If in the long run they become equal in their market shares then for 21 bitcoin today (1 millionth of total supply) one can buy 1M ripples (1 hundred thousandth of total supply) which seems like a good deal.

*******************

Progress update: 110% of 1M XRP reached!
Average buying price: 0.173 BTC for 10K XRP

There is one pending order for 40K at 0.17 that I will honour if there is a response within next 24 hours.
Other than that I have reached the desired limit and now decreasing the price to 0.10 BTC per 10K XRP

At this point the original contract in OP is expired and any new orders need to be negotiated separately.

I must say that I haven't traded in person before and it was fun and refreshing experience!
Hope everyone enjoyed the ride!
Take care.

+1 ralree

I bought 40K XRP for 0.8 BTC.
Everything went fine. I paid first and received my payment promptly. Will work again for sure.

Interesting topic!

Some time ago I started a thread about provable trust-free voting system based on Bitcoin private key signing.

"Consensus-based society with provable trust-free voting"
https://bitcointalk.org/index.php?topic=124477.0

Some of the technical aspects of the system have been described on pages 2 and 3.
Solutions to some of the problems raised here have also been proposed.

You might take a look and see if it fits your ideas about how to actually implement such system.

Thanks for your feedback!

*******************

Progress update: 82% of 1M XRP reached!
Average buying price: 0.171 BTC for 10K XRP

I'm still buying. You can quote in the thread or PM me.

*******************

Progress update: 76% of 1M XRP reached!
Average buying price: 0.169 BTC for 10K XRP

New price for any posts and PMs after this point will be 0.17 BTC for 10K XRP.
Those who locked the deal at 0.20 can still proceed with the transfer and I will honour my part of the deal accordingly.

I might be willing to buy a bit over 1M XRP depending on the price.

Thanks for your interest! PM sent.

*******************

Progress update: 12% of 1M XRP reached!
Average buying price: 0.150 BTC for 10K XRP

About half of the rest of the way is covered by pending orders by users who are currently offline.

The price was bumped to 0.20 BTC for 10k XRP to match current market offerings.
This is a short-time offer. Welcome!

I bet much more secure authentication mechanizm would be for client to register its public key with the server and for the server to issue random one-time strings (for every login) that the client would need to sign with its private key stored in a air-gapped USB hardware gadget (like those USB BItcoin hardware wallets in development) and pass back to server. The server can then check if signature is valid against client's public key.

At least trojans and keyloggers won't have a chance against such system.
If (or rather when) Bitcoin hardware wallets become widespread, I assume many Bitcoin websites might consider this option.
Sorry if a bit off-topic.