|
|
|
|
|
"With e-currency based on cryptographic proof, without the need to
trust a third party middleman, money can be secure and transactions
effortless." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
noorman0
|
 |
January 11, 2020, 01:02:21 PM |
|
_snip_
(in WebService case, all your data is encrypted first on your machine and transferred to the WebService, so fear not)
Are you sure ?  In the cases of importing PK, we are strongly recommended not to be connected to the internet at all. And here you recommend handing over PK people to a new platform owned by random people and through internet as well. If you mean to insert any message code into an image, you can do it yourself offline using the hex editor. That has less risk than your tips. I don't recommend your way. |
This space for rent. Available in mid January 2024 - PM me |
|
|
1000guess (OP)
Newbie
 Offline
Activity: 12
Merit: 0
|
|
January 12, 2020, 08:49:38 PM |
|
Thanks @noorman0 Regarding the Web Service, even though it's encrypted, it's delivered. So I understand your concern. But regarding the mobile App, is there any reason you think it will be delivered to somebody else? By the way, even with the Web Service, it's encrypted with 256bit AES and deleted after a while. It seems you are accusing somebody or some product even without checking the fact, resulting in a false impression over the whole service. What do you think? Thanks  |
|
|
|
|
|
|
|
LoyceMobile
|
|
January 12, 2020, 09:51:44 PM |
|
By the way, even with the Web Service, it's encrypted with 256bit AES and deleted after a while.
It seems you are accusing somebody or some product even without checking the fact
Fact is: you are asking people for their private keys, while claiming it's encrypted. Let me guess: you can and will decrypt the private keys. Reminder: member never trust anyone with your private keys! |
|
|
|
Artemis3
Legendary
Offline
Activity: 2030
Merit: 1563
CLEAN non GPL infringing code made in Rust lang
|
|
January 12, 2020, 10:07:00 PM |
|
Private keys should never be casually handed, period. The current best practice is to use the seed words, and copy that with your hands avoiding electronic devices.
Once copied, you could in a secure disconnected PC do things like typing them in a text file, and encrypt that, or steno-graph it yourself in one of millions ways, then encrypt that, etc, etc. No apps, no sending things to others.
There are various free open source tools that can help you do this, if you are inclined to do so electronically, but you could just do it physically as well. Pick a book, mark some words, done.
Ideally you should never watch the actual pk ever yourself, only once when you create the wallet and type the seed words but never make the pk display anywhere. The practice of the old paper wallets have been discontinued for its dangers.
|
█████████████████████████
██████████████████████████
██████████████████████████
███████████████████████████ | BRAIINS OS+| | AUTOTUNING
MINING FIRMWARE| | Increase hashrate on your Bitcoin ASICs,
improve efficiency as much as 25%, and
get 0% pool fees on Braiins Pool | |
|
|
|
Naida_BR
Member
Offline
Activity: 980
Merit: 62
|
|
January 13, 2020, 02:16:33 PM |
|
I don't find it safe.
What is the guarantee that this file is not being compromised?
Still saving your PK in a paper and keep it in a safe place is the best choice for me.
|
|
|
|
|
1000guess (OP)
Newbie
Offline
Activity: 12
Merit: 0
|
|
January 13, 2020, 07:15:48 PM |
|
So why do you think this APP is related to creating keys or involves that specific moment? |
|
|
|
|
1000guess (OP)
Newbie
Offline
Activity: 12
Merit: 0
|
|
January 13, 2020, 07:25:29 PM |
|
By the way, even with the Web Service, it's encrypted with 256bit AES and deleted after a while.
It seems you are accusing somebody or some product even without checking the fact
Fact is: you are asking people for their private keys, while claiming it's encrypted. Let me guess: you can and will decrypt the private keys. Reminder: member never trust anyone with your private keys!Ok, so you are worried about the situation that "I can somehow bruteforce to find the key for the encryption and decrypt yours?" Got your point. Technically possible, even though I am not that kind of guy and got no time&resource for that. That latter word means nothing to the users so I will revise the WebSite with warnings. Not to test serious data on the WebSite. But my point was rather about the mobile Apps, which seems you guys just worrying that I leak your data somehow. You can simply spoof the network packet if it ever sends any data while it's doing it. Basically, this is not just an assumption but seems false accusation to me. |
|
|
|
|
1000guess (OP)
Newbie
Offline
Activity: 12
Merit: 0
|
|
January 13, 2020, 07:33:58 PM |
|
Private keys should never be casually handed, period. The current best practice is to use the seed words, and copy that with your hands avoiding electronic devices.
Once copied, you could in a secure disconnected PC do things like typing them in a text file, and encrypt that, or steno-graph it yourself in one of millions ways, then encrypt that, etc, etc. No apps, no sending things to others.
There are various free open source tools that can help you do this, if you are inclined to do so electronically, but you could just do it physically as well. Pick a book, mark some words, done.
Ideally you should never watch the actual pk ever yourself, only once when you create the wallet and type the seed words but never make the pk display anywhere. The practice of the old paper wallets have been discontinued for its dangers.
I agree that proposition. Tough you do use metamask or other tools right? the role of the App is to save any data to an image. Once it's saved once your phone encrypted, I believe users can save it somewhere. Are you suggesting to revise function to cover that 'afterward' scenario , or suggesting that this kind of encryption and steganography is meaningless anyway? |
|
|
|
|
|
Ucy
|
|
January 14, 2020, 07:34:36 AM |
|
I wouldn't save too much with this method. It's quite risky. By the way, is this open source project... been tested by others? If you secure both the paper notes and an image file saved in external media in the same Safe,
which do you think is safer? None, I guess. as long as you copy from the internet. |
|
|
|
|
|
Negotiation
|
|
January 14, 2020, 09:14:58 AM |
|
I don't think we should have personal keys with phones because it's too risky for us Never call personal information at work Save your PK or any message to an image file and then encrypt it at a lower risk Keep it safe and do not charge any product without verification And it's better not to use PK.
|
|
|
|
1000guess (OP)
Newbie
Offline
Activity: 12
Merit: 0
|
|
January 14, 2020, 01:47:59 PM |
|
Thank you @Ucy, @Negotiation
I think there are 2 points here.
1. Level of security.
If you guys think 'even just copying the PK string from the Internet' is not safe, all the PC/Mobile S/Ws are not safe.
Though you guys use PC wallets, Metamask, other S/Ws.
And this App doesn't create PKs, just work based on the value given from the user or QRcode scan.
Even if saving in a Safe is not enough, I doubt how do you guys think cold-wallet (storage) is better.
2. Verified?
Even though it's simple codes, why would you reveal all your codes if you want to make profits even just from an Ad?
B.t.w, From WebService site you can get all encryption/decryption source code from JS script there. Anyone can see that from web browser.
So, Let alone GooglePlay and AppStore, what will be the organization that you think will do some verification for this kind of S/Ws?
I'm just asking your opinion.
thanks
|
|
|
|
|
|
boyptc
|
|
January 14, 2020, 09:10:07 PM |
|
With those apps?
No.
Writing on a paper is the most secured way of keeping our PK if not for the others.
|
|
|
|
1000guess (OP)
Newbie
Offline
Activity: 12
Merit: 0
|
|
January 15, 2020, 02:17:01 PM |
|
With those apps?
No.
Writing on a paper is the most secured way of keeping our PK if not for the others.
Thanks, Just curious. Don't you trust Crypto Exchanges and their Cold Storages also? |
|
|
|
|
|
noorman0
|
|
January 15, 2020, 04:15:22 PM |
|
If you guys think 'even just copying the PK string from the Internet' is not safe, all the PC/Mobile S/Ws are not safe. Yes it's not safe at all, copying any sensitive data including PK is not recommended when the internet is active. And this App doesn't create PKs, just work based on the value given from the user or QRcode scan. There you have it, pasting PK to other sites (including the web you mentioned) is also not recommended except for wallet service sites where PK is generated. Maybe you already understand what the "Clipboard Hijacking" is. Even though it's simple codes, why would you reveal all your codes if you want to make profits even just from an Ad? A valid ad won't ask customers for any sensitive data. B.t.w, From WebService site you can get all encryption/decryption source code from JS script there. Anyone can see that from web browser.
Not sure, can you name one of the sites? can i also see it. If there are, then they dont last long because it destroys the "privacy" of customers. So, Let alone GooglePlay and AppStore, what will be the organization that you think will do some verification for this kind of S/Ws?
I don't know, but I'm not sure if big companies like Google and Apple would do would do something so insignificant. Not that I trust 100% in them. Don't you trust Crypto Exchanges and their Cold Storages also?
The Exchange doesn't provide PK to customers, so I think this is a bit off topic. |
This space for rent. Available in mid January 2024 - PM me |
|
|
1000guess (OP)
Newbie
Offline
Activity: 12
Merit: 0
|
|
January 15, 2020, 08:54:39 PM |
|
Thanks, @noorman0 for very constructive comments. Regarding the code, here on my web site, you can see the code from any web browser in developer mode. http://www.ethereummiddleman.com/secretimage.htmlAnd regarding this comment as far as Mobile App concerned, I think it's a bit unlikely because you will usually type in, or scan the QRcode from the App. There you have it, pasting PK to other sites (including the web you mentioned) is also not recommended except for wallet service sites where PK is generated. Maybe you already understand what the "Clipboard Hijacking" is.
Well, I meant whether you trust what they manage PK there. The Exchange doesn't provide PK to customers, so I think this is a bit off-topic.
|
|
|
|
|
|
