Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Cold storage spending....

Discussion in 'Development Tech Discussion' started by joezippy, May 21, 2015.

  1. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    For what it's worth, I like the MN sustainability payout model, I have mined darkcoin (not worth the heat) and have the DASHs to setup MNs, but my DASHs are safe on 1k paper wallets all neat and tidy.... I don't want them on my phone or my linux laptop... In "beta" wallets, on any network... I'm comfortable setting up the linux MN, so that's not a worry... I want to help the community with MNs, but all cash is harder to make than spend or loose....

    Still thinking.... Thoughts? I have looked around, but I can't see a way to setup MNs w/ paper wallets... Should be possible, but maybe I'm missing something.....

    Keep up the great work!
     
    • Like Like x 2
  2. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    Hello,

    Any chance we could get this feature into the Dash Android Wallet in the future... This feature of the Mycelium wallet allows me to use my private key without ever importing it to a device or laptop... Which is really nice for larger one time spends and transfers... The only thing I need to worry about securing after the spend, is the same paper wallet... Any thoughts? Maybe DASH doesn't work the same way with Darksend and "burning the wallet on import".... Enlighten me... :)

    Have a look here:



    Thanks and keep up the good work!
     
    • Like Like x 2
  3. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,961
    Likes Received:
    6,735
    Trophy Points:
    1,283
    • Like Like x 1
  4. Bridgewater

    Bridgewater Well-known Member
    Foundation Member

    Joined:
    Dec 14, 2014
    Messages:
    183
    Likes Received:
    164
    Trophy Points:
    203
    Regarding cold storage spending:
    Dash is currently supported by the most recent Encompass release (a modified version of Electrum which supports several alt-coins). Electrum has an option to use an online device in "watch-only" mode, and then when you need to make a spend you create a transaction for your OFFLINE device with private keys to sign. You then take the signed transaction back to the online device and broadcast it. I believe this can be accomplished with cameras and QR codes as well as USB stick file transfer. You can also use Encompass with the Trezor hardware wallet to store your Dash private keys in a pretty secure way.

    Regarding offline (cold storage) Masternode collateral:

    Encompass (electrum) does not support any of Dash's unique features such as anonymization and instant transactions, and especially not MN functionality. You will need to wait for an upcoming release of Dash Core that includes support for offline masternode management. Once we get that code in there, then it might be possible to adapt it for different ways of masternode starting/stopping/voting, like QR codes, or maybe even hardware wallets to "sign" the MN's vote or start signal...

    With the current version of Dash it is just not possible yet. It is on the to-do-list, and rest assured that many others around here are patiently awaiting this feature, too.
     
    • Like Like x 6
  5. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    Very nice detailed answer... Thanks! I wasn't aware that Electrum supported Dash... What are your thoughts regading the development effort and credibility of the Electrum effort? Not to bash anyone... It just seems pretty... You know... :rolleyes:

    New Dash Core with off-line masternode management... Now we are talking! :cool: You guys rock...

    Just thinking out loud.... I like the "paper wallet" broadcast model so much, I wonder if it won't become the future... Like this...

    1) Coin in pocket (3D print maybe) with Private Key QR... (no battery, low cost, no network persistence , no device persistence, no cloud storage)
    2) App on phone (not wallet) just "transaction interface"
    3) Walk into coffee shop, order
    4) Start "transaction interface" app
    5) Scan coin QR
    6) Scan merchant QR
    7) Enter amount
    8) Hit send

    You could load the coin as you needed from other "paper wallets" just in case you have a hole in your pocket.... ;)
    This model is more secure and simplify the wallet code a ton, because it's just a blockchain reader, transaction signer and blockchain broadcaster.... :)

    Thoughts?
     
    • Like Like x 6
  6. TaoOfSatoshi

    TaoOfSatoshi Grizzled Member

    Joined:
    Jul 15, 2014
    Messages:
    2,719
    Likes Received:
    2,613
    Trophy Points:
    1,183
    Wow, you're not taking too long to throw yourself into the Dash ideas game! Great to have you with us, keep throwing ideas out there! The more minds we have thinking of ways to improve Dash, the better it is for all of the end users and investors.
     
    • Like Like x 3
  7. Sub-Ether

    Sub-Ether Well-known Member

    Joined:
    Mar 31, 2014
    Messages:
    1,516
    Likes Received:
    1,254
    Trophy Points:
    183
    Why is it always the quiet ones ? :cool:
     
    • Like Like x 2
  8. Sub-Ether

    Sub-Ether Well-known Member

    Joined:
    Mar 31, 2014
    Messages:
    1,516
    Likes Received:
    1,254
    Trophy Points:
    183
    Joezippy,
    I hope you can join us for the next round of simulations in testnet,
    github has been hot, not long now ..
     
    • Like Like x 3
  9. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    Thanks guys for the kind words... 18+ years as a software engineer (stay @ home dad now) focusing on integration and cryptography seem to help.... ;)
    Sometimes the best solutions come from the physical world, not the virtual.... :rolleyes:

    Cheers I'm going camping!
     
    #9 joezippy, May 22, 2015
    Last edited by a moderator: May 22, 2015
    • Like Like x 4
  10. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    Sure... I'm a little rusty... But I'd like to help out, if someone can point me in the right direction... I haven't used any testnet stuff to date...
    github has been a while too... I have java and crypto skills from about 3 years ago... I might have some code in me still too.... ;) Maybe
    some code reviews? :D

    The nice thing about the "transaction interface" model I proposed, is that it should be flexible and relatively easy to port to other currencies with
    proper interface design....

    I'm going to go out on a limb here and call my "transaction interface" the Anti-Wallet Payment Model (AWPM).... You like? :D
     
    • Like Like x 3
  11. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    Ok.... Last thought on the Anti-Wallet Payment Model (AWPM) for today...
    So, I actually used AWPM yesterday (not knowing) I did this:

    0) Login to relatively secure (updated) linux laptop
    1) Start private browsing session in Firefox
    2) Get Bitcoin Private Key from paper wallet to secure machine clipboard
    3) Go here: https-google/chart?cht=qr&chld=Q|2&chs=200&chl=paste private key here to make QR
    4) Open new Firefox tab here: https-shapeshift-io
    5) Provide ShapeShift Dash address for deposit
    6) Start android app Mycelium
    7) Choose ... "Cold Storage"
    8) Choose "QR Code"
    9) Scan Bitcoin Private Key google generated QR in Firefox
    10) Scan ShapeShift Bitcoin deposit QR
    11) Enter amount and hit send...
    12) Wait for the Dash to roll in... :D
    13) Restart phone and laptop...

    Sorry about the links... It won't let me post them...

    Did I miss something? un-secure? Please advise...
     
    • Like Like x 2
  12. Sub-Ether

    Sub-Ether Well-known Member

    Joined:
    Mar 31, 2014
    Messages:
    1,516
    Likes Received:
    1,254
    Trophy Points:
    183
    You're not missing much at all, in fact you creating it as you go along , lol.
    You know we didn't have many testers for the android wallet by hashengineering, he managed to get the instantX working more or less ok, it was a little glitchy on my phone, small tao update sync time and only 6 meg on the phone, I was impressed by the bandwidth used, (think he uses a seed node)
    There is a paper wallet scan on the latest release,
    https://github.com/HashEngineering/darkcoin-wallet/tree/release-4/wallet

    https://dashtalk.org/threads/android-wallet-for-dash-beta-testing-closed.4510/

    Btw, I like the name Anti-Wallet Payment Model , although a physicist would call this a quasi-wallet payment system :D
     
    • Like Like x 2
  13. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    "You're not missing much at all, in fact you creating it as you go along , lol.
    Btw, I like the name Anti-Wallet Payment Model , although a physicist would call this a quasi-wallet payment system"


    Nice.... I was thinking Anti-Pattern -> Anti-Wallet... :D

    An anti-pattern (or antipattern) is a common response to a recurring problem that is usually ineffective and risks being highly counterproductive.[1][2] The term, coined in 1995 by Andrew Koenig,[3] was inspired by a book, Design Patterns, in which the authors highlighted a number of design patterns in software development that they considered to be highly reliable and effective.

    The term was popularized three years later by the book AntiPatterns, which extended its use beyond the field of software design and into general social interaction and may be used informally to refer to any commonly reinvented but bad solution to a problem. Examples include analysis paralysis, cargo cult programming, death march, groupthink and vendor lock-in.

    ref: wiki​

    I'm going to look at those docs early next week... When I get back... Then I'll reach out again... Cheers! :)
     
    • Like Like x 2
  14. Sub-Ether

    Sub-Ether Well-known Member

    Joined:
    Mar 31, 2014
    Messages:
    1,516
    Likes Received:
    1,254
    Trophy Points:
    183
    Aint heard that definition, have put it on the book list :cool:
    Not same thing, but I read an interesting little book called 'anti-chaos' , basically inside all chaotic systems such as weather systems or even coin markets there is order(a tornado for example). Possibly even life itself is a complex type of order that springs from chaos (I like to divert threads wildly off topic btw, lol)
     
    • Like Like x 2
  15. Bridgewater

    Bridgewater Well-known Member
    Foundation Member

    Joined:
    Dec 14, 2014
    Messages:
    183
    Likes Received:
    164
    Trophy Points:
    203
    ThomasV is very respected in the Bitcoin community, and his credibility (and by extension, Electrum's) is not in question. I'm sure many thousands of BTC are stored in Electrum wallets. Encompass, however, is new and I personally would not trust it with thousands of DASH yet, but it is a solid proof of concept. And we now have a way to use Dash with a Trezor, which is really cool.

    What you are describing is QR code / private key "sweep". HashEngineering's current Android Dash wallet that Sub-Ether mentioned already does QR code sweep in its current implementation downloadable at the Play Store.
     
    • Like Like x 2
  16. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    Good to know... I'll keep following the project... Thanks! :)

    Cool but... I'm not talking about a paper wallet "sweep"... But paper wallet "spend"... As the Private Key is never imported nor any coins into any "wallet" app, on any device...... I'm talking about spending from paper directly, memory only with block chain interaction.....

    Here is a picture of what I'm thinking... :rolleyes:

    Anti-Wallet Payment Method (AWPM) (0.0.1).png

    More thoughts?

    Cheers!
     
  17. Bridgewater

    Bridgewater Well-known Member
    Foundation Member

    Joined:
    Dec 14, 2014
    Messages:
    183
    Likes Received:
    164
    Trophy Points:
    203
    What you are proposing DOES expose the private key to the online device, as that is the only way that system could work. Protected memory and destroying of the app is just not good enough, security wise. Any of the existing hardware wallet implementations currently available will be MUCH more secure than that, as the private key never touches the online device at all.

    Here is how your scenario would work with a hardware wallet:

    1. Your coffee shop generates a QR code on their POS terminal for your amount of purchase
    2. You use your phone's wallet app (watch-only mode - no private keys on device) to scan that QR code.
    3. Your phone's wallet app generates a QR code with the transaction info for your hardware wallet with private keys to SIGN.
    4. You use the hardware wallet's camera to scan your cell phone's QR code to get the transaction signature request.
    5. The amount of transaction and payee are displayed on the hardware wallet's screen
    6. You press the "sign/approve" button on the hardware wallet, and it signs the transaction and generates a QR code on its screen.
    7. You use your phone's camera to scan the hardware wallet's signature QR code into the phone's wallet app, enabling the transaction.
    8. The signed transaction is then broadcast by the phone's wallet app on the internet and shows up as paid, on both your cell phone and the coffee vendor's screen.

    The offline signing can be done with a thin credit-card sized hardware device that consists of just a small screen, a button, and a camera. No bluetooth, no wifi, no USB, no connectivity at all. There is literally no exposure of the private key at any time. This is pretty much how all hardware "wallets" work. They don't do the work of a wallet, per se. They just sign transactions for your "online wallet" with your private key in an offline / hardware separated way.

    PS, I currently use a Ledger HW.1 along with GreenBits (GreenAddress) wallet on my phone to do exactly what I described above, except instead of QR code communication between online wallet and hardware wallet signing, the transaction request and signing takes place through the hardware-restricted USB interface of the HW.1. It works amazingly fast (thanks to GreenAddress which is SPV with BIP70 support). There is still some amount of trust required for the Ledger wallet, as anything USB could possibly be backdoored somehow. I'm waiting for a device like the one I described above to hit the market. This one is pretty close to what I described, but still more connectivity than is necessary. https://www.indiegogo.com/projects/coolwallet-most-convenient-bitcoin-cold-wallet#/story
     
    • Like Like x 2
  18. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    I'm thinking that they only way my proposal based on the Android App Security Model (sorry not familiar w/ ios) could expose the Private Key would be, if it was programmed incorrectly or the device is ROOTED. If the device is ROOTED assume nothing is secure.

    "Android has security features built into the operating system that significantly reduce the frequency and impact of application security issues. The system is designed so you can typically build your apps with default system and file permissions and avoid difficult decisions about security.

    Some of the core security features that help you build secure apps include:

    • The Android Application Sandbox, which isolates your app data and code execution from other apps.
    • An application framework with robust implementations of common security functionality such as cryptography, permissions, and secure IPC.
    • Technologies like ASLR, NX, ProPolice, safe_iop, OpenBSD dlmalloc, OpenBSD calloc, and Linux mmap_min_addr to mitigate risks associated with common memory management errors.
    • An encrypted filesystem that can be enabled to protect data on lost or stolen devices.
    • User-granted permissions to restrict access to system features and user data.
    • Application-defined permissions to control application data on a per-app basis.
    "
    ref http://developer.android.com/training/articles/security-tips.html

    "public static final int MODE_PRIVATE

    File creation mode: the default mode, where the created file can only be accessed by the calling application (or all applications sharing the same user ID).
    "
    ref = http://developer.android.com/reference/android/content/Context.html#MODE_PRIVATE

    The hardware wallet makes things overly complicated (thinking of grandma) and not any more secure in my option... Cool yes, practical no. ;)

    my2cents!
     
  19. moli

    moli Grizzled Member

    Joined:
    Aug 5, 2014
    Messages:
    3,261
    Likes Received:
    1,837
    Trophy Points:
    1,183
    I've been looking through old threads and came across this thread: https://dashtalk.org/threads/masternode-not-on-list.820/

    The person tried to set up his MN on a paper wallet without success... Propulsion said,
    So I thought you might like to read it too. This thread was exactly one year ago... :)
     
    • Like Like x 1
  20. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    Very cool... Thanks for finding that... I still think it can be / should be possible... :)

    Here is the AWPM app from 50k foot... Just drilling down a bit for my own edification... ;)

    Anti-Wallet Payment Method (AWPM) 50k.png
    ref: http://www.javaworld.com/article/20...-for-beginners--part-3--the-bitcoinj-api.html

    Cheers and comments welcome! :D
     
    • Like Like x 1
  21. Bridgewater

    Bridgewater Well-known Member
    Foundation Member

    Joined:
    Dec 14, 2014
    Messages:
    183
    Likes Received:
    164
    Trophy Points:
    203
    If you are doing an external step, it should be a hardware wallet setup like I described. Using the same logic, Grandma is not going to want to perform the extra work of scanning pieces of paper, either. Frankly speaking, if you trust your Android software (rooted or not, custom rom or stock), phone drivers, closed-source hardware blobs and firmware that much, you might as well just store the private keys right on the device.

    Good security is never easy. It is hard and SHOULD be increasingly harder and more difficult to use, as the value that you want to protect grows. It is easy to shove a few hundred or thousand bills under your mattress, but you would not trust it with millions or billions worth (even if it fit in the mattress). You would need to set up a vault, hire security, and it would be a hassle when you went to visit the vault and spend.

    I mention this because you originally brought up cold storage spending, so I think you should remember this fundamental point. We call it "cold storage" simply for the fact that it is a larger amount than you'd freely store in a more convenient location, and it is supposed to be a little more difficult to spend it. A little difficulty for the owner usually equates to orders of magnitude more difficulty for the thief.
     
  22. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    Agree to disagree... Storing your private key on a networked device that crosses networks everywhere you travel, is "orders of magnitude" less secure than scanning a paper kept in your pocket and then trashing the protected memory space each time authentication is completed... The funny thing about your comment is we "trust our android software" every time we make a SSL connection (man-in-the-middle attacks?)... :) Let me guess, you work for one of those "wallet" companies and don't like the idea of an Anti-Wallet App... ;)

    What if the guy that coined the term "cold storage" was wrong? :rolleyes: App security should never accept the status quo.... Nor do I... I might be new to this group, but your not the only one who knows security shit... I still see value in building an AWPM.... Anyone else? :D
     
    • Like Like x 1
  23. Bridgewater

    Bridgewater Well-known Member
    Foundation Member

    Joined:
    Dec 14, 2014
    Messages:
    183
    Likes Received:
    164
    Trophy Points:
    203
    Nope, I don't work for anyone. I am no security expert, nor am I a software engineer or coder. I am simply cautious when it comes to money, and thus have done some prior research on this topic, and have also experimented with some of the current solutions available (albeit for bitcoin, not dash).

    I appreciate your enthusiasm and I'm not saying your idea does not have any merit. There is certainly value in not permanently storing a private key on the device, as it offers better protection than local storage (encrypted or not) in case your physical device is stolen. We are probably just considering different attack vectors and have different ideas on security standards. I agree that security should not always accept the status quo, but language however, should try to. So no, the guy who coined the term cold storage was not wrong if his definition is the generally accepted one.

    As soon as you "touch" those private keys to a device that has been online, and will go online again, there exists a possibility for attack that just would not exist if you had not done that. It does not matter what you do with the protected memory or secure software implementation. The KISS principle really applies here. The moment you do import that private key onto the online device--however temporary and secure--that private key is no longer "cold storage," so that is all I wanted to clarify.

    Just to let you know though, our development team is currently working on protocol-level 2-factor authorization for spends, which will truly be a shot in the arm for everyone's security, regardless of any extra protection measures taken.
     
  24. Sub-Ether

    Sub-Ether Well-known Member

    Joined:
    Mar 31, 2014
    Messages:
    1,516
    Likes Received:
    1,254
    Trophy Points:
    183
    This is an extra level of security in the physical world that can't easily be got at from online attacks, coupled with an encrypted password, forms a type of 2 factor authorization does it not, you are introducing an extra of protection based on the physical world.
    Am reminded what the NSA said about mailing someone, which is, basically the safest way to send a message is to put it in a paper envelope and post it.
     
    • Like Like x 1
  25. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    We agree to agree.... Kind of... ;) Because language and meaning does change in the tech world quite fast... "Names of many computer terms, especially computer applications, often relate to the function they perform, e.g., a compiler is an application that compiles (programming language source code into the computer's machine language). However there are other terms with less obvious origins, which are of etymological interest." Check out these just for fun... http://en.wikipedia.org/wiki/List_of_computer_term_etymologies :D

    Tomayto / Tomahto... When I think of the term "cold storage"... I think no battery, low cost, no network persistence , no device persistence, no cloud storage private keys and direct interaction with the blockchain.... Doesn't get more KISS than that, in my book... :D


    Good to know... I like 2-factor... :cool:

    The AWPM is probably a clean fork anyway... As I was looking @ some of the code last night... Not needing backups, donate / tips, address books and some other stuff...

    Oh... One thing... The README here for sweeping wallets (bottom)... States that it uses this REST call https://api.biteasy.com/blockchain/v1/unspent-outputs at biteasy.com... V1 is obsolete according to biteasy.com here.... They also have an issue w/ there SSL cert shown below.... Yikes!:

    Screenshot from 2015-05-26 07:43:11.png

    Cheers!
     
    • Like Like x 1
  26. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    AGREE, AGREE, AGREE! :D
     
  27. Sub-Ether

    Sub-Ether Well-known Member

    Joined:
    Mar 31, 2014
    Messages:
    1,516
    Likes Received:
    1,254
    Trophy Points:
    183
    Could the paper wallet private key have some kind of finger over part of the key as another layer of security, something like you have to cover up say 2 parts of the key perhaps from the back of a transparent wallet print, the wallet could be marked on the back with numbers almost like a physical pin, when you cover them up. parts of the scan will come in dark, affecting the key in a way that makes it work?
     
  28. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    Ah... Like a puzzle mug.... I like it! :D "Each mug is slightly different, using one of several different hole patterns." to drink from it... ref: http://www.muddymountainpottery.com/puzzle_mugs

    Only problem is now everyone has to have a 3D printer or a trusted 3D printer store or something else?

    What if we just re-lock the phone before the spend..... Nope... That won't do it...
    What if we scan a finger print and tie it to the app or transaction.... Nope... That won't do it...
    Register the app to a finger print, transaction from trusted apps... yuck... I don't want to do it...

    It has to be part of the QR that gets scanned... Or... As much as I like the puzzle mug idea.... You only transfer what you are willing to loose to the pocket coin from other "Paper Wallets"

    Picture coming up... Please hold.... :)
     
  29. joezippy

    joezippy Member

    Joined:
    May 21, 2015
    Messages:
    112
    Likes Received:
    66
    Trophy Points:
    78
    Anti-Wallet Payment Method (AWPM) Coin Reload (1).png So here is how you would use a "Vault Private Key" to secure what you didn't want to carry around in your pocket....

    When I say "Paper Wallet"... I don't mean printed QR codes in a firebox, under bed, etc.... I use personal cryptography tools like these : http://lifehacker.com/five-best-file-encryption-tools-5677725 to stash hardened files on USB devices, the cloud, where-ever... So "paper" isn't really paper... Unless you want it to be of course... :)

    Vault = "Paper Wallet" -- Physical or Virtual
    Pocket Coin = "Paper Wallet" -- Phyiscal

    Still liking the puzzle mug idea... Maybe you could fold the QR into some kind of origami to make it scan-able... But then someone could just follow the last fold by using the creases... :D

    More thoughts?
     
    #29 joezippy, May 26, 2015
    Last edited by a moderator: May 26, 2015
    • Like Like x 1
  30. Sub-Ether

    Sub-Ether Well-known Member

    Joined:
    Mar 31, 2014
    Messages:
    1,516
    Likes Received:
    1,254
    Trophy Points:
    183
    Didn't know about the puzzle mugs, a fun party piece, I might order one now:cool:

    I was trying to think of ways to protect a lost wallet private key, although if it was also password encrypted , it would not matter so much if the wallet(paper or chip) was lost. I like the idea of a 2 tier wallet system, the pocket change might get lost but the main vault storage would need a different attack approach.
     
    • Like Like x 1