• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Wallet Password Paranoia

darkness

darkness

Member
My wallet has been on so many machines that I'm starting to worry if someone has a copy of it and decides to brute force it. Does the wallet have some kind of protection where you cannot try x amount of passwords per second? What is reasonable length password? 64 random characters?

I guess it won't be as simple as changing the password and restarting the masternode? Would I need to make a new wallet, transfer the dash, then re-setup the masternode?

Thanks for any help :p
 
Please tell me you're joking - nobody should be running a masternode from a software wallet anymore. Listen to @GrandMasterDash and get yourself a hardware wallet asap. The instructions for setting it up are here: https://dashpay.atlassian.net/wiki/spaces/DOC/pages/113934340/Masternode+Setup

To answer your question, it is currently possible to guess 15-20 passwords per second per CPU core. Extremely slow, but not impossible. I'd be more worried about keyloggers on the system every time you unlock the wallet.
 
Thanks guys, you've convinced me to get a hardware wallet. Now to choose between the Trezor and the Keepkey.

I can get hold of the Keepkey before Christmas whereas the Trezor will take a few weeks. However, the Trezor does come with the GrandMasterDash sleep at night guarantee :p
 
@demo has obviously never bought a trezor. Tamper-proof packaging; 1. plastic vacuum seal, 2. two hologram seals (one each end), 3. glued cardboard packaging, must destroy packaging to get inside.

Open source firmware and hardware. The only exploit found required physical access to the trezor to directly read from a chip. Latest firmware has fixed this issue.

Private keys never leave the device. Requires physical button confirmation and visual public key confirmation to sign transactions.

I am not going to read the entire post that demo provided, it is instantly flawed in the first paragraph. Having the 24 word seed (in handwritten form) is, indeed, exactly the same as having all the private keys; it uses a public standard to generate them.

Device only needs to be plugged in for the duration of signing a transaction, maybe one minute duration?

MOST IMPORTANTLY, the trezor is one of the smallest hardware wallets, making it very flexible for hiding.

That was the original trezor, I'm not sure about the new Model T.
 
GrandMasterDash said:
@demo has obviously never bought a trezor. Tamper-proof packaging; 1. plastic vacuum seal, 2. two hologram seals (one each end), 3. glued cardboard packaging, must destroy packaging to get inside.

Open source firmware and hardware. The only exploit found required physical access to the trezor to directly read from a chip. Latest firmware has fixed this issue.

Private keys never leave the device. Requires physical button confirmation and visual public key confirmation to sign transactions.

I am not going to read the entire post that demo provided, it is instantly flawed in the first paragraph. Having the 24 word seed (in handwritten form) is, indeed, exactly the same as having all the private keys; it uses a public standard to generate them.

Device only needs to be plugged in for the duration of signing a transaction, maybe one minute duration?

MOST IMPORTANTLY, the trezor is one of the smallest hardware wallets, making it very flexible for hiding.

That was the original trezor, I'm not sure about the new Model T.
Click to expand...

You are wrong. The only safe way is to compile an operating system of your choice, and put it in a bootable usb stick. Someone did it.

https://bitkey.io/
https://www.turnkeylinux.org/blog/secure-bitcoin-transactions#comment-20749
 
GrandMasterDash said:
Trolling. Clearly did a spontaneous search to try and disprove; date at top of article. 2014/07/22
Click to expand...

The date is not important. The idea is.
Read the source, and compile a safe system.
This is the only thing it is 100% sure.
You trust no one that way, except yourself.
If you are stupid and unable to read the code, then go trust the hardware wallets that fed provides to you.
 
It's always nice to get different opinions.

I do like the idea of compiling a 100% safe system but I fear this is impossible. People may look at different aspects of an open source OS, but nobody is going to read and intimately understand the whole source. You are always trusting someone at the end of the day. Whether it's Trezor or the guy who made this livecd (and he is trusting whoever wrote the various parts he used).
 
darkness said:
It's always nice to get different opinions.

I do like the idea of compiling a 100% safe system but I fear this is impossible. People may look at different aspects of an open source OS, but nobody is going to read and intimately understand the whole source. You are always trusting someone at the end of the day. Whether it's Trezor or the guy who made this livecd (and he is trusting whoever wrote the various parts he used).
Click to expand...

Trust me. The software cold wallet is 10000% safer than the hardware one.
If I tell you why, I'll have to kill you.

Watch here.

Read also this.
 
Last edited:
Well it looks like I'm ready to get started. I just wanted to confirm that THIS is the guide to use.

Since I already have an MN set up I guess I'll only need to transfer the 1000 dash to Trezor and update the private key in the cfg file on the VPS? Just want to make sure. Even the thought of the transfer is scaring me :O
 
Yes, this is the correct guide, updated for the current version of dash. Please do test transfers to and from your Trezor first, and make sure your recovery phrase works! All of this is covered in the guide...
 
You must log in or register to reply here.
Back
Top