How do I know my password or backup information is not being shared when creating a new wallet?How do I...
multiple null checks in Java8
Microphone on Mars
Is it possible to detect 100% of SQLi with a simple regex?
Can "ee" appear in Latin?
Manager has noticed coworker's excessive breaks. Should I warn him?
How bad is a Computer Science course that doesn't teach Design Patterns?
Have the UK Conservatives lost the working majority and if so, what does this mean?
Do error bars on probabilities have any meaning?
Is layered encryption more secure than long passwords?
What did Putin say about a US deep state in his state-of-the-nation speech; what has he said in the past?
Why is ra lower than re while la is higher than le?
Why does finding small effects in large studies indicate publication bias?
Why are `&array` and `array` pointing to the same address?
Empty optional argument or Not giving optional argument at all?
Is Screenshot Time-tracking Common?
Identical projects by students at two different colleges: still plagiarism?
Does resurrection consume material components if the target isn’t willing to be resurrected?
I hate taking lectures, can I still survive in academia?
Exploding Numbers
How do I know my password or backup information is not being shared when creating a new wallet?
Reading source code and extracting json from a url
Sauna: Wood does not feel so hot
How to scroll to next div using Javascript?
Multiplying elements of a list
How do I know my password or backup information is not being shared when creating a new wallet?
How do I confirm my Tezos wallet is up to date; most current version etc.?How to make an offline transaction?How to run tezos node in private mode using docker images?How to add and transfer from originated accounts in the CLI walletHow does the tezos blockchain security model works?How can I use Kukai wallet on alphanet?
Several services offer to create a new tezos wallet/account/key (tz1...). For example, consider Galleon Wallet. By entering a password, it produces a new wallet:
You then need to choose a set of 12 words, which are used to make a backup and to recover access to the account in case it is needed. My question is, how do I know the private information above is not being shared with anyone? I imagine this can somehow be seen in the source code of the program. But some are not open source. For instance, kukai is a web service that creates wallets. How can we know such creation of wallets is secure? Surely there must be some sort of "official" communication between these services and the blockchain. Is there some protocol that ensures such security, or is that a layer altogether detached from the interaction of these wallet creation services with the blockchain?
security wallets
asked 5 hours ago
luchonacholuchonacho
23517
add a comment |
Several services offer to create a new tezos wallet/account/key (tz1...). For example, consider Galleon Wallet. By entering a password, it produces a new wallet:
You then need to choose a set of 12 words, which are used to make a backup and to recover access to the account in case it is needed. My question is, how do I know the private information above is not being shared with anyone? I imagine this can somehow be seen in the source code of the program. But some are not open source. For instance, kukai is a web service that creates wallets. How can we know such creation of wallets is secure? Surely there must be some sort of "official" communication between these services and the blockchain. Is there some protocol that ensures such security, or is that a layer altogether detached from the interaction of these wallet creation services with the blockchain?
security wallets
asked 5 hours ago
luchonacholuchonacho
23517
add a comment |
Several services offer to create a new tezos wallet/account/key (tz1...). For example, consider Galleon Wallet. By entering a password, it produces a new wallet:
You then need to choose a set of 12 words, which are used to make a backup and to recover access to the account in case it is needed. My question is, how do I know the private information above is not being shared with anyone? I imagine this can somehow be seen in the source code of the program. But some are not open source. For instance, kukai is a web service that creates wallets. How can we know such creation of wallets is secure? Surely there must be some sort of "official" communication between these services and the blockchain. Is there some protocol that ensures such security, or is that a layer altogether detached from the interaction of these wallet creation services with the blockchain?
security wallets
asked 5 hours ago
luchonacholuchonacho
23517
Several services offer to create a new tezos wallet/account/key (tz1...). For example, consider Galleon Wallet. By entering a password, it produces a new wallet:
You then need to choose a set of 12 words, which are used to make a backup and to recover access to the account in case it is needed. My question is, how do I know the private information above is not being shared with anyone? I imagine this can somehow be seen in the source code of the program. But some are not open source. For instance, kukai is a web service that creates wallets. How can we know such creation of wallets is secure? Surely there must be some sort of "official" communication between these services and the blockchain. Is there some protocol that ensures such security, or is that a layer altogether detached from the interaction of these wallet creation services with the blockchain?
security wallets
security wallets
asked 5 hours ago
luchonacholuchonacho
23517
asked 5 hours ago
luchonacholuchonacho
23517
asked 5 hours ago
luchonacholuchonacho
23517
asked 5 hours ago
luchonacholuchonacho
23517
asked 5 hours ago
luchonacholuchonacho
23517
23517
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
If the key is generated on their server, you have no way to know.
If the key is generated locally in your browser, you may try to monitor the network to see what the wallet sends to the server. However, it might still find other ways to get the key, for example by waiting a random time before sending it, by encrypting the communication, or just by limiting the randomness when generating the key, so that it can guess it later.
I think the only reliable way is to use an external device, such as a Ledger or Trezor, it will generate the key and key it inside the device, so that the wallet will never access the key, only use the device to sign operations.
answered 5 hours ago
FLF OCPFLF OCP
1,938214
add a comment |
Any wallet software you choose to run comes with risks you should be fully aware of in order to properly protect yourself.
Whether its a web, desktop, or mobile app you are running code that someone else wrote and the best way to reduce the risk is to make sure you are using software that is open source and has been verified by the community as coming from a reputable developer.
Next you need to take steps to ensure that the code you are running actually comes from the developer and that you haven't mistakenly downloaded it from elsewhere. This primarily means avoiding phishing links by double checking the URLs and preferably making bookmarks to known good sites.
Keeping your computer free of malware. It doesn't matter what software you are running if your system is infected.
Finally, the best way to protect yourself is to use a hardware wallet device. This way the keys never leave the hardware device, which is especially important if you aren't certain that your computer isn't infected with malware. As long as you are careful to double check all input validation at each step the hardware wallet will keep you protected.
answered 5 hours ago
cousinitcousinit
56919
Mmm, but if you already created a wallet using software, it might be too late. In that case, would it be better to create a new one from hardware and then transfer all funds to that wallet?
– luchonacho
4 hours ago
Overall, seems to be a deep flaw of software wallets. Honestly, no one should use them, and should probably not been endorser or suggested by the official blockchain foundation.
– luchonacho
4 hours ago
Software wallets play a very important role in any crypto ecosystem, but people need to learn about the risks. If you are concerned about security and especially if you aren't confident about keeping your system safe from malware, the best recommendation is to get a hardware wallet device and transfer your important funds into it.
– cousinit
4 hours ago
Actually, Galleon does not publish the source code!
– luchonacho
4 hours ago
The credibility of a cryptocurrency depends heavily on the security of wallets, as that is what common users interact mostly with. It should be of primary concern for organisations like the Tezos foundation to make sure existing wallets are as safe as possible, rather than merely listing some and stating "we don't endorse them". In practice, that's what they are doing. Not good.
– luchonacho
4 hours ago
|
show 1 more comment
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "698"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftezos.stackexchange.com%2fquestions%2f529%2fhow-do-i-know-my-password-or-backup-information-is-not-being-shared-when-creatin%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
If the key is generated on their server, you have no way to know.
If the key is generated locally in your browser, you may try to monitor the network to see what the wallet sends to the server. However, it might still find other ways to get the key, for example by waiting a random time before sending it, by encrypting the communication, or just by limiting the randomness when generating the key, so that it can guess it later.
I think the only reliable way is to use an external device, such as a Ledger or Trezor, it will generate the key and key it inside the device, so that the wallet will never access the key, only use the device to sign operations.
answered 5 hours ago
FLF OCPFLF OCP
1,938214
add a comment |
If the key is generated on their server, you have no way to know.
If the key is generated locally in your browser, you may try to monitor the network to see what the wallet sends to the server. However, it might still find other ways to get the key, for example by waiting a random time before sending it, by encrypting the communication, or just by limiting the randomness when generating the key, so that it can guess it later.
I think the only reliable way is to use an external device, such as a Ledger or Trezor, it will generate the key and key it inside the device, so that the wallet will never access the key, only use the device to sign operations.
answered 5 hours ago
FLF OCPFLF OCP
1,938214
add a comment |
If the key is generated on their server, you have no way to know.
If the key is generated locally in your browser, you may try to monitor the network to see what the wallet sends to the server. However, it might still find other ways to get the key, for example by waiting a random time before sending it, by encrypting the communication, or just by limiting the randomness when generating the key, so that it can guess it later.
I think the only reliable way is to use an external device, such as a Ledger or Trezor, it will generate the key and key it inside the device, so that the wallet will never access the key, only use the device to sign operations.
answered 5 hours ago
FLF OCPFLF OCP
1,938214
If the key is generated on their server, you have no way to know.
If the key is generated locally in your browser, you may try to monitor the network to see what the wallet sends to the server. However, it might still find other ways to get the key, for example by waiting a random time before sending it, by encrypting the communication, or just by limiting the randomness when generating the key, so that it can guess it later.
I think the only reliable way is to use an external device, such as a Ledger or Trezor, it will generate the key and key it inside the device, so that the wallet will never access the key, only use the device to sign operations.
answered 5 hours ago
FLF OCPFLF OCP
1,938214
answered 5 hours ago
FLF OCPFLF OCP
1,938214
answered 5 hours ago
FLF OCPFLF OCP
1,938214
answered 5 hours ago
FLF OCPFLF OCP
1,938214
1,938214
add a comment |
add a comment |
Any wallet software you choose to run comes with risks you should be fully aware of in order to properly protect yourself.
Whether its a web, desktop, or mobile app you are running code that someone else wrote and the best way to reduce the risk is to make sure you are using software that is open source and has been verified by the community as coming from a reputable developer.
Next you need to take steps to ensure that the code you are running actually comes from the developer and that you haven't mistakenly downloaded it from elsewhere. This primarily means avoiding phishing links by double checking the URLs and preferably making bookmarks to known good sites.
Keeping your computer free of malware. It doesn't matter what software you are running if your system is infected.
Finally, the best way to protect yourself is to use a hardware wallet device. This way the keys never leave the hardware device, which is especially important if you aren't certain that your computer isn't infected with malware. As long as you are careful to double check all input validation at each step the hardware wallet will keep you protected.
answered 5 hours ago
cousinitcousinit
56919
Mmm, but if you already created a wallet using software, it might be too late. In that case, would it be better to create a new one from hardware and then transfer all funds to that wallet?
– luchonacho
4 hours ago
Overall, seems to be a deep flaw of software wallets. Honestly, no one should use them, and should probably not been endorser or suggested by the official blockchain foundation.
– luchonacho
4 hours ago
Software wallets play a very important role in any crypto ecosystem, but people need to learn about the risks. If you are concerned about security and especially if you aren't confident about keeping your system safe from malware, the best recommendation is to get a hardware wallet device and transfer your important funds into it.
– cousinit
4 hours ago
Actually, Galleon does not publish the source code!
– luchonacho
4 hours ago
The credibility of a cryptocurrency depends heavily on the security of wallets, as that is what common users interact mostly with. It should be of primary concern for organisations like the Tezos foundation to make sure existing wallets are as safe as possible, rather than merely listing some and stating "we don't endorse them". In practice, that's what they are doing. Not good.
– luchonacho
4 hours ago
|
show 1 more comment
Any wallet software you choose to run comes with risks you should be fully aware of in order to properly protect yourself.
Whether its a web, desktop, or mobile app you are running code that someone else wrote and the best way to reduce the risk is to make sure you are using software that is open source and has been verified by the community as coming from a reputable developer.
Next you need to take steps to ensure that the code you are running actually comes from the developer and that you haven't mistakenly downloaded it from elsewhere. This primarily means avoiding phishing links by double checking the URLs and preferably making bookmarks to known good sites.
Keeping your computer free of malware. It doesn't matter what software you are running if your system is infected.
Finally, the best way to protect yourself is to use a hardware wallet device. This way the keys never leave the hardware device, which is especially important if you aren't certain that your computer isn't infected with malware. As long as you are careful to double check all input validation at each step the hardware wallet will keep you protected.
answered 5 hours ago
cousinitcousinit
56919
Mmm, but if you already created a wallet using software, it might be too late. In that case, would it be better to create a new one from hardware and then transfer all funds to that wallet?
– luchonacho
4 hours ago
Overall, seems to be a deep flaw of software wallets. Honestly, no one should use them, and should probably not been endorser or suggested by the official blockchain foundation.
– luchonacho
4 hours ago
Software wallets play a very important role in any crypto ecosystem, but people need to learn about the risks. If you are concerned about security and especially if you aren't confident about keeping your system safe from malware, the best recommendation is to get a hardware wallet device and transfer your important funds into it.
– cousinit
4 hours ago
Actually, Galleon does not publish the source code!
– luchonacho
4 hours ago
The credibility of a cryptocurrency depends heavily on the security of wallets, as that is what common users interact mostly with. It should be of primary concern for organisations like the Tezos foundation to make sure existing wallets are as safe as possible, rather than merely listing some and stating "we don't endorse them". In practice, that's what they are doing. Not good.
– luchonacho
4 hours ago
|
show 1 more comment
Any wallet software you choose to run comes with risks you should be fully aware of in order to properly protect yourself.
Whether its a web, desktop, or mobile app you are running code that someone else wrote and the best way to reduce the risk is to make sure you are using software that is open source and has been verified by the community as coming from a reputable developer.
Next you need to take steps to ensure that the code you are running actually comes from the developer and that you haven't mistakenly downloaded it from elsewhere. This primarily means avoiding phishing links by double checking the URLs and preferably making bookmarks to known good sites.
Keeping your computer free of malware. It doesn't matter what software you are running if your system is infected.
Finally, the best way to protect yourself is to use a hardware wallet device. This way the keys never leave the hardware device, which is especially important if you aren't certain that your computer isn't infected with malware. As long as you are careful to double check all input validation at each step the hardware wallet will keep you protected.
answered 5 hours ago
cousinitcousinit
56919
Any wallet software you choose to run comes with risks you should be fully aware of in order to properly protect yourself.
Whether its a web, desktop, or mobile app you are running code that someone else wrote and the best way to reduce the risk is to make sure you are using software that is open source and has been verified by the community as coming from a reputable developer.
Next you need to take steps to ensure that the code you are running actually comes from the developer and that you haven't mistakenly downloaded it from elsewhere. This primarily means avoiding phishing links by double checking the URLs and preferably making bookmarks to known good sites.
Keeping your computer free of malware. It doesn't matter what software you are running if your system is infected.
Finally, the best way to protect yourself is to use a hardware wallet device. This way the keys never leave the hardware device, which is especially important if you aren't certain that your computer isn't infected with malware. As long as you are careful to double check all input validation at each step the hardware wallet will keep you protected.
answered 5 hours ago
cousinitcousinit
56919
answered 5 hours ago
cousinitcousinit
56919
answered 5 hours ago
cousinitcousinit
56919
answered 5 hours ago
cousinitcousinit
56919
56919
Mmm, but if you already created a wallet using software, it might be too late. In that case, would it be better to create a new one from hardware and then transfer all funds to that wallet?
– luchonacho
4 hours ago
Overall, seems to be a deep flaw of software wallets. Honestly, no one should use them, and should probably not been endorser or suggested by the official blockchain foundation.
– luchonacho
4 hours ago
Software wallets play a very important role in any crypto ecosystem, but people need to learn about the risks. If you are concerned about security and especially if you aren't confident about keeping your system safe from malware, the best recommendation is to get a hardware wallet device and transfer your important funds into it.
– cousinit
4 hours ago
Actually, Galleon does not publish the source code!
– luchonacho
4 hours ago
The credibility of a cryptocurrency depends heavily on the security of wallets, as that is what common users interact mostly with. It should be of primary concern for organisations like the Tezos foundation to make sure existing wallets are as safe as possible, rather than merely listing some and stating "we don't endorse them". In practice, that's what they are doing. Not good.
– luchonacho
4 hours ago
|
show 1 more comment
Mmm, but if you already created a wallet using software, it might be too late. In that case, would it be better to create a new one from hardware and then transfer all funds to that wallet?
– luchonacho
4 hours ago
Overall, seems to be a deep flaw of software wallets. Honestly, no one should use them, and should probably not been endorser or suggested by the official blockchain foundation.
– luchonacho
4 hours ago
Software wallets play a very important role in any crypto ecosystem, but people need to learn about the risks. If you are concerned about security and especially if you aren't confident about keeping your system safe from malware, the best recommendation is to get a hardware wallet device and transfer your important funds into it.
– cousinit
4 hours ago
Actually, Galleon does not publish the source code!
– luchonacho
4 hours ago
The credibility of a cryptocurrency depends heavily on the security of wallets, as that is what common users interact mostly with. It should be of primary concern for organisations like the Tezos foundation to make sure existing wallets are as safe as possible, rather than merely listing some and stating "we don't endorse them". In practice, that's what they are doing. Not good.
– luchonacho
4 hours ago
Mmm, but if you already created a wallet using software, it might be too late. In that case, would it be better to create a new one from hardware and then transfer all funds to that wallet?
– luchonacho
4 hours ago
Mmm, but if you already created a wallet using software, it might be too late. In that case, would it be better to create a new one from hardware and then transfer all funds to that wallet?
– luchonacho
4 hours ago
Overall, seems to be a deep flaw of software wallets. Honestly, no one should use them, and should probably not been endorser or suggested by the official blockchain foundation.
– luchonacho
4 hours ago
Overall, seems to be a deep flaw of software wallets. Honestly, no one should use them, and should probably not been endorser or suggested by the official blockchain foundation.
– luchonacho
4 hours ago
Software wallets play a very important role in any crypto ecosystem, but people need to learn about the risks. If you are concerned about security and especially if you aren't confident about keeping your system safe from malware, the best recommendation is to get a hardware wallet device and transfer your important funds into it.
– cousinit
4 hours ago
Software wallets play a very important role in any crypto ecosystem, but people need to learn about the risks. If you are concerned about security and especially if you aren't confident about keeping your system safe from malware, the best recommendation is to get a hardware wallet device and transfer your important funds into it.
– cousinit
4 hours ago
Actually, Galleon does not publish the source code!
– luchonacho
4 hours ago
Actually, Galleon does not publish the source code!
– luchonacho
4 hours ago
The credibility of a cryptocurrency depends heavily on the security of wallets, as that is what common users interact mostly with. It should be of primary concern for organisations like the Tezos foundation to make sure existing wallets are as safe as possible, rather than merely listing some and stating "we don't endorse them". In practice, that's what they are doing. Not good.
– luchonacho
4 hours ago
The credibility of a cryptocurrency depends heavily on the security of wallets, as that is what common users interact mostly with. It should be of primary concern for organisations like the Tezos foundation to make sure existing wallets are as safe as possible, rather than merely listing some and stating "we don't endorse them". In practice, that's what they are doing. Not good.
– luchonacho
4 hours ago
|
show 1 more comment
Thanks for contributing an answer to Tezos Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftezos.stackexchange.com%2fquestions%2f529%2fhow-do-i-know-my-password-or-backup-information-is-not-being-shared-when-creatin%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
