Bitcoin Forum>Other>Off-topic
Author

Topic: Save your PK, or any message into an image file. (Read 224 times)

1000guess
newbie
Activity: 12
Merit: 0
Save your PK, or any message into an image file.
January 15, 2020, 03:54:39 PM
#17
Thanks, @noorman0 for very constructive comments.

Regarding the code, here on my web site, you can see the code from any web browser in developer mode.
http://www.ethereummiddleman.com/secretimage.html

And regarding this comment as far as Mobile App concerned,
I think it's a bit unlikely because you will usually type in, or scan the QRcode from the App.

Quote
There you have it, pasting PK to other sites (including the web you mentioned) is also not recommended except for wallet service sites where PK is generated. Maybe you already understand what the "Clipboard Hijacking" is.

Well, I meant whether you trust what they manage PK there.

Quote
The Exchange doesn't provide PK to customers, so I think this is a bit off-topic.

noorman0
hero member
Activity: 1778
Merit: 709
[Nope]No hype delivers more than hope
Re: Save your PK, or any message into an image file.
January 15, 2020, 11:15:22 AM
#16
Quote from: 1000guess on January 14, 2020, 08:47:59 AM
If you guys think 'even just copying the PK string from the Internet' is not safe, all the PC/Mobile S/Ws are not safe.
Yes it's not safe at all, copying any sensitive data including PK is not recommended when the internet is active.

Quote from: 1000guess on January 14, 2020, 08:47:59 AM
And this App doesn't create PKs, just work based on the value given from the user or QRcode scan.
There you have it, pasting PK to other sites (including the web you mentioned) is also not recommended except for wallet service sites where PK is generated. Maybe you already understand what the "Clipboard Hijacking" is.

Quote from: 1000guess on January 14, 2020, 08:47:59 AM
Even though it's simple codes, why would you reveal all your codes if you want to make profits even just from an Ad?
A valid ad won't ask customers for any sensitive data.

Quote from: 1000guess on January 14, 2020, 08:47:59 AM
B.t.w, From WebService site you can get all encryption/decryption source code from JS script there. Anyone can see that from web browser.
Not sure, can you name one of the sites? can i also see it. If there are, then they dont last long because it destroys the "privacy" of customers.

Quote from: 1000guess on January 14, 2020, 08:47:59 AM
So, Let alone GooglePlay and AppStore, what will be the organization that you think will do some verification for this kind of S/Ws?
I don't know, but I'm not sure if big companies like Google and Apple would do would do something so insignificant. Not that I trust 100% in them.


Quote from: 1000guess on January 15, 2020, 09:17:01 AM
Don't you trust Crypto Exchanges and their Cold Storages also?
The Exchange doesn't provide PK to customers, so I think this is a bit off topic.
1000guess
newbie
Activity: 12
Merit: 0
Re: Save your PK, or any message into an image file.
January 15, 2020, 09:17:01 AM
#15
Quote from: boyptc on January 14, 2020, 04:10:07 PM
With those apps?

No.

Writing on a paper is the most secured way of keeping our PK if not for the others.

Thanks,
Just curious. Don't you trust Crypto Exchanges and their Cold Storages also?
boyptc
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
Re: Save your PK, or any message into an image file.
January 14, 2020, 04:10:07 PM
#14
With those apps?

No.

Writing on a paper is the most secured way of keeping our PK if not for the others.
1000guess
newbie
Activity: 12
Merit: 0
Re: Save your PK, or any message into an image file.
January 14, 2020, 08:47:59 AM
#13
Thank you @Ucy, @Negotiation

I think there are 2 points here.

1. Level of security.

If you guys think 'even just copying the PK string from the Internet' is not safe, all the PC/Mobile S/Ws are not safe.
Though you guys use PC wallets, Metamask, other S/Ws.
And this App doesn't create PKs, just work based on the value given from the user or QRcode scan.
Even if saving in a Safe is not enough, I doubt how do you guys think cold-wallet (storage) is better.

2. Verified?
Even though it's simple codes, why would you reveal all your codes if you want to make profits even just from an Ad?
B.t.w, From WebService site you can get all encryption/decryption source code from JS script there. Anyone can see that from web browser.
So, Let alone GooglePlay and AppStore, what will be the organization that you think will do some verification for this kind of S/Ws?

I'm just asking your opinion.

thanks
Negotiation
sr. member
Activity: 1204
Merit: 270
Hire Bitcointalk Camp. Manager @ r7promotions.com
Re: Save your PK, or any message into an image file.
January 14, 2020, 04:14:58 AM
#12
I don't think we should have personal keys with phones because it's too risky for us Never call personal information at work Save your PK or any message to an image file and then encrypt it at a lower risk Keep it safe and do not charge any product without verification And it's better not to use PK.
Ucy
sr. member
Activity: 2674
Merit: 403
Compare rates on different exchanges & swap.
Re: Save your PK, or any message into an image file.
January 14, 2020, 02:34:36 AM
#11
I wouldn't save too much with this method. It's quite risky. By the way, is this open source project... been tested by others?
Quote
If you secure both the paper notes and an image file saved in external media in the same Safe,
which do you think is safer?

None, I guess. as long as you copy from the  internet.
1000guess
newbie
Activity: 12
Merit: 0
Re: Save your PK, or any message into an image file.
January 13, 2020, 02:33:58 PM
#10
Quote from: Artemis3 on January 12, 2020, 05:07:00 PM
Private keys should never be casually handed, period. The current best practice is to use the seed words, and copy that with your hands avoiding electronic devices.

Once copied, you could in a secure disconnected PC do things like typing them in a text file, and encrypt that, or steno-graph it yourself in one of millions ways, then encrypt that, etc, etc. No apps, no sending things to others.

There are various free open source tools that can help you do this, if you are inclined to do so electronically, but you could just do it physically as well. Pick a book, mark some words, done.

Ideally you should never watch the actual pk ever yourself, only once when you create the wallet and type the seed words but never make the pk display anywhere. The practice of the old paper wallets have been discontinued for its dangers.

I agree that proposition.

Tough you do use metamask or other tools right?
the role of the App is to save any data to an image.
Once it's saved once your phone encrypted, I believe users can save it somewhere.

Are you suggesting to revise function to cover that 'afterward' scenario
, or suggesting that this kind of encryption and steganography is meaningless anyway?
1000guess
newbie
Activity: 12
Merit: 0
Re: Save your PK, or any message into an image file.
January 13, 2020, 02:25:29 PM
#9
Quote from: LoyceMobile on January 12, 2020, 04:51:44 PM
Quote from: 1000guess on January 12, 2020, 03:49:38 PM
By the way, even with the Web Service, it's encrypted with 256bit AES and deleted after a while.

It seems you are accusing somebody or some product even without checking the fact
Fact is: you are asking people for their private keys, while claiming it's encrypted. Let me guess: you can and will decrypt the private keys.

Reminder: member never trust anyone with your private keys!

Ok, so you are worried about the situation that
"I can somehow bruteforce to find the key for the encryption and decrypt yours?"

Got your point.
Technically possible, even though I am not that kind of guy and got no time&resource for that.
That latter word means nothing to the users so I will revise the WebSite with warnings.
Not to test serious data on the WebSite.

But my point was rather about the mobile Apps, which seems you guys just worrying that I leak your data somehow.
You can simply spoof the network packet if it ever sends any data while it's doing it.
Basically, this is not just an assumption but seems false accusation to me. Smiley




1000guess
newbie
Activity: 12
Merit: 0
Re: Save your PK, or any message into an image file.
January 13, 2020, 02:15:48 PM
#8
Quote from: qwk on January 12, 2020, 04:45:29 PM
Quote from: 1000guess on January 12, 2020, 03:49:38 PM
regarding the mobile App, is there any reason you think it will be delivered to somebody else?
There's malware out there that will screen capture android phones.
https://www.forbes.com/sites/zakdoffman/2019/07/08/warning-for-users-of-android-banking-apps-new-malware-is-recording-password-screens/

So, when you're thinking about creating private keys on a phone: don't.

So why do you think this APP is related to creating keys or involves that specific moment?
Naida_BR
member
Activity: 980
Merit: 62
Re: Save your PK, or any message into an image file.
January 13, 2020, 09:16:33 AM
#7
I don't find it safe.
What is the guarantee that this file is not being compromised?
Still saving your PK in a paper and keep it in a safe place is the best choice for me.
Artemis3
legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
Re: Save your PK, or any message into an image file.
January 12, 2020, 05:07:00 PM
#6
Private keys should never be casually handed, period. The current best practice is to use the seed words, and copy that with your hands avoiding electronic devices.

Once copied, you could in a secure disconnected PC do things like typing them in a text file, and encrypt that, or steno-graph it yourself in one of millions ways, then encrypt that, etc, etc. No apps, no sending things to others.

There are various free open source tools that can help you do this, if you are inclined to do so electronically, but you could just do it physically as well. Pick a book, mark some words, done.

Ideally you should never watch the actual pk ever yourself, only once when you create the wallet and type the seed words but never make the pk display anywhere. The practice of the old paper wallets have been discontinued for its dangers.
LoyceMobile
hero member
Activity: 1659
Merit: 687
LoyceV on the road. Or couch.
Re: Save your PK, or any message into an image file.
January 12, 2020, 04:51:44 PM
#5
Quote from: 1000guess on January 12, 2020, 03:49:38 PM
By the way, even with the Web Service, it's encrypted with 256bit AES and deleted after a while.

It seems you are accusing somebody or some product even without checking the fact
Fact is: you are asking people for their private keys, while claiming it's encrypted. Let me guess: you can and will decrypt the private keys.

Reminder: member never trust anyone with your private keys!
qwk
donator
Activity: 3542
Merit: 3413
Shitcoin Minimalist
Re: Save your PK, or any message into an image file.
January 12, 2020, 04:45:29 PM
#4
Quote from: 1000guess on January 12, 2020, 03:49:38 PM
regarding the mobile App, is there any reason you think it will be delivered to somebody else?
There's malware out there that will screen capture android phones.
https://www.forbes.com/sites/zakdoffman/2019/07/08/warning-for-users-of-android-banking-apps-new-malware-is-recording-password-screens/

So, when you're thinking about creating private keys on a phone: don't.
1000guess
newbie
Activity: 12
Merit: 0
Re: Save your PK, or any message into an image file.
January 12, 2020, 03:49:38 PM
#3
Thanks @noorman0

Regarding the Web Service, even though it's encrypted, it's delivered.
So I understand your concern.

But regarding the mobile App, is there any reason you think it will be delivered to somebody else?

By the way, even with the Web Service, it's encrypted with 256bit AES and deleted after a while.

It seems you are accusing somebody or some product even without checking the fact,
resulting in a false impression over the whole service.

What do you think?

Thanks Smiley
noorman0
hero member
Activity: 1778
Merit: 709
[Nope]No hype delivers more than hope
Re: Save your PK, or any message into an image file.
January 11, 2020, 08:02:21 AM
#2
Quote from: 1000guess on January 10, 2020, 01:25:37 PM
_snip_
(in WebService case, all your data is encrypted first on your machine and transferred to the WebService, so fear not)
Are you sure ? Roll Eyes
In the cases of importing PK, we are strongly recommended not to be connected to the internet at all. And here you recommend handing over PK people to a new platform owned by random people and through internet as well.
If you mean to insert any message code into an image, you can do it yourself offline using the hex editor. That has less risk than your tips.

I don't recommend your way.
1000guess
newbie
Activity: 12
Merit: 0
Re: Save your PK, or any message into an image file.
January 10, 2020, 01:25:37 PM
#1
Do you write your Prive Key to a paper or any media?

What if an image file, looks nothing special might contain a Prive Key inside it?
Even more, if the PrivateKey or any message inside it is encrypted?

If you secure both the paper notes and an image file saved in external media in the same Safe,
which do you think is safer?

You can do it with your phone.

[Android]
https://play.google.com/store/apps/details?id=com.ethereummiddleman.secretimage

[iPhone]
https://apps.apple.com/app/id1489854686

[Web Service]
http://www.ethereummiddleman.com/secretimage.html
(in WebService case, all your data is encrypted first on your machine and transferred to the WebService, so fear not)

Hope this helps.
Bitcoin Forum>Other>Off-topic
Jump to: