Saving your private key in your email is a lethal move - page 3.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: noorman0 on January 09, 2020, 05:06:49 AM

How about hiding the PK into the hex of a photo?
Of course that we won't put PK as a whole in a photo. For example, we distribute a PK to 3 parts as follows:

the real question that you should be asking yourself is why are you trying so hard to avoid using the real encryption methods that are designed by cryptography experts, have been tested already and are very strong (example: AES)?
and as long as you can't come up with a reasonable answer to this important question, you should stick to using real encryption methods and follow the security recommendations.

noorman0

hero member

Activity: 1778

Merit: 709

[Nope]No hype delivers more than hope

How about hiding the PK into the hex of a photo?
Of course that we won't put PK as a whole in a photo. For example, we distribute a PK to 3 parts as follows:

PK: E9873D79C6D87DC0FB6A5778633389F4453213303DA61F20BD67FC233AA33262
source https://en.bitcoin.it/wiki/Private_key

We prepare 3 photos, for example in the 3 of a mosaic photo

E9873D79C6D87DC0FB6A577 : photo_02.jpg
8633389F4453213303DA61F : photo_03.jpg
20BD67FC233AA33262 : photo_01.jpg

Then save the photos on 3 different (private) cloud storage sites that we usually use to save other photos before.
Audio files can also be a pretty safe place for PK hex, or insert into the audio lyrics. IMO

guigui371

legendary

Activity: 2114

Merit: 1693

C.D.P.E.M

Quote from: tsaroz on January 08, 2020, 11:12:34 AM

I Know I shouldn't. But my online life and lifestyle is totally depended on google and it's ecosystem. Every of my device syncs through my google account and in one way or other, my key details and even the private keys, passwords and 2FA secret codes are stored online. I can't just stay in a place or use a single device, there's no other option than living in a cloud. I don't prefer mobile OTP verification as I don't trust my government.

Well I hope you use Lastpass ? or any other type of password manager ? And not just google drive.

Today, so many wallets are compatible with a ledger nano S / X that it is just careless not to have one.
And you can save the seed on a piece of paper, an engraved piece of metal or in your head.

tsaroz

legendary

Activity: 3094

Merit: 1069

DGbet.fun - Crypto Sportsbook

Quote from: Sharon121212 on April 07, 2019, 01:00:27 PM

Well I would not have made this post not until this week I have a cryptocurrency community on social media(telegram) we doing my own bit to enlighten and empower those I can.
We tell them about cryptocurrency wallet and how they go about it well I made it clear to them never to screenshot there private keys but rather write it down and put it away in a place safe.

But it's has occurred more times where private keys where written, sent and saved on some of my students emails...

Well this has huge consequences. I would want to reach out to the noobs never improvise instructions are instructions when creating a wallet you are told to write your private keys down(not on email or on your device).
Your email can not key your private key safe it's still could be hacked and the information collected.

It's basic instructions and rules when over looked causes damages.

I Know I shouldn't. But my online life and lifestyle is totally depended on google and it's ecosystem. Every of my device syncs through my google account and in one way or other, my key details and even the private keys, passwords and 2FA secret codes are stored online. I can't just stay in a place or use a single device, there's no other option than living in a cloud. I don't prefer mobile OTP verification as I don't trust my government.

sovie

sr. member

Activity: 1274

Merit: 265

Private key is what hold your bitcoins. Once its compromised or hacked you can have huge lose for that. Never store them electronically rather store them offline on paper. Most of us dont do that such to make our work easy. You only know worth of these keys once you lost them.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Quote from: seoincorporation on January 07, 2020, 11:58:45 PM

Maybe if your friend put those keys inside a ZIP with a password, it could be a 'secure' way to hold them in the mail.

I still wouldn't recommend it.

There is a lot of heterogeneity in how secure archiving software is, and how securely it protects files when you apply a password to an archive. Even if it using a strong encryption algorithm, then it is only as safe as the password you set. If an attacker is able to access and download the file, then they can run a brute force attack limited only by their own hardware, meaning they can check millions of passwords a second. If you have thought up your own password, then it is likely to be broken quickly, and only long, random, computer-generated passwords are likely to be safe.

Given that storing your seed online is widely considered a terrible idea, the people who are likely to do so are therefore those with low knowledge of good security practices, and so are very unlikely to be able to securely encrypt the data with a strong password.

Better to just stick to the usual advice of writing down your seed phrase on paper.

Magkirap

sr. member

Activity: 896

Merit: 267

★Bitvest.io★ Play Plinko or Invest!

Quote from: seoincorporation on January 07, 2020, 11:58:45 PM

Quote from: dvmmayowa on January 07, 2020, 06:04:29 PM

Quote from: Sharon121212 on April 07, 2019, 01:00:27 PM

...

I keep on saying this same thing to a friend of mine couple of years back but he feels comfortable saving them on his emails, just last year november, his entire wallet was wiped off into multiple wallets, till now he has no idea of how the scammer got access to his wallets, so tragedic.
We need to be extra careful not to become victim of wallet hacks, cyber criminals dont sleep, they're always on the watch.

Maybe if your friend put those keys inside a ZIP with a password, it could be a 'secure' way to hold them in the mail. But you are right, save the private keys in the mail is a really insecure way to manage that sensitive information.

Even if you stored it with a password hackers will still be able to get that file and then they will open it, yes it has password but you don't know what a experienced hacker can do so to be safe do not put something that can help open your wallets in your emails because once they get in your emails your so done and also if you are really wanting to be safe then use different emails, do mot use a single one because that will make hacker's job much easier because its like a one stop hack and then he can get anything from you, internet is a very dangerous place, we are not private in their so be careful and wise on your actions.

seoincorporation

legendary

Activity: 3346

Merit: 3125

Quote from: dvmmayowa on January 07, 2020, 06:04:29 PM

Quote from: Sharon121212 on April 07, 2019, 01:00:27 PM

...

I keep on saying this same thing to a friend of mine couple of years back but he feels comfortable saving them on his emails, just last year november, his entire wallet was wiped off into multiple wallets, till now he has no idea of how the scammer got access to his wallets, so tragedic.
We need to be extra careful not to become victim of wallet hacks, cyber criminals dont sleep, they're always on the watch.

Maybe if your friend put those keys inside a ZIP with a password, it could be a 'secure' way to hold them in the mail. But you are right, save the private keys in the mail is a really insecure way to manage that sensitive information.

dvmmayowa

jr. member

Activity: 122

Merit: 1

Quote from: Sharon121212 on April 07, 2019, 01:00:27 PM

Well I would not have made this post not until this week I have a cryptocurrency community on social media(telegram) we doing my own bit to enlighten and empower those I can.
We tell them about cryptocurrency wallet and how they go about it well I made it clear to them never to screenshot there private keys but rather write it down and put it away in a place safe.

But it's has occurred more times where private keys where written, sent and saved on some of my students emails...

Well this has huge consequences. I would want to reach out to the noobs never improvise instructions are instructions when creating a wallet you are told to write your private keys down(not on email or on your device).
Your email can not key your private key safe it's still could be hacked and the information collected.

It's basic instructions and rules when over looked causes damages.

I keep on saying this same thing to a friend of mine couple of years back but he feels comfortable saving them on his emails, just last year november, his entire wallet was wiped off into multiple wallets, till now he has no idea of how the scammer got access to his wallets, so tragedic.
We need to be extra careful not to become victim of wallet hacks, cyber criminals dont sleep, they're always on the watch.

carlisle1

hero member

Activity: 2744

Merit: 541

Campaign Management?"Hhampuz" is the Man

Totally agreed on this because saving private keys on our email is just like giving al our crypto to the hackers as they are very good on this ,but seriously never do such action if you wanna keep safe our crypto assets

Quote from: jerry0 on April 11, 2019, 06:21:26 PM

Those people that say don't store it online even if you encrypt it, then what happens if something happens to your computer or usb physically? Say a theft or fire? Where is your backup then? That is why i thought online backup has to be a must because if that happens, you can access dropbox or gmail and the file is there.

Well thats why i always believed about having physical copy of each so whenever theres a moments like this then we can have another sets of back ups

Kasabus

hero member

Activity: 2814

Merit: 576

I made this stupid idea in the past when I was still a newbie, I thought it's easier to access if I save it in email and I can access it anytime as long as there is an interne, but I realize it was a bad idea, and luckily no one were able to hack my private key with a thousand of dollars inside of the wallet.

We learn as we stay in crypto, but thanks to OP as this is necessary for newbie to know.

arpon11

sr. member

Activity: 882

Merit: 282

Quote from: Sharon121212 on April 07, 2019, 01:00:27 PM

Well I would not have made this post not until this week I have a cryptocurrency community on social media(telegram) we doing my own bit to enlighten and empower those I can.
We tell them about cryptocurrency wallet and how they go about it well I made it clear to them never to screenshot there private keys but rather write it down and put it away in a place safe.

But it's has occurred more times where private keys where written, sent and saved on some of my students emails...

Well this has huge consequences. I would want to reach out to the noobs never improvise instructions are instructions when creating a wallet you are told to write your private keys down(not on email or on your device).
Your email can not key your private key safe it's still could be hacked and the information collected.

It's basic instructions and rules when over looked causes damages.

Though it has not happened to me before but I am very careful with my private keys and password. I have an online wallet that I have used for more than three years now and I keep the private keys offline but still afraid of friends that may lay their hands on it and withdraw my funds or coins from my wallet. I think we are at a time that we should follow op advice and recommendations since email is no longer safe to store our private keys. I have enabled 2 factors authentication on all my account because of hackers activities and since there is no safe system I also pray that God should keep the eyes of evil people from anywhare I store my coins.

boyptc

hero member

Activity: 3024

Merit: 680

★Bitvest.io★ Play Plinko or Invest!

Quote from: ?? on ??

you must be careful to access your wallet with private key, because if you login in phishing website you may lost your wallet data also. hackers can easily access your data so its better to remember your private key.

Even not inputting your private keys to a phishing link.

Simply leaving your private key to a cloud storage or email gives you a total risk whenever the email provider gets hacked or your email has been reached and accessed by a hacker.

Quote from: GreatArkansas on April 13, 2019, 11:20:51 AM

I want to ask if it is safe to store private keys in secured .zip or .rar with password and stored it from email or any other online filehosting? Please explain also how it is risky or it is safe.

Better to write it down manually.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Quote from: GreatArkansas on April 13, 2019, 11:20:51 AM

I want to ask if it is safe to store private keys in secured .zip or .rar with password and stored it from email or any other online filehosting? Please explain also how it is risky or it is safe.

Could be very risky or could be relatively safe depending on a number of factors.

Some older zip or rar archivers just slap a very easily broken password on an archive. Most up-to-date archivers will encrypt the file with AES. If you have the private key in plain text on a malware infected computer, use an old archiver which doesn't encrypt and/or use a weak password, and then upload it do an easily hacked server, the chance of you losing all your coins rapidly approaches 100%. On the other hand, if you were to encrypt it using a proper encryption program like Veracrypt, with a very strong password, on an airgapped computer, transfer it to an internet enabled device and upload it to an encrypted file server, the risk is much lower.

If you don't really know what you are doing, you are much better just writing your seed down and storing it in a physically secure location.

GreatArkansas

legendary

Activity: 2506

Merit: 1394

I want to ask if it is safe to store private keys in secured .zip or .rar with password and stored it from email or any other online filehosting? Please explain also how it is risky or it is safe.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Quote from: okala on April 12, 2019, 04:01:49 PM

The ops is not saying that the private keys are shared online, there are ways you keep documents in your email for future use such as saving them in the draft folders. I have always save my private keys in my email drafts because I have strong security on my email such as the authentication of code before logging in and that is done using either my phone number or google authentication app.

And where do you think the drafts are stored, if not online? Everything in your email (inbox, outbox, trash, drafts, etc) is copied to an unknown number of servers across the world. How do you know all of them are secure? How do you know all the employees are trustworthy? Just because your account itself wasn't broken in to, doesn't mean that all the data inside it can't be accessed by other means.

Additionally, although 2FA is obviously a good idea to have on all your accounts, having 2FA doesn't make your account immune to being hacked by any means.

Storing private keys online, especially in plain text format, and then double especially telling people on a public forum that you do that, is terrible security.

okala

full member

Activity: 980

Merit: 114

Quote from: Pmalek on April 07, 2019, 02:19:52 PM

A private key should never be sent or shared online either via email or saved on clouds, drives etc. Consider it compromised and funds protected by it.
Instruct your students to invest in a hardware wallet if they are serious about crypto currencies since the private keys in hardware wallets never leave the safety of the device.

The ops is not saying that the private keys are shared online, there are ways you keep documents in your email for future use such as saving them in the draft folders. I have always save my private keys in my email drafts because I have strong security on my email such as the authentication of code before logging in and that is done using either my phone number or google authentication app.

whotookmycrypto

full member

Activity: 168

Merit: 214

WhoTookMyCrypto.com

Quote from: o_e_l_e_o on April 12, 2019, 04:29:47 AM

Quote from: jerry0 on April 11, 2019, 06:21:26 PM

Those people that say don't store it online even if you encrypt it, then what happens if something happens to your computer or usb physically? Say a theft or fire? Where is your backup then?

Physical back ups in a variety of secure locations, that no one knows about. Encrypt the file on an airgapped PC, copy to a couple of USBs, and store them in a safe deposit box, vault, personal safe, or similar.

Having said that, the best method is to not store your keys or seed electronically at all - you are better off using paper wallets or hardware wallets with the seeds backed up on paper.

Apart from what o_e_l_e_o said, you may also consider using tools like Crypto Steel too if you are paranoid about your paper getting destroyed.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Quote from: jerry0 on April 11, 2019, 06:21:26 PM

Those people that say don't store it online even if you encrypt it, then what happens if something happens to your computer or usb physically? Say a theft or fire? Where is your backup then?

Physical back ups in a variety of secure locations, that no one knows about. Encrypt the file on an airgapped PC, copy to a couple of USBs, and store them in a safe deposit box, vault, personal safe, or similar.

Having said that, the best method is to not store your keys or seed electronically at all - you are better off using paper wallets or hardware wallets with the seeds backed up on paper.

Thanasis

hero member

Activity: 1820

Merit: 515

★777Coin.com★ Fun BTC Casino

Quote from: jerry0 on April 11, 2019, 06:21:26 PM

Those people that say don't store it online even if you encrypt it, then what happens if something happens to your computer or usb physically? Say a theft or fire? Where is your backup then? That is why i thought online backup has to be a must because if that happens, you can access dropbox or gmail and the file is there.

Saving the private keys online is risky. Roll Eyes

Do you think gmail is hard to hack? It is not much harder to hack and we can see many people were complaining that they bitcointalk accounts were hcked due to their registered email was hacked so saving it physically is the better solution.

Topic: Saving your private key in your email is a lethal move - page 3. (Read 1712 times)