Saving your private key in your email is a lethal move - page 5.

LTU_btc

legendary

Activity: 3234

Merit: 1375

Slava Ukraini!

Quote from: akamit on April 07, 2019, 05:11:33 PM

Storing private keys in USB FLASH is safe as long as they aren’t in the hands of an attacker. I hope you have hidden the USB Flash is a safe place.

But the first safest option is HARDWARE WALLETS, second USB FLASH, third is a paper wallet in my opinion. But paper wallets has some risks unless the user laminates it.

Offcourse hardware wallets is the best choice, I already use it for almost few years. But still, USB flash is needed for me to keep recovery phrase. I have written it down to a sheet of paper, but as already said, paper isn't very safe thing - Iover the time ink fades, and paper deteriorates, it's easy to destroy it with water and it can get lost easily.

jademaxsuy

full member

Activity: 924

Merit: 221

Quote from: sheenshane on April 08, 2019, 01:55:55 AM

Quote from: pooya87 on April 07, 2019, 11:24:47 PM

no, it is saying that there are malwares that can hide on your USB disk and be transferred to your cold storage alongside the raw unsigned tx which you are transferring to be signed and they can steal your keys while you are transferring the USB disk back to the online computer to broadcast the signed tx.

a simple solution which 100% solves this is usage of QR codes with a camera instead of USB disk.

You can hide your USB through like this I'm sure it is impossible to hack or steal from scammers or even one of your family member. Cheesy

Anyone who wants to try this just sent me a PM. Grin

There's a lot way of keeping your private, that is our responsibility to keep them safe. But in a small amount, I think that is not necessary to keep in USB, just a piece of paper would be fine and put into your personal pocket wallet.

This is more secure than I thought of saving a private key in a usb for sometimes it could be misplaced or stolen by someone and could compromise your holdings.

BTW, do this USB has a safety feature to which if one will going to eat it will prevent damage from the liquids passed through the mouth? I hope so, so that it could be really helpful and it could be one of great saving device for wallet private key.

bob123

legendary

Activity: 1624

Merit: 2481

Quote from: Sharon121212 on April 07, 2019, 01:00:27 PM

Your email can not key your private key safe it's still could be hacked and the information collected.

It seems like the majority of people still don't know how the email protocol works.

EVERY mail server (again: EVERY) between you and your recipient can read the mail in plain text.

It is (and never was) a good idea using (non-encrypted) emails to transmit sensitive information.
The email protocol is from 1980. It is extremely outdated and not secure at all.

Just because it is used everywhere, it doesn't mean it is something good / safe / secure.

Actually, you shouldn't store private keys on a device which is connected to the internet at all. Storing them on a mail server is just plain dumb.

dothebeats

legendary

Activity: 3542

Merit: 1352

Cashback 15%

Of course. Knowing how easy it is to actually get in on one's email and snoop on all of the contents of it, no one in their sane mind would even think of saving their private keys and other vital information on their email. If life's really that tough, then perhaps save your keys on your phone or write it down somewhere safe. It should be common knowledge that emails are insecure places to store sensitive data be it private keys, banking details, personal info.. the list goes on.

Kakmakr

legendary

Activity: 3542

Merit: 1965

Leading Crypto Sports Betting & Casino Platform

Well, not entirely true. If you and the recipient have come to some sort of agreement to obscure the whole private key, by for example breaking it up and sending it with other numbers/letters in several different emails, then people will not be able to extract the private key from your emails.

Let's say the sender and the recipient agrees that the first 3 numbers or letters will be ignored and then the 5th and the 7th and replaced with something else, then it would not make up a recognisable private key. Grin

sheenshane

legendary

Activity: 2492

Merit: 1232

Quote from: pooya87 on April 07, 2019, 11:24:47 PM

no, it is saying that there are malwares that can hide on your USB disk and be transferred to your cold storage alongside the raw unsigned tx which you are transferring to be signed and they can steal your keys while you are transferring the USB disk back to the online computer to broadcast the signed tx.

a simple solution which 100% solves this is usage of QR codes with a camera instead of USB disk.

You can hide your USB through like this I'm sure it is impossible to hack or steal from scammers or even one of your family member. Cheesy

Anyone who wants to try this just sent me a PM. Grin

There's a lot way of keeping your private, that is our responsibility to keep them safe. But in a small amount, I think that is not necessary to keep in USB, just a piece of paper would be fine and put into your personal pocket wallet.

Chikito

legendary

Activity: 2366

Merit: 2054

even they are student and familiar with pen and pencil, you have to instruting them of all to write private key on paper, double check spelling of private key, then laminated paper on very safe place

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: joniboini on April 07, 2019, 10:36:59 PM

Quote from: whotookmycrypto on April 07, 2019, 09:44:21 PM

Yeap, even air gaps aren't sufficient to protect your keys since there are ways to bypass it. For example, see how Stuxnet spread.

Found this good illustration online to demonstrate how USB can be used to exfiltrate private keys.

If I get the image correctly, it seems the reason why the private key was stolen is that the user downloaded malicious software from the internet and install it on his cold wallet. That's definitely not what we should do.

no, it is saying that there are malwares that can hide on your USB disk and be transferred to your cold storage alongside the raw unsigned tx which you are transferring to be signed and they can steal your keys while you are transferring the USB disk back to the online computer to broadcast the signed tx.

a simple solution which 100% solves this is usage of QR codes with a camera instead of USB disk.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: whotookmycrypto on April 07, 2019, 09:44:21 PM

Yeap, even air gaps aren't sufficient to protect your keys since there are ways to bypass it. For example, see how Stuxnet spread.

Found this good illustration online to demonstrate how USB can be used to exfiltrate private keys.

If I get the image correctly, it seems the reason why the private key was stolen is that the user downloaded malicious software from the internet and install it on his cold wallet. That's definitely not what we should do.

whotookmycrypto

full member

Activity: 168

Merit: 214

WhoTookMyCrypto.com

Quote from: mk4 on April 07, 2019, 09:22:32 PM

Yes, but only IF you know and you're actually very sure that you know what you're doing. Your private keys can still be compromised even a USB flashdrive is offline, if you manage to mess something up when you're on the process of generating the keys and saving it to the USB flashdrive on your computer.

Yeap, even air gaps aren't sufficient to protect your keys since there are ways to bypass it. For example, see how Stuxnet spread.

Found this good illustration online to demonstrate how USB can be used to exfiltrate private keys.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: nakamura12 on April 07, 2019, 03:18:10 PM

or a device where there is no internet connection like a USB for example.

Yes, but only IF you know and you're actually very sure that you know what you're doing. Your private keys can still be compromised even a USB flashdrive is offline, if you manage to mess something up when you're on the process of generating the keys and saving it to the USB flashdrive on your computer.

whotookmycrypto

full member

Activity: 168

Merit: 214

WhoTookMyCrypto.com

Trezor has made a good article on this: https://blog.trezor.io/https-blog-trezor-io-keep-your-seed-phrase-away-from-lions-edcc105457a0

While they talk about seed phrase instead of private keys, the recommendations provided are equally applicable to securing your private keys.

bitmover

legendary

Activity: 2352

Merit: 6089

bitcoindata.science

Quote from: Pmalek on April 07, 2019, 02:19:52 PM

A private key should never be sent or shared online either via email or saved on clouds, drives etc. Consider it compromised and funds protected by it.
Instruct your students to invest in a hardware wallet if they are serious about crypto currencies since the private keys in hardware wallets never leave the safety of the device.

That's 100% correct.

Bitcoin is genius because the keys are hold offline, they cannot be hacked. If you hold them online, you are doing it wrong and making them available for hackers

You can just note down your seed and store in a safe physical location, hidden.

madrogue

member

Activity: 98

Merit: 15

Quote from: akamit on April 07, 2019, 05:11:33 PM

Storing private keys in USB FLASH is safe as long as they aren’t in the hands of an attacker. I hope you have hidden the USB Flash is a safe place.

More than 2 Years i save my private key to USB Flash and this is very safe i think.
But you must be carefull to access your wallet with private key,. If you login in phising website, hacker can steal your wallet too.

Bookmark website is important but with Bruteforce they can move a website you visited to their phising site.
So, don't bookmark in your Searching Browser. Better you save it as text file and save to your USB Flash.

akamit

hero member

Activity: 1498

Merit: 596

Quote from: LTU_btc on April 07, 2019, 04:10:47 PM

Finally I decided to USB flash, but I'm not sure that's safest place.

Storing private keys in USB FLASH is safe as long as they aren’t in the hands of an attacker. I hope you have hidden the USB Flash is a safe place.

But the first safest option is HARDWARE WALLETS, second USB FLASH, third is a paper wallet in my opinion. But paper wallets has some risks unless the user laminates it.

@OP, you may want to check this article for all the best possible options.

LTU_btc

legendary

Activity: 3234

Merit: 1375

Slava Ukraini!

Storing private in email is stupid idea definitely. It's something similar like to lock your house and leave keys in the lock.
I heard some similar stories when people keep their private keys, back up file or recovery phrase in cloud storages like Google Drive because they consider that is safer place in case if something will happen to their computer. Also, I know that some people just take photo of their private key or recovery phrase and just keep it on their phone.
When I was less experienced user, I also had dilemma where to keep these things. I instantly rejected idea to write down it, because sheet of paper doesn't looks like safest thing. I also didn't saved it on my PC or online storages. It was difficult to choose where to keep these things. Finally I decided to USB flash, but I'm not sure that's safest place.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

Saving private key online will only expose your private key to hackers out there where cloud save as an example can be hacked by hackers then they will be able to get your private key to access your crypto savings. It is already discussed here already on where or what is the best solution to save your private key which most cases is written on a piece of paper or a device where there is no internet connection like a USB for example.

Pmalek

legendary

Activity: 2730

Merit: 7065

A private key should never be sent or shared online either via email or saved on clouds, drives etc. Consider it compromised and funds protected by it.
Instruct your students to invest in a hardware wallet if they are serious about crypto currencies since the private keys in hardware wallets never leave the safety of the device.

Sharon121212

full member

Activity: 280

Merit: 215

Well I would not have made this post not until this week I have a cryptocurrency community on social media(telegram) we doing my own bit to enlighten and empower those I can.
We tell them about cryptocurrency wallet and how they go about it well I made it clear to them never to screenshot there private keys but rather write it down and put it away in a place safe.

But it's has occurred more times where private keys where written, sent and saved on some of my students emails...

Well this has huge consequences. I would want to reach out to the noobs never improvise instructions are instructions when creating a wallet you are told to write your private keys down(not on email or on your device).
Your email can not key your private key safe it's still could be hacked and the information collected.

It's basic instructions and rules when over looked causes damages.

Topic: Saving your private key in your email is a lethal move - page 5. (Read 1712 times)