By Mulima Chibuye
Guest contributor
Mulima Chibuye is a Telecom Engineer, Computer Science Researcher and Crypto Trader. He will be one of the speakers at the forthcoming CrypTALK Session on 17th February, 2018. Click here to register for the event.
Guest contributor
There has never been a time when one needs to be more security conscious with their digital data than now when it is common place to see social media shaming, leaked passwords, leaked conversations and a whole lot of other unsavoury information. What has led to all these hacks you may wonder, well, we do live in the information age and data is king. There is a global drive towards an e-economy spurred by e-government and the massive rollout of public telecommunication infrastructure. While we throw away the paper based files and folders, we say hello to electronic documents, flash disks, hard drives and cloud storage. With a world so interconnected, one can see why it is important to understand some basic security concepts in dealing with data. Specifically, I here discuss how you can secure your cryptocurrencies in the world today.
Crypto currencies live on the internet. It is also quite possible to store them on a device that is not connected to the internet but the very act of transferring to that device will make use of the internet or at least the transaction will be broadcast on the internet. A crypto transaction occurs when a private key is used to sign and manipulate the data stored at a location identified by the public key. In blockchain terminology, block will contain the public key information such as the balance and preceding transaction information. Therefore, if someone has access to the private key, they can spend the associated crypto value in the public key. We can therefore see that securing the private key is of paramount importance. The best way to secure the private key would have probably been to memorise it but considering its length and unsightly composition, visitations to hypnotherapist and psychics for recovery would have been hot business. There are 3 main ways in which private key and crypto assets may be kept safe but each has advantages and disadvantages. Each of their strengths and weakness are discussed below. I hope the reader will be able to use their understanding and pick the best method that works for them.
Generate a Private/Public Key Pair Offline
This requires a bit of some technical prowess hence is probably reserved for those that are in he advanced stages of working crypto assets. We will nonetheless discuss this, you never know if you are a genius. Because crypto currencies require a public and private key, those keys have to come from somewhere. The keys are generated using some algorithm that makes it virtually impossible to have the same key pair generated twice. The usual methods people use is to obtain their key pair from software wallet that is connected to the internet. Now, what if the developer of the software has a backdoor entry? They wipe out accounts if they had sinister motives. Therefore, one way to protect oneself from that relatively probable robbery is to generate the key pair on a device that is not connected to the internet so that the private key is never known.
This is perhaps one of the easiest to pull off. Every transaction should have a new combination of a private/public key pair. This for example means that every deposit that one makes should always be to a new public key address. The obvious downside is that there would be as many private keys as there are public keys. How does one keep track of all these? Fortunately, we have what are termed as Hierarchical Deterministic (HD) wallets. These use a mnemonic that can regenerate all the private/public key combination that has been used in a wallet. Think of a wallet here as a common storage location of all your crypto assets, normally from the same family e.g. Bitcoin wallet. The obvious drawback is that anybody can memorise the mnemonic because they are normally written in clear concise everyday words, usually less than 16 words. One might further protect the mnemonic by memorizing it, printing it on a long-lasting piece of paper with permanent and non volatile ink and locking it up in a safe. Remember, this is your money.
About the writer:Crypto currencies live on the internet. It is also quite possible to store them on a device that is not connected to the internet but the very act of transferring to that device will make use of the internet or at least the transaction will be broadcast on the internet. A crypto transaction occurs when a private key is used to sign and manipulate the data stored at a location identified by the public key. In blockchain terminology, block will contain the public key information such as the balance and preceding transaction information. Therefore, if someone has access to the private key, they can spend the associated crypto value in the public key. We can therefore see that securing the private key is of paramount importance. The best way to secure the private key would have probably been to memorise it but considering its length and unsightly composition, visitations to hypnotherapist and psychics for recovery would have been hot business. There are 3 main ways in which private key and crypto assets may be kept safe but each has advantages and disadvantages. Each of their strengths and weakness are discussed below. I hope the reader will be able to use their understanding and pick the best method that works for them.
Generate a Private/Public Key Pair Offline
This requires a bit of some technical prowess hence is probably reserved for those that are in he advanced stages of working crypto assets. We will nonetheless discuss this, you never know if you are a genius. Because crypto currencies require a public and private key, those keys have to come from somewhere. The keys are generated using some algorithm that makes it virtually impossible to have the same key pair generated twice. The usual methods people use is to obtain their key pair from software wallet that is connected to the internet. Now, what if the developer of the software has a backdoor entry? They wipe out accounts if they had sinister motives. Therefore, one way to protect oneself from that relatively probable robbery is to generate the key pair on a device that is not connected to the internet so that the private key is never known.
Use a key only once
This is perhaps one of the easiest to pull off. Every transaction should have a new combination of a private/public key pair. This for example means that every deposit that one makes should always be to a new public key address. The obvious downside is that there would be as many private keys as there are public keys. How does one keep track of all these? Fortunately, we have what are termed as Hierarchical Deterministic (HD) wallets. These use a mnemonic that can regenerate all the private/public key combination that has been used in a wallet. Think of a wallet here as a common storage location of all your crypto assets, normally from the same family e.g. Bitcoin wallet. The obvious drawback is that anybody can memorise the mnemonic because they are normally written in clear concise everyday words, usually less than 16 words. One might further protect the mnemonic by memorizing it, printing it on a long-lasting piece of paper with permanent and non volatile ink and locking it up in a safe. Remember, this is your money.
Use 2 factor Authentication (2FA)
For all accounts that support it, it is highly recommended that 2 factor authentication is enabled. This is especially important for online wallets and services. Two factor authentication uses something that the user knows and something that they have in order to prove the identity of a user trying to access a system or resource. The most common form of 2 factor authentication today is the random number code that is sent to ones phone(something someone has) and the password(something someone knows). In case someone were to guess ones password, they would still not be able to access the breached account due to the fact that they do not have the phone. SMS’s are however not very safe and can be intercepted hence the best methods in use today use an app that has a secure connection and uses a random number generator with a handshake confirmation. THis means that the app generates a number and the wallet expects the same number, a correct entry from the user confirms that the access is authorized. However, the phone can be stolen and the wallet compromised because the hacker has the phone too. This brings us to the next point.
Protect your Phone
In case one may feel lazy using a password on their mobile device, it is best to at least have a level of protection by using a PIN code. Most people do not secure their mobile devices as they have an inherent belief that they may not lose them. What about all those leaks we see online? People's consciousness will have to change by realising that their mobile phones must be kept as secure as possible. A mobile phone without security in the crypto world is like a signed open check.
Store your Crypto Assets on Cold Storage
Cold storage is defined as an electronic storage location or physical storage location that does not interact with the internet. Cold storage might be for example like storing Bitcoin private/public key combinations on a hard disk that isn't connected to the internet or storing Bitcoins as QR pairs on a paper wallet. The problem with a paper wallet is that somebody with a camera may be able to do what is called sweeping the wallet which makes it possible for them to spend the Bitcoins.
Mulima Chibuye is a Telecom Engineer, Computer Science Researcher and Crypto Trader. He will be one of the speakers at the forthcoming CrypTALK Session on 17th February, 2018. Click here to register for the event.
Comments
Post a Comment