Best way to store crypto credentials like private keys and seeds -- Keepass

image.png

Password manager is not only meant for managing password for logging in website on a browser, I should have thought of this idea much early, how silly me.

Before entering the circle of cryptocurrency, I never so been so paranoid about the security of some digital random phrase. The most important digital text to me was probably my online banking password, which I could easily retrieve by clicking on the “Forgot your password?” link.

Crypto is a completely different game

The rule is simple here – who owns the private key, who owns everything in it. There is no authority the victims could ask for help because they themselves are the only authority. While the hardware wallet like Trezor is the best device every crypto investor should get, there are still too many of interesting coins which haven’t partnered with hardware wallet. Steem is one of them so let’s take it as example.

We all know how important is the Steem owner key, but how do you store them? How do you secure this ultra-sensitive long phrase that represents the absolute ownership of your Steem account?

I used to store them using 7z built-in encryption method up to the moment before I’m writing this post. 7z does good in offering simple encrypting feature but it is designed for protecting truly sensitive data.

KeepPass maybe the best and final solution here

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database. The databases are encrypted using the best and most secure encryption algorithms currently known (AES and Twofish).

KeePass has everything to be a perfect candidate of the crypto guardian:

  • Open source so anyone can throw an security audit to it anytime.
  • Offline so no one is hosting the database other than the user.
  • Key file could be the best solution against key logging.
  • Cross-platform
  • Made to store various of password or complex code
  • Use one of the most advanced encryption algorithms

How to setup

1)Download it here. Create a KeePass database file, in this case it is crypto_keys.kdbx.

1.png

2)Create a strong password is the key here. It should be strong enough to withstand any brute-forcing cracking process in case the database file is compromised. For the expert you might want to explore the key file method.

2.png

3)Simply give it a database name, keep the rest setting as default unless you want customize it further.

3.png

4)First let’s see how it store Steem’s key. I set fr3eze as the user name and put some random key as the password.

4.png

5)I will add another entry using EOS key pair. In this case I put ‘EOS’ as the title and leave the username empty. Private key in the password column while the public key in the note area. I leave other settings as default for both entry.

5.png

6)This is how the database looks like so far with the Steem and EOS entry.

sdfsdf.PNG

7)Here is what making the KeePass really handy if you need to copy the user name, password or notes. Just double click on the text and you shall see the bottom bar indicating the click phrase is copied to the clipboard and will be cleared in 12 seconds.

6.png

8)Save and quit the KeePass. This is the database that I just created and it will be all you need to care about. Spread it over your private cloud or flash drive for better portability. There are many third party plugins from various platform to access this file but the general rule is stick only to those reputable or open source programs.

7.png


This is by far the best method to store private information about crypto to me. Are you with me?


KeePass 是开源项目里最有名气的密码管家,作为管理加密货币的绝密资讯最适合不过。比如恢复种子和私钥等等,之前都是用 7z 来简单的加密,使用 KeePass 的好处有:

  • 免费开源,所以每个人都可以审核监督软件的安全程度。
  • 离线设计,没有人拥有你的数据库,全是自己说了算。
  • 加密设计非常先进。
  • 跨平台。
  • 本来就为收藏多种密码而设计。

不知你有什么更好保护货币密码的方法?



This page is synchronized from the post: ‘Best way to store crypto credentials like private keys and seeds – Keepass’

Steem is the biggest rebellion in bearish market today

Screenshot_20180426-080710_01.jpg

Steem is the only thing I found green in today’s sea of red, even the strong EOS cannot resist the overall market downturn from 430B to 390B.

Seems like the listing of STEEM on one of the most dominant exchange, Huobi(4th largest in term of trading volume), is make our dear Steem perform against the crypto bearish market.

I’m glad to be part of this rebellious trend.



This page is synchronized from the post: ‘Steem is the biggest rebellion in bearish market today’

I'm whitelisted in the Minnowbooster Community Whitelist

@minnowbosoter recently introduced a new system called Community Whitelist which you can read more on the native post:

https://steemit.com/minnowbooster/@minnowbooster/minnowbooster-epic-update-community-whitelist-now-online

Some of the benefits of being whitelisted include:
1.) MinnowBooster Whitelist Members are allowed a total send of 100SBD / Day compared to the max send of 50SBD / day for normal users.

So the obvious benefit to me is able to buy more votes than the non-whitelisted normal users. However, one has to be invited to go through the reviewing process to be whitelisted finally. So the problem is, how to get some whitelisted users to invite me?

image.png

Fortunately, I was invited and whitelisted unknowingly thanks to the inviter and approvers whom I have no idea who they are. I’m grateful.

Login to the https://www.minnowbooster.net/, if there is a Whitelist button on the left panel then you are whitelisted as well.

If you have the habit of buying votes from the minnowbooster, and you think your content is quality enough to make you whitelist-worthwhile, nominate yourselves in the comment. I have 2 invitations to use. First come first serve, limited to quality authors only.


日前 @minnowbooster 推出了新的 Community Whitelist。很荣幸的我进入白名单了,而加入白名单是需要被邀请的。

如果你有从 minnowbooster 买赞推广内容的习惯,又觉得自己的帖子质量值得进入白名单,请在留言区留下名字,我还有两个邀请卷可用。送完为止,仅限于高质量作者。



This page is synchronized from the post: ‘I’’m whitelisted in the Minnowbooster Community Whitelist’

Steemit just removed a little but useful benchmark

image.png

I noticed steemit.com has implemented a minor change recently, that they removed the view count at the end of the post. I got one lesser reason to visit steemit rather than the more comprehensive busy.org.

image.png

I know, the view count is not an accurate benchmark to judge how popular your post is, as it only taking traffic to the very website into the statistic. While other front-end sites like busy.org are not counting the page view, I will still pay a visit on steemit to see how many have read my post because that means something to me other than the payouts.

No idea why they removed this little benchmark but this is exactly opposing my hope for the team to put more emphasis in consolidating the view count as I believe this is the true benchmark to value a content.

I’m displeased by this changes.


Steemit.com 拿掉了在帖子尾端的 View count,我相信点阅数是衡量帖子价值的标准。真无趣,又少了一个使用这个老大哥前端网站的理由,还不如使用更全面的 Busy.org。



This page is synchronized from the post: ‘Steemit just removed a little but useful benchmark’

Checksum tools in Windows

Installing random tools from Internet is one of the great ways to compromise PC. Checksum is the only way to make sure that the integrity of downloaded file. The idea is, as long as the checksum hash provided by the official site match with file’s hash, the integrity of the file can be assured that it is clean to use.

Windows doesn’t come with a native Hash checking tool

Though you might argue that Get-FileHash native command is available in PowerShell, it is not even close to user-friendly and requires a high familiarity with command interface which most Windows users are not capable of. We need something that can be done using merely the clicks.

Another problem of hash checking tool is, users will have to compare the generated hash and compare to official hash manually (often by eyes), characters to characters. This is truly inefficient and stupid considering a compare function can do the job within second and eliminate all the human errors.

Introducing the HashCheck

The HashCheck Shell Extension makes it easy for anyone to calculate and verify checksums and hashes from Windows Explorer. It is fast and efficient, with a very light disk and memory footprint, and it is open-source.

Yeah, another awesome open-source project. Check it out here.

Now you can verify the checksum in a really neat way. I will demonstrate the process using a file downloaded from KeePass 2.38 portable version. The Integrity page will have all the hash for each file which I can use to check against later.

image.png

Install the HashCheck. Download the Keepass test file, right click on it and select Properties. There will be one new Checksums tab where all the hashing is already done using famous algorithms like MD5 and SHA-1. I copy the MD5 hash (or you can choose any hash) and paste into the Find column to check against the generated MD5 hash from the file.

The matched hash will be highlighted. Now I can be sure this file is not compromised and safe to use.


HashCheck comes with other handy features as well which you can explore. Of course, you don’t have to hash checking every file from the Internet but it is highly recommended to do for any suspicious source. The best idea is only to download files from the trustable sites and perform checksum verification afterward and you will be able to prevent attacks from compromised files.

Happy hash checking!


总和检验码(Checksum)是一个端到端的校验和,由发送端计算,然后由接收端验证。 其目的是为了发现TCP首部和数据在发送端到接收端之间发生的任何改动。

所以要是从可以的网站上下载东西,最好就是验证其总和检验码。而在 Windows 上执行这样的任务最佳的莫过于刚发现的 HashCheck。这软件轻巧,快速,还是开源的,快来试用吧。



This page is synchronized from the post: ‘Checksum tools in Windows’

A Litecoin transaction that should worries the banks

image.png

Today the biggest fun news in crypto was about a Litecoin transaction. Long story short, someone made a one-off 700,000 Litecoin ($99m USD) for a fee of 0.00284289 LTC (0.4 USD), within 3 minutes. See for yourselves.

I can imagine how annoying and irritating this might sound to bankers. At the least 3% handling/admin/processing fee, this transaction alone will incur a fee of 30,000 USD. Bankers or money transfer service providers just lost the profit equivalent to a house down-payment. Even if they promise to offer a huge discount on the fee, how long will it need to be processed? More than 3 minutes if not for 3 days.

I don’t even feel like mentioning that Steem could do that amount of transaction for free within 3 seconds.

I can’t help but list the troubles one is going to face doing such a huge transaction with the banks.

  • Some authorities will be triggered and you will have to prove the legitimacy of the money.
  • You might be under government surveillance ever since.
  • Tons of paperwork awaits you to complete for the processing.
  • Transfering or receiving bank entities might go away or preventing you from accessing your money for whatsoever reason.
  • Losing a brand new car by paying the ridiculous fee.
  • Anxiety for a few days(if not weeks) while waiting for the transaction to complete.

Banksters should be seriously worried by this fun news.



This page is synchronized from the post: ‘A Litecoin transaction that should worries the banks’

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×