I just got a package with my first CryptoSteel wallet. IMO the most secure way to HODL :)

in #steem7 years ago

cryptosteel.jpg

First of all, no one paid me to write and publish this text, and of course this post do not contains any referral links.

So, why I am writing about CryptoSteel? Simply because I think this is an awesome product :)

What is Cryptosteel and why do I need it?

Short quote from FAQ:

Cryptosteel is the premier indestructible backup tool for optimal offline storage of private keys, passwords and wallet recovery seeds without any third-party involvement.

In other words, this cannot be hacked, burned or flooded :)

IMG_20180326_132707.jpg

IMG_20180326_132829.jpg

Does CryptoSteel support Steem?

Well, this question is not silly at all. The question is, is it possible to store Steem master password in CryptoSteel?

Typical password of majority Steem users looks like this:

P5KMpYPGmVMkWgaDBX337eo3nULEq3MwrEtURydXbdS213exrKbx

As you can see, such a password is 52 characters long, and contains numbers [0-1], lowercase letters [a-z] and uppercase letters [A-Z]. If I remember correctly, such passwords do not contain 0, o, O, 1, l, L - mostly to not confuse people, because those letters are very similar to each other.

Does CryptoSteel contain all those characters in a box? Well... there is a version Cryptosteel ANYKEY, which can be used to store typical Steem password, but it costs $149.

Selection_401.png

But the truth is, that if will you set your own password (which is not generated by Steemit.com website), you can use mnemonics, so you will need only letters [A-Z]. This version is $50 cheaper.

Selection_402.png

And because you can also set own hexadecimal password, you can even use Cryptosteel HEX, which you can buy for $79.

Wait, what? Can I set my OWN password for Steem account?

Yes, you can. Setting own password is currently a little bit complicated, because you need to generate own private and public keys from it, nevertheless if you have basic programming skills, you should be able to do that.

Some time ago I wrote a special article about that:

More about CryptoSteel soon...

I really like this project, so I have a plan to write more posts about it. CryptoSteel is really secure way to store your private keys. But the truth is, that this kind of security measures do not have much sense, if your password is still used to login on Steemit on daily basis.

Please read this article, if you don't know how to login to Steemit without password:
What is the difference between a password and a private key(s) on Steemit?
How to make your account more secure, by using them correctly.

If you are a HODLer of STEEM, you should consider moving all your funds to your second account, which would function as cold-storage for your STEEM or SteemPower.

Recently I came to conclusion, that if I will keep my main @noisy account almost empty, and if I will move all my SteemPower to my cold storage account, and then I will delegate this SP back to @noisy - this should eliminate a majority of risk from my daily usage of my Steem account. Cool, right?

But why use just one password for cold storage Steem Account, when there is a possibility to use multisig 2of3, what would make this even more secure? More about this... soon :)

Sort:  

You're SEED should be more secure than "Be Secure And Steem On"

It seems to be easy to crack :)

No, it does not.

The sentence is 22 characters long, and as being an English sentence mixing both upper and lower case, this Seed provides around 97 bits of entropy.

This is commonly misunderstood by many people, since they think "easy to remember, easy to crack", when in fact, this sentence could not be more wrong.

Just for a quick comparison, That seed is stronger than this one: >6uB\N@t9/hZ4AyZ, which provides only 83 bits.

In fact it is proven that a sentence with logic only for the owner is the best option EX. " MyMOMs=birTH/is(THE)27 " and that combination is quite difficult to break and not as hard to remember even if it has data a person that knows you might know.

Money tree edit2.jpg

this is not my seed ;)

Oh these are SO COOL, I gotta get one! Last I checked they were sold out, so good to see they're moving again! Excited to hear about your multisig cold storage account. I've been wondering about these security issues lately so it's great to hear your thoughts!

Thats so awesome!! Thanks for sharing @noisy !!

It a good idea but it kind of expensive. Am saying that because am from western africa.

Such a wallet can be easily home made. Maybe not so fancy, with removable letters, but cold-storage wallet can be created with some steel plate, chisel and a hammer.

I am not DIY person, so I decided to go with a solution for lazy people :D

It is good idea for business. Think about this @drayhazz

have not heard of this one! this is so cool.. I also didn't know I can set my own password in steemit.. something new everyday. :P

@noisy just to increase a little the accuracy there, not that this will make any difference on the didactical effects of your post.

The value you showed and suggested similar characters were omitted, in the very case of Steem, it's encoded as Base58.

Base58

Base58 is the same as Base64, excluding:

  • 0 (zero)
  • O (capital o)
  • I (capital i)
  • l (lower case l)
  • + (plus sign)
  • / (slash)

This means, that 6 characters from the original Base64 are not used to prevent confusion: (64 - 6 = 58)

So the tip here is that lower case i and lower case o are included, just not their similar pairs.

For usages outside the Steem world, some people adopt the Base56, which consists of the same rules as Base58, but also removing two more digits, the number one (1) and the lower case o

Base58-Check

N-O-T the one used by Steem, but for those curious on binary encoding, give it a check, since the implementation may vary from an app to another, the Base58 check is able to include, it's version at the beginning and a checksum value at the end, to ensure you did not misplaced a given character while copying it out.

Very cool product, the price is a bit extreme, but it should not take to long before copies of the product could be available.

a DIY version would also be cool, thanks for sharing!

Interesting bit of information but I think it's quite costly. Anyways when my account booms I Will still love to try it out.