Best practices for installing and securing your Crypto-Wallets

Do repost and rate:

One of the most exciting aspects of cryptocurrencies is that in this financial system you are not just a simple account holder, but at the same time you can perform the function of a bank. The middleman for account management, transfers, and other banking transactions is suddenly no longer needed as you can interact directly with the transaction network.

To become your own bank for a coin, you have to install the wallet of this coin on a computer and connect it with its transaction network, its blockchain. The wallet itself is a digital keychain that a user uses to prove that he owns a certain amount of coins and allows him to transfer them. The addresses for receiving payments are generated from the keys. Any number of keys - and thus addresses - can be generated.

Only if you are the owner of the keys, you can prove that you are the owner of an account and therefore the coins holding on it. Therefore if you are not the owner of the keys of an address that simply means someone else (the one with the key) is controlling it, a middleman you have to trust, like a centralized exchange for example. This brings us to the mantra: Not Your Keys, Not Your Coins!

But with so much power comes a lot of responsibility, and the responsibility increases as the portfolio grow in value. 

Only a cold wallet is a secure wallet

A cold wallet (or offline wallet) cannot be compromised because it is not connected to the Internet. It's that simple!

There are several hardware wallets available doing exactly this job, store the user's addresses and private keys and work in conjunction with compatible software in the computer. I recommend highly using hardware wallets for every coin which is supported by them!!

But there are so many Cryptocurrencies with special needs or features you don't get with hardware wallets. Masternodes as an example cannot be configured in hardware wallets, dApps, integrated shops or exchanges are functionalities that are barely integrated into hardware wallets. If you want to use them, you have to install and interact with the native wallets of a coin. As I mentioned above, doing so comes with a lot of responsibility, as you are responsible by yourself to have access to your funds. If you lose your passwords or keys of your wallets, if your computer crashes (with no backups) you lose everything! Nobody can help you recover your funds!! You have to build strategies for how to recover wallets and computers from every worst-case scenario you can imagine.

  • Computer crashes (hardware and software problems)
  • Destroyed computers by fire, water, and so on (catastrophes)
  • Thieves who break into your rooms and steal your hardware
  • Virus and Trojan infections
  • Scammer, Phisher

Best practices for securing your own wallets

  • Separate your Wallets from your computer you are using for daily business. This has several reasons and one of the most important is, you can turn off your wallet computer if you don't use it. Remember, only a cold wallet is a secure wallet! Another reason is, you can run much better backup strategies and maintenance jobs if you are not using your wallet computer for your daily usage.

    Therefore install your wallets on separate Computers or use virtual machines (VM). Minimum requirements for a Wallet-VM with Linux are just 4GB Ram (min.), 4 CPUs, 50GB Disk. Start with a 50GB Disk if you install 1 to 5 wallets. If you plan to host wallets with big blockchains (like BTC, ETH, and so on), calculate the estimated disk space by the blockchain sizes.

  • Choose a distro with long-time support (LTS), as you don't want to set up your wallet-machines every year. Security-Updates for your machines with your wallets on them is a MUST! I prefer Linux over Windows and Mac because security problems are solved on Linux much faster (hours or days) than on Windows (weekly patch-days) or on Mac (where you have to wait for weeks sometimes). Also, most of the wallets will be released first on Linux because developments in crypto-space happen in Linux too.
  • Avoid using mobile wallets to hoodl your coins. Use them only for your daily spends with an appropriate amount of money on them. Mobile phones are per se not secure, plus they can be stolen, you can lose them and also break them.
  • Use strong passwords. Save them in a Password-Safe. Encrypt your Password-Safe with a strong password and if you store really high amounts of money on the wallets, use a 2nd-factor device to secure your password file. Have several backups of the encrypted password file. Have a backup of the file out of your house. The passwords of your Password-Safe, your encryption password, and ur user password should be all STRONG and they should be DIFFERENT.
  • Encrypt your filesystems with a strong password. Your filesystem should only be readable while your computer is running. So if your hardware will be stolen, your wallets are still save.
  • Use LVM (Logical Volume Maner), because you want to add disks when you need them. Configure a separate partition /home as you will install the wallets and download the blockchains to your home. Use encrypted LVM to get the encrypt-you-computer-job done.

  • K.I.S.S. - Keep it stupid simple. Install only things you really need on your system, just enough to start your wallets. A simple desktop will do it. The less is installed, the less can be compromised. For simple migrations, add an SSH-Server to your installation. Don't get too comfortable with your new VM or physical machine. For playing music, watching videos, surfing all the web, gaming, and so on, you have to use ur primary computer anyway.

  • If your system is not using sudo by default, install sudo and configure it. It's good behavior to not use and work with the root user at all. If you need to escalate your privileges you can still do it with sudo.

apt install sudo

usermod -aG sudo

  • Secure your SSH Setup. If you don't have already an SSH-Key, create one with 4096 Bits. By using an SSH-Key you get the ability to login to your machine without a password in a much more secure way. SSH is really a powerful way to work with Linux machines to work on the command line from remote locations or your main computer. Use Puttygen (on Windows) or the following command on Linux.

ssh-keygen -t rsa -b 4096

Backup, backup, backup!!!

Backups are your best friend in the crypto space!

  • My recommendation is to keep at least two backups (rotating) at home and one backup outside of your house. Why keep more than one backup? With several backups, you have several restore points in time. For example, it is a lot easier to recover a corrupt blockchain from your backup than downloading and verifying again everything. Some blockchains need days to synchronize completely. 
  • Check your backups regularly. Check also if you can restore your backup! Only a restore tells you if you have a good backup. It's your responsibility to be able to recover your funds. Only you! Remember, you are the bank.
  • Backups should be encrypted too! Backups should be unusable for everyone without the encryption key. It does not help if you encrypt everything except your backups and someone steals your backup-drive.
  • Backup-Drives should also be a cold storage, which means you should turn them off if they are not in use. Like this, they are not vulnerable to trojans encrypting everything they can reach. I solved this with a separate NAS, which turns on in the night with a scheduler and turns off again when the backup has finished.
What else?

Did I missed something, or are there better approaches for having secure wallets? Please tell me your approaches in the comments. I think, by sharing security-knowledge everybody in the crypto space can benefit. If you have questions, don't hesitate to ask in the comments too. 

 

About ME

I'm a Linux System Engineer and DJ, both for more than two decades. I like to write about my findings in this crypto revolution and share some tutorials which can be useful in this environment. If you like my posts, please consider following me. I'm happy to answer questions in the comments.

You can find me on Twitter here.

My Posts so far: 
 https://www.publish0x.com

Regulation and Society adoption

Ждем новостей

Нет новых страниц

Следующая новость

All content provided by the site, hyperlinks, related applications, forums, blogs, social networks and other information is taken from third-party sources and is intended for reference only. We make no warranties with respect to our content, including but not limited to accuracy and timeliness. No part of the content we provide is financial advice, legal advice or any other form of advice intended for any of your personal purpose. Any use of our content is entirely at your own risk. You should conduct your own research, review, analysis and verification of our content before relying on them. Trading is a very risky activity that can lead to large losses, so consult your financial Advisor before making any decision. No content on our site is a public offer or invitation to action.

This resource may contain 18+materials

© 2016-2024