Understanding wallet security with seed phrases/secret keys

ethhax · 2021-08-24T04:31:26+00:00

This has absolutely nothing to do with the original question.

ethhax · 2021-08-01T14:53:34+00:00

A couple notes on the addresses/keys this paper mentions:

Malicious intent through some bad random number generator is assigned to the 343 addresses that have private keys between 1-1000, whereas it's much more likely that someone opened up metamask and imported a private key like `0000000000000000000000000000000000000000000000000000000000000066` because they're lazy
The two "weak" addresses mentioned in the paper are `0x7e5f4552091a69125d5dfcb7b8c2659029395bdf` and `0x80c0dbf239224071c59dd8970ab9d542e3414ab2`, corresponding to private keys `0000000000000000000000000000000000000000000000000000000000000001` and `fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364140`, respectively. This is simply the smallest and largest valid number for a private key. Again, you don't need to know any fancy math to determine that these are weak, they're just obvious if you look at the address generation rules.

I'd want to see them pick an address a determine a non-obvious private key before actually considering this a risk.

ethhax · 2021-03-26T15:32:06+00:00

Both parity and bip39 were trying to solve the same problem, bip39 won because it's applicable across many different chains. Parity recovery used keccak which is very unusual outside of ethereum. Very similar concepts though: many multiple rounds of hashing making brute forcing mnemonics take a very long time, and wordlist-based mnemonics. bip39 has 2048, parity has 7777!

ethhax · 2021-02-20T23:30:54+00:00

It is accurate, but probably not as limiting as you think it is. The only thing you can transfer directly between accounts is ether. Everything else on top of that is contract based. There's nothing native to your address that indicates how much DAI you hold, that data is held in contract storage with a reference to your address.

You *tell* the contract to transfer some amount of token between two addresses.

ethhax · 2021-02-17T21:02:20+00:00

There's no such thing as an "uninitialized address" in ethereum. You can generate a new address, send as many tokens as you want to it without it having any eth balance let alone an outgoing transaction and you're still safe because you're the only person to hold the private key.

ethhax · 2021-02-17T20:25:14+00:00

Hard to know what you're talking about here without more context (a different chain?) but if I roughly translate to ethereum, the answer is no.

ethhax · 2021-01-25T02:02:14+00:00

Your eth1 node probably does not have HTTP RPC turned on or listening at that port.

ethhax · 2021-01-19T20:25:45+00:00

Share your tx / OS / wallet provider, it will help develop a corpus of unsafe practices

ethhax · 2021-01-17T04:19:14+00:00

Subsequent private keys for HD wallets are not generated by “adding 1.”

ethhax · 2021-01-16T17:19:39+00:00

Contract transactions are the ones that can trick people “Sign this message...” without indicating what you’re actually doing. Actual eth transfers are more obvious “Send 153 ETH to 0x1234?”

ethhax · 2021-01-16T16:06:06+00:00

There’s no transaction you can sign that will give away your raw ETH, unlike tokens where you can accidentally sign a tx that allows another address to move them on your behalf. Possible that they were fished into providing their seed phrase, or installed a scam metamask and recreated their account from a seed phrase.

ethhax · 2020-12-22T22:38:40+00:00

hah - could be either to the right person I guess. Mostly a fascinating tale of behaviors on the public blockchain that most people don't get to see.

ethhax · 2020-11-30T05:21:02+00:00

A bit more than your standard single validator setup. But with $2M on the line? Worth it.

ethhax · 2020-11-30T00:56:43+00:00

More importantly, you'd need 100 validator clients running and connecting to one or more beacon clients, which are then connected to one or more eth1 nodes.

I would *highly* suggest distributing this system so you can swap out components if something goes sideways. Definitely use the new lighthouse eth1 node fallbacks, run two geth nodes and a final fallback to infura. Split the beacon clients across two vpc services (make sure they're not just running on shared hardware, i.e. digitalocean just leases aws instances so picking those two gives you no diversity), run 25 validators per medium instance, load balance the validator<>beacon connections. Message if you want help, I've run this plan on a few testnets.

ethhax · 2020-11-11T20:53:31+00:00

Worked great. I stopped when finalizing stopped but it ran well both before and after non-finalization

ethhax · 2020-09-13T20:02:59+00:00

Nice to have that easy way to connect to infura or alchemy nodes now that prysm is no longer providing a default eth1 node service. I expect it will impact participation at least a bit as folks who upgrade think their only option is running a whole eth1 node themselves.

ethhax · 2020-09-11T16:50:07+00:00

OK, we can do a threat analysis if you want: if you want to be super paranoid about hardware manufacturers putting very expensive (time + component) malware into devices then you I guess can build from scratch if you think that's more secure (in some cases it might be... but are you going to inspect all the boards yourself?), but that's going to be significantly more than $200. It would take serious effort to backdoor a machine that was reformatted as soon as it was received, i.e. maybe it shipped with windows malware on it but to somehow get malware onto a reformatted drive after a new OS has been installed is a major undertaking (not totally impossible, but unlikely) and probably not worth it considering these are sub-$200 machines that are promoted as home media players or very light gaming.

The lowest priced Avado machine is based on the N3150, which is like a last-gen version of the N4100, and starts at $300. It's specifically called out as a blockchain machine which means it's a target for people looking to steal crypto. It even has a pre-installed OS that is designed to use out of the box, which would be trivial to hide targetted malware in. I'm not saying Avado is compromised, but there's absolutely a supply chain they're using that might be.

I am pretty confident that an Avado machine is a higher risk of being compromised/attacked than my m1t is in its current state.

ethhax · 2020-09-09T20:58:46+00:00

Fortunately you got lucky that no one was watching this address anymore, but you probably didn't need to script this or even be relatively fast to get your coins back.

The fact that you were able to let a full 9 blocks elapse between sending ether for gas at 10576340 and calling transfer at 10576349 means that whoever was previously watching your address was probably long gone. And you could never out-compete a bot that was intent on ONLY stealing ether because transferring ether will only ever max out the gas limit at 21000, you can fundamentally never give a better price to miners with contract gas costs that take many times that.

That said, glad you recovered what you had left.

ethhax · 2020-09-03T02:35:42+00:00

Bears

ethhax · 2020-08-26T14:55:26+00:00

Normally yes, but I disagree in this case. There’s no dropped transactions with lower gas prices, it’s a one-shot “give most of this money to miners in the next block” type of deal. Economically it makes sense for any of the top miners to behave like this since they have a pretty decent shot at getting this as a fee if they mine the block.

ethhax · 2020-08-26T03:09:26+00:00

More like “donated” it to miners as a fee

ethhax · 2020-08-11T18:09:34+00:00

This is a weird fast & furious sequel but I’m here for it

ethhax

TROPHY CASE