Securing Wallet in dedicated clean machine - your feedbacks/critictisms are welcome

Hi fellow farmers,

I have a spare Mac Mini (2014 model 8GB RAM w/ external SSD) that I would like to use to host my main wallet for 1) storing/receiving all XCH from my farming machine and 2) sending XCH to other wallets for fiat exchange etc.

Initial setup:

  1. Format SSD and internal HDD.
  2. Connect to Ethernet only, disabled Wifi. Only use apple keyboard and trackpad (no third party peripherals and no other USB or thumb drives to avoid any possible malware)
  3. Install latest MacOS Big Sur using Recovery mode.
  4. Download Chia client from https://www.chia.net/, run “shasum -a 256” on the downloaded installer to make sure checksum matches the website’s. Then proceed to install.
  5. Launch Chia client, generate new mnemonic for the main wallet. Write mnemonic on paper only (don’t take picture) and store it in safe (non fire hazard) place.

Daily operation (transfer XCH from farming machine to Mac Mini)

  1. Turn on Mac Mini, launch Chia client, enter mnemonic for main wallet and let it finish syncing.
  2. Go to reward setting to copy the Wallet receive address and share it on Google doc online. This step can be done once and forget it, but it doesn’t hurt to double checks.
  3. Go to farming machine, pull the receive address from Google doc. Send 1 mojo to the receive address. Double check Mac Mini has receive it, once it has received then proceed to send the rest of the mojo.
  4. Delete main wallet key from Mac Mini and shutdown.

Note that payout_instructions setting for pooled plots doesn’t work so I have to manually transfer XCH to Mac Mini.

dont connect it to the internet after generating nmemonic. Copy reward address to a text file and copy it to a brand new USB key. Don’t log into your google account, or any websites.

I did a quick experiment. Disconnect internet, open Chia client and generate mnemonic, copy reward address to text file in usb. Go to farmer machine and send 1 mojo to the reward address successfully. Also I intentionally change 1 digit in the reward address, it said “invalid address”.

It looks like we don’t even need to connect to internet to generate new mnemonic (maybe use chia explorer to double check if there is a dup in the public first), and reward address has self check for invalid digit.

Let me sync and see if I did receive that 1 mojo lol.

1 Like

“wallet” is not a thing that stores coins. It does not have to sync for the transaction to happen. It happens on the blockchain, your wallet just lets you see it. You can check the dst address in chia explore if you want to see your balance. Never connect your cold wallet to the internet until you’re ready to spend and make a new one.

1 Like

a USB key is a very, very bad option to store the Mnemonics. A USB Key is not Time-Safe. It has a Battery (not the correct technical term) which recharges when you plug the USB stick in. Once the Battery runs out of energy, your data is gone. Also USB Keys have a very high random failure rate.

It is better to store the data to two separate external harddrives.

There is no battery in a USB drive. They use nonvolatile memory. NVM requires no power to maintain its data. Thats exactly the same time of memory as hardware wallets use, albeit with a layer of encryption built in.

A USB drive is an ideal way to back up keys. And they are so cheap, I would make at least two copies.

LOL.

Archival or long-term storage[edit]
Floating-gate transistors in the flash storage device hold charge which represents data. This charge gradually leaks over time, leading to an accumulation of logical errors, also known as “bit rot” or “bit fading”.[161]

I know “Battery” is not the correct technical term. Hence I wrote it. I have had plenty failed usb sticks in my life. But do whatever you want with your Financial data :see_no_evil: :hear_no_evil: :speak_no_evil:.

If you have to use two USB sticks, at least do not use the same badge and brand at once. And use one from a reputable brand. (as I said one traditional HDD and one Flash Memory). One more thing to say: In general, Data can be easier recovered from HDD’s than Flash memory. It’s not like some small drive costs the World so…

Maybe you could also quote the article, as it is easier for the rest of us to understand it.

The next section / paragraph after that reads:

" It is unclear how long data on flash memory will persist under archival conditions (i.e., benign temperature and humidity with infrequent access with or without prophylactic rewrite). Datasheets of Atmel’s flash-based “ATmega” microcontrollers typically promise retention times of 20 years at 85 °C (185 °F) and 100 years at 25 °C (77 °F).[162]"

So, on my book it is just FUD the way you presented it, as context is the key.

Also, you need to understand how bitrot works. If you stored you mnemonics / passwork in clear, even if you have plenty of bitrot, you will be easily able to recover the actual text, as those changes will make some chars “bad” making those words easy to spot.

As it was also previously stated, make a copy of your mnemonics on paper.

Maybe fud but does represent my personal experience on the reliability of thumb drives.

Such a plethora of facts in your counter reply… :grinning:

This is partially true however data is much more likely to be lost on a modern hard drive than a flash device. Once the physical heads crash, the data is physically destroyed. Hard drives can also become demagnetized over time, especially newer drives that write data to a much smaller surface area than older drives. It takes a smaller magnetic field to destroy data on them. The most common failure vector for flash devices is wear out of the cells. Taking a brand new stick and writing to it once, pretty much gets around wear out.

But hey, stick to your own “facts”…

I’ll just leave it at this… Flight data recorders (black boxes) use flash memory, specifically because of durability and ease of recovery…

'Nuff said.

2 Likes

Then present it as such, and state that it is commonly assumed that those devices are estimated to retain data for 20-80 years. Again, just provide context, nothing else.

I think we agree that this is a totally different use case. I hope our data does not have to survive a plane crash while in use.
I’m mostly speaking from my personal experience with those things. Which is that they are prone to failure. Whereas I had better success with Harddrives (or SSD’s which also use flash). My best aproach is to use two different Technologies as to minimize risk of failure at the same Time for both Mediums.

Yeah, I certainly hope that my data is never exposed to those conditions, but the point was that given the harsh use case of black box devices, quality flash storage has an acceptable level of durability and longevity to serve as a backup for private keys.

If you really want a archival grade, long term storage, you cannot beat silver halide (B&W) photography. Short of stone tablets, that technology has over 100 years of proven durability.

1 Like

pen & paper (20 characters)

As long as the ink is metallic pigment and the paper is acid-free, archival grade… But then you run into the issue of not being able to read your handwriting in the future… If you could see my writing, you’d know how real that concern is. :wink:

1 Like

What about using encrypt algoritm? I recomend you to use It. For example you have the opensource “gpg” lib in linux and you can use It to make a simetric encryption.

To encrypt (gpg will ask you for a passphrase):
$> gpg -ca /path/to/file

To decrypt:
$> gpg -d /path/to/encrypted > /path/toanew/decryptedfile

If you set a good passphrase I think you can leave yor encrypted keys in multiple storage devices on your home. And why not, In a special folder on your google drive cloud or other safe remote location.

1 Like