Security of secrets

Document history

DateChanges
31. January 2021Published
16. August 2021Added Section: “WiFi Admin Password”


All things considered, the weakest part of the majority of it systems is the human part, namely you and me. Let’s look at how to store secrets and what can be done to manage secrets efficiently with decent security in mind:

  • Passwords
  • Keys
  • Wallet Seed/Phrase
  • Hardware wallets
  • Recovery of lost secrets
  • WiFi Router administrator password

Passwords

The most annoying thing to handle are passwords for sure. Every service using any kind of user authentication want’s you to enter a password to identify yourself. There are some rules to follow to avoid the most common issues with passwords.

Don’t reuse passwords

Passwords should not be reused. Use different passwords for all user accounts you have, this includes your node’s root & operator user, your account on all crypto related sites like bitcointalk.org, etherscan.io and beaconcha.in.

Databases of public websites get compromised pretty often, in most cases users of those websites won’t even know and databases use weak or no encryption to store user information. If this happens there is a chance user accounts and their information get’s out on public forums and other people can use this information to get some more puzzle pieces like your node’s operator user name from a beacon log you posted on discord to figure out an issue you had with finding peers. In those logs might also be an IP address and a malicious attack on your node might only be a matter of time.

Some websites let you know if an account of you got compromised, e. g. https://haveibeenpwned.com/. Please don’t reuse your passwords.

Use password generators

There is a method to guess passwords, it’s called brute force and used quite often. Let’s reuse the scenario we used in the section above and say you didn’t use the same password, but almost the same (e. g. “stereum.net33” on one site and “stereum.net34” on the other). That’s not safe. It’s easy to guess. Use password generators.

Use password managers

There are downsides of password managers:

  • Less common apps won’t provide much security and updates
  • Backups are very important
  • Loading the password database on a compromised device will make all passwords and accounts available to the attacker

And there are ups:

  • Easy to use
  • Only one password and/or key unlocks all your accounts
  • Usable on different devices

Suggestions (do your own research!):

But how to store the database?

Make sure you store it on multiple locations, some suggestions:

  • Locally on your daily driver laptop/computer (just make sure no other individuals have access to this file)
  • In the cloud, but make sure your database is properly encrypted
  • On a usb stick you keep safe (not physically available to other individuals)

Keys

Validator keys (e. g. generated by deposit-cli offline), ssh keys (for passwordless login), password database key (to unlock your password database without a master password), there are many keys that are simply impossible to remember. Some of them are encrypted (e. g. validator keys), others are not (e. g. wallet seed) and all of them have different risk levels.

High risk keys

Those keys need to be protected with caution, but are needed for operations and cause a lot of trouble when compromised but not getting your crypto funds stolen or your bank account emptied.

Best to store these easily accessible, e. g. in your password manager (some can also store and manage files) or on an encrypted drive or on the machine (e. g. staking node) you need them on.

Critical risk keys

Your wallet seed is considered a critical risk key. If someone finds out these 24 or 25 words they can use is to withdraw funds. These keys must be kept safe and should not be on a device accessible by other people or having a connection to the internet. Consider writing down or printing those keys on paper and store them safely in a secure manner. Nobody should be able to get to these except you.

Some prefer to have a “hot” wallet with a limited amount of coins on their phone or easily accessible on a device and another “cold” wallet that’s safe from every phishing or hacking attempt.

Wallet Seed/Phrase

As discussed earlier it’s important to keep seeds/phrases as safe as possible for the majority of your funds.

Ethereum 2

There is no chance to notice a compromised seed for a Ethereum 2 wallet due to the fact that withdrawal of Ethereum 2 funds aren’t possible at the time of writing. Attackers will wait until phase 1.5 or 2 to be able to withdraw funds. But first an attacker needs to either wait for the rightful owner to exit the validator account or send the exit transaction themselves making the rightful owner aware of an attack.

Because of the long period of time to wait until withdrawals are possible it’s easy to store an Ethereum 2 wallet safely. Keep in mind if you want to fund more validator accounts later on you can easily generate the maximum amount of accounts you need already at the beginning, then fund them as you wish and start staking. It’s even possible to just put those unfunded validator accounts already on your staking node along with your funded accounts. The staking node will carefully observe the Ethereum 1 chain and wait for the correct deposit until staking while already staking with the funded accounts.

This means there is no reason to store your Ethereum 2 staking wallet on an online-device or on a usb stick in your working desk drawer. Print it out or write it on paper with your hands, store the paper as safely as possible.

Hardware wallets

Ledger or Trezor hardware wallets are secure and easy to use, there is no better way at the moment to manage a hot wallet. Even with your main device compromised it’s not possible for attackers to withdraw funds from your Ledger or Trezor device without you confirming the transaction on the Ledger or Trezor hardware wallet.

But be careful, devices can still be compromised with physical access. It’s work, and certainly not easy, but doable. Watch your devices, don’t show them to other people unless necessary.

Recovery of lost secrets

The most important part of every backup is how to recover it when the original is lost. In case you lost the sheet of paper with your Ethereum 2 wallet seed on it to a fire or water incident, have another one at another location ready. Think about using a technique like 3-2-1 (3 copies of the data, stored on 2 different types of storage media, and one copy should be kept offsite, in a remote location) to store your backups and keep the backups as recoverable as possible.

Also test the recovery process, some suggestions:

  • Can you restore your password manager database only by using your backup media?
  • You go out and you loose everything in your home (fire, storm, burglary, …) how do you recover your bank account credentials and codes?
  • Let’s say you lost your bag with your phone and hardware wallet. What do you do to get access to your crypto funds?

WiFi administrative password

One of the most common things a lot of people forget whenever they get a new Wi-Fi Router is to change its administrative password from the default one to a more secure one, that also should be different to the password one uses to connect to the internet. Even with some of the most bought routers (according to Amazon) have glaring security vulnerabilities, if the administrative password isn’t changed from the default

wi-fi routers vulnerable to default credentials attack

The study of Comparitech.com shown in the graph found and tested 9,927 routers. 635 were vulnerable to default password attacks.
Common attacks include:

  • DNS Hijacking – by manipulating the domain name system an attacker could redirect the victim to sites containing malware or other websites containing malicious software
  • Eavesdropping – which enables to attacker to monitor the devices of the victim connected to the router.
  • Abuse your connections – the attacker can use your router as a proxy to access & download illegal material, which you could be made liable for.

While router attacks are pretty non predominantly problematic with running the Node itself, someone monitoring your activities could find your passwords to enrich himself with your ETH, when the withdrawal process is enabled.

To change the administrative password, you can usually access your router’s administrative panel by connecting to it normally using wi-fi or LAN and typing in your IP address into your browser. You can find your IP address on this website. Alternatively in most cases putting “192.168.0.1” or “192.168.1.1” into the web browser’s URL bar also leads to the router dashboard login page. For some this is the default gateway that is used by routers and modems such as D-Link as default IP address for logging into the admin panel.

Security of secrets
Scroll to top