Docs - Monero Usage and Storage Best Practices
This commit is contained in:
parent
65b2309c38
commit
87c3906d1e
|
@ -0,0 +1,216 @@
|
||||||
|
---
|
||||||
|
layout: post
|
||||||
|
title: Monero Usage and Storage Best Practices
|
||||||
|
subtitle: Monero best practice
|
||||||
|
tags: [usage, storage, guideline]
|
||||||
|
gh-badge: [star, fork, follow]
|
||||||
|
---
|
||||||
|
|
||||||
|
## 6 Monero Usage and Storage Best Practices
|
||||||
|
|
||||||
|
Ease of use is one of the critical aspects of every cryptocurrency and
|
||||||
|
although Monero can offer a wide range of privacy features it has to be
|
||||||
|
usable and user-friendly to be used by a substantial margin of people.
|
||||||
|
Usability in Monero is a long-term topic that sparks discussion [55].
|
||||||
|
While significant number of users reported that they perform back-
|
||||||
|
ups of their wallet keys, many of them use hot wallet on their mobile
|
||||||
|
phones which presents a security threat for their wallet.
|
||||||
|
Following scenarios represent secure and easy to use instructions
|
||||||
|
for a new Monero user, based on results from Monero user research
|
||||||
|
in the Chapter 5.
|
||||||
|
|
||||||
|
### 6.1 Generating the keys and accessing the wallet
|
||||||
|
|
||||||
|
The first challenge for Monero users is generating key pairs and access-
|
||||||
|
ing the wallet. This process varies from the user’s platform of choice
|
||||||
|
and used wallet software. As the choice of client wallet software is
|
||||||
|
important for Monero users in terms of user experience and security,
|
||||||
|
the following Sections are dedicated to available wallet software.
|
||||||
|
|
||||||
|
**6.1.1 Windows and Linux platform**
|
||||||
|
|
||||||
|
The official client offers CLI and GUI wallet management and is avail-
|
||||||
|
able athttps://getmonero.org/downloads/. Using this client users
|
||||||
|
can generate wallet keys. Created keys are after generation saved
|
||||||
|
directly into the memory of the device unless specified otherwise.
|
||||||
|
<pre>
|
||||||
|
.\monero−wallet−cli.exe
|
||||||
|
Monero Lithium Luna (v0.12.3.0−release)
|
||||||
|
Logging to C:\Users\radim\Nextcloud\ssme−thesis\cli\monero−wallet−cli.log
|
||||||
|
Specify wallet file name (e.g., MyWallet). If the wallet
|
||||||
|
file is not present, it will be created.
|
||||||
|
Wallet file name (or Ctrl−C to exit): ssme−thesis
|
||||||
|
No wallet found with that name. Confirm creation of new
|
||||||
|
wallet named: ssme−thesis
|
||||||
|
(Y/Yes/N/No): Y
|
||||||
|
Generating new wallet...
|
||||||
|
</pre>
|
||||||
|
|
||||||
|
Security of this task depends on the origin of the software, delivery
|
||||||
|
chain trust, and the users’ operating system. Monero CLI and GUI
|
||||||
|
binaries can be edited, and the application itself does not call any
|
||||||
|
internal checking to alert the user of the unauthorized change.
|
||||||
|
Code injection was successfully tested on GUI binary of the official
|
||||||
|
Monero wallet as seen in the Figure 9.2. Although SHA256 hash is pro-
|
||||||
|
vided on the website, the user is not specifically instructed to check the
|
||||||
|
hashes of the downloaded software with tools like PowerShell using
|
||||||
|
Get-FileHash ./monero-wallet-gui.exe | Format-Listcommand
|
||||||
|
[56]. GPG-signed list of the hashes is available on the website although
|
||||||
|
there are no instructions on how to verify PGP signature itself.
|
||||||
|
|
||||||
|
Algorithm : SHA256
|
||||||
|
Hash : AF9324151909AC7B9BC6D622210EADFBAE5E66...
|
||||||
|
Path : ./monero−wallet−gui−original.exe
|
||||||
|
|
||||||
|
Algorithm : SHA256
|
||||||
|
Hash : DF4EC49E088284ECC78DBBD8B9CEFF00A78085...
|
||||||
|
Path : ./monero−wallet−gui−injected.exe
|
||||||
|
|
||||||
|
|
||||||
|
## 6 Monero Usage and Storage Best Practices
|
||||||
|
|
||||||
|
There are also alternative approaches to key generation like an
|
||||||
|
offline JavaScript based monero-wallet-generator that is available at
|
||||||
|
github.com/moneromooo-monero/monero-wallet-generator.
|
||||||
|
|
||||||
|
Hardware way is considered to be in the development, but Monero
|
||||||
|
compatible devices like Ledger Nano S are already on the market. The
|
||||||
|
way how keys are generated in hardware wallets varies on firmware
|
||||||
|
included in each device.
|
||||||
|
In general, the wallet is required to have Monero application in-
|
||||||
|
stalled from vendors application catalog. Keys are generated on the
|
||||||
|
hardware device within the application itself, and the user can only
|
||||||
|
export private view key from the device to view the balance in full
|
||||||
|
CLI/GUI client.
|
||||||
|
This way, the user has private spend key always on the device,
|
||||||
|
and the client PC has only private view key. To sign a transaction,
|
||||||
|
the user has to confirm the transaction on the device itself meaning
|
||||||
|
the hardware wallet will sign the transaction and then sends it to
|
||||||
|
the Monero client. By this, in case of a security breach on the host
|
||||||
|
computer, there is no Monero to steal.
|
||||||
|
|
||||||
|
|
||||||
|
#### 6.1.3 Wallet software for mobile devices
|
||||||
|
|
||||||
|
Monero has wallet software available for Android as well as the iOS
|
||||||
|
platform. Community recommends to use the open source ones for
|
||||||
|
both platforms, as their codebase is published on GitHub and everyone
|
||||||
|
can inspect the code. Another common fact for the recommended
|
||||||
|
solutions is that the keypairs for the wallet are stored exclusively on
|
||||||
|
the user’s device and restore can be done without third-party technical
|
||||||
|
support.
|
||||||
|
|
||||||
|
**Monerojuro** is an open source Android wallet application that is
|
||||||
|
available on Google Play as well as APK release at Github. By this,
|
||||||
|
users can install the application from the Google Play directly, man-
|
||||||
|
ually download the APK or compile it from source code themselves.
|
||||||
|
Wallet keys storage is based on the device only, and the application
|
||||||
|
encourages users to back up their seed [57].
|
||||||
|
|
||||||
|
**Monero Wallet** is an application released by Freewallet.org that
|
||||||
|
provides Monero wallets for both Android and iOS. Regarding overall
|
||||||
|
usability, this application is easier for an average user as it does not
|
||||||
|
present any cryptocurrency wallet terms as key, seed, etc. The user is
|
||||||
|
instead instructed to create a Freewallet account which acts as a wallet
|
||||||
|
[58].
|
||||||
|
By this, the user does not need to save the seed, wallet keys or
|
||||||
|
make any backups as key management is completely on the side of
|
||||||
|
the service provider, Freewallet.org. This fact is often emphasized in
|
||||||
|
Monero community as the user that does not control the keys does
|
||||||
|
not control the wallet. Also, the source code is not publicly available
|
||||||
|
for the community to review.
|
||||||
|
|
||||||
|
**Cake Wallet** represents open source Monero wallet for iOS that
|
||||||
|
provides wallet generation and local key pair storage with remote
|
||||||
|
node connection and synchronization [59].
|
||||||
|
Guideline for secure wallet access is described in the Chapter 4.1.1.
|
||||||
|
|
||||||
|
### 6.2 Secure storage system
|
||||||
|
|
||||||
|
Wallet keys are everything when it comes to cryptocurrency usage.
|
||||||
|
Who has the keys, controls the wallet and can view or transfer the
|
||||||
|
balance to another address. If a user loses wallet keys, Monero wallet
|
||||||
|
can still be recovered using mnemonic seed that should be saved on
|
||||||
|
another storage medium.
|
||||||
|
This Section describes possible ways of backing-up wallet keys.
|
||||||
|
Primary storage media security is compared in the Figure 4.1.3.
|
||||||
|
|
||||||
|
Data characteristics
|
||||||
|
|
||||||
|
As described in the Section 4.1, Monero wallet consists of an encrypted
|
||||||
|
wallet.keysfile that contains private spend and view keys. Size of
|
||||||
|
this file is less than a few kilobytes.
|
||||||
|
Another type of data that is presented to the user is mnemonic
|
||||||
|
seed. Seed can be used for recovery when wallet file is lost and consists
|
||||||
|
of 25 words with the last one being used for checksum.
|
||||||
|
In total, Monero wallet requires less than 8 kilobytes for key and
|
||||||
|
seed storage. This results in minimal space requirements for backup
|
||||||
|
storage media.
|
||||||
|
|
||||||
|
Backup strategy
|
||||||
|
|
||||||
|
Best practice for backups that isn’t too demanding on the user side is
|
||||||
|
the 3-2-1 strategy that is considered in the industry as a bare minimum
|
||||||
|
for keeping the data safe [60].
|
||||||
|
|
||||||
|
- 3 means having at least 3 copies of your data in total.
|
||||||
|
- 2 of them are local but stored on different media types.
|
||||||
|
**-** This can be represented as a combination of SSD and tape.
|
||||||
|
- 1 is an offsite, geographically different location.
|
||||||
|
**-** E.g., in the next building, a different facility, another city.
|
||||||
|
|
||||||
|
In short, this means when your building with external drive burns
|
||||||
|
down and your notebook gets cryptolocker on the same day, you still
|
||||||
|
have your data safe as you have them in the offsite location.
|
||||||
|
|
||||||
|
Data that users need to backup are not changing in the day to
|
||||||
|
day usage, but only when the user creates a new or an additional
|
||||||
|
wallet. Meaning that backing up the wallet does not need to be made
|
||||||
|
frequently unlike other user data that are changed frequently, e.g.,
|
||||||
|
documents. Verification, on the other hand, is more important as not
|
||||||
|
only users should back up the data, they should also be able to restore
|
||||||
|
them. For ease of use, users can verify the integrity of the backup by
|
||||||
|
actually recovering the wallet from the backup media.
|
||||||
|
|
||||||
|
|
||||||
|
6. Monero Usage and Storage Best Practices
|
||||||
|
|
||||||
|
|
||||||
|
Recommended scheme
|
||||||
|
|
||||||
|
Following cost effectivity of individual media types together with
|
||||||
|
common backup strategy:
|
||||||
|
|
||||||
|
- Total number of copies of data: 5
|
||||||
|
- The primary data source is on the client device with wallet soft-
|
||||||
|
ware. This source is then copied downstream to backup media.
|
||||||
|
- All copies of the data should be encrypted using file-level encryp-
|
||||||
|
tion regardless of the security of the device, e.g., by a popular
|
||||||
|
open-source tool like VeraCrypt.
|
||||||
|
- Local copy
|
||||||
|
**-** Located on disk with full volume encryption, e.g., by Bit-
|
||||||
|
Locker.
|
||||||
|
**-** Paper backup in a secure container at a hidden place.
|
||||||
|
- Offsite copy
|
||||||
|
**-** Located on the flash drive with full volume encryption.
|
||||||
|
**-** Located on the DVD as an encrypted file.
|
||||||
|
Secure Monero usage portal
|
||||||
|
|
||||||
|
|
||||||
|
As a result of this Chapter and Monero user research in the Chapter 5,
|
||||||
|
all recommendations for secure Monero usage are compiled within
|
||||||
|
one websitehttps://ownercz.github.io/ssme-thesis.
|
||||||
|
|
||||||
|
### 6.3 Study limitations
|
||||||
|
|
||||||
|
When interpreting Monero user and miners research results, the fol-
|
||||||
|
lowing study limitations should be taken into account:
|
||||||
|
|
||||||
|
- Self-selection bias of respondents in the dataset, which results
|
||||||
|
in a non-representative sample of the population.
|
||||||
|
- Reporting bias of responses in the dataset, as study gathers
|
||||||
|
rather sensitive questions towards security habits and backups.
|
||||||
|
- Limited time and reach of the questionnaires in the community
|
||||||
|
that has participated in this research leading to non-representative
|
||||||
|
population sample.
|
||||||
|
|
Loading…
Reference in New Issue