You are viewing a single comment's thread from:

RE: Bluffer's Guide to Steem - Knowing Your Keys & Account Security

in OCD10 months ago

Good guide. Thanks for mentioning my post.

I'm now recommending that one changes their PW after changing recovery account or whener owner key is used (normally to change pw so no need there).

I also wonder if master key is neccessary for anything but generating new keys. I guess in the odd even you misplace the paper your owner key is on but not the master(keep these on the same paper).
The only case I can realistically see it being handy is if you write out your owner key and screw it up, you can try the master instead of the owner (saved my butt once, so I print now),

Sort:  

Yea always worth changing everything when you use the owner key or master. They are sacred basically!

If you have forgotten your keys or if you wrote down everything incorrectly,except your master pw, then you will need it to log in to see your keys on steemitwallet (happened to me recently as I also wrote down my owner key wrong so had to change). Then you will need to change your keys straight away.

Thanks for checking it out.

I think from a technical view, when Steem ends up being compatible with a hardware wallet, the master key may also be necessary to continually generate the other keys. However, I'm unsure if I would want to use that for more than storing my owner key because using it is a bit of a pain.

I think if that would happen with integration with hardware wallet then you probably would want to have the master password as your private seed wouldn't you? It would be the ultimate last line of defence. The owner key may then have to just be changing posting, active, memo and owner keys whilst leaving the master as just that.

That way the owner becomes the one that continually changes? Not sure the technical side of it but that makes more sense to me and keeps in line with other hardware wallet usability?

I believe you are correct and there is indeed a way to change the owner key without changing the master KEY. For example the hardware wallets usually use BIP-39 (i think), it's combination of 24 words from a list of 2048. However, the master PW on steem can actually be anything (use the random generator). So yeah, it could generate an infinite series of keys. But this is why it is difficult to program. It better indeed meet cryptographic standards when generating new owner keys.