OpSec 102

OpSec 102

By vanassen.eth | understandingadoption | 25 Apr 2023


  A big rule to remember in Operational Security is that shared secrets are not secrets.

  In order to successfully pass on decentralized wealth, a living will must be created. A designed system with a sufficient backup plan is key, as accidents do happen!!! Care must be taken not to lock out your confidants out, yet to have sufficient security to eternally keep intruders out. 
   Think in terms of a concept that is shared strictly between you and your confidant- and isolated shared memories work less effectively then pinpoints of a collective memory.

  For instance, when designing a clue to access, rather than alluding to something like, “What I was wearing on our first date,” a better approach is, “the main character of our favorite movie.” A memory that is not recorded on photo or video may be lost to the sands of time and bad memory, yet a shared memory within something that exists in our societal framework has the opportunity to be reviewed, yet can remain secret. 
  
   Your metadata is valuable and provides a pathway to the home of your wealth. 
  Paranoia works! Never give anyone access to your private keys! (Obviously.)

 A quick review on how private/public keys work. 

 A private key is a computer generated hash which allows access to funds. 
 A mnemonic phrase is a 12 or 24 bit string of everyday words that is generated specifically from a private key hash. It holds the same power as a private key! Essentially, it is a private key that has been modified into a more easily trackable and memorable bit string. Be careful with this phrase!

 A public key is also a generated hash that serves as an address to receive funds. The public key cannot be used to access funds, so feel free to write it on your forehead and post a selfie. 
 The one point of caution with public keys is this- it easily reveals all the wealth contained in it through the block explorer. So the more the public key holds, the better your OpSec should be getting.

  Multi-sig wallets can be a great way to keep intruders out, however, they come with their own risk adversities. If you are part of a multi sig wallet agreement, understand yours and other’s roles. What happens if you become incapacitated? Will your cooperate signers be locked out? What is the ratio of applicable signatures to required signatures? (2/3, 3/5, etc.) Make sure you and your co signers are using great OpSec!

 Encryption has been used for thousands of years, basically for as long as secrets have been kept. The Ancient Greek mechanism known as the Scytale, was being used as early as 700 B.C. The scytale is a transposition cypher consisting of rolls of parchment around a cylinder which must be properly transcribed to receive the message.  

29df4434e5bb2d49f658f36ab11f2e6942776b3e5ea8b272b470cac7e44a17f3.png

     And of course, Nazi Germany used the Enigma Machine, which was created in 1918. The enigma machine used a 67 bit encryption method, and was so effective that it was only cracked eventually due to human operator error.

   And of course, Bitcoin was created in 2009, which made wide use of the SHA-256 hash generator, which was the precursor to our modus operandi of the crypto sphere. 
 
   How encryption works.

   A basic encryption method boils down to a shifting of the original text onto a grid in which the characters move vertically or horizontally.  A basic decryption key would trigger the reverse movements of the original encryption, vertically and horizontally.

  Nothing is wrong with a bad password, as long as it is encrypted. If you use a password service to encrypt your passwords, remember that your newly encrypted passwords are only as safe as the password you chose to access the encryption keys.

  Something to keep in mind when creating passwords- the human mind can easily remember 5-9 bits strings of data. 
     4-5 bits: anyone can remember.

     9-10 bits:  not many people can easily remember.

   Use this to your advantage; make sure your password has a high bit count, yet break it down for yourself into 3-4 bit strings. Also, consider this method when concealing and revealing your seed phrase. 
  
   Here are some concealment tools to use: 

    Paranoiaworks.mobi

     And Encipher.it

     Deadmanswitch.net

  Be careful when using any encryption service. Make sure you have the proper decryption key to accompany your encryption service. Before combining and programs or services, make sure they are compatible/ interchangeable, or use the same hash encryption method. Do not lose or separate your encrypted data from its proper decryption key software ( but keep it concealed, of course.)

 What is a deadman’s switch? 

  A deadman’s switch is a piece of software which keeps data concealed while the user regularly interacts and logs into some trackable interface. When the program observes that the user has not logged in or interacted for a certain set amount of time, it will automatically reveal the encryption data to said/ set confidants. For instance, if John has not logged into his email  for one year, his seed phrase is automatically sent to his emergency contact/confidant.

  Use the above link to encipher.it to practice encrypting messages, like a real OpSec agent.

  Let’s review some clutch OpSec facts:

  1. Create wallet 

  2. Collect private key or mnemonic seed phrase.

  3. Encrypt seed phrase with key password.

 4. Re encrypt this password with another password. 
 5. Share a clue to this password with your confidants (remember, line from our favorite movie, etc.)

6. Place encrypted seed phrase in weatherproof flash drive along with encryption software. 
7. Place the encrypted key phrase that allows access to wallet seed phrase with a clue to your confidant on your deadman’s switch; include link to original encryption software. 
8. Flash drive with seed phrase should be stored in a location that is accessible to the confidant(s).

9. Create redundancy (more than one confidant, more than one process to access funds. 

  Paranoiaworks.mobi( link above) allows users to encrypt JPEGS stored on a hard drive to encrypt data. Therefore, one can leave a clue to a picture stored on a hard drive that would be obvious to the confidant, yet completely hidden to a bad actor who is looking at a hard drive full of hundreds or thousands of photos.

  Try to hack your own OpSec. Practice encryption methods. Get your confidants in the practice of working through the type of clues that you will be leaving for them to access your funds. Make sure that clues to your seed phrase cannot be found in a Google search.

  It wasn’t easy for James Bond to become Commander Bond, it took superior OpSec for him to elevate his level. Work on it! Practice! Take your spy to the next level.
  
 

  Consider buying a PokeGan NFT.

  You'll gain so much more than the basic outlines here. 

  Tokengated lessons provided by Omakasea. 

  Follow me on Lens and Twitter.

 

    

How do you rate this article?

6


vanassen.eth
vanassen.eth

Wading the waters of "Web 3.0". Want to come swimming? Follow me >>>>>>


understandingadoption
understandingadoption

A random string of articles with high quality content and news with viewpoints on digital assets from a wide range of voices and perspectives. Follow me on twitter @cryptopotestas.

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.