The Dangers of Writing This Book
There are many security and community wide attack vectors that can happen after publishing a book like this:
1. I’m listing a specific set of recommended software tools and hardware, all of which can be spoofed, replaced or poisoned with malware. Before going ahead with any of all of these recommendations:
Double check links.
Check with the community and friends on reddit or the forums.
Validate that the software you downloaded is indeed coming from official sources by comparing the "signature" of the software with the "signature" posted by official sources. Two programs that can help verify signatures are
sha256sum
andGPG
.
2. If everyone starts to follow these instructions, it organizes a single attack vector for hackers (they can/will focus in on these tools and approaches with spoofing or code poisoning).
3. While recommending good tools is useful and helpful, it can lead to a lack of decentralized diversity among available tools used for key generation/management in the Ethereum ecosystem.
4. Many of these tips are complicated. If not followed correctly, many can lose their ether by forgetting a single detail, password or step along the way.
- Be careful and practice with a tiny bit of funds you're willing to lose or on an Ethereum test network (i.e. Rinkeby) before going full-monty with these tips and instructions.
5. Scaring people off. This book is large, and may scare people away from pretty solid offline software or hardware wallet solutions.
- Please don't be scared; this book lays out a few of many good options available in the space.
Sometimes the best advice is to take this book and articles like it into consideration, but do a bit of your own thing (within reason) to help protect your wallets and funds.