Get answers and suggestions for various questions from here

imToken assessment clearance strategy


imToken has added a user evaluation system in version 1.3.3. The purpose is to let more users understand the security knowledge of wallet and the basic concept of blockchain, which has improved the cognitive level of the entire blockchain ecology to some extent. However, this has also caused problems for many small white users. Repeated tests are not too bad (the degree is terrible compared to subject 2). imToken hopes that users can find relevant knowledge through the help center, but today Xiao Liu deliberately brought you fast. Through the evaluation of the Raiders, help you quickly grasp the security knowledge of the decentralized wallet.

All problems can be roughly divided into three categories, namely the basic concept of blockchain, wallet security knowledge and wallet transaction transfer.

The basic concept of blockchain is mainly about "what is ERC20 token", "What is the wallet address of Ethereum", "What is a wallet", "When using imToken, where the user's digital assets are stored", etc. The problem unfolds.

For this part of the knowledge, because of the triviality, we explain separately, first explain, what is the address of Ethereum, Keystore, mnemonic, clear text private key.

Address: A 42-bit hash (hexadecimal) string starting with 0x.

Keystore: A string of JSON format encrypted by an encryption algorithm through an encryption algorithm, usually stored as a file.

Mnemonic: 12 (or 15, 18, 21) Word composition, the user can import the wallet through the mnemonic, but conversely, if someone gets your mnemonic, you can easily transfer you without any password. Assets, so keep your mnemonic properly.

Plaintext private key: 64-bit hexadecimal hash value string, in one sentence to explain the importance of the plaintext private key "Whoever has the private key, whoever has the right to use the wallet!" Similarly, if others get Your plaintext private key makes it easy to transfer your assets without any password.

Second, let's briefly explain the basic characteristics of the blockchain .

Decentralization: Because the entire network has no central ruler. The system relies on the fairness constraints of multiple participants on the network, so the rights and obligations of any number of nodes are equal, and each node stores all the data in the blockchain. Even if the node is damaged or compromised, it will not pose any threat to the books.

Irreversible: The information on the blockchain must be irrevocable and cannot be destroyed at will. The system is open source, and the whole system must be open and transparent. Therefore, after a transaction is broadcast on the whole network, it will be successfully recorded after reaching 6 confirmations, and it is irreversible and irrevocable. Note: imToken is 12 block acknowledgments.

Don't tamper with: Make sure the information or contract cannot be forged. The book is in the hands of a certain person or a few people, the possibility of fraud is very high, but everyone has a book in hand, unless more than 51% of the entire game changes a certain account, otherwise any tampering is Invalid, this is also the superiority of collective maintenance and supervision.

Anonymity: The identity information of each block node does not need to be announced or verified, and the information transfer can be performed anonymously. To give a simple example, you are initiating a transaction on a blockchain to a wallet address, but you can't know exactly which one is behind the address, or your private key has been stolen by a hacker. I know who the hacker is in the wallet address.

The last thing that is hard to understand about this module is the use of imToken, a decentralized wallet. Where is the asset stored?

Many small white users, using the traditional way of thinking about traditionally managed assets, use the decentralized wallet of imToken. Then it will cause a lot of misunderstandings, and even bring huge losses to your assets. So we must first understand in depth what is a wallet?

A wallet is a management tool for keys (public and private) that contain only the key, not the exact one. The wallet contains pairs of private and public keys. The user signs the transaction with a private key, thereby proving that the user has the right to output the transaction. The output transaction information is stored in the blockchain.

Secondly, we need to have a deep understanding of a problem. Since the wallet does not store the exact kind of token, but stores the key, then where is the decentralized wallet stored, where is the asset stored? About 70 percent People think that assets are stored on the wallet company's servers, because long-term use of centralized platforms, such as exchanges to store assets, so in the face of asset loss or theft, the first time will contact the service provider, request to freeze the account or Transaction rollback and other centralization operations. But this is not the case. When we use the deTocented wallet of imToken, the private key is kept by itself, and the same assets are stored on the blockchain, not on the wallet server, and even less on the device. Therefore, some of the above-mentioned operations such as freezing accounts and transaction rollbacks are not valid.

The security knowledge part of the wallet is actually the most important part of the whole assessment. It is basically a mandatory question. If the question about the security of the wallet is wrong, then it will not pass the assessment. But this part is not complicated, mainly around four parts, namely wallet backup, anti-theft strategy, anti-lost strategy and emergency handling method.

Backup awareness: backup immediately after creating the wallet! Backup when upgrading the application! Backup when deleting the application! ... Backup backup backup, you should use the wallet backup as a habit!

Emergency handling: Once you find that your wallet is not a self-operated transfer transaction, or you realize that your private key has been leaked, stop using the wallet immediately (do not transfer money to the wallet), create a new wallet (of course, be new Backup of the wallet) Then immediately transfer the assets to the new wallet. Many people want wallet service providers to help find information on money thieves or hackers. This has been clearly explained in the previous basics. Because it is a decentralized wallet, it is difficult to provide effective clues to help victims." Solve the case."

Anti-lost strategy: It can be said that anti-lost strategy and anti-theft strategy are the top priority of the entire wallet security knowledge. Wallet loss is generally divided into three situations:

1. When you delete your wallet, there is no backup wallet. It is recommended to back up the wallet immediately after creating the wallet, using two strategies: double backup and multiple backup . Double backup refers to keystore backup and mnemonic backup. After multiple backups, it means that after backing up the keystore and mnemonic, it is necessary to verify whether the backup is correct, repeatedly verify and confirm.

2. Forgot your Keystore password. I recommend encrypting the keystore with a stronger password. This password is preferably a randomly generated, less common password . This improves the security of the Keystore, but it also poses a huge challenge to the password. I recommend using a password management tool such as 1password or lastpass to keep your password safe to prevent forgetting.

3. Lost the private key. The private keys here include mnemonics, Keystore, and plaintext private keys. Some whites do not verify after copying the mnemonic, or they are too scribbled, which makes it difficult to identify later, which will lead to no longer find themselves. Wallet. Therefore, we must be careful when backing up the wallet. When you keep your wallet in the future, you should be good at using some secure management tools to ensure that you can find the private key at any time.

Anti-theft strategy: We need to know what we are stolen? Is it an asset? Is it a certain token? In fact, it is not. The essence of theft is to prevent our private key from leaking or being stolen by hackers . In the anti-theft strategy, the focus of Keystore and mnemonic (or plaintext private key) is different.

1. Keystore anti-theft strategy: Since Keystore is the encrypted private key, and generally exists in the form of JSON file, the strategy of "copying" is obviously unscientific, so it can be stored in U disk or password management tool. . Store the Keystore separately from the password , so that as long as the password strength is high enough, even if the hacker steals the Keystore, it is difficult to crack.

2. Assisting words anti-theft strategy: When storing mnemonics, you need to be more cautious, because the mnemonic has no security. Once it is stolen by a third party, our assets will face a huge threat, so it is recommended. Use physical media backup , copy on a piece of paper, and keep it in a safe place. Pay attention to accuracy when copying. Also pay attention to long-term preservation. Do not have problems such as writing.

PS: Here are three real cases that the author personally taught and share with you. I hope everyone can learn some experience from it.

Case 1: A man stores the Keystore in his own WeChat collection, and the Keystore password is the same as the WeChat password. As a result, the stolen assets of the wallet are expected to be 150,000 RMB.

Case 2: A woman transfers her Keystore by mail. The Keystore password and the email password are the same. As a result, the email is intercepted by the hacker. The stolen assets are expected to be 300,000 RMB.

Case 3: A woman is afraid of forgetting the backup mnemonic, so she will tell the friends and relatives around her, help me remember, and the result is that her brother-in-law steals the assets and expects 30,000 RMB (because her brother-in-law voluntarily admitted, Being able to find out the facts)

The final test site content is transaction transfer . This part mainly focuses on three points. One is how to query your own transaction information, the other is which tokens are supported by imToken, and the third is how to calculate the miners' fees. Simplify some of this, we can "pass customs" with a single skill - how to use Etherscan! (website: )

When decentralized wallet transactions do not exist, such as "accounting", "cancellation of transactions", "freezing accounts", etc., many people feel that using imToken to send transactions, then the transaction information should be queried by the imToken customer service staff, which is not entirely true. We can use Etherscan to find out the details of each transaction, even which tokens can be found by imToken , All tokens on this page, imToken will be supported (ERC20 standard)

The miners' fees are actually very well understood. First of all, we clearly use the imToken wallet to send the transaction. Who is the miner fee?

The answer is of course the miner, imToken has not charged any transaction fees to the user so far, which is very different from the exchange or some platforms (for example, many exchanges have received a fee of 0.01 ETH).

There is also how the miners are calculated. The formula: Gas fee = gas * gas price, the unit of gas price is gwei, 4 gwei is equivalent to 0.000000004 ETH, we can go to Etherscan to see the most recent successful transfer transaction, see What is the gas and gas price for this deal, we can do it according to the settings. In fact, using imToken, as long as it is not a special transaction, we do not need to pay attention to the miners' fees, imToken has helped us do all this.

The last little point of knowledge is how to use the MyEtherWallet web wallet ( ), to do some operations with imToken. For example, if the ETC is transferred to the imToken, or if the backup mnemonic is correct, etc. These operations are not detailed here, imToken's help center is very rich in content, and it is covered inside.

That's all, the above is the customs clearance, I believe it will help everyone. I personally think that only more and more people really understand the blockchain and understand the characteristics and mechanisms of the decentralized wallet. The overall level of the blockchain ecology will have a qualitative leap, rather than pure speculators. During the whole industry rectification period, I think this is a good learning opportunity. More people will calm down and focus on the blockchain technology itself. Make Blockchain Happen!