Best practices for using the IOTA light wallet safely

Eric Hop
Eric Hop
Mar 8, 2018 · 8 min read

IOTA is a protocol designed for use by IoT devices. These devices will happily follow any rules to use the protocol strictly, optimally and safe. Sadly, humans are not so good at following rules -if they know them at all- and they often have no idea of the consequences of certain actions. So I decided to write a list of best practices and explain the why in this article.

Here are the rules:

RULE 1: NEVER generate your seed online.

RULE 2: NEVER give your seed to anyone.

RULE 3: ALWAYS store a copy of your seed some place safe

RULE 4: NEVER re-use an address. NEVER. NO exceptions.

RULE 5: ALWAYS attach a new receive address to the Tangle.

RULE 6: ALWAYS wait for a transaction to be confirmed before sending anything else.

And here are the whys:

— — — —

Rule 1–3 all have to do with your seed. The seed is literally the master key to your wallet. Whoever has the key controls the wallet and the iotas therein. So it is very important to have a few best practices that help you keep your seed safe.

RULE 1: NEVER generate your seed online.

Because iotas have monetary value there are a lot of nasty people out there ready to try and relieve you of your iota stash. One way they do this is by offering to generate a seed for you. Don’t fall for it!!! Most, if not all online seed generators are designed to make your seed vulnerable. They either will copy the seed or generate a seed from a limited number of random seeds. And as we have seen in the beginning of January some of them have a lot of patience. All of a sudden over 4 million USD worth of iotas got stolen by the operator of a popular seed generator.
Generating a seed isn’t difficult. You just need to know the right method to use. Here are 3 methods to do it yourself:

Method 1. Make up a string of random, unrelated words. Mix in weird words or foreign words. Really, that’s the simplest and safest way to go. With 81 characters it is impossible for anyone to guess them as long as you keep them unrelated.
Example (spaces are for readability only): FLOWER BEER JE MAINTIENDRAI CLOCKWORK SHELDON ELDERBERRIES BLITZKRIEG OVENMITT AUTOCORRUPT

Method 2. Use a single finger and slowly type 81 random letters. Just let your finger go around and around and sometimes let it go down. Purposely trying to make it random is okay. Just try to avoid patterns, which is why quickly mashing fingers on the keyboard is not a good idea. If you want, you can throw a 9 in here and there for good measure. Once you have 81 of them, replace some random letters with other random letters, just to make sure you break any patters you unwittingly used.
Example: KUWVQZOVFENI9GTESKPLJKMVFTETTKGSWQBMOPHTJLOHRRGKOKNHKKECDSKNSFFHGKBPYU9NVDL9ECVMB

Method 3: Warning: This method is only for people who actually know what they are doing and what I am talking about. There are a local/offline secure random generators available with most major operating systems. I won’t go into detail here to prevent the noob users from using them. You really want to know what you are doing. Mac and Linux for example offer /dev/urandom. If this does not mean anything to you, just use method 1 or 2 instead.

RULE 2: NEVER give your seed to anyone.

Again, there are many predators out there. Some of them will even pretend to be part of the IOTA foundation and offer to help you if you ask for help with a problem in any of the help channels.
Be paranoid in those cases where such a person asks for your seed. Once you give it they will quickly empty your wallet. Most problems you will encounter can be solved without ever giving up your seed to anyone.

RULE 3: ALWAYS store a copy of your seed some place safe

Protect yourself from ever losing your iotas. Keep one or more copies of your seed in safe places. Make sure that it is not easy for anyone to get a quick peek at them. Remember, mobile devices are cameras and snapping a picture of your seed is very easily done. Best to separate your seed in two parts and keep them stored away from each other. I recommend 2 bank safes at 2 different banks. Especially when the amount of iotas becomes large this is no overkill.

And while you’re at it make sure that it includes a succession list in case anything happens to you and maybe include some trusted persons that can help your heirs get their hands on the funds. Nothing sadder than sitting on a million worth of iotas and no one being able to access them when you die.

— — — —

Rule 4–6 all have to do with multi-spending. Which is spending more than once from the same address. The problem here is that IOTA uses one-time signatures. After spending addresses are not supposed to be used any more because in the process of spending a random 50% of the private key to the address gets exposed. This in itself is not a problem, any funds arriving after a single spend are still pretty safe. Breaking the other 50% of the key is still a daunting task.

But when a second spend happens on the same address a new random 50% of the private key for that address gets exposed. Theoretically, statistics will tell you that now 75% of the private key is exposed. But here is the difference between theory and practice. Since it is a *random* 50% of the key that gets exposed, you could be unlucky enough that both 50% exposures only have a 10% overlap. In which case a whopping 90% of your key is exposed already! In which case your private key is toast and broken relatively easy.

So in short: 2 or more spends from the same address is VERY BAD!

Now let’s see what scenarios could occur that will end up in a multi-spend and why these rules are good:

RULE 4: NEVER re-use an address. NEVER. NO exceptions.

I can immediately hear some people say: “But you are allowed to receive multiple times at a address!” And they are technically correct. IoT devices will do this all the time. But they have the advantage of knowing exactly what the parties they are talking to are going to do and when. So they can safely do this. Here is a scenario that shows just one example of why it is a bad idea to send multiple times to the same address:

Let’s say I withdraw X iotas from an exchange to address A in my wallet. The whole process takes a little time, but I end up with X iota in address A.

Encouraged by this success I decide to withdraw another Y iotas to that same address A. After all, I can send *to* an address multiple times, right? So I put in the order and the exchange starts processing the order. Note that this processing can sometimes take hours or even days.

In the mean time I tell my friend about IOTA, and to encourage him I want to send him a few (let’s say Z) iotas. So he installs the wallet and gives me a receive address B. I tell the wallet to send Z iotas to address B. The wallet happily obliges and takes the iotas in address A, sends Z iotas to address B, and -to guard address A from multi-spending- it also sends the remaining X-Z iotas safely to a newly generated address C in my wallet.

Everything seems okay so far. But with one problem: The exchange did not process my withdrawal yet. When it finally does process it, the Y iotas will be sent to address A just like I instructed. Except that address now already has an earlier spend on it! Oops!

This situation could have been simply avoided by generating a new address D for the second withdrawal and using that instead of address A.
So case in point: NEVER re-use an address. Not even for receiving.

RULE 5: ALWAYS attach a new receive address to the Tangle.

I can immediately hear some people say: “But you don’t really have to do this!” And again, they are technically correct. It is perfectly fine to send iotas to an address that was not attached to the Tangle explicitly. They will arrive just fine. Again, IoT devices do this all the time, but they also keep track of what addresses they gave out as receive addresses.

The IOTA wallet does it differently. Because it is possible to install the wallet on different devices, and log in both wallets with the same seed, the developers are determining the state of the wallet directly from the Tangle. That way both wallets will respond the same to events. Otherwise one could have kept track of some important addresses and the other would have no knowledge of that. Pretty elegant solution.

But this solution comes with a hidden cost. To understand this we need to look at how the wallet decides which addresses have been used already. It does that by asking the node it is connected to for a list of transactions that incorporate that address. If there are no transactions yet it concludes that it has not used the address yet.

By attaching an address to the Tangle you explicitly create a zero-transfer transaction for that address. Now the wallet can find that transaction in the Tangle, so it knows it is in use already. And yes, in case someone sends iotas to that address, the wallet can find that transaction in the tangle and again sees that it is in use already. Therefore we don’t need to explicitly attach it, right? Bzzzzt! *Wrong*!!

Let’s say I have X iotas in address A. I decide to withdraw another Y iotas from the exchange to address B. That’s what I learned from rule 1. Use a different address. I don’t bother explicitly attaching address B to the Tangle, because I was told before that that was not strictly necessary. So I put in the order and the exchange starts processing the order. Which again takes time.

To spread more joy I decide to send Z iotas to my friend again. I initiate the transfer, and this time the wallet can take from address A, send Z iotas to my friend’s address, and then it wants to send the remaining X -Z iotas to a new receive address. So it looks in the tangle which address is not in use already. Aha! Address B is not used yet. So it merrily sends the results to address B. Oh dear. Now we are in the same situation as we were in with rule 4.

So if we now decide to send another amount of iotas to another friend, we will be spending address B before the withdrawal to address B has executed. And we end up with a guaranteed multi-spend again.

This situation could have been simply avoided by explicitly attaching address B to the Tangle. In which case the wallet would have seen it was in use already, and it would have sent the remainder to a new address C instead.
So case in point: ALWAYS attach a new receive address to the Tangle.

RULE 6: ALWAYS wait for a transaction to be confirmed before sending anything else.

I can immediately hear some people say: “But the wallet will keep me from multi-spending!” And again, they are technically correct. The wallet will check before spending if there already has been a confirmed spend on the address, and won’t allow a second spend in that case. But consider the scenarios 4 and 5. In both cases the problem could also have been avoided by simply waiting for the exchange transaction to be confirmed before sending to my friend.

So case in point: ALWAYS wait for a transaction to be confirmed before sending anything else.

Note that a lot of these situations are even muddier because you have no idea what address(es) the wallet is going to pick as input(s) for sending iotas somewhere.

Also note that I only provide one example of where things can go wrong for each rule. Things become even muddier when snapshots happen. But that is something for another article.

IOTA Demystified

A deep dive into the concepts, technology and magic of IOTA.

Eric Hop

Written by

Eric Hop

Software developer since 1979

IOTA Demystified

A deep dive into the concepts, technology and magic of IOTA.