Quick Question on Master Tickets

83 views
Skip to first unread message

Christopher King

unread,
Jan 17, 2021, 2:00:50 PM1/17/21
to urbit-dev
This is definitely a dumb question, but given the financial value involved I want to triple check. After an Urbit ID has been sent to me, say via an OpenSea purchase, that ID is cryptographically securely mine, right? I do not need to change the Master Ticket, correct?

Galen Wolfe-Pauly

unread,
Jan 17, 2021, 2:46:17 PM1/17/21
to Christopher King, urbit-dev
Typically, when you buy on OpenSea or similar you're using a conventional crypto wallet (like Metamask) and you don't have a master ticket. Metamask creates a key for you, if I remember correctly, so assuming your machine isn't compromised (and Metamask isn't either), that key is yours.

Most people who hold addresses with master tickets used the urbit keygen tool, which does more or less the same thing (i.e., it generates keys locally). So the main concern is just whether or not the machine you derived those keys on is compromised somehow, or you leaked them through some other means. 

The benefit of a master ticket is that it's a single seed for a bunch of secrets (ownership key, spawn key, management key, networking keys) which use different crypto algorithms and would otherwise need to come from different seeds. This is mostly experienced by people when they try to derive networking keys, which use a different crypto algorithm from eth (which we use for ownership). If you have a master ticket, we can use that seed to derive your networking keys.

Anyway, no need to change the master ticket if you derived it yourself. In the case of invite codes, Bridge uses our keygen library to generate the keys client side. So, unless you think the ticket is compromised somehow it should be fine.

Christopher King

unread,
Jan 17, 2021, 2:49:55 PM1/17/21
to urbit-dev
And this means if the previous owner had a master ticket then it's totally void, right? If I understand you correctly, the only ownership issue to worry about in this case is whether the machine with Metamask installed is compromised or not.

Galen Wolfe-Pauly

unread,
Jan 17, 2021, 2:52:20 PM1/17/21
to Christopher King, urbit-dev
Just think of a key like a physical object. If an attacker has time with a physical key, they can easily press it into some clay and make another. If you think you could have leaked your key somehow (access to the machine, sending it on an insecure channel, pasting it into a group chat, whatever) — then you need to rekey.

This is true of Metamask, master tickets, passwords, and so on.

Christopher King

unread,
Jan 17, 2021, 3:06:17 PM1/17/21
to urbit-dev
Got it. Thank you, this was helpful. It’s easy for paranoia to set in with these things.
--

Best,
Chris

Galen Wolfe-Pauly

unread,
Jan 17, 2021, 3:09:52 PM1/17/21
to Christopher King, urbit-dev
It is, indeed, a lot easier to reason about keys when they're actually physical.
Reply all
Reply to author
Forward
0 new messages