Hi,
unlike others blockchains were user knows both “seed phrase” and “private key”, in Algorand the only thing I know is my “seed phrase”.
In others blockchain I never put my “seed phrase” online, while my Android Algorand wallet stores directly this information (giveing even the possibility to show it and copy it with a single button).
The point is the following: I was wondering if this kind of wallet is as safe as the “others” that keep these informations completely offline.
Regards,
Despite someone can give you a reasonable answer to your question, I’d say the best advice is to not trust it. Not because bad intentions, but other possible risks.
You can have a main wallet with more security considerations, and other ‘mobile’ wallet which you can have some low balance just enough to make it comfortable to use, and safe enough to lose all its funds in the worst possible case.
We hope that the team develop light-client wallets on popular OS platforms, such as windows/android/ios, with open-source code and clear instruction. I think this will attract more users and investors. good luck 
It is really amazing that Algorand create no fork even when the network is partitioned. An essential progress.
https://runtimeverification.com/blog/formally-verifying-algorand-reinforcing-a-chain-of-steel-modeling-and-safety/
Hi guys,
suppose I take a RaspberryPi, boot a completely new OS, connect it to the Internet just to install a new Algorand node and create a new wallet. Than leave it disconnected from the Internet.
Is this wallet as safe as an hardware cold wallet like the Ledger Nano S?
Hi,
If you use the address as a RECEIVE only address, then yes.
If you intend to send ALgos, then Nano-S is secure, because it never exposes your private key, when it signes the transaction.
Consider buying a Ledger Nano-S (or Nano-X) instead of this RPi solution. If is safe, and can be used with Web wallet.
Ledger Nano S has a secure element which is tamper-resistant, it means that the attacker can’t get the private key even accessing physically to the device.
It is not the case with a Raspberry Pi solution and also it is simpler.
Also Algorand does support offline transaction signing using the goal binaries or the sdks. You do not need to have a node running offline. This allows you to store your private key on a disconnected device.
I don’t see why a raspberryPi would be any less secure than a Ledger device. If it’s sitting in your safe, and nobody powers it up, then your password is secured. If you want to take it further, after creating this setup, pull out the SD card out of the raspberryPi. At that point, you’re comparing the security of two offline storage devices, right ?
Thank you guys!
I still have some doubt on the slightly different points of view expressed by @pipaman and @tsachi
If a Raspberry Pi can work fine as cold wallet, could be useful to write together a step-by-step guide for non-expert users on how to build an open source cold wallet, highlighting the critical operations that need to be exectued offline and providing useful tips on how ensure the best possible security.
I’m not sure to be able to do this on my own but I’m here to give any kind of help to write it down.
I don’t see it as ‘cold’ because it is connected and syncing the node. It is very limited with improves the security but it isn’t cold. To be cold, the keys should be stored offline and each the signing process should be executed in an isolated environment too.