what is metamask, how to use it?

in blockchain •  2 months ago 

Metamask is a wallet. It was originally an Ethereum wallet, and later a multi-chain wallet.

It is mainly an EVM chain.
Typical EVM chains include Arbitrum, zkSync, Avalanche, and BSC. EVM, Ethereum Virtual Machine, roughly speaking, these chains imitate the form of Ethereum, so that you feel exactly the same as Ethereum when you use it, otherwise how can it be called a virtual machine.

The concept of EVM reminds me that in 1998, computers were called "compatible computers". The object was omitted. In fact, it was HP, DELL and other brands of computers that were compatible with IBM's microcomputers, but later it seemed that only compatible computers were left, so the word "compatible computer" disappeared. Metamask is the wallet I use every day. In this bear market, OKX's wallet is very popular. It is mainly optimized for the wool party.

For example, cross-chain gas is added for you, or ecological projects are listed on the homepage, which is convenient for wool parties to go one by one. 0xzhaozhao has posted a lot of tutorials on how to use mobile phones to wool wool, all of which use OKX wallets. You have to consider that there are indeed many people who don't even have a computer. They feel that they can do anything in the world after installing OKX.

Of course, these tutorials of 0xzhaozhao are also "sponsored" by OKX ([/snicker]). Metamask is a typical browser plug-in wallet. Its popularity started with the DeFi boom in 2020.

The topic of wallets is very big. If you are just starting to play with coins, you must understand the wallet. I will just popularize a few common sense. First, the private key is everything in your account. As long as you have a private key, all the assets in your account have been obtained, and you don't need anything else, whether it is a password or a mnemonic. You remember a simple formula, account = private key.

As for the public key, it is calculated using the private key. As long as I know your private key, I can deduce your public key. The address is derived from the public key.

So you see, the private key is everything, the private key can deduce the public key, and the public key can deduce the address. The public key does not need to be kept secret, and the address does not need to be kept secret. Some people are mysterious and afraid that others will know their address, which is unnecessary. Of course, if you have too much money and are afraid that people will know it, you can hide your address. But from a security perspective, it is unnecessary and should not be relied on. We still need to put effort into protecting the private key. The second is mnemonics. Mnemonics are a method used by wallets to help users manage their accounts. At present, it is the best practice.

Of course, with the popularization of AA, there will be new best practices in the next step. For example, when you use Web2 APP, the best practice is SMS verification code. You need SMS verification code when you log in to WeChat; you need SMS verification code when you log in to Meituan; you need SMS verification code when you transfer money to a bank. The best practice for wallet security is mnemonics.

The advantage of mnemonics is that they can be copied on paper because they are all words.
But I have observed that for Chinese people, mnemonics have a problem because most Chinese people don’t know these words. I randomly say a word abstain. You see, most Chinese people don’t know this word.

When they copy it, they will copy it as abtain, and then they will not be able to restore their accounts. If your English is not very good, you’d better be careful when copying mnemonics. It’s not a bad thing to spend some time to look up the 12 words in the dictionary one by one.

Third, let me talk about the relationship between mnemonics and private keys. Private keys are calculated using mnemonics. For example, your mnemonic is 38. Some people wonder, mnemonics are not 12 words, how can they be numbers? Oh! 12 words are numbers.

Words are for you humans to copy and remember easily, but they are still numbers behind them. In the final analysis, there are only numbers in computers.

When you see a Chinese character, it is a number (Unicode encoding). When you see a photo, it is also a bunch of numbers (image encoding). When you watch a short video on TikTok, there are still numbers behind it (video encoding). Mnemonics are numbers. For example, if your mnemonic is 38, your private key is n*38.

The private key of the first account is 38, the private key of the second account is 76, and the private key of the third account is 114... So when you use the mnemonic to restore the account, a string of accounts will be back.

The generated accounts are infinite. To summarize the description just now, the mnemonic and your account are a one-to-many mapping relationship. A mnemonic can generate a series of accounts (including private keys). Someone asked, what is the password for? In English, "password" is password. To be more specific, it is called a password. The password is used to encrypt your mnemonic words. Your mnemonic words are stored locally. If it is a computer,

it is stored on the computer; if it is a mobile phone, it is stored in the mobile phone. Metamask does not store your mnemonic words, let alone your Ethereum account (including private key). Metamask does not store any of your information.

This is different from WeChat, otherwise how can it be called Web3. In the circle, wallets like Metamask are also called "self-custodial" wallets, self-custodial; since there is self-custodial, of course there is a custodial. A typical example of a custodial wallet is a bank. If you lose your bank card password, you go to the bank and use your ID card to prove your identity. The bank can reset your password. The CEX in the currency circle is the same. You can reset your password by providing your passport and other identity information. WeChat is the same.

You can reset your password. Of course, Tencent can also delete your password or deactivate your account. But Metamask has no way to deactivate your account. The truth is that it doesn't know you are using Metamask. You can also write your own Metamask for yourself, and you can write your own wallet for yourself, provided that you can program. After all, your coins are on the Ethereum chain, which has nothing to do with the Metamask wallet.

Many people have been playing with coins for four or five years, seven or eight years, and don't understand these basic principles. What I said is very important. If you don't understand, then take the time to read it several times, or go online to find more information and read it repeatedly until you understand it. If you don't understand these, then you are really confused and it's all in vain. I just talked about the password, which is what everyone calls the password.

It is used to encrypt the mnemonic. The password is also used to encrypt your other data. I don't know what data, anyway, it's something you have used in your wallet, for example, you changed the name of your account to "Huang Tiandi"? But you have to note that the mnemonic does not require a password. If I know your mnemonic, I can directly log in to all your Ethereum accounts here, and I don't need to know the password you set. That password is useless. I guess you are confused. You just said that the password is used to encrypt the mnemonic, and now you say that the password is useless. What is the password for? Is it useful? Listen carefully to the following. If someone wants to steal your account.

The first method is to know your mnemonic directly. For example, you took a screenshot of the mnemonic and put it on Baidu Netdisk. I used the password collision method to know your WeChat password, and further knew your Baidu Netdisk password. I went to Baidu Netdisk to find your mnemonic screenshot.

At this point, I have obtained all your Ethereum accounts. As long as you "generate" an account in Metamask, I have obtained all of them, and I can also transfer all your coins immediately.

The second method is that I don't know your mnemonic, but I copied your Metamask data storage directory on your computer. The name of this directory is data. I copied this directory, which contains the encrypted mnemonic and other things, but the most important thing is the mnemonic. I want to decrypt this mnemonic.

At this time, I want to guess your Metamask password, but it is very easy to guess this password.
Most people's passwords are nothing more than their own phone numbers or birthdays. I got it after a few tries. Of course, some people's passwords are very complex, but even if they are very complex, with letters, numbers and punctuation marks, it only takes a while for me to crack them by brute force. What's more, in fact, most people's passwords are not complex at all. Therefore, if someone copies the data folder in your computer, it is very dangerous.

The Metamask login password you set is almost useless. Of course, a very complex password is very helpful. After I finish talking about these two attack methods, I guess you thoroughly understand what the login password is and what the mnemonic is. Let me summarize the previous ? .

First, Ethereum account = private key. With the private key, you have everything, and all mnemonics and passwords (passwords) are useless.

Second, for the Metamask wallet level, mnemonics are everything. With mnemonics, all your accounts are leaked, and passwords (login passwords) are useless.

Third, if someone wants to steal your account, but does not have the private key or the mnemonic, but can copy the data in your computer, this data is encrypted, that is, encrypted with the wallet login password.

But this kind of encryption is very easy to be cracked by dictionary-based exhaustive methods.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!