einsteinx2
commented
7 years ago I think 1Password is a great start to model a solution off of, but we'll need to have our code evaluated by a third party before we implement any send functionality.
Open einsteinx2 opened 7 years ago
einsteinx2
commented
7 years ago I think 1Password is a great start to model a solution off of, but we'll need to have our code evaluated by a third party before we implement any send functionality.
einsteinx2
commented
7 years ago In fact the more I read up on this, I think we should hire a crypto expert to assist us with the implementation, rather than just getting it verified after the fact. It's too easy to mess up crypto, and this security is vital.
ricburton
commented
7 years ago Agreed. I'll reach out to my friend at 1Password.
On Sep 14, 2017, 19:30 +0100, Ben Baron notifications@github.com, wrote:
In fact the more I read up on this, I think we should hire a crypto expert to assist us with the implementation, rather than just getting it verified after the fact. It's too easy to mess up crypto, and this security is vital. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
einsteinx2
commented
7 years ago As discussed, bumping this to 1.1. We'll release 1.0 without account syncing.
einsteinx2
commented
6 years ago Here's another great example: https://panic.com/sync/
It seems like they are doing exactly what I proposed: 256-bit AES encrypting using a user chosen passphrase so they cannot view your data, then sync with their server using SSL. They had their code audited as well. I'm going to put something together using this type of system then let's get it audited.
einsteinx2
commented
6 years ago Jin is almost done with the original implementation, but now that we're changing things a bit we're back to the drawing board now figuring out the necessary changes.
Currently we use the macOS/iOS Keychain. On iOS this is quite secure on non-jailbroken devices because everything is sandboxed and there is no terminal. However, on macOS, if the computer is unlocked, it's possible to grab the user keychain without entering a password using a built in command line tool (huge FAIL on Apple's side there IMO).
We also need this to allow for secure credential syncing, as we can sync the encrypted vault which can only be unlocked by the user when they sign into the client app.
As we move to include send and conversion functionality as well as native wallet support, this is absolutely essential. Also it's great for exchanges like Poloniex, GDAX, and Bitfinex which use one time generated, never expiring keys (they spend all this effort making you sign all API requests, etc, but then do no key rotation...), so this is something we would like to have for 1.0.
I will investigate options and update this issue.