After some discussion with community users that are not so tech savvy it became clear that we need to provide a way that will protect users that are new to crypto and that are not able to handle wallet backup easily.
I propose an additional step to the wallet on creation of a new wallet (it can also be on recovery)
When user creates a wallet they have an option to provide an email address the wallet will be encrypted with a password that the user will provide (this can also be the password used to unlock the wallet)
This will be a standard encryption (maybe RSA or ECD) the encrypted payload will be then encrypted again with a third party public key, there can be a few third parties to choose from selected in a drop down (or even we could encrypt to a few third parties).
Also the password will be encrypted with a third party public key as a separate payload.
The third party will effectively act like insurance, it can be either blockcores community members or one of the companies around blockcore ecosystem this could be a paid service, its important to note that the third party has not access to funds
There will be two payloads (assuming one third party insurer)
(optional also to include email for identity verification at the point of recovery)
This can be represented as a json payload or even a pdf file and sent to the
User can then recover the mnemonic just by using a recovery service by the third party (third party will decrypt the wallet payload and user can decrypt using the password)
If the user forgets their password that can also be recovered using the same third party recovery tools
As long as the third party does not have access to the encrypted wallet payload they have no access to the funds
Note: to strengthen the password encryption we could use a randomly generated private key to encrypt the wallet payload, so even the password encrypted wallet payload will never need to be shown to the third party.
Wallet payload stays private so even to brute force the users password will not compromise the wallet
The user password can be a weakness, if a weak password is used and the payloads are leaked attackers might be able to steal funds by brute forcing the password, this can be mitigated by requiring string passwords.
After some discussion with community users that are not so tech savvy it became clear that we need to provide a way that will protect users that are new to crypto and that are not able to handle wallet backup easily.
I propose an additional step to the wallet on creation of a new wallet (it can also be on recovery)
When user creates a wallet they have an option to provide an email address the wallet will be encrypted with a password that the user will provide (this can also be the password used to unlock the wallet) This will be a standard encryption (maybe RSA or ECD) the encrypted payload will be then encrypted again with a third party public key, there can be a few third parties to choose from selected in a drop down (or even we could encrypt to a few third parties). Also the password will be encrypted with a third party public key as a separate payload.
The third party will effectively act like insurance, it can be either blockcores community members or one of the companies around blockcore ecosystem this could be a paid service, its important to note that the third party has not access to funds
There will be two payloads (assuming one third party insurer) (optional also to include email for identity verification at the point of recovery)
This can be represented as a json payload or even a pdf file and sent to the
User can then recover the mnemonic just by using a recovery service by the third party (third party will decrypt the wallet payload and user can decrypt using the password) If the user forgets their password that can also be recovered using the same third party recovery tools
As long as the third party does not have access to the encrypted wallet payload they have no access to the funds
Note: to strengthen the password encryption we could use a randomly generated private key to encrypt the wallet payload, so even the password encrypted wallet payload will never need to be shown to the third party.
Wallet payload stays private so even to brute force the users password will not compromise the wallet The user password can be a weakness, if a weak password is used and the payloads are leaked attackers might be able to steal funds by brute forcing the password, this can be mitigated by requiring string passwords.