Open f0i opened 3 days ago
nirvana369
commented
2 days ago When I implement I think, using internal random keypair function in library is always optional, just want to make library low level. I will update & refactor this library but I recommend you to use external PRNG library and use tweetnacl/ed25519 (for best performance compared to this library). Thanks for your feedback.
f0i
commented
2 days ago I understand, and it's great to have this libraries as an option. Thanks for implementing and sharing them.
Using the keys inside a canister is not 100% safe anyway, because the node provider could extract them from memory. Time.now() has the additional problem that it is shared across all canisters within a subnet (afaik) and only updated every consensus round. So it is publicly accessible information.
For development I will use it as is anyway, just have to remember to change it before deploying to production :crossed_fingers:
imsk17
commented
2 days ago Hi @nirvana369, Let me know if you want me to transfer the mops package to you. Thanks.
nirvana369
commented
1 day ago I understand, and it's great to have this libraries as an option. Thanks for implementing and sharing them.
Using the keys inside a canister is not 100% safe anyway, because the node provider could extract them from memory. Time.now() has the additional problem that it is shared across all canisters within a subnet (afaik) and only updated every consensus round. So it is publicly accessible information.
For development I will use it as is anyway, just have to remember to change it before deploying to production 🤞
Regarding the issue of nodes being able to extract data from memory, I think it is possible to use symetric encryption (tweetnacl/box), to generate key pairs stored in other canisters and use it to encrypt the signature keypair before storing it on the canister. Is it possible?
nirvana369
commented
1 day ago Hi @nirvana369, Let me know if you want me to transfer the mops package to you. Thanks.
Thanks for supporting the mops publishing, I will need some time to refactor this library, it is currently not optimized and has not been updated compared to the original (js implementation). If you want to use ed25519 I recommend you to try the tweetnacl library.
f0i
commented
1 day ago generate key pairs stored in other canisters and use it to encrypt the signature keypair before storing it on the canister. Is it possible?
It is possible, but might not help much regarding security.
Dfinity was working on implementing TEE-based (Trusted Execution Environment) security for nodes since the beginning, but last time I checked it was not activated. Btw. in this context TEEs would also not provide full protection against highly capable attackers.
The most secure options right now are threshold signatures, VETkeys (VETkeys is still in development as well) or keeping the keys off chain on the clients: https://internetcomputer.org/docs/current/references/t-sigs-how-it-works/
https://internetcomputer.org/docs/current/references/samples/motoko/encrypted-notes-dapp/
The randomPrivateKey() uses Time.now() as a seed which does not provide strong cryptographic randomness. This should probably be reflected in the docs, to avoid security issues.
(CC: @imsk17 who published on mops)