novasamatech / parity-signer

Air-gapped crypto wallet.
https://vault.novasama.io
GNU General Public License v3.0
559 stars 168 forks source link

Authentication System Failure error #1370

Closed keeganquigley closed 2 years ago

keeganquigley commented 2 years ago

A user has reported experiencing an "Authentication System Failure" error on following device:

Cellphone: Samsung S8 – SM-G950F Android 9

Airplane mode security mode encription Bluetooth, NFC disabled Parity Signer (Public Beta): v5.0.1

Attempted solutions: Close/re-open app Reboot phone Change PIN Factory Reset

Here is a reference to the error. Does anyone know of any compatibility issues or what could be causing this?

gsanjaime commented 2 years ago

Today have tried with 3 different android devices and the result the same Did you test the app on android devices? I am very frustrated, I don't find documentation, I don't get support. It seem thay the project no have interest

Dmitry-Borodin commented 2 years ago

Is screen lock enabled on this device? (pin/fingerprint et.c.) Adding proper explanation that screen lock is required is planned soon as app onboarding flow.

gsanjaime commented 2 years ago

Yes I have screen lock with password

keeganquigley commented 2 years ago

@gsanjaime Is it possible that you originally had a fingerprint set and then changed to a PIN or something similar? The error states that the BIOMETRIC_STATUS is unknown.

gsanjaime commented 2 years ago

ohh with fingerprint works!!!

keeganquigley commented 2 years ago

@gsanjaime Great! Thanks for letting us know. If you originally set the authentication with a fingerprint than it would make sense that you need it to unlock it. Thanks @gsanjaime I will let you close the issue.

gsanjaime commented 2 years ago

I would like to work only with PIN. Is there any way to avoid fingerprint?

gsanjaime commented 2 years ago

No, I never used fingerpint.

De: Keegan | W3F @.> Enviado el: miércoles, 19 de octubre de 2022 16:50 Para: paritytech/parity-signer @.> CC: gsanjaime @.>; Mention @.> Asunto: Re: [paritytech/parity-signer] Authentication System Failure error (Issue #1370)

@gsanjaimehttps://github.com/gsanjaime Great! Thanks for letting us know. If you originally set the authentication with a fingerprint than it would make sense that you need it to unlock it.

— Reply to this email directly, view it on GitHubhttps://github.com/paritytech/parity-signer/issues/1370#issuecomment-1284139403, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANYYC3UGHQD4WBF7AROWMT3WEAC73ANCNFSM6AAAAAARIIXFIE. You are receiving this because you were mentioned.Message ID: @.**@.>>

gsanjaime commented 2 years ago

updating the metadata for each chain is a tedious task. For each chain I need about 10 minutes. Is there another way to make it faster?

Tbaut commented 2 years ago

Use a more recent device. It's less than a minute on a pixel 3a. It's the cost of security unfortunately. I'm also using a 5+ year old device and it's tedious indeed.

You can follow this issue regarding possible solutions https://github.com/paritytech/parity-signer/issues/1048

gsanjaime commented 2 years ago

Thanks Tbaut

Parity signer is intended only for Polkadot.js? or in the future will it also be integrated into other wallets? (Keplr, safepal, etc...)

Tbaut commented 2 years ago

I think we're diverging a lot from the original issue here, I'll answer but please ask any other question in a dedicated issue or on Element. Also note that I'm a contributor, not part of Parity any more. Parity Signer supports Polkadot, Kusama and any substrate related chains, some of them very close to Ethereum (EVM based). It does not support any other ecosystem like Cosmos, Solana etc..

Any Polkadot related wallet can support Parity Signer. It's the case of Polkadot.js extension, Subwallet, Polkadot.js plus, and hopefully soon Talisman (they are not open source as of now unfortunately).

Originalimoc commented 2 years ago

It should not simply call the fingerprint/biometric sensor to do authentication IMHO. Call the Android Keystore to get the ENCRYPTED SEED stored in /data/data which to be decrypted by a key(generated or manually set) stored in TEE then load into memory only for that session instead. This way even though device /data/data is leaked/accessed by another app/backed up by whatever brand Android cloud service, the seed is safe. Same apply to iOS.