Open ligi opened 3 years ago
beside this and for more security, I prefer my key not to be stored in the app's files. I'm new the eth and crypto concurency but I'm used to public/privates keys as a user I would like to store my private key on a secured encrypted storage :
so as a user :
also if my phone crash and that I have to do a factory reset I MUST be able to restore the key, and for this I MUST be able to backup it.
I don't trust clouds that "OWN" my keys and provide me some series of words to restore the key (what if the server is hacked? what if the firm dies and no more access to the server? everything will be lost?) and I don't trust phone storage to be a good place to have the keys stored, it's easy as the user don't have to select a file and enter a password each time, but totaly unsafe.
accessing the storage is really easy and unless the phone is crypted, anyone can have access (and anyway even if the phone is crytped, the crypto isn't as strong as having the keys stored elsewhere, as long as the keys are stored within the volume, it's just a matter of time)
WallETH already supports "watch only" mode (private key not on the phone) - also supports TREZOR, KeyCard and KeepKey where the key is not on the phone. Also you are able to export keys that are on your phone - but in case it is protected by a pin/password you need that to do so. In this case a user wanted the encrypted key to brute force it off the phone. Not really see any action WallETH can take in the text you wrote.
also supports TREZOR, KeyCard and KeepKey where the key is not on the phone. <= I don't trust something :
Also you are able to export keys that are on your phone <= How? did not found
actions WallEth can do :
by "secure wipe" I means : overwrite the whole memory used with random data
you see an export key button when editing the account
I created a password protected key using wallEth, let wallEth without use for 1 night, opened wallEth when you said I can export
and? where is my account created????
on main screen, I've a copy icon, a (i) icon, a photo icon..... (i) leads to a text, copy copy the ethereum id nothing in preference nothing in security/Privacy.....
The account you created should be in the list of accounts. I cannot reproduce the problem you have. Did you really finish the account creation?
yes, I did even be able to export the eth id...
And you did not delete the account? Can you repoduce it? What version are you using? First time I hear about such a problem
seems that the issue is with the "first time creation" at startup if I go into account->(+) then I create an account with same behavior (password protected), now the account is listed... by the way, I don't know if eth permit it, but I think you should also provide "keyfiles" selection for passwords, like veracrypt, this improve greatly the security, and as well some ghosting...
keyfiles increase security because
ghosting is also mandatory for security because if someone point a gun on a member of your familly, asking to unlock the eth account, you must have a way to show him a fake account or another account that have few eth on it so that he can steal them (even if there is some kind of tracking with blockchains, nothing prevent some one patient to steal 2000Eth, wait years and use them years later when prescription occured.... ) ghosting allow to unlock a crypted data with an alternate key that show the "non sensitive datas" in this case an account that have a balance that don't worth it...
A user forgot his pin and he wants to brute-force it. When not having a rooted phone you cannot access the encrypted key. We should have such an option for it - maybe a bit hidden so normal users are not confused by it - just for support cases.