Jump to content
TiffanyHayden

Working on a new hardware wallet for XRP

Recommended Posts

13 minutes ago, Tinyaccount said:

I reread that thread but didn't see anywhere where someone points out a hole in the secure chip concept.  I believe the key is secure even online in an infected PC.  An institution I used to work at had a similar device for encryption keys but it was way bigger and orders of magnitude dearer...  (was years ago...) still did the same thing though, and was supposedly invulnerable to any hostile access of the key.  The damn thing was as user friendly as a cornered rat, and ever willing to commit sepuku if it felt it was being violated....  always walking on thin ice when using it.

  As ever...   happy to be proven wrong.

We had this discussion 2 months ago :)

It is the internet connection which makes it problematic.

 

Share this post


Link to post
Share on other sites
Guest
2 minutes ago, teddybear said:

We had this discussion 2 months ago :)

 

:) .   Yeah my wife complains about that too....   :) .    Hmmm...  Ok, sorry....  I will reread and look a bit closer and see if I should change my position on this.    (Currently it's horizontal just about to go lights out....)

Share this post


Link to post
Share on other sites
6 hours ago, teddybear said:

 I'm by no means an expert and you know more than I ever will.

But, as long as the secret key is exposed to any device connected to the internet, no matter the level of encryption, it's NOT safe.

I trust my gut instincts.

There is possibly no way to keep a private key 100% secure. For seed words, use a computer never connected to the Internet, use new USB keys that will never be plugged into any other computer. Even then the seed phrase can wind out in the file memory cache on the SSD or HD, so turn memory swapping off!

The next level up is to install a Linux distro designed with privacy, security in mind.

The hardware key is designed to be secure over a compromised computer. The private key is supposed to never leave the device. Slight oversight, Trezor is using non-secure chips...

Even the uninitiated can read how Trezor can be hacked with a paperclip once someone gets a hold of the device.

I tend to monitor new technology and wait for a couple of generations to pass to allow technology to mature.

The prudent overall approach may be to diversify across exchanges, various hardware wallets, etc.

 

Share this post


Link to post
Share on other sites

People who contribute in this topic tend to disregard the following:

Assume that p denotes the probability of your secret key getting compromised in e.g. one year on one device. You can implement different measures which can lower this probability p, but it becomes more in more expensive (in terms of computer equipment, time, skills, etc.) to lower it more and more.

If you don't use multisign, then the probability of your account getting compromised is also p.

But assume that we use 2-of-3 multisign instead. The probability of your account getting compromised becomes O(p^2) instead of p. We can drastically lower the probability of account getting compromised by leaving the value of p quite large (we don't need to implement expensive security measures) and using different secret keys stored on independent devices.

 

Numerical example:

Assume p = 0.01 (probability of compromise in one year is 1%)

If you don't use multisign, then the probability of your account getting compromised is 0.01

If you use 2-of-3 multisign, then the probability of your account getting compromised is only 0.000298 (around 33x less - I used Wolfram Mathematica, but you can derive it "by hand" as an exercise). 

 

Main takeaway: multisign can be much cheaper than other security measures

 

 

 

Share this post


Link to post
Share on other sites
1 hour ago, T8493 said:

People who contribute in this topic tend to disregard the following:

Assume that p denotes the probability of your secret key getting compromised in e.g. one year on one device. You can implement different measures which can lower this probability p, but it becomes more in more expensive (in terms of computer equipment, time, skills, etc.) to lower it more and more.

If you don't use multisign, then the probability of your account getting compromised is also p.

But assume that we use 2-of-3 multisign instead. The probability of your account getting compromised becomes O(p^2) instead of p. We can drastically lower the probability of account getting compromised by leaving the value of p quite large (we don't need to implement expensive security measures) and using different secret keys stored on independent devices.

 

Numerical example:

Assume p = 0.01 (probability of compromise in one year is 1%)

If you don't use multisign, then the probability of your account getting compromised is 0.01

If you use 2-of-3 multisign, then the probability of your account getting compromised is only 0.000298 (around 33x less - I used Wolfram Mathematica, but you can derive it "by hand" as an exercise). 

 

Main takeaway: multisign can be much cheaper than other security measures

 

 

 

You are correct, re multisign. Sadly, no wallet support yet (except for BitGo, but they aren’t available yet).

But don’t discount this hardware wallet yet. Especially if it could do multi-sign!

Share this post


Link to post
Share on other sites
1 hour ago, T8493 said:

multisign can be much cheaper than other security measures

Multisig requires two people being co-located? Possibly multisig from different devices?

 

Share this post


Link to post
Share on other sites
5 minutes ago, 7Sol said:

Multisig requires two people being co-located?

No.

5 minutes ago, 7Sol said:

Possibly multisig from different devices?

Sure, this is actually a preferred method.

Share this post


Link to post
Share on other sites
16 hours ago, AdamM said:

I just had a look at this and  unless I missed something, this isn't a hardware wallet... it's an online platform accessible via browser / mobile.   Not so keen on this requiring a 3rd party site, same as an exchange but with better security I'm guessing.

It also includes additional fees on transactions which is another no thanks for mine.

I use the nano and will keep using it until they release a new model with more support. 

 

I am all for my nano as well, but deH rEdditZ n deH int3erw3bs claim that it is going to be better....only time will tell.

Share this post


Link to post
Share on other sites
1 hour ago, T8493 said:

But assume that we use 2-of-3 multisign instead. The probability of your account getting compromised becomes O(p^2) instead of p. We can drastically lower the probability of account getting compromised by leaving the value of p quite large (we don't need to implement expensive security measures) and using different secret keys stored on independent devices.

There was a guide on steemit from a guy on how to build your multi-sig hardware wallet.

BTW an hardware wallet supporting multi-sig would be neat, but you have to buy 2 of them :)

Share this post


Link to post
Share on other sites
13 minutes ago, tulo said:

BTW an hardware wallet supporting multi-sig would be neat, but you have to buy 2 of them :)

No, one of the signers can use software solution (there's no need for specialized hardware). Or he/she can even use an online service.

EDIT: you would need a special service that could orchestrate requests for signing, signatures, submissions, etc anyway. This could be an online service (I worked on such service in the past) and this service could also contribute one of the signatures.

Share this post


Link to post
Share on other sites
2 minutes ago, T8493 said:

No, one of the signers can use software solution (there's no need for specialized hardware). Or he/she can even use an online service.

Of course, but that requires other software development, because you need to make things easy for the users, not everybody is a techie.
BTW in case of multi-sig, is there a (simple) way for the other owners to know that a transaction was submitted by one of the accounts?

BTW unless a different recovery system is used (as the 24 words for ledger nano), then I think the hardware wallet is pretty useless or no real advantage over a paper wallet.

Share this post


Link to post
Share on other sites
18 minutes ago, tulo said:

Of course, but that requires other software development, because you need to make things easy for the users, not everybody is a techie.
BTW in case of multi-sig, is there a (simple) way for the other owners to know that a transaction was submitted by one of the accounts?

1

AFAIK no. You need special orchestration service (and wallets that support this service).

(my answer applies to transactions that are signed by only e.g. one signer, but there needs to be more than one signer).

 

Quote

BTW unless a different recovery system is used (as the 24 words for ledger nano), then I think the hardware wallet is pretty useless or no real advantage over a paper wallet.

Hardware wallet has one advantage: it is actually a working "offline" computer and you don't need to buy a separate computer just to sign transactions using a paper wallet.

Share this post


Link to post
Share on other sites
Guest

Hi Tiff, @TiffanyHayden

Hope you are not wasting your time.

If Ripple does not have the following, then a project like this, has the potential to surpass the achievements of the BitGo wallet project. You will need the following:

  1. a product definition document that defines for the objectives, the target user community and feature functionality scope, and timeframes for feature functionality sets.
  2. a DETAILED feature requirements specification
  3. ... more could be said ...

i do do not expect that Ripple has the ability to write such a document.

Good luck... humans will need a real wallet for the public Ripple Network.

:-)

 

Share this post


Link to post
Share on other sites

I'd like to see an Open Source secret storage implementation for JavaCard, so it is possible to load a hardware wallet software on any JavaCard compatible smart card instead of having to rely on custom hardware in relatively limited capacity and often being the first design of its kind.

The far more critical part is the wallet software anyways, not so much the hardware part.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...