enej Posted August 4, 2016 Share Posted August 4, 2016 (edited) 1 hour ago, T8493 said: But (currently) you don't store them permanently (in unhashed form). That's a difference. Should we decide to start storing them (recovery keys) our TOS would reflect that and our users would be notified in advance. We are actually thinking of offering a "backup" service for a simple reason that most people will loose their recovery keys and passwords. While that might work in "crypto world", everyday users want to be reassured we have a way of restoring their funds no matter what. It's quite a challenge to achieve both convenience and security though. 1 hour ago, T8493 said: So you have (at least temporary) access to plaintext passwords and you still can't decrypt secret keys? So how does the browser decrypt secret keys? Browser can decrypt secret keys when you enter the password for the second time (on send payment modal for example). Until you do, neither our server nor your browser can decrypt secret keys. If you want to be absolutely secure, you have to use cold storage. There is simply no better way. P.s.: Having said that, I use GateHub Wallet with my personal ripple accounts everyday and can sleep at night just fine... Edited August 4, 2016 by enej typo kanaas and T8493 2 Link to comment Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!Register a new account
Already have an account? Sign in here.Sign In Now