Jump to content
Sign in to follow this  
macropolo

Ripple's Xpring Holy Trinity

Recommended Posts

I wrote an article about some cool new authentication and key management programs that are integrating XRP support.  One of these in particular seems like it could have big implications for the ease of use of crpytocurrency wallets for less technically inclined members of the public.  

 

https://coil.com/p/macropolo/Ripple-s-Xpring-Holy-Trinity/ydJsQU0V-

Share this post


Link to post
Share on other sites
4 hours ago, macropolo said:

I wrote an article about some cool new authentication and key management programs that are integrating XRP support.  One of these in particular seems like it could have big implications for the ease of use of crpytocurrency wallets for less technically inclined members of the public.  

 

https://coil.com/p/macropolo/Ripple-s-Xpring-Holy-Trinity/ydJsQU0V-

Great points. However, divulging identity info in such a fashion isn't worth the ease of accessibility (for those who are aware). 

Solid progress nonetheless

Share this post


Link to post
Share on other sites
36 minutes ago, XRPboi said:

Great points. However, divulging identity info in such a fashion isn't worth the ease of accessibility (for those who are aware). 

Solid progress nonetheless

Why do you feel like it's not worth the ease of accessibility?

Share this post


Link to post
Share on other sites

I have got as far as putting a bit of crypto on a nano, the rest is still in Etoro which is easy and I think is reasonably safe for the moment.  I really do not get along with the Nano yet and do not fully trust myself to keep it and its passwords safe.  I would not want my fortune to be on a nano with my security phrase written on bits of paper around the house.  So I am typical of one of these tech-o-phobes.  I am better at these things than most of my friends but I am feeling very insecure because in the end I do not trust Etoro or my Nano.  I do not trust the banks either.

I can see myself having a double system where the majority of my XRP is put somewhere really, really safe, and difficult to access and withdraw from with out some sort of long security checked procedure.  Then having a few thousand on a less safe system from daily usage

Custody, access and security really is a big issue that has to be addressed soon.

Share this post


Link to post
Share on other sites
5 hours ago, zerpdigger said:

genuinely useful and well written article - thanks 

Thank you!

3 hours ago, Julian_Williams said:

I have got as far as putting a bit of crypto on a nano, the rest is still in Etoro which is easy and I think is reasonably safe for the moment.  I really do not get along with the Nano yet and do not fully trust myself to keep it and its passwords safe.  I would not want my fortune to be on a nano with my security phrase written on bits of paper around the house.  So I am typical of one of these tech-o-phobes.  I am better at these things than most of my friends but I am feeling very insecure because in the end I do not trust Etoro or my Nano.  I do not trust the banks either.

I can see myself having a double system where the majority of my XRP is put somewhere really, really safe, and difficult to access and withdraw from with out some sort of long security checked procedure.  Then having a few thousand on a less safe system from daily usage

Custody, access and security really is a big issue that has to be addressed soon.

I agree, it's a huge issue.  I've done test restores of my seed-words a few times just to make sure that I haven't messed up the whole process of writing the code-words down and storing them safely.  And I just can't imagine my mom or my dad taking the time to figure out how to use a hardware wallet.  But they all use the biometrics on their iphones just fine, so I think something like Keyless could be a huge boon for the cryptospace.

Share this post


Link to post
Share on other sites

I have a bit of an issue with using biometrics for creating secrets. IMHO a biometric is per definition not secret and therefor cannot lead to a secret. You offer your biometric to a terminal to measure it and the terminal will compare with a biometric template which is bound to your identity. Meaning the terminal already has all the data it needs to reproduce that same biometric. And if one terminal can measure it, any terminal can measure it, so if my biometric produces a secret, any terminal can now also produce the secret. To cut short, biometrics are good for identification, but not for authentication.

So why does it work on your mobile (fingerprint or facial recognition). In basics it still is used as identification, but the extra security what makes up for the authentication is the measurement of 'liveness' of the scanned biometric, and in that there is also no secret involved. You trust you own mobile device (something you have) and therefor trust its 'liveness' features and therefor to hold some or determine some of your value. But you cannot trust an unknown remote terminal.

Share this post


Link to post
Share on other sites
27 minutes ago, jn_r said:

al will compare with a biometric template which is bound to your identity. Meaning the terminal already has all the data it needs to reproduce that same biometric. And if one terminal can measure it, any terminal can measure it, so if my biometric produces a secret, any terminal can now also produce the secret. To cut short, biometrics are good for identification, but not for authentication.

So why does it work on your mobile (fingerprint or facial recognition

That is one of the big risks with this kind of tech.  And people need to be careful which manufacturers they trust with biometric scans.  It should be fine so long as the scanners are not storing the plain capture of your fingerprint in a readable form.  Apple stores the fingerprint data locally and encrypts it with their secure enclave.  I'm not certain specifically how Keyless is going to handle authentication over the internet as I only saw those brief slides about how the tech works, but I would be very surprised if Ripple was granting Xpring funds to a company that wasn't using secure encryption algorithms to authenticate biometric data.

Edited by macropolo

Share this post


Link to post
Share on other sites
13 minutes ago, macropolo said:

That is one of the big risks with this kind of tech.  And people need to be careful which manufacturers they trust with biometric scans.  It should be fine so long as they are not storing the plain capture of your fingerprint in a readable form.  Apple stores the fingerprint data locally and encrypts it with their secure enclave.  I'm not certain specifically how Keyless is going to handle authentication over the internet as I only saw those brief slides about how the tech works, but I would be very surprised if Ripple was granting Xpring funds to a company that wasn't using secure encryption algorithms to authenticate biometric data.

I'm curious to know their exact solution. Apparently they do something with MPC (Multi Parti Computation) where parts of the biometrics are stored encrypted over different nodes. By means of MPC the match can be proven without any node sharing its part, but only the computation on that part. So that is all nice, but still, the weak point IMO is the point where the biometrics is measured. Take e.g. a fingerprint, that is very hard to keep secret. You leave it literally everywhere behind. So it is really important to know how the liveness of the measured biometric can be assured

ed. I found the paper :-) I'll give it a read

Edited by jn_r

Share this post


Link to post
Share on other sites
1 minute ago, jn_r said:

I'm curious to know their exact solution. Apparently they do something with MPC (Multi Parti Computation) where parts of the biometrics are stored encrypted over different nodes. By means of MPC the match can be proven without any node sharing its part, but only the computation on that part. So that is all nice, but still, the weak point IMO is the point where the biometrics is measured. Take e.g. a fingerprint, that is very hard to keep secret. You leave it literally everywhere behind. So it is really important to know how the liveness of the measured biometric can be assured

They seem to suggest that their neural-net is an improvement over existing authentication mechanisms that use biometrics, but until we see a finished product that can be tested it's hard to say if that claim is true.  I've read about a few proof of concept attacks where testers took a users biometrics and tricked Apple's touchid into unlocking phones, but I'm not aware of any specific real-world attacks that have been successfully carried out against actual users.  There's also a risk of a false unlock with faceid, though it is very rare.  My hope is that as the tech gets better these kinds of attacks will become harder and harder.  I do think we're at the point now where it's simply easier to coerce someone into giving up funds instead of tricking a fingerprint reader. 

There is a risk with mainstream crypto adoption that people could walk around collecting beer bottles and trying to capture fingerprints and steal identities and authentication, but we're nowhere close to the level of adoption where that scenario is a risk, and by the time we have such widespread crypto adoption I suspect the tech will have improved to the point where that would no longer be viable.

Share this post


Link to post
Share on other sites
On 11/9/2019 at 2:02 PM, Julian_Williams said:

I have got as far as putting a bit of crypto on a nano, the rest is still in Etoro which is easy and I think is reasonably safe for the moment.  I really do not get along with the Nano yet and do not fully trust myself to keep it and its passwords safe.  I would not want my fortune to be on a nano with my security phrase written on bits of paper around the house.  So I am typical of one of these tech-o-phobes.  I am better at these things than most of my friends but I am feeling very insecure because in the end I do not trust Etoro or my Nano.  I do not trust the banks either.

I can see myself having a double system where the majority of my XRP is put somewhere really, really safe, and difficult to access and withdraw from with out some sort of long security checked procedure.  Then having a few thousand on a less safe system from daily usage

Custody, access and security really is a big issue that has to be addressed soon.

I don’t really post too often on this great forum , but saw this thread plus your message and had to reply, so have a look at this user friendly device .

Myself was in the same position as you with all my crypto on eToro , most of my XRP on there EToro wallet (they have the private keys so you don’t actually own your crypto) and some on the actual platform I trade unsuccessfully 😔 with till this week. I actually bought a nano back in March when they had a offer on but personally looked a bit fiddly to set up , and like yourself just could trust myself , so still in it’s sealed box. Not promoting anything but I bought this device below , it’s the easiest thing to date too safety store all your crypto . Myself like you a tech-o-phobes but again so easy too set up. It’s safe too use as it’s not connected too the internet no hackers , it uses QR codes , so you snap shot each transfer to the device via your phone. You don’t have too worry about bits of paper with security phrases as a promo they have a fireproof mnemonic case too secure your 12 word password into. You must have this , as god forbid you had a fire you will Loose everything. To transfer your crypto you must have your phone and this device for it to work, if someone stole this they would need your phone . Even if they had both they would still need your password on your phone to unlock and password on the device to transfer your crypto.

Honestly this is the best purchase this year and finally got peace of mind that I actually own my crypto . Still got some on EToro as personally they are one of the safest but 80% is now on the cold wallet ELLIPAL Titan. It’s has hot wallet function on your phone , (hot wallet app is orange cold wallet app is blue ) so you could transfer a few thousand from your safely stored at home Ellipal Titan cold wallet too your hot wallet Ellipal app on your mobile. Then use for daily Private usage to actually spend use on exchanges via QR codes , send funds too friends and family or anyone logged in your hot wallet contacts . Hopefully you would never actually need too sell your crypto which will happen in the near future 🙄  

Love for Crypto , Scott recommended this and was hooked.

And used Crypto Dad for help setting it up..

 

  https://www.ellipal.com

 

 

Edited by dachxrpshund

Share this post


Link to post
Share on other sites
18 hours ago, Julian_Williams said:

I have got as far as putting a bit of crypto on a nano, the rest is still in Etoro which is easy and I think is reasonably safe for the moment.  I really do not get along with the Nano yet and do not fully trust myself to keep it and its passwords safe.  I would not want my fortune to be on a nano with my security phrase written on bits of paper around the house.  So I am typical of one of these tech-o-phobes.  I am better at these things than most of my friends but I am feeling very insecure because in the end I do not trust Etoro or my Nano.  I do not trust the banks either.

I can see myself having a double system where the majority of my XRP is put somewhere really, really safe, and difficult to access and withdraw from with out some sort of long security checked procedure.  Then having a few thousand on a less safe system from daily usage

Custody, access and security really is a big issue that has to be addressed soon.

Etoro is probably the safest option for crypto in terms of internet based options. Crypto exchanges are the Wild West while Etoro is a recognised and regulated company. While they don't guarantee your crypto I suspect they'd cough up if there was a big problem because it would be too damaging for their reputation.

Edited by MrSensible

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...