This title may confuse some of you so let me explain, this idea comes from this issue on gitlab : https://gitlab.syncad.com/hive/hive/-/issues/49
to quote @blocktrades:
IIRC, Bitshares was looking into adding "custom keys": keys which allowed for a given subset of operations to be signed. If it's not too intensive, this could be a useful feature for Hive as well. For example, a user could create a key that could only be used for voting, but not for posting, preventing potential identity theft when providing a voting key to another user or service.
Maybe someone from BitShares can chime in on if this was implemented, and if so, how easily/usefully it might be implemented for Hive.
So my problem with this idea is that being able to create any number of keys for x/y operation quickly becomes annoying to manage them all, and it could be compromised more easily. plus it means that dapps will have to manage keys as well (and there is always a risk of a hack where we all find out that those keys were stored in plain text and not encrypted).
But I do think there is a use case, I shouldn't need to give my complete posting key to a service that will just vote, to me it looks a lot like the add authority operation, if you are not aware it's an operation on hive that allows you to "authorize" a certain account on hive to do some actions on your behalf (posting/voting/whatever) without you having to give out your actual private key. It is used on multiple dapps like https://downvotecontrol.com or https://hive.vote/ This is great for dapps who don't want to manage multiple user keys, but it has the drawback of needing the active key to authorize the app in the first place.
And it's always a bit awkward to take the risk of using your active key on a website just to give them posting authority, nowadays we got great tools like keychain or hivesigner, which mitigate that risk, but those could always get compromised and it would be much better to not have to use an active key at all.
So my suggestion is simple, what if we change the key requirements from active to whatever is the op that has the highest requirements in those you want to authorize.
let's say bob wants to give voting, posting authority to alice, all of those op require a posting key, so to authorize he will just need a posting key.
Now let's say bob wants to give voting and transferring authority to eve, voting requires posting, transferring requires active so granting the authorization will require the active key.
You get the idea.
I think this would be a nice improvement to the UX and security to the blockchain where we will see less raw keys going around to servers that may be unsecured and more authorities that can easily be revoked.
What do yall think ?
its a good idea if you going to do all that do it so you can create a personal key i.e password.
this way it helps people use it to. and maybe if a front end can figure out how to store the main keys securely can make onboarding easily. and remove the need for keychain signers etc completely
Excellent - why this has not been done before / even more protection will not hurt us!
I like the flexibility of it. Seems like a good idea to me.
What happened to steempress ? Is it now brought on hive blockchain ?
Fully working with hive for about 2 months now, we are in the process of rebranding :)
So its coming, some one was asking. Any ETA ?
we decided to go for a broad rebrand and decided to redesign our entire identity, and while we were at it are completely upgrading the dashboard, which takes much more time than just a redesign.
It's hard to give a date, I will say however that we made great progress and are close to the end
A great idea and thus the key usage gets simplified and thus makes it super easy for everyone to use their key carefully.
Anything that contributes to making our accounts more secure is welcome. It is up to us to be cautious
Good
good
Todo lo que sea bueno que sea de provecho y sea de beneficio para los que participamos, pues bienvenido sea.
Don't we already have all of those different types of private and public keys?
Seems like a very small problem. Giving a posting key is not terrible from a security standpoint but is terrible from a UX point of view.
Doesn't matter if it is posting or active, the UX is terrible. The best solution is clearly to increase keychain adoption in dapps, or to stop using those that don't.
I agree with you. Having your posting or active key compromised is not a big deal (except for active key if you have a lot of HIVE tokens or HBD in your account) as long as your owner key and master password remain safe.
My only problem is having to enter the corresponding private key (posting key or active key) because I am using the Tor browser that strongly recommends not to install any extension or disabling private browsing, so I can't use HiveSigner (or equivalent) or save my private keys directly on the browser (unless I go against the recommendations and install/store anyway).
Having your active key compromised is actually terrible news, as soon as your transfer hive to your account, it could get stolen.
And if your owner key gets compromised, they can change all they keys and steal your account, it's the owner key that you need to protect most.
And even your posting key being compromised is an issue, how do you feel if your account was used to spam thousands of posts with malware/porn/whatever everywhere that can't be deleted ? At this point you might as well create another account.
"My only problem is having to put the corresponding private key (posting key or active key) again and again" Well at some point we do need to authenticate you one way or another.
Thank you for correcting my post. I have edited my post to get my point across without the incorrect details.
nice
I like that you named the guy Bob
Congratulations @howo! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :
You can view your badges on your board And compare to others on the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOP
Support the HiveBuzz project. Vote for our proposal!
I'm suspicious, Bob is always granting voting to women.
Congratulations @howo! You received a personal badge!
You can view your badges on your board And compare to others on the Ranking
Do not miss the last post from @hivebuzz:
Support the HiveBuzz project. Vote for our proposal!