Security

in LeoFinance3 years ago

financialsecurity.jpg

This one variable is the single most important aspect of crypto by quite a wide margin. In the digital world, our security is our health. If we don't have our heath, we don't have anything.

We see this proven time and time again.

Rugpull after rugpull, or in the most recent case terra/luna systemic failure, we see that if assets aren't secure, they can drop to zero or be stolen (also zeroed) in an instant. Now, that's not a very good way to do business, is it?

If we are running around telling every one to be their own bank, we ought to give them lots of ways to protect themselves. No one in their right mind would ever put their life savings into bitcoin on a hot-wallet stored on their phone. Except people do this all the time and we hear stories of people losing everything, all the time.

This issue is two fold.

On the one side we want crypto to be secure enough so that anyone could put their life savings into it and feel like they made a smart decision, not a dumb one. As I've been reminding everyone for months now, this is an infrastructure issue. The infrastructure just doesn't exist yet, but it's getting built slowly and surely.

hiveio.png

Hive is ahead of the game.

When I was talking to Matt this issue unsurprisingly came up. We talked about how easy it is to buy Hive, not because we can trust the stability of the fair-market value to be stable, but because we know it's never going to get stolen.

Account recovery on Hive is a big deal.

It took me a couple years complaining about it to even realize how it actually worked.

https://peakd.com/palnet/@edicted/possible-account-recovery-improvements

Look at this garbage post.

Wow, that post is absolute trash.

The first thing I thought of involves the prerequisites for account recovery. Steem is an open network. Anyone can recover an account. Why then would the standard recovery procedure be the transference of the master key to the recovery account? This needlessly puts the account to be recovered in further danger.

The "master key"?

Wow this was January 2020, and I still had no idea that the master key doesn't even exist on the blockchain. Took me over two years of being heavily entrenched in this community and researching crypto every day... and I'm still learning new things that surprise me.

To be clear, Hive has 4 keys:

  • owner
  • active
  • posting
  • memo

For anyone wondering what the master key does, this is an OFF-CHAIN tool that simply generates the other four keys using a centralized seed password (much like the 12 words you write down for EVM solutions like Metamask). The cool thing about the master key is that the password can be anything. Most people don't realize this because they use a frontend like peakd to generate the master key. A frontend will use the same gibberish passwords as all the rest of cryptography (again, for security).

image.png

On a technical level, the master password could be "dog" or any other completely unsecure password, and then it would generate the other 4 super secure crypto passwords from it. I've also seen solutions that are backwards compatible with EVM. Meaning that you could change your keys to one that matched the same seed phrase as your metamask wallet. Again, it's small things like this that are very convenient & modular on a developer level that we aren't even using to the full potential.

Another very nice thing about the master password is that it is combined with the Hive username for extra security. Meaning if one person was dumb enough to use the master password of "dog" for their account, the keys generated would be completely different than another person that used "dog" as the master key on another account.

This is really good for security because it means that a hacker has to target an individual account with brute-force attacks. They can't brute force the master password "dog" and then check to see if any account on Hive used that password. They have to calculate each individual account account on Hive to verify if any of them used that particular one.

This makes brute-force attacks on Hive exponentially more difficult, even if some people are using a less-secure password to generate their keys. The advantage is having the default security be super secure passwords, so that targeting people who don't have them is much more difficult (if not impossible) because it's impossible to know who used a secure password and who didn't.

Timelocks

Hive security and account recovery doesn't work without timelocks. This is why it is so laughable when people say we should get rid of the powerdown schedule or lower it or add a paid option to remove it. Like, no. How about you employ proper accounting techniques and have Hive unlocked in advance, hm? Although I am a fan of my power-cooldown idea, where the first powerdown is instant. But this would be a toggled option with downsides, the main downside being that when you power up it takes a week before your voting power increases (to avoid exploits in powering up and then powering down instantly).

On another note, it is possible to sell locked Hive by borrowing the Hive and shorting the market until it unlocks and you can pay back the loan. So again, changing the timelocks on Hive is totally pointless. It would be much smarter to simply build the infrastructure that allows Hive users to borrow liquid Hive, dump it on the market, and pay back the loan once their powerdown completes. Short the market to pump the price.

encryptionlock2key.jpg

In any case, timelocks on Hive are the thing that make account recovery actually work. Without the timelocks the money would just be stolen and that would be that. The main point to be made here is that Hive is one of the few places people can park their money and not have to worry about it being stolen. Because it's locked and we have account recovery, unlike most networks out there.

Well I just use a Trezor or Ledger Hardware wallet!

Bully for you, friend. And you trust these corporations to protect your data and not program in backdoors through the heavy encryption and software updates? We already saw that Ledger was storing copious amounts of user data during their hack and people literally got threatened, kidnaped, and killed over that data breach. And that was just user information like addresses, not even a backdoor into the system.

Hive COMPLETELY removes the need to trust a corporation. Sure, hardware wallets are great and I use mine all the time with Metamask for that extra layer of security. But to assume they can't be hacked or there is no backdoor? That's foolish. We've already seen that if the device is intercepted during transit it can simply be replaced by a hacked device. And again even in this scenario the corporation itself is still trustworthy. What happens when the corporation has to do what the government tells them to do behind closed doors?

This is why I always talk about the need for an airgapped hardware wallet that anyone can set up themselves. If Hive had something like this, wow! We'd have account recovery and hardware wallets that never even connect to the Internet. Try to hack that... lol. Not gonna happen. Would be an incredible development. Alas, I don't live in the future.

But how does account recovery even work?

This is something I was very confused about for a long long time. shoutout to @dan Larimer for inventing it, because it is such an ingenious solution that while I was studying it I came to the conclusion multiple times that it must be centralized with an associated attack vector. It does not. If I'm being honest, if I had developed something like this I'd be pretty annoyed that no one was was really talking about it in the higher-up crypto world.

Again it is an absolutely brilliant solution

When your OWNER key becomes compromised and you need to recover your account, you contact your "recovery account" OFF-CHAIN. You verify to this person/entity that you are the rightful owner of the account. This could be done in many ways.

  • A phone call to your best friend.
  • The same way WEB2 does it (email/password 2fa).
  • Smartphone f2a.
  • Google auth f2a.
  • Some other encrypted solution.
  • Asking pretty please?
  • Whatever.

The point is:

The recovery account then has a choice to make: is this the rightful owner of the account, or is it a scammer? In most cases the scammer scenario doesn't even make sense. The person looking to recover there account is doing so because the owner key changed one time. This implies that the thief who already owns the account is asking for recovery, which doesn't make sense because they already control the account. The only reason to do this is to confuse the recovery account as to who the rightful owner is, and I've never heard of this happening before (not even in theory until just now talking about it).

So the recovery account finds out that the rightful owner of the account wants to change the owner key to XYZ. They sign this transaction on chain with their active key as the recovery account. "This account that I am the recovery for will change owner key to XYZ."

This is the part that confused me.

If the recovery key can run around changing the owner key, that's clearly a centralized security breech right? What happens if they get tricked or are malicious? Centralized attack vector is centralized.

But it's not centralized though.

Because the only way to actually change the key to XYZ is if the original owner signs the transaction with the old key that was stolen. In fact, any owner key that was valid in the last month could sign the recovery transaction to change the owner key to XYZ. What happens if the thief signs the transaction instead of the rightful owner? Same outcome, the public key changes to XYZ and the rightful owner takes possession of the account.

What happens if a scammer tricks the recovery account into changing the owner key to something they control? Doesn't matter, because again, that transaction doesn't get finalized until it is signed with a key that was valid within 30 days. The scammer never had the key to begin with, and the recovery account doesn't have this information either.

That is the beauty of this system. It adds ZERO attack vectors and creates a system were all of us can recover our accounts without having to worry about any security being compromised by the solution. In the world of crypto where all "solutions" are actually just tradeoffs and sacrifices, account recovery stands in that special place where it just works and there are no drawbacks. It took me multiple years of researching crypto before realizing just how elegant a solution it really was.

Of course part of the reason many do not understand this process is because most people never actually have to use it. That's the goal right? To never use account recovery in the first place. No one wants their keys to get stolen. But in the case of Hive even if this happens we can get most of our money back (assuming it was powered up or in the savings accounts). That's a powerful backend design that has yet to reveal its true usefulness to the world of crypto.

RESET ACCOUNTS

Reset accounts are something that I figured out about when I was learning the Hive API. A day later I realized that reset accounts exist, but the code is disabled and the witnesses do not enforce them. That's because unlike recovery accounts, reset account DO some with a crippling attack vector.

How many accounts on Hive lose their private key and that account becomes derelict and owned by no one? It happens quite often. Very sad. Most people it happens to assume that there will be some way for them to recover their account, not realizing the critical differences of WEB2 vs WEB3 where we own our data directly. If you lose data that you own... you lost it. There is no magic WEB2 fairy to give it back... unless you have a reset account.

A reset account allows the arbiter to fully change the owner key to whatever they want in a fully centralized way. In essence, the reset account becomes the new owner with no questions asked. However, the reset account can only enact a reset if the account they are privy to goes inactive for a certain amount of time (say six months). The associated attack vector is obvious: if someone just goes inactive and didn't lose their keys their account could get stolen for no reason.

Personally I think witnesses should reactivate this code.

Obviously it should be fully optional with the ability to change the reset account to @null whenever they want, but still I think something like this would have a lot of value in many circumstances where noobs are running around losing their keys.

For example, Hive is working on 'Lite Accounts' across multiple platforms (leo, splinterlands, spk). These Lite Accounts control the keys directly so that noobs get a WEB2 experience on WEB3 until they figure out how to secure their own keys. Enabling the reset account would allow these custodians to build an even better transition to WEB3. Even after they keys are changed and the noobs are looking after their own keys... if the custodian was the reset account it would still be able to salvage the account even if the noobs lost their keys. We should definitely enable this code as an option. Honestly I would love to hear the thoughts of lead devs like @blocktrades or @smooth or whoever on this matter. Surely there are reasons to leave it disabled but I feel like we can't scale up without code like this being activated.

Final thought

Price stability is also a kind of security. I talk about this a lot: how many popular cryptos of the future will have a stablish price point with high yields and high inflation. Even if I'm wrong on that particular prediction the main argument still rings true: people don't like the volatility of crypto and it's a big hurdle to adoption. I may be wrong about how it happens, but I'm not wrong about the end result. Token stability and utility can be thought of as a kind of security that users can count on.

Conclusion

When it comes to money, if we don't have security, we don't have anything. The infrastructure does not exist to give people peace of mind when it comes to their funds. Doesn't matter where those funds exist. Could be crypto, the stock market, or legacy banking; security is lacking in every department. Luckily crypto is evolving every day and will eventually come up with the solutions required for people to trust that they can put their life-savings on-chain, but until then we just have to keep grinding forward and build out the infrastructure. These things take time. hodl

Posted Using LeoFinance Beta

Sort:  

[reset accounts]

I don't have a view on the reset feature as long as it is opt-in on existing accounts. Unfortunately this means if you lost your key in the past you are still SOL. But I don't want to see accounts subject to a crippling exploit as you put it, because because the account owner doesn't realize they need to disable a new feature on every single account (many people have multiple accounts, and I'm not even referring to sock puppets here, but accounts used for non-social purposes, most notably cold storage). On new accounts it can be up to the account creator, I guess.

If there are other issues with the feature they would need to be discussed. I don't know what they might be.

I didn't realise that the master key generated the four other keys either. And I still don't understand what the active key does that the posting key doesn't.

The active key is used to transferring money, powering up, trading, etc.
Posting key is for blogs/comments and upvotes (and custom jsons that don't require the active key).

By the way, seems I don´t have a master key stored! Is this bad? Can I retrieve it somewhere?

The master key is largely irrelevant if you have the Owner key.
You can use the owner key to change any key (including owner).
If you ever change your password you can get a new master key using the owner.

Or you don't have to have a master key at all.

It's possible (very easy) to disconnect your keys from the master.
Just change your keys one at a time and don't use the same master to generate them.

If you have the owner key, then you don't need it. If you don't have the owner key or master password, you'll never have "full control" over the account, but you can keep using it as long as you have the other keys.

Didn't know this anyway my first learning for the day.

Posted Using LeoFinance Beta

Engage with the discord group The Terminal link,they would be of help.

Posted Using LeoFinance Beta

Yet another reason HIVE still surprises me on it's lack of adoption. Several critical factors that are just being done better. The quiet player doing the dirty work in the paint (basketball reference)

Posted Using LeoFinance Beta

(basketball reference)

Three-point dunk.

Didn't you miss a perfectly good Bball reference about being in the key?

Three in the key will set you free.
Posting, Active, Owner.

kek

Same way you'd be surprised when the whistle is finally blown.
Quite surprising about Hive adoption but it's already in effect.

Posted Using LeoFinance Beta

I trust my hive wallet more than metamask. Very good discussion and useful to know how important the keys are!

Posted Using LeoFinance Beta

good post!

I hope haf does something for us, betamax was a better format, too.
The kneecappening and 2 year walkabout is still shadowing us.

I used to be able to login to D.Buzz to post buzzes, until one day I couldn't. This was the case not only with the account I created just to use D.Buzz but also with my main account (this one). Thankfully, I can access the D.Buzz community through a general front-end such as Ecency or PeakD.

Before Hive Engine was overhauled, I was able to access my wallet there. After the overhaul, I cannot login to Hive Engine. On top of that, Hivesigner was removed as a form of access.

Maybe my keys got scrambled at some point? I've logged in to many tribal front-ends, so it's possible that at some point they got out of whack with one another. I don't know.

Does this situation sound familiar to anyone? I would like to be able to login to D.Buzz natively as well as to Hive Engine. Thankfully I have alternatives to do things I would normally do natively there. But I still don't know what my problem is, so I can't determine a course of action to begin to solve my problem.

Posted Using LeoFinance Beta

This is a very weird problem to have.
I don't know enough to answer.
Also I use Keychain for everything.

At the moment I can get done things that I want to accomplish using workarounds.

My concern is what happens once working prototypes go live and I want to access them. Ragnarok looms over he horizon, and beyond that Project Blank. As long as I can access future projects, I can live with the troubles I have.

I have trouble accessing the LARYNX airdrop page at <spk.dlux.io> (or whatever the correct link is) using multiple web browsers. In this case, that may not be related to the key troubles I have.

I've tried using Keychain. It works, but I've noticed that it is a bossy add-in: If I want to use MetaMask for Cub Finance and PolyCub, Hive Keychain steps in to take over. I end up turning off Keychain and turn it back on when it's necessary.

Posted Using LeoFinance Beta

not sure what OS and browser you use. on win and chrom/brave i did not have problems with keychain for years. never had keychain trying to do anything on cub.

if you are talking mobile, i don't have metamask there so can't say anything. but i do use hive auth with keychain and peakd, and it is almost perfect. (keychain hive auth disconnects after short period of inactivity so i have to reconnect it often)

I use Windows with Chrome/Brave or compatible browsers (including Firefox on occasion). Problem persists.

Maybe I'm a unicorn in this respect, or maybe I'm just a crank for this particular thing, but I'm not a fan of Keychain. I'm not a hater; at least I don't go around bad-mouthing the dApp or its developers. However, I do get a sense that the trend is to move away from other login methods an funnel everyone toward using Keychain. It just doesn't suit me, and I leave it at that.

Posted Using LeoFinance Beta

i am not telling it does not happen to you, just sharing my XP :D

That's OK. We all have a role to play. Mine is Keychain Crank!

Posted Using LeoFinance Beta

Very insightful post, makes me even more proud to be a HIVE network participant.

It's great to be on Hive and posts like these only confirm that. Great write up! :^)

Hive has so many safety features in place to keep our money safe. I learnt a lot from reading this.

Is there some sort of guide to keys, after reading this it seems I have a lot more to learn

!1UP

Posted using LeoFinance Mobile


The rewards earned on this comment will go directly to the people(@chaosmagic23) sharing the post on Twitter as long as they are registered with @poshtoken. Sign up at https://hiveposh.com.

This is a top quality post with heaps of very useful info for new and old users.

The main point to be made here is that Hive is one of the few places people can park their money and not have to worry about it being stolen.— how great and surreal can this ever be ?!, certainly inestimably priceless.
The world of cryptocurrency and cyber security are somewhat intertwined . One cannot forgo the other. By all means possible it is essential to make the safeguarding and protection of our keys and data top of the bucket list .

I love your enthusiasm but saying it can't be stolen is unrealistic, we all need to be aware of all risks involved. Most of us fight to stay educated on the ongoing battle between technological development and ongoing vulnerabilities. We might be safer in the hive ecosystem than most, but there are always risks though.

Posted Using LeoFinance Beta

Yeah, it can't be stolen except you use a wrong key for a transaction or share your keys or click on a phishing link.

There's always risk and there those lurking here the cause havoc.

Posted Using LeoFinance Beta

let's be honest. that's still not completely true. let's take axie infinity for example, it was hacked by leveraging a vulnerability in the ronnin bridge. none of the users that lost money in that hack did anything wrong. There are always risks, and a lot of them exist beyond the end-users control.

Agreeable but here we are on hive blockchain not a bridge that involves variety of people linking through from one chain to another.

Losing your keys on hive is entirely on you, whatever happens must have been something done knowingly or unknowingly.

Posted Using LeoFinance Beta

hive was originally forked from steemit because someone managed to figure out how to hack the whole chain. one big hostile takeover. granted this event caused hive to become way more secure, but thinking that risks don't exist is naive. There are always risks, the entire ecosystem of blockchain technologies is still very new. I do absolutely think hive is more secure than a lot of blockchains, but I'm unwilling to think of it as risk free. Also, there are a ton of bridges on hive, it would be impossible to move money into hive from any other chain without a bridged, and there would be no liquidity mining.

I absolutely agree, hive is secured but it's not over its head above a breach.
There's always a risk.

Posted Using LeoFinance Beta

Park your funds without sharing your keys.
Absolutely the future keeps getting better.

Posted Using LeoFinance Beta

It's absolutely relieving as one can be sure of a safety nest while in the blockchain.
All those passwords have their effects even if it gets lost as I once lost mine, it could be replaced just with the master key.

Posted Using LeoFinance Beta

Security on hive is top notch and we can't compare it with any other thing because if you your account get compromised the 13weeks power down is another forms of security on it that help in securing people's money been stolen easily

Posted Using LeoFinance Beta

Don-1UP-Cheers-Cartel-250px.png

You have received a 1UP from @b0s!

The following @oneup-cartel family members will soon upvote your post:
@leo-curator, @vyb-curator, @pob-curator, @pal-curator
And they will bring !PIZZA 🍕

Learn more about our delegation service to earn daily rewards. Join the family on Discord.

Reading this write up,I found it vital and very useful. Good write up Buddy🤜🤛🏿

Posted using LeoFinance Mobile

I tested account recovery once back on steem (the full process) when I was writing a guide about it. Powerful stuff indeed.

About reset accounts, I'd rather not see it activated. People with lite accounts should have enough time to get used to what a web3 account means even before having one.

Never is a very long time, but I am very happy that Hive is such a secure platform!!

Posted Using LeoFinance Beta

I've also seen solutions that are backwards compatible with EVM. Meaning that you could change your keys to one that matched the same seed phrase as your metamask wallet.

This is a clever idea. Do it right and you can secure your keys with a Ledger, even though it doesn't formally support graphene blockchains.

Posted Using LeoFinance Beta