...but it is simply too complicated, waste of time and insecure entering the keys so often.
It’s really no more complicated or time consuming than logging into a third-party service and using it to send a message. And the security issue remains to be seen. I actually feel pretty secure not having my keys saved and only needing to use them when they’re necessary.
I use the existing wallet transfer functions all the time with no issues. Is this new service mainly for noobs? People who don’t know the simple features/functions of the current Steem wallet?
What do you mean with third-party-service?
You got to have them saved somewhere - otherwise how do you use them?
Your software is a "third-party service" (But so is Steemit, Busy and any other front-end, since the blockchain cannot be accessed without the use of such implementations).
I think that by this he meant easily accessible and always "active" (like when you use your browser's password manager to automatically input your password regardless of the user, and using cookies to keep the password wif logged in your session).
But with proper safety measures, this messenger would not be a security risk, I believe, and would instead make it much faster and safer to send and read transactions (especially if real-time notifs were enabled in the future).
The security aspects in general for the issue of typing versus storing, it can be secure enough considering the developer did use the appropriate encryption apis, selected the correct ciphers and use a sensitive / aggressive interation count on a key derivation function (KDF).
This proctects against phshing, if correctly implemented.
Also notice I'm not vetting this project, just expressing that is more or less the same about the cryptographycally-soundness, but on the phishing part, a definitive more secure apprach.
I'm on the final rounds of a new wallet development, and I'll publish a doc on how I've secure the keys, using a 6 digit pin code which is resistent to phishing, rainbow tables and other aspects.
The security of the secret-key exchange used by steem is another debate.
I honestly believe on a off-chain approach for the encrypted messages to live. storing numerous and numerous encrypted messages, potentially with the same content possible opens some window to crypto-analysis, but, the end result is not catastrophic, the worse case scenario, a given individual would be able to read encrypted messages.
Glad to extend this conversation further when possible.
Congrats @therealwolf on the project!
Hello @hernandev ! Maybe you'll want to check out the REAL Steem Messenger project, which is actually off chain based : https://steemit.com/utopian-io/@kingswisdom/steem-messenger-v0-0-3-private-beta-session-image-encryption-and-many-more
We work with a unique security protocol that i'll be unveiling this weekend ! Stay tuned for more infos on this !
Upvoted for visibility - it's bullshit when people steal names. I have no doubt the product is cool and well built...but for fucks sake be original people. Besides, I think off-chain solutions are better for this. Why force the chain to work this hard?
Well both these apps are pretty close together and Beta. Not like one has been out for 12 months haha