Author Topic: javascript wallet login process  (Read 2587 times)

0 Members and 1 Guest are viewing this topic.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc

Offline arhag

  • Hero Member
  • *****
  • Posts: 1214
    • View Profile
    • My posts on Steem
  • BitShares: arhag
  • GitHub: arhag
I like it.  A few suggestions.

Deterministically derive a hard child private key from the brain key that does not give access to any of the other private keys that unlock funds in the wallet (I will call this key b). The public key of b is called B. Deteriminstically derive a hard child private key from b (I will call this key p). The public key of p is called P and the hash of P is U. Generate a one-time public key O. Use EC multiplication of O with b to get S. Regularly take an export of the wallet and encrypt the entire contents with S. Attach O and U to this encrypted blob to create the encrypted wallet backup. Now this encrypted wallet backup can be regularly backed up to an online wallet backup service that the user can optionally sign up for.

The service could provide the contents of the encrypted wallet backup if a user can provide proof of ownership. The proof would be a response to a random challenge from the server in which the response includes P and is signed with private key p (which can be derived using only the brain key). Then the server would send the user the encrypted wallet backup. EC multiplication of b (which can again be derived using only the brain key) with O (provided in the encrypted wallet backup) gives S which allows the client to decrypt the contents in order to restore the wallet. The service would not be able to get access to the wallet contents because it depends on the strong brain key. A user that used this service could restore their wallet on a brand new computer using only the brain key (which brings along all the other information, such as transaction history, favorites, up/down voted delegates, that cannot be recovered from a wallet master key).


Make it possible to export the brain key out of an unlocked wallet in encrypted form (encrypted either with the wallet passphrase or another custom passphrase). This allows users to store the encrypted brain key on paper or flash drive in their home or the homes of semi-trusted people, without worrying about burglars or the people they thought they could trust being able to access their funds if they get access to the encrypted brain key (unless they brute force the passphrase).


Build in secret sharing into the client so that the brain key (either unencrypted or encrypted by a passphrase) can be split into N keys in which M of them are needed to recover the (possible pre-encrypted) brain key. Allow the user to optionally specify the BTS public keys for each of the N keys so that the client can encrypt each of the keys to their respective recipient. Ideally this would be encoded in a form of a sequence of dictionary words so it is easy to communicate over the phone. The client would have the ability to take these encrypted shares, decrypt them from an unlocked wallet (assuming they were encrypted for an account that the wallet owns) and then re-encrypt them for a particular public key. The client would also have the ability to receive these encrypted shares, decrypt them from an unlocked wallet (assuming they were encrypted for an account that the wallet owns) and then put them back together to recover the original brain key.

The idea is that all of this could run offline on a live Linux environment. I would run the client offline, and generate a new wallet with a strong random brain key. I would then export the brain key using my wallet passphrase and break it up into M-of-N with secret sharing where I specify the N BTS public keys that I want it to split the brain key among. The client would then give me N phrases that consisted of a sequence of dictionary words (and the BTS public key that each is associated with). I would then communicate each of these N phrases to their respective person (my friends and family) who would store these phrases in their own wallets. I would also export the encrypted brain key and write it down on a piece of paper I keep in my home. I could then create whatever transactions I want with my offline wallet, or receive funds to an address to keep in cold storage, and then shut down the machine.

Now, pretend that my paper backup was stolen. I should move the funds from my cold storage wallet into another cold storage wallet before the thief is able to brute force my wallet passphrase. But I need to be able to recover my brain key first to do that. So, first I boot into the live Linux environment and create a brand new wallet with a new wallet passphrase. I make sure to export the wallet's encrypted brain key and write that down on a new paper backup. I get the BTS public key of the account this wallet generated for me. I then ask M of my N friends and family to whom I gave the secret shares to use their wallet to export the shares they stored in their wallet in a form that is encrypted for me (specifically to this new BTS public key that I share with them). Each of them do this and communicate the phrase their wallet exported to me over the phone or in person. I take these phrases and put it into the new wallet I created running on the offline machine and the client uses these phrases to recover my original encrypted brain key. I then type in my old wallet passphrase to decrypt the encrypted brain key. The client can now use that brain key to gain access to the balances in my old wallet and move them to an account created by the new wallet. Now my funds are safe again. I will also likely repeat the secret sharing process with this new wallet to protect myself against future theft of my new paper backup.

Offline Rune

  • Hero Member
  • *****
  • Posts: 1120
    • View Profile
jcalfee are you going to host a web wallet yourself based on this tech? Whats the ETA quarter?

Also do you know if yunbi are going to base their web wallet off your work?

Offline jamesc

I may have memorized a password but have not yet memorized the brain key.

If a brain key is unmemorized, doesn't it lose all its advantages?

Ok, you're making me think  :).... Guess that is right on topic.  It is a matter of personal preference I guess.  My goal is to give my brain key to my close ones incase I die.  Also, I don't want get a head injury and loose track of all my money.  So I have immediate backup requirements on any private key before I send money to it.  Since I have what I believe are secure locations for my backups I don't mind using the backup as much as needed.  If I do that enough I will end up memorizing it to make it easier.

If you don't want the password you can likely use the browser's incognito mode.   I will have to see it all working before I make any promises on this.  Basically, once you close that window the wallet is gone and you'll have to use the brain key again.  Is this more to your taste?

Offline fluxer555

  • Hero Member
  • *****
  • Posts: 749
    • View Profile
I may have memorized a password but have not yet memorized the brain key.

If a brain key is unmemorized, doesn't it lose all its advantages?

Offline speedy

  • Hero Member
  • *****
  • Posts: 1160
    • View Profile
  • BitShares: speedy
Is there going to be a preview of the javascript wallet sometime soon? Also will it include the ability to trade? It seems like it should because the main wallet is already built in javascript.

Offline jamesc

Since security hinges in the brainkey, why bother with a separate password system? Why not just have them log in with that?

The password and brain-key have different levels of security.  The brain-key has to be unique to any global attempt to guess it.  This means it is very long and not practical for us when constantly locking and unlocking the wallet.  The local password is only important if the local files get compromised.  It can not be attacked without gaining access to the data.  It is also useful if someone wants to make a paper backup of the brain key but still wants to encrypt it with a password.  I might do that if I used a leased printer or a shared printer for example.  I may have memorized a password but have not yet memorized the brain key.

Offline monsterer

Since security hinges in the brainkey, why bother with a separate password system? Why not just have them log in with that?
My opinions do not represent those of metaexchange unless explicitly stated.
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline jamesc

Please review, better if this does not have to change later...

Offline jamesc

Looks like the QR code can hold the entire brain key easily.  I'm glad you brought this up, since we have lots of extra room I will limit the brain-key so someone can't create a brain-key that is too long for the QR code.  It will still be as strong as a private key.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
I like the idea ..
kind of blockchain.info with a master passphrase ... however, I would suggest to let the user print a QR-code and rescan a QR code rather than have a string.
QR-codes are more difficult to copy/paste and also have a forward error correction on-board that allows recovery even for some degree of damage to the QR code.

also I would suggest to make the print-dialog popup once the brainwallet (encoded as QR code) shows up so that people really have a hard-copy.

Offline jamesc

Login process for the web-browser wallet / plug-in...

This should help avoid the issues of making sure wallet is not deleted by accident and that the user does not get locked out of the entire wallet due to a lost password or a lost brain-key (as long as one or the other is known).  This is all done client-side so the server is not used in this process.

It has the side-effect (or feature if you will) of allowing you to have multiple wallets that are not easily visible to an observer. 

Basically, the idea is to use your password as access to the wallet.  Different password different wallet.  Of course, the password is hashed and stored locally (not on a server) so it is not retrievable without a full dictionary attack and access to someones files.   Multiple wallets are useful in the same way as one might have multiple bank accounts or multiple trading accounts.

Basically the wallet is password encrypted and stored in the browser. Think of that as a cache... It is not uploaded or backed up automatically. So, that is where the brain-key is really necessary. You can re-generate the wallet from a brain-key and the wallet will find your information from the blockchain.

A delete wallet feature can be added, but you should be required to login first (know the password) so you can delete it. I like this idea because it forces you to look in the wallet before deleting.  The user should also re-enter or copy/paste the brain-key as a delete confirmation as that is how one could restore the wallet anyways. 

The under-the-hood side effect is that the only way to recover from a lost password is to use the brain-key and create a new password.  That will leave some clutter not so large clutter: a second copy of the wallet laying around unaccessed.  I don't think that will be any less secure unless one intends to move the wallet and can't remember the password.  In that unlikely event the user can use the browser to delete all of the data and wallets on that computer (after making sure the important ones exist somewhere else). 

To recover a brain-key, the user can use the password and the computer that created the wallet and access a feature to display the brain key.  Even in a unlocked wallet, the password will be re-prompted before displaying the brain-key.

Here are the screens:
-----------------------------------------------------------
Open or Create Wallet

[ Password                         ]

[Login]

= if the password is found, the wallet opens .. if not:
-----------------------------------------------------------
Create Wallet

A wallet with this password was not found on this computer.  Re-enter your password to setup a new wallet.  Your password is mandatory and controls when and how your funds may be spent. If you forget this password you will be unable to transfer your shares and must recover using a brain-key that will be provided to you.  This password is used only on this computer.

[ Confirm Password               ]

[Create] [Back to Login]
-----------------------------------------------------------
=== User will select one of two options to enable one section:
[X] New Brain-key

Use this brain-key to recover your wallet on any computer.  This brain-key is as strong as the industry standard for private keys.  Do not shorten it.  Make a backup, print it out, write it down, etc.. but always keep this information secret.  This brain-key is not password protected and is all that is needed to access all accounts you will create in this wallet.

[ xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz xyz ]

WARNING: Anyone with access to your brain key will have access to this wallet. It is not possible to recover a lost brain-key.  This brain-key will be saved for you on this computer only so you will need to make another backup to be sure you can access your wallet.

=== The other option
[X] Existing Brain-key

[ Brain-key                                                                                                                    ]

[Open]

= wallet will find public accounts and transactions
= recover by registered account name feature
-----------------------------------------------------------
« Last Edit: January 28, 2015, 03:37:58 pm by jcalfee1 »