BitShares Forum

Main => General Discussion => Topic started by: BunkerChainLabs-DataSecurityNode on June 01, 2015, 09:13:37 pm

Title: Trust Me With Your Private Keys Please
Post by: BunkerChainLabs-DataSecurityNode on June 01, 2015, 09:13:37 pm
Something has been on my mind for a while now, and in the last hangout Friday Taulant said something that touched on this topic.

While some are ultra sensitive about who has what control over their data, the power of the blockchain wallet and bitshares enables an individual to have 100% control over his account with no 3rd party capable of shutting them down. Oh so sweet freedom it is!

One small issue though, is it's a bitch to deal with and understand to the newbie. The very idea of a private and public key is so difficult to educate people on, they just don't care.

The fundamental fact is that as we go forward, we.. or at least he masses.. are going to have to entrust a 3rd party to manage that for them. It doesn't matter what you think of the lack of security that provides.. it's just the way it's got to be for the masses.

Soo... taking off our tinfoil hats.. and putting aside all our notions of our self deterministic individual rights and freedoms.. just stop to consider.. what could be the easiest way to serve the mass market in a way that they will eat it up.. and still retain some kind of level of security in regards to their private keys?

What would a system like that look like you think? What would be the 3 main features or laws that govern its operation that would make it just one of those things that people will do without a second thought.. yet still be at least somewhat good for them.

Ready set go!
Title: Re: Trust Me With Your Private Keys Please
Post by: Akado on June 01, 2015, 09:22:13 pm
Sharing your private keys defeats the purpose of crypto itself. If that, we would be trusting banks all over again.

You don't need to find a safe way for masses to share their private keys with a 3rd party, IF that's as complicated as you say (for masses, which I think it isn't, it's just a matter of time and habituation), we should just make the method of saving/holding private keys easier.
Title: Re: Trust Me With Your Private Keys Please
Post by: bytemaster on June 01, 2015, 09:26:01 pm
1) Make all accounts multi-sig by default (2 of 4)
2) 1 key belongs to service provider, 1 to user's computer, 1 to ID verifier, and 1 for cold storage.
3) For the most part the user is completely secure unless the ID verifier and service provider collude.  ID verification is required for secure 2-factor authentication on key recovery and most users are use to it for banks.

Title: Re: Trust Me With Your Private Keys Please
Post by: monsterer on June 01, 2015, 09:33:57 pm
Brainwallets. Simple and elegant, hardware theft and back-up safe. Only difficulty is educating people about password strength.
Title: Re: Trust Me With Your Private Keys Please
Post by: BunkerChainLabs-DataSecurityNode on June 01, 2015, 11:28:08 pm
1) Make all accounts multi-sig by default (2 of 4)
2) 1 key belongs to service provider, 1 to user's computer, 1 to ID verifier, and 1 for cold storage.
3) For the most part the user is completely secure unless the ID verifier and service provider collude.  ID verification is required for secure 2-factor authentication on key recovery and most users are use to it for banks.

That sounds reasonable... Instead of an ID Versifier I wonder if this can be done by a referrer. 
Title: Re: Trust Me With Your Private Keys Please
Post by: fuzzy on June 02, 2015, 07:25:29 am
1) Make all accounts multi-sig by default (2 of 4)
2) 1 key belongs to service provider, 1 to user's computer, 1 to ID verifier, and 1 for cold storage.
3) For the most part the user is completely secure unless the ID verifier and service provider collude.  ID verification is required for secure 2-factor authentication on key recovery and most users are use to it for banks.

Great point...

But we should always keep the ability to have and control our own.
Title: Re: Trust Me With Your Private Keys Please
Post by: jamesc on June 16, 2015, 01:47:23 am


But we should always keep the ability to have and control our own.

2 of 4 active...  You can still have the owner or owners which typically are cold wallet keys..
Title: Re: Trust Me With Your Private Keys Please
Post by: fuzzy on June 16, 2015, 01:53:07 am


But we should always keep the ability to have and control our own.

2 of 4 active...  You can still have the owner or owners which typically are cold wallet keys..

I'm not disagreeing, just saying people should also have the option to be the sole controller of their accoun.
Title: Re: Trust Me With Your Private Keys Please
Post by: jamesc on June 16, 2015, 02:04:00 am


But we should always keep the ability to have and control our own.

2 of 4 active...  You can still have the owner or owners which typically are cold wallet keys..

I'm not disagreeing, just saying people should also have the option to be the sole controller of their accoun.

I see...  You can do this.   This is in the transaction format.  The wallet is going to allow any valid transaction.

I would use some frozen code like a plugin or a cold wallet to sign transactions as the sole owner but make 3 private key owners.   Before I put any money there I'd have backups off site, next of kin.   I would probably use 2 of 3 three there so someone lost my wallet I wouldn't lose my funds.