BitShares Forum
Main => Technical Support => Topic started by: Sage on June 02, 2017, 06:11:05 pm
-
Hello,
Quick question on accounts & wallets security:
If an account is compromised, meaning the brain key or backup file is leaked, does that expose all the wallets the account holds?
Conversely, I assume, if a wallet brain key is compromised, only the funds in that wallet are lost. The hacker could not get access to the other wallets without their corresponding private keys.
Is this correct?
-
I think question should be: does that expose all the wallets (accounts) that application (wallet app) holds?. And yes, you're correct - it doesn't.
Brainkey (private key seed) should be keep cold on paper, just in case you lost your backups or forget password. Now, if someone stole your backup he still need a password.
-
Brain keys are tied to wallets, not accounts. Wallets can hold multiple accounts. When you create a new wallet a brain key is generated for you (unless you supply one), and any accounts created with that wallet can be recovered with that brain key.
-
The backup file is encrypted with your password, so even if it leaks the malicious party would need to either brute force your password or also know your password somehow.
-
@svk
When you create a new wallet a brain key is generated for you (unless you supply one), and any accounts created with that wallet can be recovered with that brain key.
So each account has key set derived from master brainkey (from wallet that hold accounts)? Wouldn't that mean I can register infinite number of accounts with same key or oposite: infinite number of keys from one brainkey? Finally, how brainkey "knows" all created accounts if it doesn't change?
wallet = bin backup with keys
account = nickname
-
@svk
When you create a new wallet a brain key is generated for you (unless you supply one), and any accounts created with that wallet can be recovered with that brain key.
So each account has key set derived from master brainkey (from wallet that hold accounts)? Wouldn't that mean I can register infinite number of accounts with same key or oposite: infinite number of keys from one brainkey? Finally, how brainkey "knows" all created accounts if it doesn't change?
wallet = bin backup with keys
account = nickname
Each account created with the same wallet will have a private key derived from the same brain key, with a simple index (starting at 0 and incrementing by 1 for each account) added to the seed to create individual keys.
-
On the same topic I have an older BTS 2.0 wallet which still holds my Peerplays UIA. I have several accounts within the wallet that hold PP tokens. I have to provide private key(s) to move them to peerplays wallet. Where do I locate these keys (can't find them) and are they the same as the brainkey.
Also for someone who knows the new Peerplays wallet has a hash tag for the password. I could not find any way to change the password. Does anyone know if that can be done?
-
Account/Advanced Features/Permissions => click on key to see privkey