BitShares Forum
Main => General Discussion => Topic started by: 麥可貓 on September 28, 2017, 04:52:54 am
-
As many of you may have known, that recently bitcrab lost a significant (to me) amount of assets, and similar events happened once in a while. In wechat group, we discussed a lot of potential solutions (e.g., buy a mac, install Linux in a virtual machine or not, use and change strong passwords regularly). But even as a Linux user, I realize that we need a simple, feasible solution for all platforms including Windows to make bts popular.
Then it comes to me to realize that even telegram is currently more secure than bts wallet; to log in, telegram ask confirmation from a second device, but once your desktop is compromised your balance in bts wallet could return to zero in late midnight.
I think we urgently need some way to secure our bts wallet. At least, we can imply just what telegram, as a non-profit service, do to introduce confirmation from a second device for login and transaction. If a decentralized solution is not yet possible, I think it is fine for me to use a centralized service to do this to secure my wallet (but not google's 2FA since it is not accessible from China) for now.
-
find a dev to finish and maintain trezor integration. Pretty sure we can get worker funds now
-
We need to know how exactly bitcrab account was compromised first of all.
If a decentralized solution is not yet possible, I think it is fine for me to use a centralized service to do this to secure my wallet (but not google's 2FA since it is not accessible from China) for now.
This is a shittiest solution one can propose. How this would help bitcrab? His trading account was hacked, where he ran his trading bots. Was he supposed to authorize each trade trough google? This is ridiculous.
A good multi-factor authorization solution is already implemented in BTS wallet: multi-signature permissions, just start using it. Perhaps, it could be somewhat improved to make it easier to use by non-tech people. Again, I don't see how this can help to secure account which is controlled by a trading bot.
-
I understand multisignature protection in different computers but I may have misunderstood something so please advise.
If one has a pc where all his bts wallets a are in this pc (hence all his bts accounts as well) an attacker who gains access to that pc can equally easily have access to all wallets and accounts right?
So what is the point of multisignature as protection in this case? Would it be difficult to hack 2 different accounts with 2 different passwords as long both are on the same pc or since he gains access to the pc he can hack easily all passwords?
In this case what is the best way one can protect himself? Should we have for example 1 web wallet and 1 light wallet with i.e 1 account to each of this wallets that in order to take a transaction both have to sign 50-50 permissions? Or something else?
-
hmm... sorry for that bad advise I proposed that could not help the bitcrab's situation as yvv said, but I am also wondering how multisignature can help secure bts wallet in this bot scenario, and how it can be improved for non-tech people. I also doubt if a hardware wallet like trezor can help in such bot situation. Or else, what is the correct way using a bot to ensure security?
-
I too have suffered a horrible, horrible hack in the past (and slowly recovered via hardware wallets).
I really don't safe with the current Bitshares "scheme". In my past hack, an attacker gained access to my PC. It seems to me they'd be able to empty my BTS in that case, if they also had access to my password.
For this reason I've been keeping my password completely offline. I manually type it in to trade/move funds.
Still doesn't feel safe if I were to be properly keylogged, as I was in the past, besides using "misdirection" techniques when entering the pass. I wish there was some kind of 2FA. Hardware wallets or OmniWallet with 2FA are the only safe schemes I've found for active funds (non-cold storage).
-
I understand multisignature protection in different computers but I may have misunderstood something so please advise.
If one has a pc where all his bts wallets a are in this pc (hence all his bts accounts as well) an attacker who gains access to that pc can equally easily have access to all wallets and accounts right?
So what is the point of multisignature as protection in this case? Would it be difficult to hack 2 different accounts with 2 different passwords as long both are on the same pc or since he gains access to the pc he can hack easily all passwords?
In this case what is the best way one can protect himself? Should we have for example 1 web wallet and 1 light wallet with i.e 1 account to each of this wallets that in order to take a transaction both have to sign 50-50 permissions? Or something else?
The point of multi-signature account is to have 3 different wallets on 3 different devices with 3 different private keys stored in each wallet which control the same account. Two devices may be yours and one belong to someone you trust, or all three may be yours, or one yours and two belong to different people you trust. You could set up this account such that you need 2 signatures out of 3 to unlock it. This way, if someone hacks one of your devices, your funds are safe, because they can't unlock your account without the other device. If you lose one of devices, your funds are also safe. You just use another two devices to replace the compromised or lost key.
I have a multi-signature byteball account on desktop, phone and tablet, which works really great for me. Never tried to set up one in bitshares, perhaps I should try this asap and recommend everybody to try.
-
hmm... sorry for that bad advise I proposed that could not help the bitcrab's situation as yvv said, but I am also wondering how multisignature can help secure bts wallet in this bot scenario, and how it can be improved for non-tech people. I also doubt if a hardware wallet like trezor can help in such bot situation. Or else, what is the correct way using a bot to ensure security?
This is a very good question. You want the bot to manage your trading account without your attendance, but you don't want a hacker to do the same. How to combine these two requirements?
-
I too got wrecked (lost btc) in 2014 due to horrible 2FA / security from Google (Gmail) and Blockchain.info.
https://bitsharestalk.org/index.php/topic,25039.msg311168.html#msg311168
-
If a decentralized solution is not yet possible, I think it is fine for me to use a centralized service to do this to secure my wallet (but not google's 2FA since it is not accessible from China) for now.
This is a shittiest solution one can propose. How this would help bitcrab? His trading account was hacked, where he ran his trading bots. Was he supposed to authorize each trade trough google? This is ridiculous.
It's not at all shitty. A centralized 2FA service may not be ideal, but it's much better than not having 2FA at all.
IIRC bitcrab said that he accessed the account on a windows machine through a web wallet and/or light wallet. Accounts can be set up so that a robot can use it with a single key, while at the same time a desktop wallet with a different key can only use it together with a 2FA provider.
I think @xeroc had plans to set up a 2FA provider for BTS, but AFAIK it doesn't exist yet.
-
wow.. I have tried the multisig thing with a couple of accounts and I can say I did not manage to do it...Also it seems now that I get error messages and I can no longer transfer funds from these accounts..I tried all that with very few funds so I don't mind but I would advise to people who don't know like myself what they do to be EXTREMELY CAREFUL WITH THAT AND DO NOT TRANSFER A LOT OF BTS IF YOU DON'T KNOW HOW TO DO IT!!
I will explain what I did:
Account XXX went to permissions ==> Active Permissions
Threshold: 52
Add account YYY weight 50
Add account ZZZ weight 50
The public key was there by default with weight 1 so I left it as it was.
Publish changes ==>
Transfer funds ==> Transaction not processed with a string in red with error messages.
Now I can no longer do anything with this account. Or can I?
On another XXX I did:
Threshold 51
Account YYY weight 50
Account ZZZ weight 50
Removed the defaulted public key.
Tried to transfer and I get an error that not beeing able to sign no private key. Again have I lost access to that account as well?
All in all, not very user friendly...
-
Accounts can be set up so that a robot can use it with a single key, while at the same time a desktop wallet with a different key can only use it together with a 2FA provider.
Then what prevents a hacker to use this account with the same single key as robot?
-
It's not at all shitty. A centralized 2FA service may not be ideal, but it's much better than not having 2FA at all.
IIRC bitcrab said that he accessed the account on a windows machine through a web wallet and/or light wallet. Accounts can be set up so that a robot can use it with a single key, while at the same time a desktop wallet with a different key can only use it together with a 2FA provider.
I think @xeroc had plans to set up a 2FA provider for BTS, but AFAIK it doesn't exist yet.
But multi-key account is much better than 2FA through a third party, and it is already in BTS. If it is not user friendly, this should be fixed asap. Keys from multi-key account can be optionally kept by third parties, and it is still better than google style 2FA.
-
Maybe the multiplesignature feature of bts can be packed into a decentralized 2-FA app, and, once paired, this app can be used for bts wallet (login and transaction (of amount > threshold) ) and potentially for external usage. The 2FA scenario is familiar and easy enough for non-tech people to provide security.
-
find a dev to finish and maintain trezor integration. Pretty sure we can get worker funds now
I believe that Bitshares Munich is currently working on Ledger integration, not sure how well that is going though...
http://steem.link/yS2Jj (http://steem.link/yS2Jj)
Maybe they would be willing to finish that with worker funds.
-
Accounts can be set up so that a robot can use it with a single key, while at the same time a desktop wallet with a different key can only use it together with a 2FA provider.
Then what prevents a hacker to use this account with the same single key as robot?
PRESUMABLY bitcrab's account was hacked through his desktop machine, which in the above setup would not have contained the single robot key. Robots typically run on servers, and servers are more easily locked down than desktop machines.
-
Accounts can be set up so that a robot can use it with a single key, while at the same time a desktop wallet with a different key can only use it together with a 2FA provider.
Then what prevents a hacker to use this account with the same single key as robot?
PRESUMABLY bitcrab's account was hacked through his desktop machine, which in the above setup would not have contained the single robot key. Robots typically run on servers, and servers are more easily locked down than desktop machines.
Ok, you would have one wallet file which is unlocked all the time on device which is difficult to access, and another wallet file which is locked and require 2FA to unlock which is stored on easily accessible device, right? This could work, I guess. What if the second wallet is encrypted with two (or three) different public keys, with private keys stored on different devices? Then you would have multi-FA with no third party involved. Would this be possible to implement?
P.S. In fact, this encryption of wallet with multiple keys is straight forward to implement with something like gnupg, but BTS would need to update GUI to make it convenient to use.
-
you can use 2fa from today https://steemit.com/bitshares/@ash/bitshares-openledger-to-add-airbitz-2fa-for-accounts
-
you can use 2fa from today https://steemit.com/bitshares/@ash/bitshares-openledger-to-add-airbitz-2fa-for-accounts
Nice!
Question though. Does this mean you need to make a new acct with this Airbitz security? Will it work with Airbitz if you don't login via OL?
Maybe is there a FAQ that answers basic questions like this?
-
you can use 2fa from today https://steemit.com/bitshares/@ash/bitshares-openledger-to-add-airbitz-2fa-for-accounts
Nice!
Question though. Does this mean you need to make a new acct with this Airbitz security? Will it work with Airbitz if you don't login via OL?
Maybe is there a FAQ that answers basic questions like this?
you need to make a new account, you have to login via OL (for now)
-
I am not sure how my assets were stolen, but I believe it was not done by the ones beside me through my laptop, but by some hacker that got the private key from Internet.
firstly security base on good habits, I should not put so much assets in a bot account which is daily used in a laptop where everything is done.
I don't think the 2FA solution is helpful in this scenario, if hacker get your private key, you lose everything, nothing can help you.
maybe only multisig and even hard/cold wallet can really help to protect the accounts with huge amount of assets?
-
firstly security base on good habits, I should not put so much assets in a bot account which is daily used in a laptop where everything is done.
But you want to keep a large amount of funds in bot account, because more funds you have, more volume you trade.
What bot do you use, your own, or third party like btsbots?
-
you can use 2fa from today https://steemit.com/bitshares/@ash/bitshares-openledger-to-add-airbitz-2fa-for-accounts
Nice!
Question though. Does this mean you need to make a new acct with this Airbitz security? Will it work with Airbitz if you don't login via OL?
Maybe is there a FAQ that answers basic questions like this?
you need to make a new account, you have to login via OL (for now)
One last point of confusion.. what if OL went away? How could you access your coins?
-
you can use 2fa from today https://steemit.com/bitshares/@ash/bitshares-openledger-to-add-airbitz-2fa-for-accounts
Nice!
Question though. Does this mean you need to make a new acct with this Airbitz security? Will it work with Airbitz if you don't login via OL?
Maybe is there a FAQ that answers basic questions like this?
you need to make a new account, you have to login via OL (for now)
One last point of confusion.. what if OL went away? How could you access your coins?
good question, better ask openledger. I guess they will opensource the login code, so it can be forked
-
I understand multisignature protection in different computers but I may have misunderstood something so please advise.
If one has a pc where all his bts wallets a are in this pc (hence all his bts accounts as well) an attacker who gains access to that pc can equally easily have access to all wallets and accounts right?
So what is the point of multisignature as protection in this case? Would it be difficult to hack 2 different accounts with 2 different passwords as long both are on the same pc or since he gains access to the pc he can hack easily all passwords?
In this case what is the best way one can protect himself? Should we have for example 1 web wallet and 1 light wallet with i.e 1 account to each of this wallets that in order to take a transaction both have to sign 50-50 permissions? Or something else?
The point of multi-signature account is to have 3 different wallets on 3 different devices with 3 different private keys stored in each wallet which control the same account. Two devices may be yours and one belong to someone you trust, or all three may be yours, or one yours and two belong to different people you trust. You could set up this account such that you need 2 signatures out of 3 to unlock it. This way, if someone hacks one of your devices, your funds are safe, because they can't unlock your account without the other device. If you lose one of devices, your funds are also safe. You just use another two devices to replace the compromised or lost key.
I have a multi-signature byteball account on desktop, phone and tablet, which works really great for me. Never tried to set up one in bitshares, perhaps I should try this asap and recommend everybody to try.
Thanks for posting this.
Sent from my Nexus 6P using Tapatalk
-
Thought I would chime in guys, Correct me if I'm wrong anyone,
I use the Trezor wallet both as a wallet and a password manager. So I lock my BTS wallet before I close it down and use the saved password on my Trezor every time I log in. (including 2fa if you choose) This way even if my PC or Mac is compromised, the hacker will have no way to obtain my password or login credentials, even with a keylogger. I can still use the password manager to access my wallet even though the computer is infected or hacked. The Trezor is really a superb piece of technology.
Hope this helps
I use the Web Exchange BTS light wallet. Not sure if this makes a difference
https://trezor.io/passwords/