Author Topic: Does a hacked account brain key give access to ALL wallets in the account?  (Read 2986 times)

0 Members and 1 Guest are viewing this topic.

Offline nmywn

  • Sr. Member
  • ****
  • Posts: 266
    • View Profile
Account/Advanced Features/Permissions => click on key to see privkey

Offline JamesK56

  • Jr. Member
  • **
  • Posts: 21
    • View Profile
  • BitShares: jwk56
On the same topic I have an older BTS 2.0 wallet which still holds my Peerplays UIA.  I have several accounts within the wallet that hold PP tokens.  I have to provide private key(s) to move them to peerplays wallet.  Where do I locate these keys (can't find them) and are they the same as the brainkey.
Also for someone who knows the new Peerplays wallet has a hash tag for the password.  I could not find any way to change the password.  Does anyone know if that can be done?

Offline svk

@svk
Quote
When you create a new wallet a brain key is generated for you (unless you supply one), and any accounts created with that wallet can be recovered with that brain key.
So each account has  key set derived from master brainkey (from wallet that hold accounts)? Wouldn't that mean I can register infinite number of accounts with same key or oposite: infinite number of keys from one brainkey? Finally, how brainkey "knows" all created accounts if it doesn't change?


wallet = bin backup with keys
account = nickname

Each account created with the same wallet will have a private key derived from the same brain key, with a simple index (starting at 0 and incrementing by 1 for each account) added to the seed to create individual keys.
Worker: dev.bitsharesblocks

Offline nmywn

  • Sr. Member
  • ****
  • Posts: 266
    • View Profile
@svk
Quote
When you create a new wallet a brain key is generated for you (unless you supply one), and any accounts created with that wallet can be recovered with that brain key.
So each account has  key set derived from master brainkey (from wallet that hold accounts)? Wouldn't that mean I can register infinite number of accounts with same key or oposite: infinite number of keys from one brainkey? Finally, how brainkey "knows" all created accounts if it doesn't change?


wallet = bin backup with keys
account = nickname

Offline svk

The backup file is encrypted with your password, so even if it leaks the malicious party would need to either brute force your password or also know your password somehow.
Worker: dev.bitsharesblocks

Offline svk

Brain keys are tied to wallets, not accounts. Wallets can hold multiple accounts. When you create a new wallet a brain key is generated for you (unless you supply one), and any accounts created with that wallet can be recovered with that brain key.
Worker: dev.bitsharesblocks

Offline nmywn

  • Sr. Member
  • ****
  • Posts: 266
    • View Profile
I think question should be: does that expose all the wallets (accounts)  that application (wallet app) holds?. And yes, you're correct - it doesn't.
Brainkey (private key seed) should be keep cold on paper, just in case you lost your backups or forget password. Now, if someone stole your backup he still need a password.

Offline Sage

  • Full Member
  • ***
  • Posts: 59
    • View Profile
Hello,

Quick question on accounts & wallets security:

If an account is compromised, meaning the brain key or backup file is leaked, does that expose all the wallets the account holds?

Conversely, I assume, if a wallet brain key is compromised, only the funds in that wallet are lost. The hacker could not get access to the other wallets without their corresponding private keys.

Is this correct?