Hardware wallet for safecoin. Or else malware can steal coins!

Safecoin needs some type of hardware wallet capability. If not to actually login into the network, then at least to send actual coins (similar to bitcoin hardware wallets). Otherwise, safecoin will become a huge attack vector by malware writers. Unlike bitcoin, maidsafe is something people will use every single day and cannot use it on an offline computer.

Therefore, they will be entering their account credentials frequently (or they will be stored on disk / memory). The end result is that malware and attackers can steal these credentials and 1) steal all the safecoin 2) do a lot of put requests to exhaust their safecoin.

Maidsafe will never adoptable by a wide audience unless it can solve this security concern. So, are there any plans to make maidsafeā€¦ safe?

1 Like

OK if you do that then the attack vector is the malware on your computer will then send off your coins once you have logged in

If hardware to control wallet then the group consensus has to talk to the hardware to confirm transactions. Not as easy as it soundsā€¦ The hardware has to specify the address and amount the coins are sent to, otherwise the malware can still be in the middle telling you its all OK but the transaction sends your coins to another address

Might be easier to virtualise the Wallet APP that also requires an additional password for sending coins.

That is a bold prediction. PayPal is uses by upteen millions everyday and its nowhere near as secure as anything you suggest. People still keep using it and more everyday

4 Likes

You could have several accounts, the account you use for everyday doesnā€™t hold many or any coins at all, then whenever you need to use coins you log in using another account just for that purpose and log off again to log in with the day to day account. In such scenario, isnā€™t the risk similar to the one you currently are exposed to by using the home banking?

4 Likes

Not at all. Banking transactions are not anonymous and they are reversible. Therefore, the motivation for someone to do this far less (they will likely get caught for stealing) and the loss of the user is far less (transaction gets reversed).

1 Like

Paypal does not have user risks. It is neither anonymous or irreversible. Someone cannot track when malware steals the coins. And, you cannot take a police report to the maidsafe network and have them reverse the money that left their account.

Regulated finance is very safe for users.

1 Like

Again, a password cannot solve the issue. Hence why bitcoin to be secured must use a physical air gapped signing device. If your maidsafe account password can be keylogged your other password will be keylogged.

Really?

It has a lot of risks, your bank account and/or credit cards are linked to it and if someone gets the password then they can clear out your bank account and credit cards. There is no guarantees that paypal will ever reverse those transactions, there are many horror stories that paypal refuses to reverse anything because the thief has already withdrawn the funds. Financial regulations has a number of ā€œoutsā€ for the financial institution to refuse reversing the transaction.

Only a minor consideration since even if reversed it can be months to get any of your bank account money back.[quote=ā€œmaiddict, post:6, topic:12862ā€]
Again, a password cannot solve the issue
[/quote]

It can if you virtualise the APP, the malware is on the host machine and no access once the VM takes over.

I donā€™t discount the benefits of hardware wallet BUT it does not lead to your bold ā€œdeath of safecoinā€ prediction if it is not implemented. People will do as @bochaco says. they only hold a small amount of coins in the acount they use for everyday transactions. Just like you only carried a smallish amount of cash in the leather wallet in ones pocket.

1 Like

You donā€™t seem to know about modern finance or else you live in a country with very abnormal laws. In most of the world people have 0% liability for stolen credit card funds. Bank account transactions are reversible with a police report.

You say that as if it is bad? So, you would prefer to never get your money back than to get it back in a couple months? Okay, letā€™s bring rationality back to this convo.

Yes, it can. Unless you are proposing that people should only run maidsafe on a live usb bootup from a clean install of an OS. If you run maidsafe in a virtualized container within a malware infected host system, then you are still at risk.

Instead of focusing on that and other trivialities, how about we move this discussion into a productive direction. Such as, how do we secure safecoins and maidsafe in a manner the average person can use? No need to take issue with predictions. Letā€™s talk about how do we make safecoin actually SAFE.

There are most likely methods we can come up. For example, adopting some form of signing mechanism of transactions similar to systems like bitcoin use. That way you can have an actual secure method of using maidsafe day-to-day while having your safecoins secure.

4 Likes

I place a focus on it since you justify your proposal on this and made your suggestion a ā€œDO IT OR SAFEcoin Adoption FAILā€ scenario. And it certainly is not that.

If you justified your proposal on it being a good idea and can we do it, then prediction is trivial. But it was your justification for doing it and being such a FUD justification it is important to say why it is a trivial justification.

Also you need to read the T&Cs of your bank account and cards. Also a police report is not a guarantee to getting your funds back. Just FYI If the bank determines the loss of the funds were to you not securing the password (this could include keeping your security up to date) then their liability is greatly reduced or nullified. Read the T&Cs

Again the hardware wallet is going to be a difficult one to implement and would require that the hardware tells the gorup the address and amount to send. Otherwise malware can intercept the request as you enter it and change the info that is sent to the group and what the app tells you is happening. So the hardware has to do it all.

Now it might be better to market a SBC unit that plugs into your computer or wifi that does the transaction independent of any computer. With some of these SBCā€™s being less than 5$ and displays cheap too, a separate unit to do safecoin transactions on the go might be a better use of resources than a hardware wallet. It can also perform 2FA for you too and many other security functions. What do you think?

3 Likes

Itā€™s possible (but not currently coded) to create an unsigned safecoin transaction on one machine, then sign it on another (just as you would with bitcoin).

If one were to try to code this, it would begin with splitting the code for structured data into separate ā€˜build txā€™ and ā€˜sign txā€™ functions. But I feel itā€™s sitll a bit early to be approaching this problem.

4 Likes

Itā€™s great to hear that some kind of offline signing could be possible for Safecoin.

I feel itā€™s never too early to plan to build an acceptable level of security into the Safe network, and canā€™t see how having no option that is keylogger resistant is anywhere near secure enough.

As long as by launch thereā€™s a mechanism for safely holding and transacting with hugely valuable Safecoin itā€™ll be fine, but if thereā€™s no multi-sig or offline signing mechanism, many people wonā€™t want to take the risk of converting MaidSafeCoin on offline wallets into a less secure medium.

Iā€™d like the ability to have linked Safe network accounts with multi-sig wallets possible, so I can create a transaction on my PC, then require a signature from a second account that I log into on a separate computer (or phone etc).

If signing a transaction from an offline computer is possible, then even better!

5 Likes

I really like hardware wallets and Iā€™ve been using Trezor for over a year now.

I expect a SAFE hardware wallet will come quite quickly tbh. When the value shoots up the demand for security will be higher and the market will satisfy that demand soon enough.

In the meantime Iā€™m just going to buy a cheap dedicated machine for farming and using SAFE on, and Iā€™ll never use this machine to visit anything on clearnet, so hopefully there wonā€™t be much risk in using it.

I should imagine most people with a decent amount of coin will be quite cautious and sensible.

SAFE canā€™t solve endpoint security if weā€™re browsing clearnet on our machines, so I agree that a hardware wallet would be gtreat and will be used when it arrives.

The nature of SAFEcoin as a utility and the decentralisation of farming make this bit less of a priority than it might have been for a simple, non-consumable asset like BTC. The expectation is that most users donā€™t buy SAFEcoin or use it as a store of value, but rather most farm a couple of bucks worth for fee and use them. These folks wonā€™t be wasting $100 on hardware protection for their $10 account value imo. So a hardware wallet is really more for investors than to help network adoption as I see it. SAFE wonā€™t suffer at all for not having one as we can still do things safely without it (although it is annoying) and SAFE does not intend to be used in the way BTC is used (investment/asset/store of value). Itā€™s just a cheap, burnable utility that you can get for free. Or at least it should be when the network has launched. :slight_smile:

5 Likes

SAFEcoin will be implemented with MD (used to be SDs). SDs used to have the ability to be multi-owner and if MD still has this then I see no reason that SAFEcoin canā€™t have multiple owners. This would then be a nice avenue to secure your coins.

But I still think @bochaco was spot on when he said that people will have at least 2 accounts if they have significant amount of coins. One for every day spending where you keep enough coins to work with and your savings in one or more other accounts.

That reminds of the days when people didnā€™t have plastic for everyday spending and they would have enough cash in their ā€œleatherā€ wallets to do any spending they expect to do in the day. That way if a mugger stole your wallet then thats all the cash they got. Judging by the newspaper reporting at the time not many people got their stolen money back even if the mugger was caught later on.

3 Likes

And you forget the possibility of multisign safecoin. You can have a small amount in your single sign account and save most of your safecoin in multisign. You can use different device (home computer, smartphone, work computerā€¦) for the different account and the only possibility, for an attacker, to steal your safecoin is hack all your devices.

In fact, a single device (old smartphone, pc or tablet) can act as hardware wallet. Use an account exclusively in this device, to sign multisign transaction, and the rest of the time you have it turned off.

2 Likes

The way to protect from malware is I think to use 2FA on any SAFE account that you are concerned about, and to use multiple accounts to spread your risk.

These measures have been discussed several times on the forum and there are already some devices & 2FA techniques under consideration. Sounds like a good one for a Community Engagement Program (funded development).

Search for 2FA if you want to find the discussions.

2 Likes

This essentially turns your computer into a hardware wallet. It is an option which has been discussed here many times.

If you could do the same with a cheap/old phone/tablet/palm top (pretty easy with linux), then you have portability too.

I am sure someone will market such things on the future.

2 Likes

Good point. I too am pretty concerned about lack of hardware wallet support, but I think youā€™re right that in general that wonā€™t be as much of a concern for the regular user. For these users however, the security of their login credentials would still be of interest. So HW could still be useful in that case as 2FA

1 Like

Yes, and thereā€™s a lot of middle ground to cover. If I have $200 of safecoin Iā€™m not going to buy a dedicated machine or hardware wallet, but likewise Iā€™d like some 2FA on there because someone will nick it if they get an opportunity.

1 Like