Skip to content

Latest commit

 

History

History
98 lines (62 loc) · 2.71 KB

wallet-security.md

File metadata and controls

98 lines (62 loc) · 2.71 KB
Raw

Wallet Security

Being your own bank

  • What does it mean to be your own bank and the responsiblity that is put on the user?

Risks

  • Accidental deletion of wallet app
    • wipes private keys?
    • wiping of meta data
  • Extortion

Personal Finance

Checking Account

  • Hot wallet
  • Less security measures

Savings Accounts

  • Holds large amounts

Additional authenication methods

  • Multisig
  • Anti fraud measures(?)

Velocity

  • Percentage of coins moving in relative to the rest
  • 100% draining of the wallet would be flagged and additional authentication would be needed

Extortion Prevention Measures

Protecting against the 5$ wrench attack.

Hide Balance Switch

Feature: Hide Balance
	As user I want to hide my balance
	So that...

The "Hide my Balance" switch should not be prominant -- e.g on the same page where the balance is shown.

Delay balance reveal when app opens

Once a user opens the app, a spinning balance animation is activated — simmilar to a slot machine and the user is asked are you alone?

Decoy Wallet

Allow a user to set a Special Pin Code/Password to access an account with less funds.

Instead of opening your real bitcoin wallet, you open one with a much smaller amount of money in it. You transfer it to the attacker and they leave satisfied.1

Feature: Secret Account
	As a user I want ...
	So that I can ...
	
	Scenario: Open smaller balance account
		Given I have set a pin code for my main wallet
		And I have set a pin for my 
		When 
		Then
  1. You can have several wallets on the Trezor with different amounts of BTC on them.
  2. In case someone hits you with a wrench, tell them the password to your $ 100 wallet.
  3. If they pull out the bigger guns, give them the 1000​ one.
  4. But never disclose the million dollar password, as long as they don't know for sure you have it Wink

qwkhttps://bitcointalk.org/index.php?topic=5112748.msg49853611#msg49853611

  • Using BIP39 passphrase in Photon?

Q: Can you send money from the "fake" account?

A: You can fund it with some small amount that you’re willing to lose.

Other Ideas

  1. Choosing a different app icon to obscure the Wallet App to make it look like a game.
  2. Obscuring the currency
  3. Home Wifi show full balance (gps, or wifi name)
  4. Separate accounts, spending, savings, larger amounts are hidden from the main view when the app opens.

Notifications Shows Balance

User should disallow content of message to be shown when phone is locked.

Footnotes

  1. https://blog.keys.casa/how-to-protect-your-bitcoin-from-5-wrench-attacks/