Edge Security Model
Untrusted Server Security Model
- The server does not have cleartext data.
- The server has only encrypted data.
- The phone has only encrypted data.
- The phone does not hold the (full) decryption key?
- The server rate limits login attempts.
How is it possible to use the same password for local encryption as well as for login to the remote server? Doesn't this mean that the password could learn the username and password to decrypt the local wallet? No. By using scrypt.
- username / password -> scrypt -> set of parameters "local-encryption" -> local encryption key on phone
- username / password -> scrypt -> set of parameters "server-login" -> authenticate with server
Compromised Server Risk
- Compromised server can do nothing since it does not have data from phone. Has only encrypted data. Does not hold decryption key.
- Server cannot link accounts to personal data (user name, e-mail, phone number, public address) since HMAC is used on phone before sending to server.
Server Offline Risk
What happens if server is offline?
- new users can sign-up: no
- existing users can access wallet from existing phone: yes
- existing users can access wallet from new phone: no
- receive funds: yes
- spend funds: yes
- can still login using fingerprint or password, also called offline login
Could not login without data connection. Bug?
Could not reach auth server: /v2/login
Is this due to 2FA being enabled?
Backup Less Two-factor authentication 2FA
- When another device wants to login, an existing device needs to scan QR code. or provide authentication code.
- No need to enter 6 digits one time password (OTP).
- 2FA backup code is optional.
- If there are no other devices that could be used to validate 2FA then 2FA can be requested to be disabled which takes one week.
- Similar to telegram / signal network re-registration lock.
Optional. Phone security protects a key. That key is used to decrypt another key on phone which is then used to authenticate to the server which then sends the key to decrypt the data.
Optional. PIN code + HMAC (on phone) -> server sends back a key which allows to decrypt the data. Server can rate limit PIN entries. Have to wait exponentioally longer. 1 second, two seconds, 4 seconds, 8 seconds, etc.
PIN are more secure legally. Since fingerprints can be compelled but PIN codes often cannot compelled.
PIN login / fingerprint is just a shortcut to let the phone access the encrypted data. Depending on phone security. Usability feature since typing the password every time is too tiresome.
E-Mail based Passsword Recovery with Untrusted Server
- E-mail based password recovery is optional. The user is not forced to set it up.
- App will send password recovery e-mail from your e-mail account to your e-mail account.
- Password recovery e-mail does not come from server.
- Server will not send password recovery e-mail when e-mail address is forgotten.
- The only way is to setup e-mail based password recovery by setting it up ahead of time of forgotten passwords.
- Half of key in e-mail link.
- Half of key on the phone and backed up on server.
- Send password recovery answers to the server. These get hashed before sending. Not actual answers.
- If password recovery answers are correct, server will provide a key to decrypt local data.
- Risk: If an attacker gets access to e-mail (password recovery link) as well as finds out the answers to the password recovery e-mails, then attacker could get access to the funds. What could still prevent the attacker from accessing the funds is 2FA.
- Buy bitcoin without KYC. By using SEPA bank wire or credit card.
- Password reminder: a popup checking to verify the password. If wrong, password can be reset.
First letter big when typing username/password.
Breaking Security Model
- A malicious app update could upload wallet seed to server. But the same argument could be made against any phone wallet such as electrum.
- scrypt takes half second on phone.
- I did not get 2FA disabling request. Even after re-login. How long does that take? Then later after login from new device notifies about 2FA request.
- Could not login without data connection. Bug? "Could not reach auth server: /v2/login" Is this due to 2FA being enabled?
- The phone does not hold the (full) decryption key?
- What if using 2FA and server goes out of business?
- Dump private key feature?
- Dump wallet seed feature?
- Said "data on phone is useless without data from server"?
- server offline cannot login by PIN?
- how much stronger passwords gets by use of scrypt?
- port to argon2?
- username case sensitive?
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)
The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.