Actions

Edge Security Model

From Whonix



UNFINISHED

Based on this video [archive]. Not based on reviewing the source code.

Untrusted Server Security Model[edit]

Summary[edit]

  • The server does not have cleartext data.
  • The server has only encrypted data.
  • The phone has only encrypted data.
  • The phone does not hold the (full) decryption key?
  • The server rate limits login attempts.

Basic Operation[edit]

How is it possible to use the same password for local encryption as well as for login to the remote server? Doesn't this mean that the password could learn the username and password to decrypt the local wallet? No. By using scrypt.

  • username / password -> scrypt -> set of parameters "local-encryption" -> local encryption key on phone
  • username / password -> scrypt -> set of parameters "server-login" -> authenticate with server

Compromised Server Risk[edit]

  • Compromised server can do nothing since it does not have data from phone. Has only encrypted data. Does not hold decryption key.
  • Server cannot link accounts to personal data (user name, e-mail, phone number, public address) since HMAC is used on phone before sending to server.

Server Offline Risk[edit]

What happens if server is offline?

  • new users can sign-up: no
  • existing users can access wallet from existing phone: yes
  • existing users can access wallet from new phone: no
  • receive funds: yes
  • spend funds: yes
  • can still login using fingerprint or password, also called offline login

Could not login without data connection. Bug?

Could not reach auth server: /v2/login

Is this due to 2FA being enabled?

Backup Less Two-factor authentication 2FA[edit]

  • When another device wants to login, an existing device needs to scan QR code. or provide authentication code.
  • No need to enter 6 digits one time password (OTP).
  • 2FA backup code is optional.
  • If there are no other devices that could be used to validate 2FA then 2FA can be requested to be disabled which takes one week.
  • Similar to telegram / signal network re-registration lock.

Fingerprint Login[edit]

Optional. Phone security protects a key. That key is used to decrypt another key on phone which is then used to authenticate to the server which then sends the key to decrypt the data.

PIN Login[edit]

Optional. PIN code + HMAC (on phone) -> server sends back a key which allows to decrypt the data. Server can rate limit PIN entries. Have to wait exponentioally longer. 1 second, two seconds, 4 seconds, 8 seconds, etc.

PIN are more secure legally. Since fingerprints can be compelled but PIN codes often cannot compelled.

PIN login / fingerprint is just a shortcut to let the phone access the encrypted data. Depending on phone security. Usability feature since typing the password every time is too tiresome.

E-Mail based Passsword Recovery with Untrusted Server[edit]

  • E-mail based password recovery is optional. The user is not forced to set it up.
  • App will send password recovery e-mail from your e-mail account to your e-mail account.
  • Password recovery e-mail does not come from server.
  • Server will not send password recovery e-mail when e-mail address is forgotten.
  • The only way is to setup e-mail based password recovery by setting it up ahead of time of forgotten passwords.
  • Half of key in e-mail link.
  • Half of key on the phone and backed up on server.
  • Send password recovery answers to the server. These get hashed before sending. Not actual answers.
  • If password recovery answers are correct, server will provide a key to decrypt local data.
  • Risk: If an attacker gets access to e-mail (password recovery link) as well as finds out the answers to the password recovery e-mails, then attacker could get access to the funds. What could still prevent the attacker from accessing the funds is 2FA.

Features[edit]

  • Buy bitcoin without KYC. By using SEPA bank wire or credit card.
  • Password reminder: a popup checking to verify the password. If wrong, password can be reset.

Usability Issues[edit]

First letter big when typing username/password.

Breaking Security Model[edit]

  • A malicious app update could upload wallet seed to server. But the same argument could be made against any phone wallet such as electrum.

Miscellaneous[edit]

  • scrypt takes half second on phone.

Bug[edit]

  • I did not get 2FA disabling request. Even after re-login. How long does that take? Then later after login from new device notifies about 2FA request.
  • Could not login without data connection. Bug? "Could not reach auth server: /v2/login" Is this due to 2FA being enabled?

Questions[edit]

  • The phone does not hold the (full) decryption key?
  • What if using 2FA and server goes out of business?
  • Dump private key feature?
  • Dump wallet seed feature?
  • Said "data on phone is useless without data from server"?
  • server offline cannot login by PIN?
  • how much stronger passwords gets by use of scrypt?
  • port to argon2?
  • username case sensitive?

Footnotes[edit]



Search engines: YaCy | Qwant | ecosia | MetaGer | peekier


Follow: Twitter.png Facebook.png 1280px-Gab text logo.svg.png Iconfinder news 18421.png Rss.png Matrix logo.svg.png 1024px-Telegram 2019 Logo.svg.png Discourse logo.svg Reddit.jpg Diaspora.png Gnusocial.png Mewe.png 500px-Tumblr Wordmark.svg.png Iconfinder youtube 317714.png 200px-Minds logo.svg.png 200px-Mastodon Logotype (Simple).svg.png 200px-LinkedIn Logo 2013.svg.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contriute

Whonix donate bitcoin.png Monero donate whonix.png United Federation of Planets 1000px.png

Share: Twitter | Facebook

Check out the Whonix News Blog [archive].

https link onion link

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.

Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)

Whonix ™ is a derivative of and not affiliated with Debian [archive]. Debian is a registered trademark [archive] owned by Software in the Public Interest, Inc [archive].

Whonix ™ is produced independently from the Tor® [archive] anonymity software and carries no guarantee from The Tor Project [archive] about quality, suitability or anything else.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix ™ is provided by ENCRYPTED SUPPORT LP. See Imprint, Contact.