Actions

Edge Security Model

From Whonix



UNFINISHED

Based on this video [archive]. Not based on reviewing the source code.

Untrusted Server Security Model[edit]

Summary[edit]

  • The server does not have cleartext data.
  • The server has only encrypted data.
  • The phone has only encrypted data.
  • The phone does not hold the (full) decryption key?
  • The server rate limits login attempts.

Basic Operation[edit]

How is it possible to use the same password for local encryption as well as for login to the remote server? Doesn't this mean that the password could learn the username and password to decrypt the local wallet? No. By using scrypt.

  • username / password -> scrypt -> set of parameters "local-encryption" -> local encryption key on phone
  • username / password -> scrypt -> set of parameters "server-login" -> authenticate with server

Compromised Server Risk[edit]

  • Compromised server can do nothing since it does not have data from phone. Has only encrypted data. Does not hold decryption key.
  • Server cannot link accounts to personal data (user name, e-mail, phone number, public address) since HMAC is used on phone before sending to server.

Server Offline Risk[edit]

What happens if server is offline?

  • new users can sign-up: no
  • existing users can access wallet from existing phone: yes
  • existing users can access wallet from new phone: no
  • receive funds: yes
  • spend funds: yes
  • can still login using fingerprint or password, also called offline login

Could not login without data connection. Bug?

Could not reach auth server: /v2/login

Is this due to 2FA being enabled?

Backup Less Two-factor authentication 2FA[edit]

  • When another device wants to login, an existing device needs to scan QR code. or provide authentication code.
  • No need to enter 6 digits one time password (OTP).
  • 2FA backup code is optional.
  • If there are no other devices that could be used to validate 2FA then 2FA can be requested to be disabled which takes one week.
  • Similar to telegram / signal network re-registration lock.

Fingerprint Login[edit]

Optional. Phone security protects a key. That key is used to decrypt another key on phone which is then used to authenticate to the server which then sends the key to decrypt the data.

PIN Login[edit]

Optional. PIN code + HMAC (on phone) -> server sends back a key which allows to decrypt the data. Server can rate limit PIN entries. Have to wait exponentioally longer. 1 second, two seconds, 4 seconds, 8 seconds, etc.

PIN are more secure legally. Since fingerprints can be compelled but PIN codes often cannot compelled.

PIN login / fingerprint is just a shortcut to let the phone access the encrypted data. Depending on phone security. Usability feature since typing the password every time is too tiresome.

E-Mail based Passsword Recovery with Untrusted Server[edit]

  • E-mail based password recovery is optional. The user is not forced to set it up.
  • App will send password recovery e-mail from your e-mail account to your e-mail account.
  • Password recovery e-mail does not come from server.
  • Server will not send password recovery e-mail when e-mail address is forgotten.
  • The only way is to setup e-mail based password recovery by setting it up ahead of time of forgotten passwords.
  • Half of key in e-mail link.
  • Half of key on the phone and backed up on server.
  • Send password recovery answers to the server. These get hashed before sending. Not actual answers.
  • If password recovery answers are correct, server will provide a key to decrypt local data.
  • Risk: If an attacker gets access to e-mail (password recovery link) as well as finds out the answers to the password recovery e-mails, then attacker could get access to the funds. What could still prevent the attacker from accessing the funds is 2FA.

Features[edit]

  • Buy bitcoin without KYC. By using SEPA bank wire or credit card.
  • Password reminder: a popup checking to verify the password. If wrong, password can be reset.

Usability Issues[edit]

First letter big when typing username/password.

Breaking Security Model[edit]

  • A malicious app update could upload wallet seed to server. But the same argument could be made against any phone wallet such as electrum.

Miscellaneous[edit]

  • scrypt takes half second on phone.

Bug[edit]

  • I did not get 2FA disabling request. Even after re-login. How long does that take? Then later after login from new device notifies about 2FA request.
  • Could not login without data connection. Bug? "Could not reach auth server: /v2/login" Is this due to 2FA being enabled?

Questions[edit]

  • The phone does not hold the (full) decryption key?
  • What if using 2FA and server goes out of business?
  • Dump private key feature?
  • Dump wallet seed feature?
  • Said "data on phone is useless without data from server"?
  • server offline cannot login by PIN?
  • how much stronger passwords gets by use of scrypt?
  • port to argon2?
  • username case sensitive?

Footnotes[edit]



Fosshost is sponsors Kicksecure ™ stage server 100px
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki


Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contribute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png Iconfinder Apple Mail 2697658.png Reddit.jpg Hacker.news.jpg 200px-Mastodon Logotype (Simple).svg.png

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.