Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Feature - 2 Factor Authentication

Discussion in 'Official Announcements' started by eduffield, Dec 8, 2014.

  1. camosoul

    camosoul Grizzled Member

    Joined:
    Sep 19, 2014
    Messages:
    2,266
    Likes Received:
    1,130
    Trophy Points:
    1,183
    Definitely needs more thought, I'm not liking what I see so far...

    How could 2FA not give away your identity? Won't that defeat the purpose of darksend?

    Why not just learn how to computer? If you're crapping all over your anon in other ways because you can't computer, why are you even bothering to use DRK?

    How far down can you reach to a user without expecting them to at least reach up a little bit? You can't do it all for them all the time... This is the very problem that the OP mentions... You can't fix the problem by creating more of the problem... This encourages people to continue having no clue at all...

    Sounds a lot like welfare... I guess I can tolerate BrainWelfareCoin as long as I don't get forced to use these "features." Maybe I'll hate it less as it solidifies and theory becomes fact...
     
    #61 camosoul, Jan 28, 2015
    Last edited by a moderator: Jan 28, 2015
    • Like Like x 1
  2. HDMI

    HDMI New Member

    Joined:
    Feb 13, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    "Why not just learn how to computer?"

    Great approach if the goal is to keep it a niche product.
     
  3. HowlingMad

    HowlingMad Member

    Joined:
    Jul 12, 2014
    Messages:
    100
    Likes Received:
    23
    Trophy Points:
    68
    moocowmoo, my thoughts exactly. One of the flaws of Trezor is that you are reliant on the website to function. I do own a Trezor and use it on a regular basis, and a requiring a connection to the internet can be problematic.

    Secondly, I have used Authy and Google Authenticator, and bricked my phone. In both instances, I was lucky that I had entered the same keys on my phone and tablet at the same time. It took several days to have websites remove the 2FA and then for me to set it up again.

    From the concept of keeping the keys within the blockchain itself, while a great idea, once set you had better not forget them. The challenge/response keys could be kept locally in the wallet, I imagine.

    Remember that the challenge/response keys change based on time. So the time on the local computer/phone/tablets must be synced to a known time source, such as ntp.org. The challenge/response keys change every 30 seconds and a known verifiable timestamp would have to be included in the transaction. The concept of a hardware key and challenge/response has been around since the early 1990's; so the concept is not new just the implementation.

    The wallet would have to track the time independently from the local hardware,. While having a synced time source from the Internet is fairly reliable, I have had instances with the last year where my phone carrier and the Internet disagreed.

    From Bitcoin Armory, I would like to see the virtual keyboard and printable wallet keys added to the DRK wallet. I did have a keylogger on my computer and the virt keyboard saved me there. The paper key printouts saved me when I had forgotten the passphrase for a infrequently used wallet. Armory, by far, is the best wallet out there for Bitcoin. All of the other wallets should be ashamed to call themselves wallets! LOL

    Currently, for security purposes, I keep several wallets with different passwords. Think of the most frequently used as my checking account, the next frequently used as my savings account, and my off-line sneaker net wallet as my safety deposit box. I purchased an ASUS netbook just for the this purpose, and it never gets connected to the Internet.
     
  4. HowlingMad

    HowlingMad Member

    Joined:
    Jul 12, 2014
    Messages:
    100
    Likes Received:
    23
    Trophy Points:
    68
    HammerHedd, you just hit on a large problem. The 2FA and darksend would be mutually exclusive. You have to know the public key of the sender in order to run 2FA against the transaction.
     
  5. TaoOfSatoshi

    TaoOfSatoshi Grizzled Member

    Joined:
    Jul 15, 2014
    Messages:
    2,745
    Likes Received:
    2,615
    Trophy Points:
    1,183
    Guys, I'm sorry if this has already been brought up, but what if you lose your phone? All coins lost?
     
  6. buster

    buster Guest

    Literally one of the only reasons i continue to pay my phone bill because of all the associated 2fa with it. Sometimes I wonder what i would do If I didn't pay for one month and lost the phone number I use.
     
    • Like Like x 1
  7. camosoul

    camosoul Grizzled Member

    Joined:
    Sep 19, 2014
    Messages:
    2,266
    Likes Received:
    1,130
    Trophy Points:
    1,183
    Get set up on google voice and some VoIP service. I don't pay for cell service anymore. I use open WiFis. No worries about that crap.
     
    • Like Like x 2
  8. camosoul

    camosoul Grizzled Member

    Joined:
    Sep 19, 2014
    Messages:
    2,266
    Likes Received:
    1,130
    Trophy Points:
    1,183
    Eventually, being stupid has to fall out of style...
     
  9. GermanRed+

    GermanRed+ Active Member

    Joined:
    Aug 28, 2014
    Messages:
    299
    Likes Received:
    109
    Trophy Points:
    113
    Whatever we do about OTP, please do not pick something close source and make sure we modify something to ensure that we don't have a plausible rainbow attack. Perhaps, take something simple like orthrus and modify it:

    https://code.google.com/p/orthrus/wiki/ortcalc
     
    • Like Like x 1
  10. crowning

    crowning Well-known Member

    Joined:
    May 29, 2014
    Messages:
    1,428
    Likes Received:
    2,005
    Trophy Points:
    183
    Why it's not good to rely on external services:

    http://sakurity.com/blog/2015/03/15/authy_bypass.html

    :eek:
     
    • Like Like x 2
  11. chatterbox

    chatterbox Well-known Member
    Foundation Member

    Joined:
    Mar 10, 2015
    Messages:
    107
    Likes Received:
    78
    Trophy Points:
    178
    This would be the best feature ever, unless you can add a bread slicer of course. ;)
     
  12. kointrend

    kointrend Member

    Joined:
    Jan 22, 2015
    Messages:
    45
    Likes Received:
    55
    Trophy Points:
    58
    I don't know how the wallet would work, but I saved the QR code image of all my 2FA accesses, just to prevent issues if I lost the phone and to can rescan them.
     
  13. fible1

    fible1 Well-known Member
    Dash Core Team Masternode Owner/Operator

    Joined:
    May 11, 2014
    Messages:
    710
    Likes Received:
    722
    Trophy Points:
    163
    I would love it if we could renew this initiative; perhaps add it to the budget for next month?

    This is a really much needed feature: it is incredibly worrying to try and secure a large amount of coins where there is no 2fa and where alternative wallets which do support enhanced features, like Trezor and Encompass, do not support masternodes, etc.

    Pablo.
     
    • Like Like x 2
  14. AjM

    AjM Well-known Member
    Foundation Member

    Joined:
    Jun 23, 2014
    Messages:
    1,334
    Likes Received:
    571
    Trophy Points:
    283
    And maybe also optional pincode before wallet start, this is whished many times.
     
    • Like Like x 1