• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Feature - 2 Factor Authentication

Definitely needs more thought, I'm not liking what I see so far...

How could 2FA not give away your identity? Won't that defeat the purpose of darksend?

Why not just learn how to computer? If you're crapping all over your anon in other ways because you can't computer, why are you even bothering to use DRK?

How far down can you reach to a user without expecting them to at least reach up a little bit? You can't do it all for them all the time... This is the very problem that the OP mentions... You can't fix the problem by creating more of the problem... This encourages people to continue having no clue at all...

Sounds a lot like welfare... I guess I can tolerate BrainWelfareCoin as long as I don't get forced to use these "features." Maybe I'll hate it less as it solidifies and theory becomes fact...
 
Last edited by a moderator:
"Why not just learn how to computer?"

Great approach if the goal is to keep it a niche product.
 
Modifying trezor's firmware to support darkcoin is trivial.
Getting that firmware to install on a trezor without enabling developer mode would require the cooperation of satoshilabs.
(Only they can generate a signature for the new firmware that a trezor will accept.)
Then mytrezor.com would have to be forked/updated.

But, I suspect that satoshilabs is going to implement BIP44 eventually. This would enable support for any coin type.
moocowmoo, my thoughts exactly. One of the flaws of Trezor is that you are reliant on the website to function. I do own a Trezor and use it on a regular basis, and a requiring a connection to the internet can be problematic.

Secondly, I have used Authy and Google Authenticator, and bricked my phone. In both instances, I was lucky that I had entered the same keys on my phone and tablet at the same time. It took several days to have websites remove the 2FA and then for me to set it up again.

From the concept of keeping the keys within the blockchain itself, while a great idea, once set you had better not forget them. The challenge/response keys could be kept locally in the wallet, I imagine.

Remember that the challenge/response keys change based on time. So the time on the local computer/phone/tablets must be synced to a known time source, such as ntp.org. The challenge/response keys change every 30 seconds and a known verifiable timestamp would have to be included in the transaction. The concept of a hardware key and challenge/response has been around since the early 1990's; so the concept is not new just the implementation.

The wallet would have to track the time independently from the local hardware,. While having a synced time source from the Internet is fairly reliable, I have had instances with the last year where my phone carrier and the Internet disagreed.

From Bitcoin Armory, I would like to see the virtual keyboard and printable wallet keys added to the DRK wallet. I did have a keylogger on my computer and the virt keyboard saved me there. The paper key printouts saved me when I had forgotten the passphrase for a infrequently used wallet. Armory, by far, is the best wallet out there for Bitcoin. All of the other wallets should be ashamed to call themselves wallets! LOL

Currently, for security purposes, I keep several wallets with different passwords. Think of the most frequently used as my checking account, the next frequently used as my savings account, and my off-line sneaker net wallet as my safety deposit box. I purchased an ASUS netbook just for the this purpose, and it never gets connected to the Internet.
 
Simply logging in to your wallet and having that login be verified by a third party server creates a time signature that could then be matched to any transactions you make. although Darksend mitigates this to an extent, if I know you logged on to your wallet at 0711 UTC and then I see a bunch of darksend transactions for the next 4 minutes,
HammerHedd, you just hit on a large problem. The 2FA and darksend would be mutually exclusive. You have to know the public key of the sender in order to run 2FA against the transaction.
 
Guys, I'm sorry if this has already been brought up, but what if you lose your phone? All coins lost?
Literally one of the only reasons i continue to pay my phone bill because of all the associated 2fa with it. Sometimes I wonder what i would do If I didn't pay for one month and lost the phone number I use.
 
Literally one of the only reasons i continue to pay my phone bill because of all the associated 2fa with it. Sometimes I wonder what i would do If I didn't pay for one month and lost the phone number I use.
Get set up on google voice and some VoIP service. I don't pay for cell service anymore. I use open WiFis. No worries about that crap.
 
Guys, I'm sorry if this has already been brought up, but what if you lose your phone? All coins lost?
I don't know how the wallet would work, but I saved the QR code image of all my 2FA accesses, just to prevent issues if I lost the phone and to can rescan them.
 
I would love it if we could renew this initiative; perhaps add it to the budget for next month?

This is a really much needed feature: it is incredibly worrying to try and secure a large amount of coins where there is no 2fa and where alternative wallets which do support enhanced features, like Trezor and Encompass, do not support masternodes, etc.

Pablo.
 
And maybe also optional pincode before wallet start, this is whished many times.
 
Back
Top