Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

security in evolution

Discussion in 'General Discussion' started by eerygarden, Apr 6, 2017.

  1. eerygarden

    eerygarden New Member

    Joined:
    Feb 13, 2017
    Messages:
    31
    Likes Received:
    2
    Trophy Points:
    8
    I've been thinking about the security in evolution with regards to the username and password and I have a question that I at present do not feel secure about. If evolution is to be accessible from any device via a simple username and password does this mean that anybody who gains access to your username and password will have access to ALL of your funds?

    We have been trained to keep our seed keys offline and we do not type our seed keys in to online machines (at least I don't). Will typing a username and password be the equivalent to typing in your seed key as this strikes me as an insecure way to access all of a users funds?

    Am I missing something and could somebody please help me out with that?
     
  2. Vedran Yoweri

    Vedran Yoweri Active Member

    Joined:
    Apr 29, 2015
    Messages:
    334
    Likes Received:
    152
    Trophy Points:
    113
    True.
    Don't put all your coins in one account you use daily. Keep the mother load in a trezor and or dash-qt wallet. Just like today you have something in your physical wallet and the rest secure at the bank.
     
  3. eerygarden

    eerygarden New Member

    Joined:
    Feb 13, 2017
    Messages:
    31
    Likes Received:
    2
    Trophy Points:
    8
    Ok. I'm familiar with the use of a thin wallet. So evolution is to be used in practice like mycelium? It's just that in the demo there is a "savings account", which suggests otherwise.
     
  4. Vedran Yoweri

    Vedran Yoweri Active Member

    Joined:
    Apr 29, 2015
    Messages:
    334
    Likes Received:
    152
    Trophy Points:
    113
    Yeah, just like a phone wallet right now.
    And, it's being developed in the next 2 years so all security options and possibilities are not known yet.
     
    • Like Like x 1
  5. Vedran Yoweri

    Vedran Yoweri Active Member

    Joined:
    Apr 29, 2015
    Messages:
    334
    Likes Received:
    152
    Trophy Points:
    113
    Actually, there are some nifty security features being envisioned to be build in. I'll try find some info...
     
    • Like Like x 1
  6. Vedran Yoweri

    Vedran Yoweri Active Member

    Joined:
    Apr 29, 2015
    Messages:
    334
    Likes Received:
    152
    Trophy Points:
    113
    Check this amanda speech .
    Maybe just have one "Vault" account in your evolution wallet will be secure enough. We will see.
     
    • Like Like x 1
  7. daf

    daf Active Member

    Joined:
    Oct 18, 2015
    Messages:
    175
    Likes Received:
    127
    Trophy Points:
    103
    How will Evolution handle brute-force attacks, for instance? Is there a way to mitigate them, in a decentralized login system?
     
    • Like Like x 1
  8. Vedran Yoweri

    Vedran Yoweri Active Member

    Joined:
    Apr 29, 2015
    Messages:
    334
    Likes Received:
    152
    Trophy Points:
    113
    I think good passwords and good opsec. Incorrect logons could come with time-outs, just like a trezor i guess.
     
    • Like Like x 1
  9. dashly

    dashly Member

    Joined:
    Mar 5, 2017
    Messages:
    110
    Likes Received:
    44
    Trophy Points:
    78
    Not good enough. Hackers are usually not "guessing"... they know. People use the same passwords over and over on different sites and sites get hacked all the time. There will have to be some form of two factor authentication. You can check to see if your email or username has ever been hacked by searching here... https://haveibeenpwned.com/
     
  10. Vedran Yoweri

    Vedran Yoweri Active Member

    Joined:
    Apr 29, 2015
    Messages:
    334
    Likes Received:
    152
    Trophy Points:
    113
    That's not news dude. I'm sure there will be options for that.
     
  11. lynx

    lynx Active Member

    Joined:
    Dec 11, 2015
    Messages:
    364
    Likes Received:
    250
    Trophy Points:
    133
    Vaults will probably have a different security scheme, like a different HD seed / passphrase / keyfile and timelocks.
     
  12. halso

    halso Active Member

    Joined:
    Apr 27, 2016
    Messages:
    440
    Likes Received:
    236
    Trophy Points:
    113
    U can use finger print security on your phone when using mobile version of evolution.
     
  13. Bridgewater

    Bridgewater Well-known Member
    Foundation Member

    Joined:
    Dec 14, 2014
    Messages:
    183
    Likes Received:
    164
    Trophy Points:
    203
    Fingerprint is very low security. It is more for convenience, and is a bit better than the traditional "slide to unlock." That's why when you set up fingerprint security on the phone, it also forces you to use a real password too, sometimes. But for small amounts/daily use, it would be fine. Just like you're not going to keep many thousands of USD in your physical wallet in your jeans pocket.