Welcome to the Dash Forum!

Please sign up to discuss the most innovative cryptocurrency!

Security of "Average Joe" Wallet

Discussion in 'Development Tech Discussion' started by Acedian, Jul 27, 2017.

  1. Acedian

    Acedian Member

    Joined:
    Mar 17, 2017
    Messages:
    247
    Likes Received:
    71
    Trophy Points:
    88
    Dash Address:
    XeMABbcebB5yeZH2HxsV7yLNJA9hbzMgpz
    I am concerned that as we approach mass adoption Dash theft will hurt our progress.

    What are the developers adding to reduce the risk to user's funds?

    A suggestion I would make is to add additional encryption security similar to VeraCrypt's PIM to user's wallets to help protect users with less secure encryption keys.

    Also, as part of our advertising campaigns, I think people should be informed about the risk of using external wallets.

    Unfortunately there is a lot of scum out there looking to steal whatever they can. Our first priority has to be to protect the vulnerable.
     
  2. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,961
    Likes Received:
    6,735
    Trophy Points:
    1,283
    mass adoption ? where ?

    security
    biggest problem is that people ether do not encrypt their wallet or do so and lose their password as they do NOT use a password manager as suggested
    security is fine - nobody ever lost any coins as of a security breach on wallet encryption level !
    obviously we are adjusting as technology enhances

    3rd part wallets ... as always - inhouse (Dash) wallets are suggested but if people wanna use multicoin wallets as jaxx or whatever u can not stop them !
    (laziness winns - security loses :rolleyes: )
     
  3. Acedian

    Acedian Member

    Joined:
    Mar 17, 2017
    Messages:
    247
    Likes Received:
    71
    Trophy Points:
    88
    Dash Address:
    XeMABbcebB5yeZH2HxsV7yLNJA9hbzMgpz
    Force them to add an encryption key and make a "poor" password safer by implementing updated encryption.

    Force the user to backup the wallet then.

    I don't see this along side advertising campaigns.
     
  4. jimbursch

    jimbursch Active Member

    Joined:
    Mar 5, 2017
    Messages:
    837
    Likes Received:
    499
    Trophy Points:
    133
    Different people have different threat profiles and different use cases. Nobody should be "forced" to do anything. Core's primary responsibility is to secure the network and the protocol for wallet functionality. Once that is done, then the market (including open source projects) can provide education and reputable services built on top of that, including a variety of wallets that address different threat profiles and use cases. Right now the Dash wallet offering is sucky. I think that is going to change dramatically when the DAPI is up and running and devs can start building on it.

    Just my humble opinion.
     
    • Agree Agree x 2
  5. Acedian

    Acedian Member

    Joined:
    Mar 17, 2017
    Messages:
    247
    Likes Received:
    71
    Trophy Points:
    88
    Dash Address:
    XeMABbcebB5yeZH2HxsV7yLNJA9hbzMgpz
    You are forced to use a wallet, in one form or another, if you want to use Dash? You have to have a password for every other account in the world.
    The problems with the current standard of crypto's "optional security" have to be addressed if we want mass adoption.
     
  6. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,961
    Likes Received:
    6,735
    Trophy Points:
    1,283

    the options are in place !
    passwords and security are key - if u do not use it it is up to u !
    u can not enforce any of this same as 2fa - being your own bank brings the responsibility of it - but enforcing is the wrong approach
    users (should be ) old enough to make proper decisions

    remember when that guy did the video about security and encouraged people not to use passwords ;)
    same old
     
  7. Acedian

    Acedian Member

    Joined:
    Mar 17, 2017
    Messages:
    247
    Likes Received:
    71
    Trophy Points:
    88
    Dash Address:
    XeMABbcebB5yeZH2HxsV7yLNJA9hbzMgpz
    People are idiots and need protecting from themselves. They are lazy and stupid.
    This means if you don't make them use the security available they won't.
    They will however bad mouth Dash when they get their Dash stolen.
    If stupid people losing money isn't important to Dash, Dash will fail in it's attempt at greatness.
     
  8. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,961
    Likes Received:
    6,735
    Trophy Points:
    1,283
    and then they lose their password / encryption and are still bitching at us that they lost it themselves !
    chicken - egg - chicken - .... :rolleyes:
     
  9. Acedian

    Acedian Member

    Joined:
    Mar 17, 2017
    Messages:
    247
    Likes Received:
    71
    Trophy Points:
    88
    Dash Address:
    XeMABbcebB5yeZH2HxsV7yLNJA9hbzMgpz
    As they are adding the password you inform them, on no uncertain terms, that if they lose the password no one can help them.
    Alternatively, create a password recovery system. To be a PayPal rival this will be needed. I have no idea how to implement this...
     
  10. tungfa

    tungfa Administrator
    Dash Core Team Foundation Member Masternode Owner/Operator Moderator

    Joined:
    Apr 9, 2014
    Messages:
    8,961
    Likes Received:
    6,735
    Trophy Points:
    1,283
    recovery system will always end up in a centralised way
    and then u are not your 'own back' anymore

    back to chicken and egg and chicken .... :rolleyes:
     
  11. Acedian

    Acedian Member

    Joined:
    Mar 17, 2017
    Messages:
    247
    Likes Received:
    71
    Trophy Points:
    88
    Dash Address:
    XeMABbcebB5yeZH2HxsV7yLNJA9hbzMgpz
    Why does it have to be centralised?