A Solution to Consolidate Bitshares 2 Wallet Login Types

in #bitshares7 years ago

The Bitshares GUI wallet currently has 2 types of logins that operate 2 differnt wallet types. It is a cause of confusion and one source of constant password and login issues. I propose here that it is not necessary. Only a single wallet type is required. A user should never have to "switch" wallet types.

The Givens

The Cloud wallet derives private keys from the password.
The Local wallet gets private keys from an encrypted local file.

Either way you are loging in with your private-keys.

After obtaining the private key they operate in exactly the same way.
There's clearly no reason to seperate into two different wallet types after this point.

Unifying the Two Types

The only function a local wallet has that a cloud wallet doesn't is storing multiple accounts keys.

It is possible to unify the 2 types, while retaining all the vaious functions like multiple accounts, login from anywhere, backup files, etc while still maintaining the same levels of security we offer now.

Bringing the two types together is fairly simple in design, I don't know how difficult the actual code changes would be.

A user would be given a login window. Username and Password. The password can be either the private key for the account or the password from which the keys are derived(same as current cloud login).

Within any account you have what I'm calling a Key-Ring, or Key-File, or just simply a backup file. For a single account this is just a list of that accounts private keys. The Key-Ring can be downloaded(backup) and encrypted with a password of their choice. This isn't really necessary if you only have 1 account and have the password but the function is there anyway if someone has a use for it. Maybe for offline storage with simplified password, unencrypted or maybe a brain-key.

Loging in with the password or private key is the equivalent of the cloud-wallet-login. Access from anywhere.

For the local wallet I propose a simple button in the field for username that allows you to select a Key-File (key-ring , backup). The user then enters the encryption password for the key-file. The first set of keys found can work as the active account while the remaining keys can be easily switched to from a menu item(like we have now in local wallet).

A user would be able to add and remove accounts from their key-ring(backup) file whenever they want. As well as create and save any number of different key-files containing the accounts of their choosing.

Security

Currently the cloud wallet auto generates a password that is roughly equivalent in difficulty to brute-force as the private-key itself. No change is necessary here so a single account retains the same level of security as we have now.

The local wallet we have now is just an encrypted file containing the private keys for the various accounts. This is no different than the proposed Key-File(backup). The Key-File can be just as secure as an individual account depending on the strength of the encryption password used. The local file is also secured by the fact that it is not a public file on the internet and only the user should ideally have access to it. I want to point out that logging in with a key-file is not necessarily more secure than logging in with the generated password or private-key. As all accounts are subject to brute-force against the private keys. The file isn't necessary for this. The keys and generated passwords are long enough though, that this kind of attack should be impossible.

Switching accounts

The current Local Wallet enjoys the ability to hold multiple accounts and can switch between them easily without having to supply a new password. The proposed model would have exactly the same feature. Supplying the password for the Key-File gives access to all the keys for the multiple accounts within.

Do you see any problems with the above rough outline for a consolidated login/wallet ?
Please let me know in the comments.
I appreciate any feedback, suggestions, and criticism.

Thanks.
-Xel

Sort:  

hey man,

pardon the off-topic comment…

I made a post today regarding a large-scale idea to advance Steem’s development, am aiming to get this in front of the audience who’d be in the position to do something with/about it, and it was recommended to share with the witnesses (hence, this):


The $1 Billion Steem Development Fund: How Steemit Inc.'s Stake Could Be Best Allocated To Grow A Thriving Network Of Applications And Users...

would be cool if you could have a read, and IF you feel it’d be a great idea that’d serve the community, forward to anyone in particular you know who might be in a position of influence to advance the discussion.

either way, your continued service to this (and the Bitshares) community is appreciated. 🙏

cheers,

Rok

Thank you for posting @xeldal.

Your proposal is sound and would likely correct the confusion.

It is a bit disconcerting to see the options appear on the page and then one wonders...am I doing this right?....I still do not know if I am using it correctly however as long as one can trade...everything must be alright...at least one hopes so.

Thank you for your service.

Wishing you and yours a Happy Christmas.

Cheers.

I did in Italian a video guide how to use bitshares, I'm thinking in the future to build a complete series guide how to use this amazing exchange's platform. Is completely in Italian and also, is an unique guide at this moment. Fell free to watch it ;)

https://steemit.com/steemit/@zaragast/bitshares-exchanger-decentralizzato

Constant support for each other

Hi @xeldal, Trust you are well? I am just wondering what it will take for me to get on your autovoter like the other creators you support? I have been a daily content creator for the last year, doing at least 3 posts a day (dtube, steemhunt, steempress) and I have made a considerable progress for my account. I am currently seeking support to help meet my SP goals for the year and I truly believe you could hold my hand in this journey . Please put me into consideration,
<3 Elsie.

I'm grateful to be here with you in this community, and I hope we'll always be helpful.
And we support each other with love and appreciation

Hi @xeldal, seeing that you are still randomly upvoting I thought to use that chance and try to reach you.

@stef1 account is active since 2017 and we continuously keep going and supporting Visual Art.

After being one year we decided to create a project that is supporting Artists and Photographers as they are people who create beauty but usually receive little for their works. Since then we open separate account @art-venture and upvoting Artists, running contests and Showcases when we donate the payout to Artists.

We used to have support of @kpine and @steempress but both of them gone, we still have our supporter @xpilar and luckily since June 20 we also being given the Community Curator account from Steemit Inc. @steemcurator08 with 200K SP, that we are using to support Visual Artists.

Unfortunately from August Steemit we will not have support of Steemit Inc for Art, that means we have only our accounts. @stef1 and @art-venture

I was wondering if you would mind to visit them and see what we are doing. It would be great if you could either delegate your Steem Power to us so that we would be able to keep curation or if you would be supporting our two accounts.

Cheers, @stef1

Constant support for each other @lfgiaa

Please good morning
We invite you to support our new çommunity SteemPetLovers

https://steemit.com/@hive-168194

Hoping to see you

You are doing a good job.

I have read through and I am enlightened on Bitshare exchange.*

The Key-File can be just as secure as an individual account depending on the strength of the encryption password used. The local file is also secured by the fact that it is not a public file on the internet and only the user should ideally have access to it.

Its' decentralized and that makes it safe 
 to invest.
 Keep on with the hard work.🙏

Coin Marketplace

STEEM 0.26
TRX 0.20
JST 0.038
BTC 95102.79
ETH 3574.19
USDT 1.00
SBD 3.81