【通读EOS白皮书】账户-04
今年币圈链圈一个重大事件就是:EOS在6.1日正式发布,但是还有非常多的人从未阅读过EOS技术白皮书。在此我准备做一个通读EOS白皮书系列,主要是翻译官方原文并加入个人解释的形式展现,水平有限,欢迎大家讨论交流。
微信公众号:blockd-public
微信号:点击查看
带强制延迟的消息
时间是安全的重要组成部分。在多数情况下,只有私钥被使用过才知道私钥是否被偷。当人们日常使用的应用程序需要把私钥保存在联网的电脑上时,基于时间的安全就更为重要。 EOS.IO 软件可以让应用开发者指明哪些消息必须在消息应用之前等待一个最小的时间周期。在此期间,消息可以取消。
解释:消息可以延迟发送,就好比 短信延迟发送。
当这条消息被广播之后,用户可以通过邮件或短信接到通知。如果他们没有授权,他们可以通过账户恢复流程来恢复账户并收回消息。
解释:一旦账户发了消息,账户就可以通过指定的方式获得通知。
所需的延迟时间取决于操作的敏感程度。付款买一杯咖啡可以没有延迟并且几秒之内就不可逆转,然而买一栋房子也许就需要72小时结算期。整个账户转移控制权可能最多需要30天。具体的延迟时间由应用开发者和用户来选择。
解释:有没有必要使用延迟,要根据使用场景。杀鸡不用牛刀,小事就不要浪费时间。
恢复被偷的密钥
EOS.IO 软件为用户提供了一种当发生密钥被偷之后恢复账户控制权的方法。账户所有者可以在指定的账户恢复好友的批准下使用任意一个最近30天有效的来重置账户的owner
私钥。 账户恢复好友不能在没有账户所有者的帮助下重置账户的控制权。
解释:EOS软件的特色,丢了密钥可以在好友的帮助下找回账户,好比你的微信被别人登录了而且改了密码,这时你可以通过拉上好友申诉重新取回账户。
黑客尝试进行账户恢复流程毫无意义,因为他已经“控制”了这个账户。进一步说,如果他们确实要做这个流程,指定的账户恢复好友也要确定身份信息和多个验证。这样会让黑客在此过程中妥协或一无所获。
解释:黑客为什么在控制账户上做的都是无用功
这个流程与简单的多重签名协议有很大差异。在多重签名协议中,有另一个公司参与到每一笔执行的交易,但是在账户恢复流程中,代理人仅仅是参与恢复流程中的一方,而且无权处理每天的交易。这样大的减少了参与者的成本和法律责任
解释:账户恢复流程的优点。
原文如下
Messages with Mandatory Delay
Time is a critical component of security. In most cases, it is not possible to know if a private key has been stolen until it has been used. Time based security is even more critical when people have applications that require keys be kept on computers connected to the internet for daily use. The EOS.IO software enables application developers to indicate that certain messages must wait a minimum period of time after being included in a block before they can be applied. During this time they can be cancelled.
Users can then receive notice via email or text message when one of these messages is broadcast. If they did not authorize it, then they can use the account recovery process to recover their account and retract the message.
The required delay depends upon how sensitive an operation is. Paying for a coffee can have no delay and be irreversible in seconds, while buying a house may require a 72 hour clearing period. Transferring an entire account to new control may take up to 30 days. The exact delays chosen are up to application developers and users.
Recovery from Stolen Keys
The EOS.IO software provides users a way to restore control of their account when their keys are stolen. An account owner can use any owner key that was active in the last 30 days along with approval from their designated account recovery partner to reset the owner key on their account. The account recovery partner cannot reset control of the account without the help of the owner.
There is nothing for the hacker to gain by attempting to go through the recovery process because they already "control" the account. Furthermore, if they did go through the process, the recovery partner would likely demand identification and multi-factor authentication (phone and email). This would likely compromise the hacker or gain the hacker nothing in the process.
This process is also very different from a simple multi-signature arrangement. With a multi-signature transaction, there is another company that is party to every transaction that is executed, but with the recovery process the agent is only a party to the recovery process and has no power over the day-to-day transactions. This dramatically reduces costs and legal liabilities for everyone involved.
@blockd, steemit上我觉得只需要静静读你的贴就值了~~~
好贴,给你点赞,请继续翻译。
谢谢你