You are viewing a single comment's thread from:
RE: Steemit's Security Values & How Steem Keychain Can Help
I thought that Steemit.com don't store keys and it's client side app.
I have few questions:
- How are my keys stored in keycahin?
- It's been 3 months and no Firefox support yet? When do you plan to do it?
Posted using Partiko Android
It is a client side app. The difference between keychain and what Condenser (Steemit.com) does is that in Condenser the signing code is sent to the client via http, and executed client side. In Keychain the signing code is built into a browser extension. With the code in a http web response, the server could potentially serve malicious code which reads your keys and sends them to the server. It would even be possible to do this selectively. With a browser extension, malicious code would have to be embedded in an update for the extension, and it would likely be quickly detected by the community. Thus having the code which handles keys only in a browser extension is safer than allowing a web app to handle your keys directly, even if it is generally only done client side.
Thank you for explanation :)
That's right, they don't store your keys and everything is done on the client side. The whole point is that since you're putting your key into a site that they control, they can store your keys, and send them to the server-side, but we have to trust that they don't. Even if I trust Steemit, Inc, what if someone hacks into the server hosting steemit.com and edits the code for the log in page to send all keys entered to their server? Thousands of keys (many likely master passwords) would be stolen very quickly.
To answer your questions:
Keys are stored locally, encrypted, in the extension. When using keychain, a website will request that the extension sign and broadcast transactions for it, so that the website never gets access to your keys. If you're concerned that we can access your keys since we created the extension, or that the account publishing the extension could be hacked, that is a valid concern. In that case you can download the extension code from GitHub and install it locally.
Sorry we're not moving as fast as you would like here...We're spending a lot of time and money developing this free tool to help improve and grow the Steem platform. If you would like things to move faster we would be happy for you to pitch in and help out!
Posted using Steeve, an AI-powered Steem interface
Yes, you're right, but here's why Keychain is still a better solution (IMO):
Lastly, aside from the security aspects, it's a really useful tool, especially if you manage multiple Steem accounts. At this point I couldn't imagine using Steem without it.
When you install an extension from the Chrome web store, it simply downloads the files and drops them into a folder for Chrome to access. So yes, you can verify by running a diff on the folder vs. the github. Or download directly from github, skipping the web store.
Thank you for your conversation.
Yaba, how about you spend your time doing something for steem that we really need, if you have all this energy, like running and paying for an instagram campaign to promote steem, and organzie your followers with a trending post to register to post on reddit with you maybe meet in a discord and all upvote and post about steemit... or do it in stealth to avoid getting banned by reddit for brigading.. but come on breaking the reddit rules is so sweet and we can totally take over reddit with our numbers but in a polite way, maybe do a steem,it post once every other day..... hey man
hey man, in the words of @walden ,lets go, lets go mother fucker, huh?
U gonna sell some of ur steem monthsers to us huh? Overpriced SHEET
hah cant u imagine walden sayin that?
#weappreciateyouyabapmatt #samemoon
Thanks for all the work @yabapmatt!!
Thank you :)
If I will have any time, maybe I will take a look into code to see if I can help.
I'm fairly certain you can use Chrome extensions on Firefox. Not positive if this one will work or not.
I tried, didn't work for me.
Dang, that sucks. I just bit the bullet and started using Chrome lol
I ll optimize the extension for Firefox in the near future.
ooj
shouldnt you be using golos? :P dasvidonyetsk
Why?
Posted using Partiko Android