Hive blockchain offers one of the best wallet features and security in the crypto space. Hive wallets let users create human readable account names, and offers fast and fee-less asset transfers. Every Hive wallet comes with several private keys dedicated for separate functions to provide extra security for the Hive users.
There are four separate private keys that can only be used for their dedicated functions to interact with the Hive blockchain. They are posting key, active key, memo key, and the owner key. And there is a master key that can be used for all functions. Those who prefer to use Hive security features to the fullest, always avoid using master key and keep owner key offline. And only use dedicated keys for their intended purpose.
Hive wallet and its private keys are good as they are. However, I do believe there can be some improvements made to increase security and make them even more user friendly.
Private Memo Key
I believe memo key is not used much. Its purpose is to read encrypted messages in the transfers and also to send encrypted messages with transfers. I think there is no need for a separate key for this function. Adding these functions to an Active Private Key can improve user experience.
When sending an encrypted memo one needs to use both memo key and active key. If active key could perform this function there would be no need for memo key.
Memo private is rarely used and account owners may miss or not see encrypted messages sent to them depending on how Apps handle displaying encrypted messages.
So, I would remove memo private key completely and add its functions to the active key.
Private Active Key
Active private key has many functions like transferring assets, power up and down HP, HBD conversion, place orders on the internal exchange, create new accounts, and also voting for witnesses and DHF proposals. These are too many functions for one key.
To make Hive wallet more secure I would suggest removing ability of signing transactions to power down and transfer assets from Savings to Liquid from private active key.
Powering up and keeping assets in Savings give extra protection for wallet owners. Power downs take three months, and moving assets from savings to liquid take three days. These actions are used rarely, and only when the owner needs to withdraw or use liquid funds.
Creating a new private key, let's call it Withdraw Key and letting only this key authorize power downs and transferring funds from savings can give extra layer of security and peace of mind for the owners.
This may also help with decreasing power down time in the future.
Let's say some unauthorized user gains access to private active key. Since my funds are main in HP and Savings, they wouldn't be able to transfer anything significant out of my wallet.
What if they get access to my private withdraw key? This would allow them to move my assets from savings to liquid or power down HP. But they won't be able to transfer the assets anywhere else without the private active key.
In such situation, even if the HP power down was instant, they still can't move the funds out of the wallet. But power downs don't have to be instant. Maybe lowering to a week or three days can be more reasonable. So that there is still some delay to alert the owner if there is some malicious activity is detected.
I have no skills, knowledge or ability to know how difficult it would be to implement such changes. Of course any changes to the wallet and keys should be done with careful consideration and by the blockchain wizards who fully understand how Hive works. These were just some of my thoughts that in my opinion can make the Hive wallet better.
What do you think? What would you change/improve about Hive wallet? Let me know in the comments. Also, feel free to let me know if you think these are bad ideas and why. I always interested to learn more about Hive wallet.
Posted Using LeoFinance Beta
I think it's the ultimate role of a wallet to deal with it, fortunately all those leaked memo keys weren't active otherwise with every such leak it would end up with assets loss.
Master Password isn't actually a key and it doesn't exist on the blockchain. It's used to simplify (sic! ;-) ) situation with keys - they are derived from it when needed (as long as user does that consistently, otherwise it can get "out of sync" with keys)
For powerdown timelock - discussed frequently and over and over again, there's an important security related issue - it is extremely important for governance (so bad actor can't get it with bags of $, make a mess and then cash out quickly before the world realize the damage - with time lock, they would have to deal with consequences for governance actions with their own assets)
When it comes to keys, one thing to consider is to allow more granular, user defined permissions for the keys, but that have a lot of caveats.
Hi Wizard!
I think memo key leaks were due to input field sharing the same name when transferring funds, and apps not warning about the potential key leaks. Now I think things are a lot better. But memo key is still confusing.
Regarding a scenario when bad actors try to do something undesirable with governance, aren't that kind of situations already mitigated with 1 month wait period before the ability to influence governance after powering up?
What do you think about a new Withdraw Key, not for decreasing power down time purposes, but to add extra security? So that if active keys are leaked assets as HP and in Savings can remain secure.
Thank you!
Yes, it's mitigated now because you need 30 days to gain full governance capabilities with newly acquired stake, and then, you need 13 weeks of powerdown to exit. Reducing power down will also reduce second half of time-lock protection (i.e. exit after messing up).
Re: extra key roles, if we are going to change something there I would be for adding custom granular permission (then if you need "withdraw key" you can define it yourself.
I didn't know custom granular permission would be possible. Something like that would be great. Thank you Wizard!
kindly vote me plz
I think those are some valid suggestions. I think I have only used my memo key once and then I never touched it ever again. In fact, I had to go look for my memo key since I didn't need to use it. I haven't used it ever since that one time.
As for the private withdraw key, I think it might be confusing to people. HIVE keys are already confusing towards the general user and I am not sure about making it more complicated. I do agree that it would be more secure though.
Posted Using LeoFinance Beta
Maybe better naming can help make it less confusing.
Interesting proposal(s).
I never understood the point of the memo key lol. The withdrawal key is an interesting idea.
I think the memo key can have myriads of uses that future apps can utilize. Even if not widely used now. I don't necessarily perceive it as making things more user-unfriendly. But that's just me. I do however see how all sorts of functionalities can be built with memos (like emails, messaging, etc.) and it would be good to have a separate key for that, it would really enable those functionalities to be done well and securely.
The active key I associate with the ability to move funds and participate in governance. This seems easy enough to remember. I would find it hard to remember if we divided these two functions into subfunctions and had different keys for them - which key was for what again?
That was my point with removing memo key, too many keys. Even if apps utilize memo key, there is still a need for active key to be used when using memo for transfers.
Hmm, you mean that you need an active key (as well as a memo key) to send a memo? Is that because because you can't send a memo without it also being a transfer (of say 0.001 Hive)?
I don't know why, but yes that's how it works.
I normally sign in with a memo key and then make a transfer, then it asks me for an active key.
IMO the key is not used much today, can change in the future, so it would improve nothing IMO to remove it and have less options with active key only.
But autoencrypt all memes would be IMO a benefit. So if someone transfers funds to some place and use the active key for memo, it will not have instant negative results. It can be changed if the receiver is not faster.
Would save some funds from newcomer IMO.
I had the same idea with the withdrawal key in the past and put it into a proposal :D nobody cares, i think it makes hive to complex :)
Can the reason for memo key not being used much be that it may be too complicated to use in combination with active key?
Messages being encrypted by default is interesting. Maybe some kind of toggle in the ui/apps could help. Sometimes there is a need for public messages for transperancy.
default encrypt with the option to the public. Simple change # = public :D
I think this post is a good guide for new comers as well as experienced users. Those four keys can prevent accounts from being stolen/hacked. If there was only one key or password, there could be security flaw.
Thanks for the useful post.
Actually, I am really lost as of the moment. I just cant believe that splinterlands has this kind of massive world aside from card gaming. It is mind blowing as well as exhausting
Hive is a big network of various apps and communities. Welcome!
Compared to MetaMask, Hive wallet is really good secured.
Any more additional improvements are welcome!
I agree.
Hive to the world, the best blockchain ever and am very happy to be part of this platform in the sense that, it is more secure, reliable, transaction zero fee, I mean this is really awesome and I really appreciate the effort of everyone here trying to improve the blockchain and everyone contribution in making hive a better place and a wonderful family to be.
I think HiveWallet is complete (for now).
!ESPIZZA
¡@geekgirl! Te he enviado un trozo de $PIZZA de parte de @zonadigital21.
Más información sobre la ficha de $PIZZA at hive.pizza (4/10)
PIZZA Holders sent $PIZZA tips in this post's comments:
@zonadigital21(5/10) tipped @geekgirl (x1)
You can now send $PIZZA tips in Discord via tip.cc!
~~~ embed:1463574859229896705 twitter metadata:SGl2ZWJ1bGx8fGh0dHBzOi8vdHdpdHRlci5jb20vSGl2ZWJ1bGwvc3RhdHVzLzE0NjM1NzQ4NTkyMjk4OTY3MDV8 ~~~
The rewards earned on this comment will go directly to the person sharing the post on Twitter as long as they are registered with @poshtoken. Sign up at https://hiveposh.com.