You are viewing a single comment's thread from:

RE: Hive Keychain Independent Audit Proposal

in LeoFinance3 years ago

Good proposal.

Some questions:

Does it include the mobile version? ( i don't use, but i expect some do).

Is the reference worth something? So can we tell it is reviewed and safu? Like the Defi protocols?

And IMO Keychain was simple in most parts ( from key storage). I think transactions and things like that can be easier manipulated. But keys should be safe because is open source and on the browser (local) pretty decentral.

If a website can access it, it must be also encrypted. I think the most easy scam is, you post something and the website sends a transfer massage. Missclick = lost funds (if active is in it).

And does it really help? I ask because of updates.

Today safe, it doesn't mean after someone accesses Mozilla or google account, it can not change.

Most Apps on those stores become problems ( from security) after the owner changes/updates.

Posted Using LeoFinance Beta

Sort:  

Does it include the mobile version?

No, I don’t think it’s open source but not 100% sure. I also have no way of confirming what code is running on the device.

Ok,

I see the biggest risk in updates and not in the current code. Only manual no update installations are safu IMO.

But that is really unrealistic for everyone :)

The mobile version is 100% open source and can be found at https://github.com/stoodkev/hive-keychain-mobile

I suspected it may be, but I honestly didn't check as the user base is much smaller than the browser extension and there is no way to know for sure what version is running.