nope. All keys are saved in a browser in your localstorage. As you can see in the end of you my article, I am going to write a detail post about exactly this topic :) Stay tuned :)
This is the beauty of public and private key encryption. Any system can validate your signed messages using your public key (i.e. ensuring you used the correct private key), but they don't ever have to have access to your private key to do so. That's why if you lose your private keys, they are lost forever. No one has a backup but you. :)
yes, but how does the private key get sent to steemit, after you input it into the box? This is the part i still don't understand....where does that private key go? To what area inside of the steemit website?
As far as I understand (I may be wrong), it doesn't get sent to Steemit. JavaScript in the browser uses what you input there, runs the appropriate signing algorithm to create signed content and then sends that signed content to Steemit. Steemit then uses the public key to validate the signature. If you're familiar with public and private key encryption and signing / validating signatures, this makes a lot more sense. PGP is a great example and I've used that for a long time so it's familiar to me. I hope that helps. Thanks for asking these questions!
JavaScript in the browser uses what you input there, runs the appropriate signing algorithm to create signed content
yes, this is the specific information I was seeking. thanks. I'm starting to dig into encryption, and how it works. This is good to know because I was a bit paranoid about our keys....why don't we have 2FA on here?
I've brought up the need for 2FA as well. I see the Parity Ethereum wallet has an option for it, so I know it can be done on the blockchain, but it might get tricky. We already have issues with people getting locked out of their accounts. It might be much worse if they lock themselves out by doing 2FA incorrectly and loosing access to their google authenticator, email address, or phone number. Google provides recovery keys, but Parity had an issue with brain wallet recover phrases as well, so if not done right it could actually have the opposite of the intended effect and make things even less secure.
It's complicated stuff. I love how you jump into these topics head first and pound on them until you can create a great piece explaining them simply for everyone. Keep on rocking it.
nope. All keys are saved in a browser in your localstorage. As you can see in the end of you my article, I am going to write a detail post about exactly this topic :) Stay tuned :)
ok i will wait patiently for it. This is the exact thing i want to understand. thank you
This is the beauty of public and private key encryption. Any system can validate your signed messages using your public key (i.e. ensuring you used the correct private key), but they don't ever have to have access to your private key to do so. That's why if you lose your private keys, they are lost forever. No one has a backup but you. :)
yes, but how does the private key get sent to steemit, after you input it into the box? This is the part i still don't understand....where does that private key go? To what area inside of the steemit website?
As far as I understand (I may be wrong), it doesn't get sent to Steemit. JavaScript in the browser uses what you input there, runs the appropriate signing algorithm to create signed content and then sends that signed content to Steemit. Steemit then uses the public key to validate the signature. If you're familiar with public and private key encryption and signing / validating signatures, this makes a lot more sense. PGP is a great example and I've used that for a long time so it's familiar to me. I hope that helps. Thanks for asking these questions!
yes, this is the specific information I was seeking. thanks. I'm starting to dig into encryption, and how it works. This is good to know because I was a bit paranoid about our keys....why don't we have 2FA on here?
I've brought up the need for 2FA as well. I see the Parity Ethereum wallet has an option for it, so I know it can be done on the blockchain, but it might get tricky. We already have issues with people getting locked out of their accounts. It might be much worse if they lock themselves out by doing 2FA incorrectly and loosing access to their google authenticator, email address, or phone number. Google provides recovery keys, but Parity had an issue with brain wallet recover phrases as well, so if not done right it could actually have the opposite of the intended effect and make things even less secure.
It's complicated stuff. I love how you jump into these topics head first and pound on them until you can create a great piece explaining them simply for everyone. Keep on rocking it.