In the wake of the recent XSS attack on Steemit.com, which compromised many users' accounts and funds, I am excited to introduce Steem Pressure, an app which secures your Steem account by changing your keys so that the Steemit.com website no longer controls them. In the following video, I explain exactly how Steem Pressure secures your account, and how to use it.
[Edit] Much love to @keepdoodling who made this awesome pic for me. It'll make a fine thumbnail for the streem. Be sure and upvote his comment below!
Steem Pressure is currently in beta! I do not yet recommend trusting it solely with your private keys -- it would be wise to keep at least the owner key backed up separately (or based on a secure key recovery phrase you can remember).
Also, Steem Pressure is a very raw app at this point. I have not dedicated much time to adding features or making it look better or finding and fixing all the bugs; right now I am more interested in whether anyone other than me will find this app useful. I welcome feedback and feature requests. Some features I am considering adding in the future include:
- Multisig support; having more than one key (or even other accounts!) control an account
- Forgotten password recovery
- Encrypted messaging
- Mobile apps
Eventually, I would like to provide binaries for Windows and Mac, but for now I can only provide Mac binaries as, after many days of failed attempts, I am still unable to build Steem on Windows. If anyone can provide me with some insight as to how to make Visual Studio compile standards-compliant C++, I would be grateful.
Until then, the source code is available on Github and Mac binaries are available in the releases section.
[Edit] I forgot to mention, it builds and runs on Linux fine too, but it's so easy on Linux that it seems silly to make binaries. If there's a lot of demand for Linux binaries, though, I can do that too!
Want to Earn Some Steem Dollars?
I will pay SBD for any contributions I utilize, be they pull requests, documentation, better UI/UX designs, a killer icon for the app, or anything else you can think of. All contributions must be open source/copyleft for consideration.
Please make issues on Github for feature requests :)
I don't get all the tech stuff yet, but I should definitely try this app just because of your beard! Respect, man. Growing one of my own right now :)
I don't really have much voting power to make any change, so I made you this doodle instead :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
@Dev @Dan
#Dev #Dan
Limit the input characters
The first thing to do is limit the characters that a user can enter in the fields
text. For example, if we have a field to enter the user's name, we will not leave it open
so that they can enter any number of characters, but we will limit such
20 or 30 characters. to limit the number of characters, we can use the variable "maxlength" that
It provides the HTML standard.
Sanitize data
When we talk about cleaning up the data, we are referring to stay only with the information
we are interested in removing the HTML tags that can be included in a text box.by
example, if you are storing the name of a person, little good is that the user enter
bold, because all we want is his name.
To achieve this cleaning, we can use the "strip_tags" function
Escaping data
To protect data and display as the user entered them, should "escape" the data to
present them to the user. That is, characters to be represented by HTML entities if desired
preserve its meaning (eg double quotes must transform & quot; which is as
It represents HTML).with this we prevent the browser to execute and evaluate the code.
To accomplish this, we can use the "htmlspecialchars" function
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Still trying to figure all the tech details - writing, politics, homeschooling, business - my forte. I am trying out STEEMIT due to Jeff Berwick's advice however when I read tech posts, it is like I am back in 2nd grade. Nonetheless thank you for the information and I will continue to try figuring everything out here.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This is great, thanks! I made this the thumbnail for the post.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Wow! Really glad you like it! :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks @modprobe for making this important tool and @keepdoodling for the clever doodle :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Yeah agree with you..... I will see and try this app :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Great info!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks~👍
Great!!!!!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Wisdom has tackled something that is feared
As usual this wisdom comes from a guy with a beard
He is coding on steempressure and coding it fast
Making these security issues a thing of the past
Give him your up vote and give him a yell
Then run to the streets and find others to tell
Bring them here to this wonderful steem
And swim in this freedom, and monetary stream
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
lol.. i see what you did there.... :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I have some concerns.
So let me get this right.
Okay, call me paranoid, but here is the deal (no offense, just apply some common sense)
This might be the greatest volunteer effort which makes Steemit safer or the biggest scam which will harvest all the valuables for everyone who uses it. (or somewhere in-between).
So my advice to EVERYONE is to beware. Think critically. Understand if you launch an application, you are exposing your system and data. If you give your Private key you are granting your permissions and identity. If you give you Password, you are relinquishing all control, potentially now and forever! Think before you act.
All respect @modprobe. Nothing personal. Just concerned about security as well.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Regarding the first item on your list, the DAO code was audited by very famous and respectable company and what is the result? I think the fact that it is open-source is enough, just because you can check it by yourself and decide to use it or not.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Nope, I don't. I don't care if you use my app. I made this app because it would be useful to me, and I figured it would be useful to others as well (and the beta announcement got a $7k valuation, which is a nice incentive as well). I make no promises that it won't lose your keys, send your keys to Voldemort, steal your money, or set your cat on fire. I don't think it will do those things, but you've got to decide for yourself whether you want to accept that risk. And frankly, it makes little difference to me.
Best wishes! :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Fair enough!
But would you consider opening up your code for a security and vulnerability review, having the Steemit devs (attn: @dantheman @pharesim @xeroc @theroetical) inspect it for potential inclusion into the overarching feature toolset, or at the very least have them sanction this tools as secure and recommended for the Steem community?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Certainly! The code is on Github, and there's a link to the repo in the OP. Anyone, including the Steemit devs, are welcome to review the code. I doubt they'll stake their reputation on it being secure, as I won't even do that yet (see the OP, which clearly states it's a beta and shouldn't be trusted too much yet), but I welcome comments from the developers you mentioned or any others who would like to commentate on my work or my reputation.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Outstanding! You have my support to get the Devs to review and endorse if it meets their criteria.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Great job. There are a few things I would love to see in the future for an application like this.
I think the application should also be able to generate a 256-bit entropy password as well (like steemit.com does) so that the user can use that password to derive multiple keys rather than only generated single keys that are isolated from one another. That way, a user can generate a single key for the owner authority, and generate a single password which they then use to derive the active and posting authorities as well as the memo key, for example. I suppose they could already use the randomly generated public key as a passphrase, but that could quickly get confusing for the user since their passphrase would look like a public key. The UI could also be streamlined for it so that they don't need to copy and paste the randomly generated password into another field in order to update their account to use the derived keys; they would just click the button to randomly generate the passphrase and then click checkboxes to determine which of the authorities/keys (owner, active, posting, memo) of the account should be derived from that randomly generated password.
Also, I think the UI should put less emphasis on the ability to derive keys using a user-chosen password. That could be a hidden away advanced feature. Most users cannot be trusted to choose a safe enough passphrase that won't be bruteforced.
I think it is important to have a GUI that allows the user to choose the server and port of the steemd websocket to connect to, since right now it is hardcoded to Steemit's websocket.
Finally, I don't know if this would be in your intended usage for Steem Pressure, but what I would really love to see in an app like this is an offline mode. This ecosystem desperately needs some offline transaction signing tools, at the very least for just the limited operations that require owner authority authorization (which so far means either changing the owner authority of the account, changing its recovery account, or proving owner authority).
Under normal operation, the application could generate the transaction to be signed during online mode and write it out to disk. It could also be run in offline mode which would allow the user to: select the serialized unsigned (or partially signed) transaction from disk; see the transaction visualized in the app so that they know what exactly they are signing; input the appropriate private key or passphrase that derives the appropriate key to sign the transaction; and then finally write the new signed (or partially signed) transaction back out to disk. Users could then use flashdrives with a live Linux OS and this app to do offline signing on an air-gapped computer.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Great points all around. Thanks! I'd love to add support for offline signing, multisig, air-gap, etc. at some point. Sadly, there are many other things I want to add as well, and I have limited time to work on the app.
What I need is a way to prioritize new features. :P
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Very interesting modprobe.. i am not sure of all the technical stuff behind what the hell you just did there, but it sounds pretty damn cool to me. My stupid question may be; does this stop Steemit.com from assisting us in recovering our account if we are hacked? thanks for your time ....
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I would appreciate comment from @dantheman on this, but I don't think it will block that. Note that when you first change keys, Steemit.com will warn you that someone might have hacked your account because your keys changed. Just ignore that, since you did it yourself.
I do not change the recovery account, so I see no reason Steemit.com's recovery service would no longer work.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Would you mind adding that (recovery account change)? It would fit well within your app imo.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Ideally I would add support for the full recovery process -- setting the recoverer, requesting recovery and rejecting/fulfilling recovery. That's not a small change, but it's the kind of thing I'd like to support eventually. :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
You are the man! Well aside from @dantheman....
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks for your response... i would feel safe using this and changing my own keys if they will verify that for us. I think this is a breakthrough app for the security of my keys. Thank you for your time you put into this app.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Not a stupid question - this is a very good question. I am also curious.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
In case anyone has problems compiling it under Linux/Ubuntu, I had some problems too and solved them.
I posted an issue about that on GitHub: https://github.com/nathanhourt/SteemPressure/issues/1
I try make an push of some changes later - but I am not sure if I can integrate them well, maybe @modprobe is better in adjusting that.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Ahh, yes, unfortunately my pull requests are not getting integrated: https://github.com/cryptonomex/fc/pull/50 Applying that ought to have your fc installing properly, which should resolve most of your issues. I'll also update the README to note that up-to-date versions of the dependencies are required (silly Ubuntu). :)
Well done, though! I'm flattered at the amount of effort you put into getting the project building. :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congrats Nathan, wonderful app and I like your roadmap...
How about even creating new accounts maybe?
Or you could built this out into a wallet even for transferring monies?
Thanks for this little piece of greatness. Checking out your code how you did it...
Ps. I've added you to the SteemTools.com overview with this project and @keepdoodling 's image ;)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Great, thanks! Yes, I can absolutely extend this for creating new accounts. And I've been thinking about adding some basic wallet functionality as well, particularly a "send tip to the developer" feature. =D
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Will using the app make ny beard grow? Then I definitely will use it. No seriously, thank you for providing us security options
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Good Idea and nice work! And I must figure out first, but think I can help with UI/UX, at least with initial icon and splash graphics.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
So, here is a quick draft of overall possible look. The inner design can be changed too — card design will looks pretty cool here. So, what ya think?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
And a little update with desktop icon variant:
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
All this looks great! I never mentioned it, but the name "Pressure" is based on the idea of a pressure cooker, keeping your Steem locked inside. I'd like the iconography to reflect that if possible, but I'm not sure how difficult that is.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Genius idea! Is this your invention? You are a genius @modprobe! I need this right now!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Idk about "invention," since there's nothing novel about the idea, but the app is (so far) completely my work.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
sounds great...we are so much inclined to the lock system that we keep ourselves locked up.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Dude! Awesome! Commenting for later use.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Nice to see people producing open source apps to make a world a better place, specialy websites :) !upvote
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Upvoting post: Admin command
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It's so nice to see so many good people getting involved in the steem project. Well done, @modprobe. It's really important to make user-friendly things like this, because that's the only way to make steemit reach a broader audience.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
@modprobe Thanks a lot for creating this! It seems like a really great idea to keep our accounts more secure.
It makes sense that for the most part I will only need the permissions of the Posting key in order to use the site day to day.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Great app bro! ;)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Awesome stuff Nathan!
I was watching the video and thinking "this is really neat", until the end where you actually updated the keys from inside the app and my impression went to "this is freaking awesome!!" :D
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This looks awesome! After the recent spate of high profile hacks in the crypto world, I'm feeling rather paranoid about account security so will happily give this a try.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Qt FTW!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Indeed. :D
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Encrypted wallet file might be nice feature. Users could save their private keys in there and safely store them on USB-sticks etc.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Ah, yes. I forgot to list that in the future features: backups. Currently the app encrypts everything it knows, but it's not strictly easy to import/export backups.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Could it use the same wallet format as Steem cli_wallet?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It's possible, but I can't see that being a highly requested feature. The whole point of this app was to give people an out-of-browser option for key management other than the cli_wallet. It's pretty easy to manually move keys back and forth between SP and CW.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Yeah, mostly I was just thinking that there will be probably many programs like this. It might be best if the whole ecosystem would use same wallet format so that it's easy to migrate from one to another.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Very useful APP.
Lasse Ehlers
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Brilliant, I'm not techy enough to be able to understand what the source code means. Definitely keeping an eye on this. Thanks for developing.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
GREAT STUFF THANK YOU
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Very cool will explore it and give feedback later today thankyou modprobe - follow for you
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
👍great post @modprobe
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Great work! This is what I love about this community...so many talented members adding so much value to Steemit. The great thing is that we ALL benefit. Upvoted with much respect and pleasure!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
@Dev @Dan
#Dev #Dan
The first thing to do is limit the characters that a user can enter in the fields
text. For example, if we have a field to enter the user's name, we will not leave it open
so that they can enter any number of characters, but we will limit such
20 or 30 characters. to limit the number of characters, we can use the variable "maxlength" that
It provides the HTML standard.
When we talk about cleaning up the data, we are referring to stay only with the information
we are interested in removing the HTML tags that can be included in a text box.by
example, if you are storing the name of a person, little good is that the user enter
bold, because all we want is his name.
To achieve this cleaning, we can use the "strip_tags" function
To protect data and display as the user entered them, should "escape" the data to
present them to the user. That is, characters to be represented by HTML entities if desired
preserve its meaning (eg double quotes must transform & quot; which is as
It represents HTML).with this we prevent the browser to execute and evaluate the code.
To accomplish this, we can use the "htmlspecialchars" function
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Is this comment in any way relevant to the post?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Great work , All the terms sound too techie for me but I will give the app a go. Any form of security is better than no security. One question though. When I registered for an account with steemit, a very long, I mean Very Long alpha-numeric password was generated for me. How is it possible that the hackers are able to guess the password and hack into my account. within a short time frame ? And can't they hack into Steem Pressure too? Thanks.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
No one is going to guess the password Steemit made for you; however, that password is stored in your web browser making it vulnerable to XSS attacks (like has already happened) and any other attack which compromises your browser. A browser is a huge attack surface. Also, if Steemit.com's servers get hacked, they can be corrupted to steal your password as well. Browser plugins/extensions could steal your password too, etc, etc.
Steem Pressure is not built using web technologies, and does not run in a browser, so it's a very, very small attack surface. I am also well trained in software exploitation, and I take care in all of my software to ensure that I use secure coding practices and handle data safely. That being said, I'm only human and I can and do make mistakes, so it is possible that Steem Pressure could be hacked despite my best efforts, but doing this would be even more difficult and time-consuming than hacking Steemit's servers.
Attacking Steem Pressure is also comparatively low-reward, since an attacker would have to start over from scratch for each user he attacked, whereas if he compromised Steemit.com he'd get all the users who keep their passwords in the browser at once.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This implies that Steem Pressure is never going to be turned into a browser plugin, right? I guess this would be good in terms of UX but it will make Steem Pressure less secure. Do I understand it correctly?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I think you should load this on the kernel ;)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
excellent, thank you both!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hey great idea, of course I will try it! -followed
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Nice idea @modprobe
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This is nothing compared to the power of the force. But it's pretty close.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Brilliant! keep us updated on updates, and when its fully ready in your opinion.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It is great if some dev can create things like bitaddress.org for Steemit, where addresses can be generated offline. Steem & Steem Dollar can be sent and safely stored in those offline Steem addresses.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Steem (the blockchain) doesn't yet support anonymous addresses, though it's on the roadmap. Once it's supported, I'm sure the requisite tools will be created. If not, I may create them myself. :)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Oops... how the addresses are non-anonymous? Are not they some random string in Steem?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
As of now, there are no addresses in Steem, there are only account names. All assets on the network are publicly owned by an account name. If you click on my name, click it again in the little bubble that comes up, and click on the Wallet tab, you'll see my assets and my history. It's that way with all assets and accounts on the network.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks @modprobe ...I get it now. Actually, being from bitcoin background, Steem sometimes appear to be confusing. I have another question, which is off-topic in this context but I could not make out from the Whitepaper. As u appear to be knowledgeable about Steem, I'm asking it here...
How the money is allocated to a post when an upvote is made? Right now, I have 3.567 STEEM Power and 0.817 STEEM Dollar in wallet. But, when I upvote a post, nothing goes to that post! As I just checked, you have 24,659.516 STEEM Power and 6,057.959 STEEM Dollar in wallet. So, when you upvote, how much goes to that post and does that exact amount get deducted from your wallet? I mean, what is the formula?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Sure. Nothing is deducted from your wallet at all; posting rewards are paid through dilution, and the blockchain does not charge transaction fees.
The formulas for determining how much an upvote increases the post valuation are quite complex, and only reading the code will tell you exactly what they are, but the Steem Power of the voter is the biggest factor. Other things come into play as well, including how much stake has already upvoted the post, how much voting power the voter has left (the more you vote, the less each vote is worth), and probably others I'm not thinking of just now.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
thank you modprobe :0)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
This is fantastic. Eagerly awaiting the binaries. Another little evidence to show how powerful the Steem platform is.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thank you
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
So is 'steemit pressure' more secure than steemit? I can't imagine so, and thus can see the potential for this app to be a back door or hacked.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It's odd to compare Steem Pressure to Steemit directly... This is something like comparing the wallet in your pocket to the safe in your bedroom closet. The safe is certainly more secure, but you wouldn't want to carry it around all the time. Steemit is like the wallet, it holds the key you need all the time. Steem Pressure is the safe; it's much more secure, but also somewhat less convenient.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Me gusta Mucho Lo que ha Publicado. Gracias
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Very useful tool, people need to remember that STEEMIT is still beta, it could have some bugs, which is not a reason to lose our accounts. Hopefully people like you sir are helping us with great tools like this.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thank you!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks, I'm going to be switching over to this ASAP seems like a great way to keep my account secure.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Awesome Nathan, really happy to see you involved in security. I learn a lot from you. Great job on the security in BitShares and Steemit too. You had a lot to do with the design we have now. Your a big part of the reason the hack was contained as well was it was.
Please consider supporting good Open Source Operating Systems a priority too!! Open Source needs to extend beyond the app and into any OS and hardware used to run it.. We will get there..
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Derp, I should definitely mention that it's completely cross-platform and works fine on Linux. Thanks!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
So are you telling me that we are all a steemit.com website hack away from getting our wallets drained? If so that's a crazy single point of failure.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
You are. I keep my owner and active keys in SteemPressure, so I'm not. ;)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Scary, can you assure us that you will not be the next single point of failure?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Sure. This is a locally installed, native app. It can't be a single point of failure, as attacking it requires attacking every user individually. Unless someone attacks Github and uploads malicious binaries. I'll have to look into some code signing to deal with that...
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Any thought on how your software can deal with key loggers? I am thinking 2FA. Also is my steem power save ?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
If you've gone and gotten yourself a keylogger, there's very little I can do to help you. Any 2FA solution would mean you require my server to access your private keys, and I cannot subject my users to that kind of uncertainty.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
No, the 2FA would only carry a random code. This will eliminate the hacker from using the wallet to execute any action.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I have all my value locked up into steem power, is this safe? Does your wallet solution only deal with steem and steem dollars?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Either the 2FA is enforced solely by code in Steem Pressure, in which case it's a placebo which adds no security at all (but is a lot of work to implement), or it requires a secret on my server, which is even less secure. :P
As to Steem Power, it's as safe as your account is. If someone stole your owner key, you'd be sunk, but at least it would take them 2 years to sell it all. :P
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
wow, this is a very good contribution for the whole community. it is expected as it grow, that hack threats also will.
Keep us posted for the new versions
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit