RE: Keychain Added to Steemit.com! by drutter

View this thread on: hive.blog | peakd.com | ecency.com

Viewing a response to: @steemitblog/keychain-added-to-steemit-com

keychain · @drutter · May 28 '19

$2.94

This sounds potentially useful for me.
Questions...
1. In what ways is Keychain safer than simply saving private keys in our browser the normal way?
2. Who will potentially have access to our data saved within Keychain?

👍 roadscape, dhimmel, yabapmatt, shortsegments, mattockfs, quochuy, girlsofgreen, medikatie, anjanida, sativazeee, hempy, vantocan, greatesteem, smokiethebear912

`author`	drutter
`permlink`	ps8g6f
`category`	keychain
`json_metadata`	{"tags":["keychain"],"app":"steemit/0.1"}
`created`	2019-05-28 21:11:06
`last_update`	2019-05-28 21:11:06
`depth`	1
`children`	9
`last_payout`	2019-06-04 21:11:06
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	2.330 HBD
`curator_payout_value`	0.611 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	219
`author_reputation`	195,624,873,187,597
`root_title`	"Keychain Added to Steemit.com!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	85,649,333
`net_rshares`	5,353,156,257,877
`author_curate_reward`	""

properties (23)vote details (14)

voter	rshares	pct
roadscape	3,055,419,286,174	50%
dhimmel	1,201,346,394,138	100%
yabapmatt	876,937,243,061	20%
mattockfs	66,033,758,397	100%
smokiethebear912	527,375,752	100%
quochuy	41,244,922,917	30%
medikatie	3,919,151,039	100%
girlsofgreen	10,917,246,125	100%
greatesteem	691,461,490	100%
hempy	907,453,547	100%
shortsegments	89,200,414,524	100%
vantocan	841,678,984	100%
sativazeee	1,495,692,210	100%
anjanida	3,674,179,519	100%

@dhimmel · May 28 '19

$0.61

With Keychain, malicious website code cannot steal your private keys. With Keychain, all signatures are made using the extension, which defaults to you approving every signature.

Using this model, you should never need to enter your Steem private keys into a website, which should greatly reduce the possibilities to have your keys compromised.

👍 dhimmel, shortsegments, mattockfs, ackza, ivanstrength, travelersmemoire

`author`	dhimmel
`permlink`	ps8gk4
`category`	keychain
`json_metadata`	{"tags":["keychain"],"app":"steemit/0.1"}
`created`	2019-05-28 21:19:15
`last_update`	2019-05-28 21:19:15
`depth`	2
`children`	0
`last_payout`	2019-06-04 21:19:15
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.590 HBD
`curator_payout_value`	0.015 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	345
`author_reputation`	39,788,295,023,882
`root_title`	"Keychain Added to Steemit.com!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	0
`post_id`	85,649,690
`net_rshares`	1,355,974,405,788
`author_curate_reward`	""

properties (23)vote details (6)

voter	rshares	pct
ackza	18,377,607,584	37%
dhimmel	1,177,335,577,666	100%
travelersmemoire	6,123,051,859	100%
mattockfs	63,420,669,499	100%
shortsegments	82,229,174,100	100%
ivanstrength	8,488,325,080	100%

@pibara · May 29 '19

$0.05

Re #1, I think the advantage of KeyChain is compared to single site posting key log-in is marginal, but compared to using a TTP solution like SteemConnect is massive, and Steemit Inc leading the way in implementing it is promising with respect to the potential of doing away with TTPs in the STEEM eco system all together. 

It's a first step. An important first step towards a SteemConnect/SteemLogin)TTP free DApp eco system, and a first glimmer of hope after the public support for EIP that Steemit Inc hasn't completely lost all sense of direction.

👍 mattockfs, ackza, lycaactivism

`author`	pibara
`permlink`	ps986c
`category`	keychain
`json_metadata`	{"tags":["keychain"],"app":"steemit/0.1"}
`created`	2019-05-29 07:15:51
`last_update`	2019-05-29 07:15:51
`depth`	2
`children`	0
`last_payout`	2019-06-05 07:15:51
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.034 HBD
`curator_payout_value`	0.011 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	552
`author_reputation`	60,469,629,952,622
`root_title`	"Keychain Added to Steemit.com!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	85,671,966
`net_rshares`	80,885,353,633
`author_curate_reward`	""

properties (23)vote details (3)

voter	rshares	pct
ackza	18,241,821,658	37%
mattockfs	62,152,356,090	100%
lycaactivism	491,175,885	100%

@yabapmatt · May 28 '19

$8.74

These are very important questions.

> In what ways is Keychain safer than simply saving private keys in our browser the normal way?

While saving keys in the browser isn't really an issue, putting them into websites is. When you put a key into a website (or any data really) you're giving it to them and you have to trust that they don't misuse that data, either on purpose or accidentally, AND that the site doesn't get hacked. Many people have said that it doesn't matter if steemit.com gets hacked since the keys are only used on the client side, but that's not true. A hacker could modify the website code to steal the keys entered on the client side.

If you use keychain, then steemit.com or any other site *never* gets access to your keys. Instead they just request that the extension sign transactions with your keys on their behalf. This means that even if a site gets hacked or does something malicious they can never get your keys.

> Who will potentially have access to our data saved within Keychain?

The code for keychain is open source and is available to anyone here: https://github.com/MattyIce/steem-keychain For the maximum security you can download the code straight from the repo and install it in your browser that way rather than through the chrome or firefox web stores. This ensures that even should the chrome web store account that publishes the extension get hacked and a malicious update be published, your keys would still be safe.

👍 acidyo, roadscape, ausbitbank, mmmmkkkk311, fredrikaa, shortsegments, pibara, ackza, mattockfs, arcange, eastmael, k0wsk1, travelersmemoire, anjanida, resiliencia, raphaelle, lycaactivism, fuadsm, anarcist69, mcmexicans, oldoneeye

`author`	yabapmatt
`permlink`	ps8km3
`category`	keychain
`json_metadata`	{"tags":["keychain"],"links":["https://github.com/MattyIce/steem-keychain"],"app":"steemit/0.1"}
`created`	2019-05-28 22:46:51
`last_update`	2019-05-28 22:46:51
`depth`	2
`children`	6
`last_payout`	2019-06-04 22:46:51
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	6.576 HBD
`curator_payout_value`	2.162 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	1,463
`author_reputation`	160,234,431,724,160
`root_title`	"Keychain Added to Steemit.com!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	85,653,452
`net_rshares`	15,085,843,476,340
`author_curate_reward`	""

properties (23)vote details (21)

voter	rshares	pct
roadscape	6,049,871,197,144	100%
acidyo	6,480,752,390,222	50%
ausbitbank	1,153,738,620,976	100%
arcange	61,110,122,828	5%
raphaelle	1,983,048,517	5%
anarcist69	277,630,770	10%
ackza	67,198,783,841	100%
fredrikaa	421,854,612,892	100%
travelersmemoire	5,999,889,266	100%
pibara	71,242,850,421	100%
resiliencia	2,145,199,772	6%
eastmael	24,634,259,124	100%
mmmmkkkk311	567,781,317,477	15%
mattockfs	64,713,183,210	100%
k0wsk1	20,421,129,126	100%
shortsegments	87,417,775,471	100%
fuadsm	372,972,351	100%
anjanida	3,599,749,729	100%
mcmexicans	226,815,255	100%
lycaactivism	501,927,948	100%
oldoneeye	0	100%

@lycaactivism · May 30 '19

Would this be vulnerable to a user’s computer being hacked? If they gain access on client side then they would be able to gain access to anything their keychain can grant access to? There’s vulnerabilities at every point when there’s an exchange of sensitive information no matter what, correct?

 Asking for clearer understanding of the purpose of the keychain. I thought the purpose of having the different keys was for security, if one is compromised others are still potentially safe? But if the keychain is compromised isn’t all of it unsafe?

👍 ackza, lycaactivism

`author`	lycaactivism
`permlink`	psaygd
`category`	keychain
`json_metadata`	{"tags":["keychain"],"app":"steemit/0.1"}
`created`	2019-05-30 05:41:03
`last_update`	2019-05-30 05:41:03
`depth`	3
`children`	0
`last_payout`	2019-06-06 05:41:03
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	547
`author_reputation`	22,493,683,131
`root_title`	"Keychain Added to Steemit.com!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	85,732,641
`net_rshares`	18,887,411,985
`author_curate_reward`	""

properties (23)vote details (2)

voter	weight	wgt%	rshares	pct	time
ackza	0 B		18,514,114,476	37%
lycaactivism	0 B		373,297,509	100%

@sepracore · May 29 '19

$0.04

Thanks for the detailed response. This makes much more sense to me.

It is my understanding that the keychain extension is only compatible with desktop internet browsers. Are there plans (or is there even a benefit) for having a mobile version of keychain? If there is, I would vote for that worker proposal since it sounds like you did this basically for free.

👍 pibara, anjanida, lycaactivism, mcmexicans

`author`	sepracore
`permlink`	ps8ocd
`category`	keychain
`json_metadata`	{"tags":["keychain"],"app":"steemit/0.1"}
`created`	2019-05-29 00:07:24
`last_update`	2019-05-29 00:07:24
`depth`	3
`children`	4
`last_payout`	2019-06-05 00:07:24
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.032 HBD
`curator_payout_value`	0.009 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	361
`author_reputation`	19,888,382,618,059
`root_title`	"Keychain Added to Steemit.com!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	85,656,523
`net_rshares`	74,095,795,519
`author_curate_reward`	""

properties (23)vote details (4)

voter	rshares	pct
pibara	69,823,083,603	100%
anjanida	3,526,808,535	100%
mcmexicans	221,299,772	100%
lycaactivism	524,603,609	100%

@yabapmatt · May 29 '19

$1.07

Yes, Keychain is only for desktop browsers currently. I would love to do a mobile version and think it is very important for the Steem ecosystem but we just don't have the resources right now. I do plan to submit a worker proposal for that when/if the Steem worker proposal system goes live.

👍 acidyo, realcleaner, shortsegments, anjanida, resiliencia, lycaactivism, mcmexicans

`author`	yabapmatt
`permlink`	ps8og5
`category`	keychain
`json_metadata`	{"tags":["keychain"],"app":"steemit/0.1"}
`created`	2019-05-29 00:09:45
`last_update`	2019-05-29 00:09:45
`depth`	4
`children`	3
`last_payout`	2019-06-05 00:09:45
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.800 HBD
`curator_payout_value`	0.265 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	291
`author_reputation`	160,234,431,724,160
`root_title`	"Keychain Added to Steemit.com!"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	85,656,578
`net_rshares`	1,834,641,909,460
`author_curate_reward`	""

properties (23)vote details (7)

voter	rshares	pct
acidyo	1,288,615,736,461	10%
resiliencia	2,142,980,866	6%
shortsegments	85,671,973,818	100%
realcleaner	454,026,904,621	24.04%
anjanida	3,455,299,265	100%
mcmexicans	215,890,435	100%
lycaactivism	513,123,994	100%

3 replies