RE: HiveSigner is INSECURE? - discussion and deep dive
You are viewing a single comment's thread:
Because you demanded my response so intensely on discord:
Good post that highlights some of the many things we can call insecure on Hive. It always depends on how you view it and your position is valid for sure. Hivesigner stores the keys in the local storage unencrypted and that's not very secure.
But: Compared to many private key logins or the majority of web2 it is definitely very secure already because your keys will never go over the internet and you dont need to trust a new interface because you do not enter your keys there. Of course private key logins are often implemented that your keys will also not go over the internet but any new interface could be a potential danger: like leo did it one time in the recent past when you login. That was the real big issue - then the storage in a cookie and then they finally made it more secure by putting the keys in local storage encrypted and not sending any key over the internet.
The challenge that hivesigner solves here is that you do not give any user interface your private key in the first place but you probably already knew that.
Regarding the owner key: there are moments you will need to use your owner key. Maybe that's the reason why you can enter it there. Just a thought of mine.
I know there are people working on other solutions here on Hive and that there are 1000x more secure solutions on Hive already: Keychain and HiveAuth.
My favorite is definetely HiveAuth because that works everywhere not only where keychain is installed and is compatible with Keychain. So all you need is a Keychain on your mobile device and the user interface supporting hiveAuth - done.
Maybe your criticism would have more value if you shared it with the ecency team instead pinging me (who is not part of the team at all) or good karma (who gets pinged 10x per day probably) in this post only. They have a very active discord and would be pleased to see suggestions for improvements. But instead you decided to use it as a rant / beef show here and on the hive discord server.
I am not going into detail how you portrayed me here or on discord but I thought that its important for you that I go over your post and to give me feedback so I did.
My heart rate is at 97 (checking my fitbit right now) because I don't like when people call me names or try to offend me as part of their defense mechanism. But I have learned to reflect myself and my feelings and to work with my emotions - not getting dragged by them or work against them.
I'm not a native speaker (yes I play this card now) so maybe some phrases could come to you in a different way than I've intended them to be. "As far as I know" is a phrase I use when I am pretty sure but too lazy to search for source code lines. Next time I'll do that instead. But a next time between you and me will not happen: I will just read your message, give a reaction emoji and leave it like that because the way you've handled this discussion did not encourage discussion at all. Sounds weird but I need to keep myself out from these kind of shows.
I am on Hive for fun and a good time - sharing knowledge and opinions. I will keep doing this - trust me.
Sounds like we agree on a lot of things. It was definitely when you called me names, that motivated my heart rate, and this post and subsequent pings.