Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ULTRA_SEC ("paranoid") userData option mode #36

Open
7-of-9 opened this issue May 10, 2019 · 1 comment
Open

ULTRA_SEC ("paranoid") userData option mode #36

7-of-9 opened this issue May 10, 2019 · 1 comment
Labels
enhancement New feature or request security Web Wallet

Comments

@7-of-9
Copy link
Member

7-of-9 commented May 10, 2019

Requires MPK to be entered on each usage (i.e. on each assetRaw decrypt) -- no persist of h_mpk in localStorage, or as window global var.
@7-of-9 7-of-9 added enhancement New feature or request security Web Wallet labels May 10, 2019
@7-of-9 7-of-9 changed the title Web Wallet: ULTRA_SEC ("paranoid") userData option mode ULTRA_SEC ("paranoid") userData option mode May 10, 2019
@7-of-9 7-of-9 mentioned this issue May 10, 2019
Closed
@7-of-9
Copy link
Member Author

7-of-9 commented May 10, 2019

There should be a user option to activate a security one level higher than High Security: UltraSec.

If UltraSec=1 then document.hjs_mpk should not be persisted in any JS context. The user should be prompted for his MPK each time its hash is required and its value held in memory and nuked after use.

Note this is partially implemented / WIP re. <LoginForm... unlockMode=true>.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request security Web Wallet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@7-of-9