Multisig 2fa Transactions
Today, we are introducing a mechanism for users to secure their funds on the temporary block chain via a true 2fa multisig transactions. We'll be posting another update later on detailing the status of other things we have been working on.
When we release our web wallet, a native implementation will be available and won't require as much hassle on the users end and will simply prompt you for the 2fa code within the wallet when you attempt to spend from a 2fa multisig address.
You can access the feature as well as guide on how to use it at https://novusphere.io/Home/Multisig
Brief Overview
For two factor (via google authenticator) to work in a secured mannerism a server or central must hold a copy of your two factor secret; It must not be derrived client side based on something like a wallet passphrase. This is how two factor traditionally works on many sites we're all familiar with such as exchanges; The server saves some secret and reveals it to us once in the form of a QR code we can scan.
This implementation makes use of 2-of-3 multisigs where the client holds 2 keys but is urged to keep their 2nd key offline and seperate from their main wallet. Instead for the 2nd signature, you trust the server holding the 3rd key to cosign the multisig transaction only if the 2FA check is passed. Electrum uses a similar model where you trust a server to co-sign for you: http://docs.electrum.org/en/latest/2fa.html
Is this decentralized? What happens if Novus is hacked?
Even if Novus or the central server is hacked or bricked and loses all of its private keys no harm is done to user funds. This is because the server only contains 1 of 3 private keys required to spend funds. In the case the server is unable to cosign a transaction then you can resort to using the 2nd key which should be stored offline and separate from your main wallet.
In other words, even if Novus is hacked or compromised this should not affect the safety of your funds!
What happens if I (the user) am hacked?
Supposing that the hacker has gotten access to the wallet and your passphrase on your main computer, they cannot spend any funds from the multisig 2fa address without having either your 2nd key or alternatively your 2fa secret that should only be on your phone as this is the requirement for the server to cosign.
In other words, your funds should still be safe.
Is this open source?
Yes!
https://github.com/asphyxiating/Multisig2faTxExample/blob/master/Multisig2faTxExample/Multisig2faTx.cs
The above is a reference implementation showing how any coin from a bitcoin code base can implement it. We would strongly advise all projects to implement such a mechanism to offer better security for users funds as this should be one of the top priorities for any project.
Notes
While our implementation is done externally from the wallet, it's entirely possible to natively implement this solution to the wallet but since it's our intent to develop a web wallet in the near future we have decided not to do this. Multisig 2fa transactions will be natively available in our web wallet at a later time.
Today, we are introducing a mechanism for users to secure their funds on the temporary block chain via a true 2fa multisig transactions. We'll be posting another update later on detailing the status of other things we have been working on.
When we release our web wallet, a native implementation will be available and won't require as much hassle on the users end and will simply prompt you for the 2fa code within the wallet when you attempt to spend from a 2fa multisig address.
You can access the feature as well as guide on how to use it at https://novusphere.io/Home/Multisig
Brief Overview
For two factor (via google authenticator) to work in a secured mannerism a server or central must hold a copy of your two factor secret; It must not be derrived client side based on something like a wallet passphrase. This is how two factor traditionally works on many sites we're all familiar with such as exchanges; The server saves some secret and reveals it to us once in the form of a QR code we can scan.
This implementation makes use of 2-of-3 multisigs where the client holds 2 keys but is urged to keep their 2nd key offline and seperate from their main wallet. Instead for the 2nd signature, you trust the server holding the 3rd key to cosign the multisig transaction only if the 2FA check is passed. Electrum uses a similar model where you trust a server to co-sign for you: http://docs.electrum.org/en/latest/2fa.html
Quote
Electrum offers two-factor authenticated wallets, with a remote server acting to co-sign transactions, adding another level of security in the event of your computer being compromised.
Is this decentralized? What happens if Novus is hacked?
Even if Novus or the central server is hacked or bricked and loses all of its private keys no harm is done to user funds. This is because the server only contains 1 of 3 private keys required to spend funds. In the case the server is unable to cosign a transaction then you can resort to using the 2nd key which should be stored offline and separate from your main wallet.
In other words, even if Novus is hacked or compromised this should not affect the safety of your funds!
What happens if I (the user) am hacked?
Supposing that the hacker has gotten access to the wallet and your passphrase on your main computer, they cannot spend any funds from the multisig 2fa address without having either your 2nd key or alternatively your 2fa secret that should only be on your phone as this is the requirement for the server to cosign.
In other words, your funds should still be safe.
Is this open source?
Yes!
https://github.com/asphyxiating/Multisig2faTxExample/blob/master/Multisig2faTxExample/Multisig2faTx.cs
The above is a reference implementation showing how any coin from a bitcoin code base can implement it. We would strongly advise all projects to implement such a mechanism to offer better security for users funds as this should be one of the top priorities for any project.
Notes
While our implementation is done externally from the wallet, it's entirely possible to natively implement this solution to the wallet but since it's our intent to develop a web wallet in the near future we have decided not to do this. Multisig 2fa transactions will be natively available in our web wallet at a later time.
It's taken vtr 3 years and they still have a closed source 2fa, looks like you are miles ahead of them. Good work dev.
Read the notes, it hasn't been implemented into the wallet. Why would VTR devs release code to be stolen? Web based 2FA sounds like a real "first"
What difference does it make whether it's implemented in the wallet or not?
Would it some how be different technologically because it's wrapped in a QT interface? If it was in the wallet the flow would be trivially different:
In Wallet
- Wallet generates transaction with single signature (from local key)
- Wallet prompts for 2fa code
- Wallet sends 2fa code and raw transaction to trusted server to verify
- If trusted server fails to verify the 2fa code, it doesn't cosign the transaction so funds can't be spent
- If trusted server verifies the 2fa code, it cosigns the transaction and broadcasts the transaction
External from Wallet
- Trusted server asks user for 2fa code
- If trusted server fails to verify 2fa code, no transaction is created
- If trusted server verifies the 2fa code, it creates the transaction, cosigns it, sends it back to the user to verify
- User cosigns from their wallet and broadcasts the transaction
From this you can see implementing it in the wallet makes little to no difference with how it actually works. I'm not claiming this is some innovative technique either as it simply employs the same mechanism Electrum uses but offers an easy to use reference for alt coins.
Put it in the wallet then
