Search content
Sort by
Showing 17 of 17 results by ZenGo
You are right. Well nearly. Some sensitive information is definitely saved on the client side. But its not the full information, meaning that stealing it does not allow the hacker to spend it. (unlike private key)
[..]
Our solution makes the attacker mission much harder: Instead of needing to 1 piece of secret information, they now need to get 2 pieces of secret information stored in different places. Of course, once they get 1 piece then they need the other piece.
[..]
Our solution makes the attacker mission much harder: Instead of needing to 1 piece of secret information, they now need to get 2 pieces of secret information stored in different places. Of course, once they get 1 piece then they need the other piece.
If an attacker gains full access to the mobile, he can spend the funds (just like with private keys stored on a mobile wallet).
Biometric data (e.g. fingerprint) is stored on the mobile. Together with the shared secret, that's all one needs to initiate a transaction using your server.
So.. in the end it again comes down to only the security of the mobile.
So you are assuming here that the attacker will by bypass the user device biometric and find a way around the device biometrics and that the owner during that time will not notice his device is not available. Is that reasonable?
What you described is also valid with a hardware wallet stolen from you. The attacker will also need the pin and, just like on a mobile device, will be locked out after a few trials.
Finally, we are introducing soon additional protection to cover exactly that case. I want to draw your attention to the fact that unlike hardware wallet there is no back up that can be stolen by an attacker and result in the loss of funds. It's better to look at the security set up from all angles.
Its encrypted by the client and stored encrypted on the server. The server cannot access it.
But it IS stored online. And that's a huge problem already.
Why is that a problem exactly? the file is unusable and unreadable. What exactly could we or anyone do with it?
This is the same as claiming multiSig is irrelevant because when you steal one key, then its not multisig and you need just one extra key.
With multisig (and someone i know holding the second key out of a 2-of-2 multisig) an attacker can not simply steal my mobile with one of the keys and initiate a transaction by claiming he is the real person.
Your server (i.e. with fingerprint) does exactly this.. I steal a mobile, initiate a transaction using the shared secret and the fingerprint data on the mobile.. and your server happily signs it.
Yes indeed. Multisig can help you the way you describe. That said, anyone with access to one of the multisig keys can impersonate who you think he/she is and you will validate the attacker transaction. On ZenGo only the owner can access his funds.
You are assuming here you will be able to "steal the secret" from the phone. How will you be able to do that exactly?
By the way if you are so confident in your ability to hack ZenGo, we provide you all account access and even the picture to an account that holds 1BTC.
https://zengo.com/the-zengo-challenge-win-1-btc-and-prove-us-wrong/
To be compared with a hardware wallet where the Backup/Mnemonic would be provided. Are you ready to share yours?
How can you claim that the user does not have to store/protect a 'private key' (which basically just is sensitive information) if in your concept the user has to store and protect a 'mathematical secret' (which serves as sensitive information).
That's basically the same. Each wallet has to store sensitive information.
Your concept just creates more security flaws than it solves.
You are right. Well nearly. Some sensitive information is definitely saved on the client side. But its not the full information, meaning that stealing it does not allow the hacker to spend it. (unlike private key)
Well.. your website says the following:
Quote from: https://zengo.com/security/
An encrypted copy of your device share is stored on the ZenGo server, and the decryption code is stored separately in your personal iCloud account.
So.. one of you is lying.Its encrypted by the client and stored encrypted on the server. The server cannot access it.
No. That's not true.
If the device is hacked or lost, the attacker can simply start a transaction.
All he needs to do that is 1) the shared secret and 2) biometric data.
Both can be found on the mobile. The data of the fingerprint is stored on the mobile.
The same applies to the shared secret.
For starters, with our solution the attacker must spend the money through our services which gives us another point of intervention.
Secondly, getting past Apple authentication is not easy, as shown with the FBI-Apple case https://en.wikipedia.org/wiki/FBI%E2%80%93Apple_encryption_dispute (and most attackers are not FBI grade)
Which makes it as secure as a web wallet (in this specific case only).
Your concept only creates downsides. A standard mobile wallet is - by far - more secure. By design.
Our solution makes the attacker mission much harder: Instead of needing to 1 piece of secret information, they now need to get 2 pieces of secret information stored in different places. Of course, once they get 1 piece then they need the other piece. This is the same as claiming multiSig is irrelevant because when you steal one key, then its not multisig and you need just one extra key.
Btw if you want to try for yourself we have a fun security challenge with 1BTC for you if you manage to get in. And we make it very easy for you to get in. https://zengo.com/the-zengo-challenge-win-1-btc-and-prove-us-wrong/
We invite you to try it. Also check out our github, all the cryptography is open source...
An option you could consider is ZenGo
Zengo is the first wallet based on threshold cryptography. ZenGo eliminated the need for a private key while still remaining non-custodial.
Zengo is the first wallet based on threshold cryptography. ZenGo eliminated the need for a private key while still remaining non-custodial.
What the hell is this approach...
That's even worse than a web wallet.
Quote from: https://zengo.com/security/
With no single point of failure
So many points of failure..
Quote from: https://zengo.com/security/
Backing up your wallet is just as simple. An encrypted copy of your device share is stored on the ZenGo server, and the decryption code is stored separately in your personal iCloud account. Only with your 3D biometric face map can you access the encrypted share.
I really can't believe what i am reading here..
So.. both of the 2 necessary secrets are on your server.
The decryption key is also stored online.
And oh.. i forgot.. the bio-metric features of a mobile phone are sooo secure.
You guys realize that most of them can be circumvented by holding a printed image in front of the camera ?
I would NOT recommend to use that wallet. The whole concept is flawed.
The necessary secrets are split between the users device and ZenGos servers. Its not correct that both are stored on the server. If either the server or the device is hacked or lost, the funds remain secure. I'll say this again, even if someone hacked ZenGos server, the user would stay protected. There is no single point of failure.
The biometrics are based on ZoOm technology. Its extremely secure. A printed picture is completely ineffective as it fails to pass the liveness. Even 3D masks are ineffective.
I would recommend taking a look at ZenGo. It's the first keyless, non-custodial wallet based on threshold cryptography. There is no private key but you're still the ONLY one who has access or control of your funds.
Look great, I start to searching about ZenGo and found articles on Mashable, there is mentioned if we need to scan our face to start using wallet after registrations.
To backup your wallet you do need to scan your face. Although the way that the server side stores the face scan is through an encrypted mathematical representation of your face (not an actual photo). So it's not something that could be abused or distributed.
It won't reach that Top .. ever.. so don't worry:) 
It would put BTC's final MC at $2,100,000,000,000,000 (2.1 Quadrillion Dollars) which is like 25 times more than the total estimated amount of money in the world...
Not sure we need to worry about this yet.
I would recommend taking a look at ZenGo. It's the first keyless, non-custodial wallet based on threshold cryptography. There is no private key but you're still the ONLY one who has access or control of your funds.
I agree with muslol67
If you didn't have a virus, didn't access a phishing site, didn't use a compromised WiFi, then the only way is that someone got a hold of your private key and used it. If it wasn't an internet-based attack, then it had to be compromised physically. Think about who might have access to the phrase.
If you didn't have a virus, didn't access a phishing site, didn't use a compromised WiFi, then the only way is that someone got a hold of your private key and used it. If it wasn't an internet-based attack, then it had to be compromised physically. Think about who might have access to the phrase.
Does anyone have experience using or integrating noncustodial tokenswap applications? Which one is your favorite?
Posting a list of the various ones I've come across:
Changelly
ShapeShift
Airswap
Faast
Bancor
Coinswitch
Foxexchange
Bity
Ramp Network
Kyber Network
Liquid by Quoine
Posting a list of the various ones I've come across:
Changelly
ShapeShift
Airswap
Faast
Bancor
Coinswitch
Foxexchange
Bity
Ramp Network
Kyber Network
Liquid by Quoine
Perhaps you went to a phishing website? Did you store the seed phrase in any online database or service? I'm sorry that this happened to you.
No phishing website. I used their website. Also this was checked. Nothing was stored online anywhere...
Perhaps someone hacked into your wifi?
Re: What’s the SINGLE most valuable benefit for you in Bitcoin and why?
I appreciate having an asset that I don't need to rely on anyone else to hold. I also think that Bitcoin is the first in a brilliant and ambitious quest to find a successful way of enabling decentralized consensus. I want to be involved in that process.
Re: Blockchain & Crypto Introduction Website - Looking For Suggestions, Support
The page loaded VERY slowly. Slow enough that I would have closed it under usual circumstances.
I appreciate the work you put into the site and your dedication towards providing tools and resources for investors. But I agree that you need to think about what exactly you're trying to accomplish. If you want it to be dedicated towards beginners then the UX needs to be improved. Maybe start off with a click-through guide and you could then direct them towards the relevant resources.
I appreciate the work you put into the site and your dedication towards providing tools and resources for investors. But I agree that you need to think about what exactly you're trying to accomplish. If you want it to be dedicated towards beginners then the UX needs to be improved. Maybe start off with a click-through guide and you could then direct them towards the relevant resources.
Nice UX. I appreciate how clean it is. A few questions -
1. What exchanges do you use?
2. Are there any fees beyond the gas price?
Also, have you heard of Shrimpy? They do something similar.
1. What exchanges do you use?
2. Are there any fees beyond the gas price?
Also, have you heard of Shrimpy? They do something similar.
I know a number of people who got seriously burned in the last bull run buying with credit cards. The markets are inherently unpredictable. I will also add that it always seems that the markets crash just as everyone is absolutely certain they will go up. It seems like the minute most people feel comfortable purchasing BTC via CC is exactly the point when the market cycle changes.
Be careful.
Be careful.