Clef (OP)
Newbie
Offline
Activity: 54
Merit: 0
|
|
April 05, 2015, 12:45:09 AM |
|
|
|
|
|
|
|
|
|
|
Every time a block is mined, a certain amount of BTC (called the
subsidy) is created out of thin air and given to the miner. The
subsidy halves every four years and will reach 0 in about 130 years.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
freemind1
Legendary
Offline
Activity: 1526
Merit: 1014
|
|
April 06, 2015, 12:15:07 PM |
|
Very good article, this well explained and even new users can understand all information without problems. It seems much safer than Google Authenticator and from what i 've seen in the video is also simple to use.
Congratulations for your work and thanks for sharing.
|
|
|
|
coinking
Legendary
Offline
Activity: 927
Merit: 1000
|
|
April 06, 2015, 06:04:34 PM |
|
Great article Clef! It's nice to see the community support.
|
|
|
|
coinking
Legendary
Offline
Activity: 927
Merit: 1000
|
|
April 07, 2015, 08:32:54 PM |
|
Nice article, it explains 2FA really well.
Hope to see Clef on more exchanges, used it on Koinify for the Factom Sale and it works a treat!
yeah, me too. Once you get it set up (which takes max 1 min) it works like a charm
|
|
|
|
Clef (OP)
Newbie
Offline
Activity: 54
Merit: 0
|
|
April 08, 2015, 04:50:26 AM |
|
Decentral Talk Live Ep #67: Brennen Byrne of Clef Clef's CEO interviewed by Decentral.TV Talk Live during the 2015 Texas Bitcoin Conference. https://i.imgur.com/99HIMni.png
|
|
|
|
btc_enigma
|
|
April 08, 2015, 07:34:42 AM |
|
tl;dr - to use Clef, you have to trust us, but public key auth is much harder to hack, so the overall security is way stronger
Do you offer a bare-bones open source client? I currently have no way of telling whether the private keys are being shared with your servers or whether they are only stored locally on my phone. I'd be interested in knowing this too I also don't see any options to back up my private keys. What happens if I lose my phone? This is very good question that I am also having. Your online documentation only talks about public key cryptography and says nothing about where the private keys are stored and their security. I guess the phone is generating a signature using the private key. Can you put more detail on how this is secure: - How is the private key sandboxed? Since the phone is connected to internet , this is a concern for me. Other hardware devices like trezor or bank 2fa h/w devices are not connected to internet , so it feels safer to me
- Also I want to know, how are you getting enough entropy for the private key, is the implementation safe( We had same problem with other websites ). Can you open source this part
|
|
|
|
LOBSTER
|
|
April 08, 2015, 10:11:05 AM |
|
I think the project is pretty cool. What I like is a function to backup your data. For example if I would lose my phone with Google Authenticator, I could never access my funds on an online wallet like blockchain.info again...
|
|
|
|
coinking
Legendary
Offline
Activity: 927
Merit: 1000
|
|
April 08, 2015, 10:32:06 PM |
|
Decentral Talk Live Ep #67: Brennen Byrne of Clef Clef's CEO interviewed by Decentral.TV Talk Live during the 2015 Texas Bitcoin Conference. Nice vid, it's good to see the faces behind Clef.
|
|
|
|
fordlincoln
|
|
April 09, 2015, 07:16:05 PM |
|
started using Clef and noticed that the app logs me out of everything when I'm asleep - it's a good feature and yea I know I should log out of everything when I leave the site but apparently I forget.
|
|
|
|
brennen
Newbie
Offline
Activity: 4
Merit: 0
|
|
April 10, 2015, 12:31:18 AM |
|
This is very good question that I am also having. Your online documentation only talks about public key cryptography and says nothing about where the private keys are stored and their security. I guess the phone is generating a signature using the private key. Can you put more detail on how this is secure: - How is the private key sandboxed? Since the phone is connected to internet , this is a concern for me. Other hardware devices like trezor or bank 2fa h/w devices are not connected to internet , so it feels safer to me
- Also I want to know, how are you getting enough entropy for the private key, is the implementation safe( We had same problem with other websites ). Can you open source this part
Good questions The private keys are generated and stored on the phone -- on iOS we get to use hardware encryption and on Android we use PIN-based encryption (though we're considering using something like Rivetz here). We use the standard system libraries for both platforms to generate the keys which offer plenty of entropy for this kind of usage ( http://android-developers.blogspot.de/2013/08/some-securerandom-thoughts.html -- the SecureRandom patch of course happening after August 2013). As for being Internet connected -- when we talk about theoretical security, an Internet-connected phone will never provide the same level of protection as a dedicated offline device. That said, dedicated devices as they exist today are all seed-based (and so must have a server counterpart that stores the exact same seed and which IS Internet connected as well as centralized). A key based, dedicated offline device is definitely possible, but the infeasibility of distributing them along with the increased burden of training people how to use them make them pretty farfetched for a broad audience.
|
|
|
|
btchip
|
|
April 10, 2015, 02:01:25 AM |
|
That said, dedicated devices as they exist today are all seed-based (and so must have a server counterpart that stores the exact same seed and which IS Internet connected as well as centralized). Do you know FIDO ? Devices are already available, cheap, extremely simple to use, and based on open standards.
|
|
|
|
btc_enigma
|
|
April 10, 2015, 05:46:29 AM |
|
This is very good question that I am also having. Your online documentation only talks about public key cryptography and says nothing about where the private keys are stored and their security. I guess the phone is generating a signature using the private key. Can you put more detail on how this is secure: - How is the private key sandboxed? Since the phone is connected to internet , this is a concern for me. Other hardware devices like trezor or bank 2fa h/w devices are not connected to internet , so it feels safer to me
- Also I want to know, how are you getting enough entropy for the private key, is the implementation safe( We had same problem with other websites ). Can you open source this part
Good questions The private keys are generated and stored on the phone -- on iOS we get to use hardware encryption and on Android we use PIN-based encryption (though we're considering using something like Rivetz here). We use the standard system libraries for both platforms to generate the keys which offer plenty of entropy for this kind of usage ( http://android-developers.blogspot.de/2013/08/some-securerandom-thoughts.html -- the SecureRandom patch of course happening after August 2013). As for being Internet connected -- when we talk about theoretical security, an Internet-connected phone will never provide the same level of protection as a dedicated offline device. That said, dedicated devices as they exist today are all seed-based (and so must have a server counterpart that stores the exact same seed and which IS Internet connected as well as centralized). A key based, dedicated offline device is definitely possible, but the infeasibility of distributing them along with the increased burden of training people how to use them make them pretty farfetched for a broad audience. Great. Good to know you guys have put enough thought into the security. Thumbs up for clef
|
|
|
|
|
coinking
Legendary
Offline
Activity: 927
Merit: 1000
|
|
April 10, 2015, 09:04:57 PM |
|
Nice article bassguitarman! Nothing like an outside review of a service. Cheers for that.
|
|
|
|
Clef (OP)
Newbie
Offline
Activity: 54
Merit: 0
|
|
April 11, 2015, 12:49:17 AM |
|
We appreciate the support bassguitarman, good read! Are you planning to use or have been using Clef?
|
|
|
|
Clef (OP)
Newbie
Offline
Activity: 54
Merit: 0
|
|
April 12, 2015, 05:20:16 PM |
|
|
|
|
|
coinking
Legendary
Offline
Activity: 927
Merit: 1000
|
|
April 12, 2015, 08:48:30 PM |
|
We are glad to be able to help improve security on Koinify.com. Best wishes to both the Koinify and Factom teams with their ongoing Software Sale!As featured on Bitcoinist.net Looks like there's some good connections being made. Looking forward to more!
|
|
|
|
Clef (OP)
Newbie
Offline
Activity: 54
Merit: 0
|
|
April 12, 2015, 11:40:51 PM |
|
Looks like there's some good connections being made. Looking forward to more! Make sure you listen in the coming weeks for more great announcements
|
|
|
|
FACTOM
|
|
April 13, 2015, 12:11:06 AM |
|
We are glad to be able to help improve security on Koinify.com. Best wishes to both the Koinify and Factom teams with their ongoing Software Sale! We thank you for making the login process on Koinify easier and for the support!
|
|
|
|
valkir
Legendary
Offline
Activity: 1484
Merit: 1004
|
|
April 13, 2015, 12:54:15 AM |
|
Great Job Clef Team! Its working perfectly!
|
██ Please support sidehack with his new miner project Send to :
1BURGERAXHH6Yi6LRybRJK7ybEm5m5HwTr
|
|
|
|