This is very good question that I am also having. Your online documentation only talks about public key cryptography and says nothing about where the private keys are stored and their security. I guess the phone is generating a signature using the private key.
Can you put more detail on how this is secure:
- How is the private key sandboxed? Since the phone is connected to internet , this is a concern for me. Other hardware devices like trezor or bank 2fa h/w devices are not connected to internet , so it feels safer to me
- Also I want to know, how are you getting enough entropy for the private key, is the implementation safe( We had same problem with other websites ). Can you open source this part
Good questions
The private keys are generated and stored on the phone -- on iOS we get to use hardware encryption and on Android we use PIN-based encryption (though we're considering using something like Rivetz here).
We use the standard system libraries for both platforms to generate the keys which offer plenty of entropy for this kind of usage (
http://android-developers.blogspot.de/2013/08/some-securerandom-thoughts.html -- the SecureRandom patch of course happening after August 2013).
As for being Internet connected -- when we talk about theoretical security, an Internet-connected phone will never provide the same level of protection as a dedicated offline device. That said, dedicated devices as they exist today are all seed-based (and so must have a server counterpart that stores the exact same seed and which IS Internet connected as well as centralized). A key based, dedicated offline device is definitely possible, but the infeasibility of distributing them along with the increased burden of training people how to use them make them pretty farfetched for a broad audience.