Autotip

Decentralized Cryptocurrency Microtipping Platform.

MultiExplorer Security Overview

Jan. 21, 2017, 3:11 a.m., by chris

The purpose of this scheme is to store the wallet master seed on a remote server, encrypted in such a way that the operator of that server can not decrypt the seed and steal the money stored in it's derived keys.

Registration

First, the client collects the username and password from the user for registration. The client then calculates two derived keys using the scrypt algorithm. The first derived key is send to the server as a password, and the second one is used to decrypt the wallet seed. The salt used for these derived keys is the username for the server authentication key, and the username plus the string "Mnemonic" is the salt used to encrypt the wallet seed.

The wallet seed is encrypted using the AES encryption algorithm. The out put to this encryption is sent to the server and stored. The server can not decrypt the wallet seed because the server never sees the raw password which is needed to encrypt the wallet seed.

The "derived key for server authentication" is sent to the Django authentication system where it is hashed again and stored into the database. If an attacker gains access to the server and attains a database dump, the information they will get for all users will be the encrypted wallet seed, and the "Django encrypted password". The Django authentication system is used in MultiExplorer using all default settings.

Login

The login process is the same as the registration process except the encrypted seed is sent back to the client after the client sends the server the "derived key for server authentication". The Django authentication system verifies the hash of this derived key matches the hash stored in the database. Once this verification occurs, the server responds with the encrypted wallet seed. The client then knows that the password is correct, and uses that password to generate the "derived key for mnemonic" and uses that to AES decrypt the encrypted wallet seed, resulting in the raw wallet seed, which can then be used to derive all wallet addresses and private keys.



For further details on Django's password scheme, refer to the Django Documentation