Brainstorming on use of hardware wallets / hardening safe accounts against use on malicious devices

security

#1

A bunch of us have a hardware wallet for other cryptos we might hold, and i’m sure many of us have a hardware 2FA device like a yubi-key. I love my Ledger Nano but it was hard to imagine why I would need it with the safe network since the coins dont work like in a blockchain theres no way to just store the private keys of a safecoin on the hardware wallet to move it (as far as I know anyway). But recently I saw ledger has a few interesting apps that can be installed on it, a password manager, SSH key manager, and GPG key manager. And since the ledger is capable of signing keys on the device itself, makes it a pretty powerful 2FA… anyway… I remember over the years signing up on the Tor dark markets just for the thrill of it, and a few markets I ended up on had a very neat authentication method (GPG auth) where the server presents you with a public key and you sign it with your private key in order to log in. Nice, but really without using a stand alone device for that you’re just using a massive password anyway. So finally to my idea for safe if you haven’t guessed already, the safe login could do the exact same thing if tightly integrated with hardware wallets, through API magic it checks if your hardware is plugged in, the safe app is running on it, and then it presents your device with a key to sign, you push the button on your hardware wallet and you are logged in… sweet! now a system with malware on it cant steal your login credentials! But well malware doesn’t give us so easy, we can assume this safe-aware malware knows when an account is logged in and how to enumerate through the directories of your safe account for your pictures, documents and app data directories for your private info in all the safe apps you use, and of coarse copy that information to Mr. hacker’s server outside the safe network or just to his safe account that might be simultaneously logged in. SO, let’s take GPG signing a few steps further (yea yea users will HATE having to push a button on their hardware wallet for everything they do on safe, but you can always let people choose if they want to be security extremists) now you can choose to lock each directory in your safe account with a different key pair generated on the hardware wallet, so that malware trying to browse to a directory you’re not in would get you suspicious when the hardware wallet is asking you to approve this action. Lastly maybe you are in your sensitive directory and the malware just wants to copy those things out, well, maybe the same method can be used for file copy/move/delete operations. Possibly protecting files you are interacting with on a compromised system from being stolen. whew…


#2

There has been some discussion of hardware wallets before