New wallet uses Amazon hardware security modules to eliminate seed words

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: odolvlobo on May 12, 2023, 06:01:12 AM

The article is poorly written and the headline is wrong. That is very typical of CoinTelegraph articles.
~snip~

I completely agree with this statement, but everyone has their own choice of news sources, and the OP obviously likes them for some reason.

Quote from: ABCbits on May 12, 2023, 07:24:52 AM

~snip~
But considering amazon unethical practice and Amazon connection with some government department, there's concern to store sensitive data (including Bitcoin private key) on Amazon product.

Well said, I personally would never trust them because they don't care about anything other than profit. And as for their connection with governments, I recently watched a documentary about their "contribution" to the monitoring and evaluation of public officials through various AI programs, which turned out to be a complete failure.

If we're going to be honest, I don't even trust some companies that produce HW anymore because they've proven to be incompetent in that business, let alone a company that literally does everything and just wants to expand its business a little more.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: _act_ on May 11, 2023, 09:31:54 AM

Is this good?

I checked their website (https://www.kresus.com/), but couldn't find much explanation how their wallet or how it works. So personally i wouldn't use this wallet.

Quote from: odolvlobo on May 12, 2023, 06:01:12 AM

The article is poorly written and the headline is wrong. That is very typical of CoinTelegraph articles.

Anyway, a hardware security module (HSM) is similar to a hardware wallet. It holds private keys and will do cryptographic operations with those keys without ever revealing them.

--snip--

But considering amazon unethical practice and Amazon connection with some government department, there's concern to store sensitive data (including Bitcoin private key) on Amazon product.

odolvlobo

legendary

Activity: 4298

Merit: 3209

The article is poorly written and the headline is wrong. That is very typical of CoinTelegraph articles.

Anyway, a hardware security module (HSM) is similar to a hardware wallet. It holds private keys and will do cryptographic operations with those keys without ever revealing them.

I believe there is a misunderstanding here and I'll give you my best guess at how it works. I believe that the Kresus wallet does use a seed, but it stores only an encrypted copy of it and is unable to decrypt it directly.

To get a decrypted copy of the seed, the wallet sends the encrypted copy to the HSM, which decrypts it and returns the decrypted copy back to the wallet. Then the wallet uses the seed normally. When the app is closed, the decrypted copy is destroyed.

SquirrelJulietGarden

hero member

Activity: 1316

Merit: 727

Kresus is centralized that is not good. Is it open source? It is close source!

It does not require wallet password but will send you a link in email. I don't like to rely on my email security to use my wallet. It is always bad to connect my wallet to other accounts especially those accounts are connected to Internet a lot like my email.

Whatever word they call the link is, like 'magic link', I consider it as horrible link.

BitDane

sr. member

Activity: 1372

Merit: 348

Quote from: _act_ on May 11, 2023, 09:31:54 AM

Quote

Unlike a centralized exchange, Kresus does not use passwords to authenticate users, since stealing password hashes and cracking them is one of the most common techniques hackers use to get access to web accounts. Instead, it requires users to click a link from within an email each time they attempt to log in.

When it comes to sending crypto, users don’t need to cut and paste crypto addresses on Kresus. Instead, the app allows each user to register for a free .kresus domain name through Unstoppable Domains, which they can use to send crypto to others.

Which means only the people that are using the wallet can send to themselves. This is centralization.

Obviously it is centralization.

Quote

What do you people think about this wallet that I can not recommend?

I also can't recommend the wallet due to its possible weak security. I don't believe in magic btw.

Hyphen(-)

hero member

Activity: 812

Merit: 725

Quote from: _act_ on May 11, 2023, 09:31:54 AM

Quote

Unlike a centralized exchange, Kresus does not use passwords to authenticate users, since stealing password hashes and cracking them is one of the most common techniques hackers use to get access to web accounts. Instead, it requires users to click a link from within an email each time they attempt to log in.

When it comes to sending crypto, users don’t need to cut and paste crypto addresses on Kresus. Instead, the app allows each user to register for a free .kresus domain name through Unstoppable Domains, which they can use to send crypto to others.

Which means only the people that are using the wallet can send to themselves. This is centralization.

Because you must register through the app domain, I can also refer to this as centralization.
What if the app is been hacked, are your Funds safe since you are not in full control over them?

Furthermore, they stated that by clicking on some links provided in the mail, what if the user's email is compromised and the hacker gains access to the wallet by clicking on the link provided in the mail?

Coyster

legendary

Activity: 1946

Merit: 1224

'Life's but a walking shadow'!

Eliminating seed phrases, passwords and keys doesn't make ones crypto safer, rather it makes it more susceptible to being stolen. People erroneously think that services like this are doing them a good thing when they take away the responsibily they owe to their funds. Not your keys, not your funds, wherever they say they store it, you can't be sure of its safety, and you should always have your seed phrase to recover your funds yourself, anytime you need to. Keeping your seed phrase, passwords and keys is part of the responsibility of being your own bank, thus do it yourself.

Having said that, this wallet shouldn't even be used becaus we aren't short of better/safer alternatives, but if anyone is considering doing so, it should be for experiment and with a very inconsequential amount of money.

Doan9269

hero member

Activity: 812

Merit: 560

Quote from: _act_ on May 11, 2023, 09:31:54 AM

Quote

Speaking to Cointelegraph, the Kresus team said that their new wallet app attempts to fix this problem using a wallet infrastructure and software development kit (SDK) called “Magic,” which stores the user’s private key on an Amazon Web Services computer that is specifically designed to store highly sensitive information.

The AWS computer encrypts the user’s key with a Master Key that cannot leave the hardware module, much in the same way that a hardware wallet does. This eliminates the need for seed words or private keys to be stored on the device or kept as a paper backup, the team said.

This isn't good enough for those that can understand the influence of a third party andbthe use of a central server online storage apps, they can bebas dangerous as unaware to users and not everything they gave to say you believe, why can't you device a means to secure your seeds yourself than relying on their system for the storage, what is the guarantee that they can't be bridged, track you or got attacked themselves by hackers.

Quote from: _act_ on May 11, 2023, 09:31:54 AM

Is seed phrase a problem?

It's not a problem but how you store it is what determines it's a problem or not.

bitmover

legendary

Activity: 2212

Merit: 5622

Non-custodial BTC Wallet

Quote from: _act_ on May 11, 2023, 09:31:54 AM

Is this good?

The wallet was launched by Kresus. It uses magic link to sign in users which makes the wallet not to require password login. Only on Apple Store for now.

https://cointelegraph.com/news/new-wallet-uses-amazon-hardware-security-modules-to-eliminate-seed-words

There is too much trust involved, specially in Kresus team.

Seed words simple work.

They are safe to use, easy to store and easy to recover when necessary.

They are working just fine.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

I find this risky for various reasons:
* that company can be hacked (it will become a target an bugs can exist)
* AWS can get hacked
* some Amazon employee may try to look in there (dirrect access, correlations, sniffing)
* that company employees may take a look
* that company may get bankrupt
* mail accounts tend to be more hacked than many other online services
* and .. is this a custodian wallet? what if their hot wallet is hacked directly or they run with the coins?

Plus, yeah I don't believe in magic Cheesy

Zaguru12

hero member

Activity: 672

Merit: 855

Quote from: _act_ on May 11, 2023, 09:31:54 AM

Quote

Unlike a centralized exchange, Kresus does not use passwords to authenticate users, since stealing password hashes and cracking them is one of the most common techniques hackers use to get access to web accounts. Instead, it requires users to click a link from within an email each time they attempt to log in.

This right doesn’t makes it a bit different from centralized exchanges. One of the easiest scam or attack by hackers is compromising one’s email address, sending a link to email address could just hand ones account over to the hackers should the email be compromised. This is something that the centralized exchanges do currently when resetting passwords that is said to be risky. So it still doesn’t changes anything. Except if one could change Email all the time which will also one way or the other be prone to hacks.

Also storing private key online, no matter how sophisticated the service might be at moment to getting hack is still not a create idea because a this service gets breached then everything on it will just get exposed

_act_

hero member

Activity: 868

Merit: 1094

Is this good?

The wallet was launched by Kresus. It uses magic link to sign in users which makes the wallet not to require password login. Only on Apple Store for now.

https://cointelegraph.com/news/new-wallet-uses-amazon-hardware-security-modules-to-eliminate-seed-words

Quote

Speaking to Cointelegraph, the Kresus team said that their new wallet app attempts to fix this problem using a wallet infrastructure and software development kit (SDK) called “Magic,” which stores the user’s private key on an Amazon Web Services computer that is specifically designed to store highly sensitive information.

The AWS computer encrypts the user’s key with a Master Key that cannot leave the hardware module, much in the same way that a hardware wallet does. This eliminates the need for seed words or private keys to be stored on the device or kept as a paper backup, the team said.

Is seed phrase a problem?

Quote

Unlike a centralized exchange, Kresus does not use passwords to authenticate users, since stealing password hashes and cracking them is one of the most common techniques hackers use to get access to web accounts. Instead, it requires users to click a link from within an email each time they attempt to log in.

When it comes to sending crypto, users don’t need to cut and paste crypto addresses on Kresus. Instead, the app allows each user to register for a free .kresus domain name through Unstoppable Domains, which they can use to send crypto to others.

Which means only the people that are using the wallet can send to themselves. This is centralization.

Quote

The Kresus team stated that because of the way Magic infrastructure works, neither they nor the Magic development team are able to see the user’s private key during account creation or login, so they cannot make unauthorized transactions.

How can we know that?

I can not go beyond using open source seed phrase wallets that will give me the complete control of my coins.

What do you people think about this wallet that I can not recommend?

Topic: New wallet uses Amazon hardware security modules to eliminate seed words (Read 128 times)