antanst, aka Evil Bob impersonator, has raised a security weak spot in the current gateway design.
Each gateway currently generates a custom deposit address and when a deposit comes in, it immediately sweeps it to the main multisig acct. The duration of exposure is less than a second (could be set to 50 milliseconds), but it is exposure.
So, I am changing things so that there is no sweeping into a main account. All custom deposit addresses will be 2 of 3 multisig. This will require a fair amount of internal changes, but it eliminates the in transit deposit exposure. Now, all deposits will go directly into a multisig account and stay there until a withdraw request needs the funds.
The multigateway isnt perfect, but I will do everything possible to make sure it is as safe as I can make it.
Does anybody know how to setup google authenticator? I think it works by having a seed value associated with each user. I can put the encrypted value of this seed in the AM response to the user. Then for people who choose to activate this feature, they would need to go to a webpage, input their NXT acct # and authenticator token
With such a setup, can anybody think of how Evil Bob can attack the gateway? All I can think of it a spite DDos attack that would just slow things down, but no money lost. Any other attack vectors? Can someone forge the NXT acct # in the "sender" field in a confirmed AM transaction?
James
The difficulty arises with the user authenticator Google documentation . One Base32 ( secret ) key is expected . You must set the secret key to Base32 in KeePass and restrict your secret key to the base 32 character set : az, 2-7. KeePass allows "= " but not Google authenticator . Base32 length secret key Apart expressed in multiples of 8 characters.
A configuration that works :
Adjust the settings OTP Lock :
Long: 6
Secret key : abcdefghxz234567 ( Base32 )
Counter : 0 ( Dec)
OTP Number 3
Looking forward 9 (allows 3 failed attempts to unlock using KeePass newly generated OTPs before a recovery is needed because the counters have become too out of sync. )
Set Google Authenticatorsecret key : abcdefghxz234567
counter : counter based
The first 6 OTPs are:
442843
724600
994 767
847 513
160505
583 080
Make sure you never lose the secret key or it will be permanently locked out of KeePass if counters lose synchronization. It also recognizes that the real secret is the secret key is not the OTP .
OtpKeyProv
Plugin Author: Dominik Reichl, Plugin Language: English
http://keepass.info/plugins.html#keeotpOtpKeyProv is a key provider based on one-time passwords. After protecting your database using this plugin, you need to generate and enter one-time passwords in order to open your database.
All generator tokens that follow the OATH HOTP standard (RFC 4226) are supported.
Download plugin: [v2.2 for KeePass 2.20 and higher]
Download source code: [v2.2 for KeePass 2.20 and higher]
If you instead want KeePass to generate one-time passwords, see the {HMACOTP} placeholder. For generating time-based OTPs, see the KeeOtp and Tray TOTP plugins.
I am planning on generating a random seed when a user enables google authenticator and storing the encrypted version in the blockchain. That will keep it safe from being lost (at least until blockchain purge, guess need to regenerate seeds again).
I dont want to use keypass, I dont want to secure any database. I just want to be able to generate a google authenticator token when a withdraw request is made. So I need a C callable function where I pass in the random seed for the user and get back a pass/fail response. Some details about synchronizing the pass/fail response with user input.
I dont want to spend time figuring out how to configure a server, etc. I need somebody that can setup their own server with webpage that I can send an API to. Once it is all working, we can move it to the gateway server to avoid sending anything over the internet.
James