Pages:
Author

Topic: ZelCore wallet (Read 765 times)

full member
Activity: 462
Merit: 100
Abandon all hope — Ye Who Enter Here
November 22, 2018, 11:47:21 AM
#22
what is zilcore ? faild to understand on your posts
legendary
Activity: 2212
Merit: 7064
October 31, 2018, 01:14:56 PM
#21
A paper regarding d2FA has been published. It technically explains
how this part of ZelCore which main purpose is to enable Easy Login functions
and how other crypto projects can utilise this feature as well.
We are looking to expand on this idea even further and bring users privacy and security beyond the edge.
https://github.com/TheTrunk/d2FA/blob/master/d2FA_paper.pdf
legendary
Activity: 2212
Merit: 7064
October 15, 2018, 05:18:55 PM
#20
Good comparison and explanation about ZelCore wallet,
new decentralised d2fa and more you can read on two Medium articles

ZelCore — Security, Convenience, Full Custody
https://medium.com/@ZelOfficial/zelcore-security-convenience-full-custody-35d81bf01862

Crypto Wallets — Past & Present
https://medium.com/@ZelOfficial/crypto-wallets-past-present-23eacf0deff8

newbie
Activity: 6
Merit: 0
October 05, 2018, 03:13:58 PM
#19
well i think this image will help https://pbs.twimg.com/media/Doqy5TSX4AIqNUw.jpg
if u have more qestion  " Live Public Meeting - Saturday Oct 06 @ 17:00 UTC | 1pm Eastern
Topics include Zel ID, new ZelCore Desktop Features, Foundation setup, Blog, and the Q&A
We will send out Youtube link earlier than normal so more people can hopefully join
Thumbs up if you plan to watch. Thanks!"
HCP
legendary
Activity: 2086
Merit: 4363
October 05, 2018, 03:06:51 PM
#18
Interesting concept... Any idea whereabouts "on the blockchain" this data is being stored? Presumably, using OP_RETURN (if BTC)... So who pays for that transaction?

Which also begs the question, given that Zelcore is multicurrency, which blockchain is it storing the data on? Huh
staff
Activity: 3500
Merit: 6152
October 05, 2018, 02:51:01 AM
#17
It's probably not an in-depth explanation but I found this from the support/FAQ page:

Quote
When you create an account using your nickname and password, ZelCore takes this password and create a salted hash from it.

ZelCore then adds your nickname to that and creates another salted hash from that value. This value (SHA256 hash) is the encryption key.

The encryption key is used to encrypt both contacts.json and wallet.dat files with AES-256-CTR algorithm.
HCP
legendary
Activity: 2086
Merit: 4363
October 04, 2018, 11:54:28 PM
#16
Bob123 has a valid point...

The main "security" of Bitcoin private keys and seeds comes from a good source of entropy. History has shown that humans picking passwords generally results in very low entropy.

However, there are ways around this issue. For instance, the method that "Warp Wallet" uses... As long as a sufficient number of iterations of a sufficiently "slow" algorithm (script in the case of Warp Wallet) are used, it's possible to prevent brute forcing (or at least make it VERY time consuming)...

They had a challenge that used a password of just 8 alphanumerics and a salt of "[email protected]"... Prize was 20 BTC (when BTC was ~$10K)... It went unsolved.  Shocked

However, without being able to see the source code for Zelcore, we have no way of knowing the algorithm used for getting from username+password ---> privkey
member
Activity: 176
Merit: 20
Knowledge is power
October 02, 2018, 03:02:13 PM
#15
No need to argue it's just a wallet. If someone doesn't trust it by all means he can use something else. Truth be said I'm moving my bitcoin there after the security audit.
jr. member
Activity: 210
Merit: 6
October 02, 2018, 01:56:04 PM
#14
Mister bob123 also stop using your closed source Iphone, Windows, Mac...

If you are so smart developer creating any kind of bots or software,
then you can also bruteforce it,
please do it.

Good luck
legendary
Activity: 1624
Merit: 2481
October 02, 2018, 03:19:25 AM
#13
The combination of the username+password generates the private key in Zelcore. Nothing is stored on servers. If you combine a very strong user name and password, I'm no expert but it's seems it pretty secure, [...]


You are wrong. It is wrong to assume it 'pretty secure'.
You need a proper source of entropy to create a truly random private key.

If all the private key is based on is the 'entropy' of a human brain, you already lost. This is BY FAR less secure.
The key space to bruteforce is only a small percentage of the overall space in this case.



Quote
So.. your wallet basically is a brainwallet.

No it is NOT brainwallet, where did you get that idea from?  There is no phrases to pick, you must make your own login and password. They are hashed together to generate private key and there is no third party involved.

You do realize that you don't have to pick a 'phrase' for a brainwallet, but pick something. And with a login and a password, you are effectively choosing everything which the private key will be based on.

This is the pure definition of a brainwallet.



Quote
So.. your wallet basically is a brainwallet.

2nd You are totally wrong... it is not brainwallet at all.

 Roll Eyes

All of these jr. to member accounts claiming this do either not know what a brainwallet actually is or are somehow related to this wallet.
For me, this seems very fishy.


I would NOT RECOMMEND anyone to download/try/use this wallet!

Security-wise it creates an extremely weak private key (against bruteforcing) compared to a 'proper' desktop-/mobile-/hardware- and even online-wallets.
Additionally it is closed-source. So NO WAY to verify that there is no malware and/or backdoor.
jr. member
Activity: 210
Merit: 6
September 30, 2018, 04:32:57 PM
#12
Quote
So.. your wallet basically is a brainwallet.


1st it is NOT my wallet, I am only using it. (My main wallet still is hardware wallet)

2nd You are totally wrong... it is not brainwallet at all.

3rd You probably use many things that are closed source everyday, maybe Iphone or other things,
so if you want to be consistent then stop using any closed source like Windows, Iphone, iTunes, Adobe, macOS ...
Btw... I do agree that Opensource is better, but it is not perfect
member
Activity: 82
Merit: 10
September 30, 2018, 01:58:44 PM
#11
Yea, I am not sure a self-generated username and password is a brainwallet. You can still create extreme random alpha-numeric sequences to protect your wallet as securely as a private key.

Rumor has it ZelCore is launching a decentralized 2fa to secure wallet shortly.
member
Activity: 176
Merit: 20
Knowledge is power
September 30, 2018, 11:49:30 AM
#10
The combination of the username+password generates the private key in Zelcore. Nothing is stored on servers. If you combine a very strong user name and password, I'm no expert but it's seems it pretty secure, at least untill quantum computers appear. In the near future an additional layer of security will be added called Zel ID that will be a decentralized form of 2FA.
legendary
Activity: 1624
Merit: 2481
September 30, 2018, 01:04:23 AM
#9
username + password = priv key

So.. your wallet basically is a brainwallet.

This is the WORST form of creating a private key. Zero entroy, zero randomness.
Only fully predictable inputs from user.

A lot of people have already lost money through using some phrases of a book as a brainwallet.
Now, this wallet expects people to only choose a username and a password to derive a private key..


Security-wise, this is a horrible approach.



You are correct. Zelcore is Closed source.

Again, security-wise.. this is horrible.


I'd recommend everyone to NOT USE this wallet.
You can't be sure what code is running. And even if the code is not malicious, the whole concept is extremely bad and unsecure.

For pocket money and just to try it out - sure.
But for more than a few bucks - never. The chances of losing money (either through bugs, exploits, backdoors or simply the worst mechanism ever to generate private keys) is too high.
jr. member
Activity: 210
Merit: 6
September 29, 2018, 03:29:27 PM
#8
Is it just me... or is ZelCore closed source? Huh I couldn't find any links to a github or other software repository anywhere on their site...

You are correct. Zelcore is Closed source.

One answer from developers:

ZelCore is closed source. Reason being that if it were open source,
there would be many clones of the same wallet made that can easily have malicious code added,
creating confusion of which wallet to download for the user, and scams become a large issue.
This is the main reason why none of the multi wallets utilize open source, to protect the brand and the end user.

We have been actively looking for a trusted, 3rd party source to do a security audit on the code.
This will be performed in the coming months.
We are waiting until after Mobile is released to have both sets of code audited into a single report.

HCP
legendary
Activity: 2086
Merit: 4363
September 28, 2018, 04:07:01 PM
#7
Is it just me... or is ZelCore closed source? Huh I couldn't find any links to a github or other software repository anywhere on their site...
jr. member
Activity: 210
Merit: 6
September 26, 2018, 01:24:41 PM
#6
You have Electrum and Bitcoin Core for desktop, Coinomi (not recommended though, not open source) for phone and I think GreenAddress as a web wallet as well.

Thank you for this information.
I really don't understand why some wallets and also some exchanges don't want to add segwit support.
staff
Activity: 3500
Merit: 6152
September 26, 2018, 05:44:06 AM
#5
You have Electrum and Bitcoin Core for desktop, Coinomi (not recommended though, not open source) for phone and I think GreenAddress as a web wallet as well.
jr. member
Activity: 210
Merit: 6
September 26, 2018, 05:41:45 AM
#4
One thing that I would like to see in Zelcore wallet regarding Bitcoin
is implementation of Segwit addresses.

I am not sure if there is any software Bitcoin wallet that supports segwit addresses.
If anyone knows any please wrote below. (Excluding Ledger and other hardware walllets)
jr. member
Activity: 210
Merit: 6
September 22, 2018, 03:37:07 PM
#3
I haven't tried the wallet but one screenshot caught my attention. The fact that there is a username and password needed means that everything is stored in the server side?

No it's not.
You can ask team for more information, but
username + password = priv key

The public ledger has lite addresses listed via the block explorer since they are public,
like if you enter your address (lite or full) into the block explorer,
but not storing anything specific, just running the block explorers.

Pages:
Jump to: