Account Protection

From Bitswift Wiki
Jump to: navigation, search

Protecting your account with a public key.

When sending Bitswift tokens (BITS) to a new account using the new account's address the resulting account is protected only by 64 bit account id which is somewhat weak and not by the 256 public key which provides superior protection.

The risk is that someone can brute force a passphrase that maps into the same account id so that both accounts are indistinguishable so that the attacker can spend the funds in this address.

More specifically, the reason why this one-time extra step is recommended is because the 8-byte account ID is much shorter than the 32-byte public key it is derived from. There are many secret passphrase/public key pairs that reduce to the same account ID (2^192 keys). But once a particular public key is associated with an account ID by storing it in the blockchain, no other secret passphrase that generates a different public key can access that account.

A simple step has to be taken to record the user account public key in the blockchain.

Option 1 - submit an outgoing transaction from the new account

Any type of outgoing transaction will do, since the user is signing this transaction with his passphrase and by doing so records the public key in the blockchain. This transaction can for example be sending bitswift or sending a message, registering an alias or creating any type of outgoing transaction.

Note: your account must contain enough Bitswift to pay the transaction fee to the Bitswift bundlers, so you have to fund it with some Bitswift first. Users can can purchase Bitswift through the bitswift.cash gateway service.

Option 2 - another account can announce the public key of the new account to the blockchain

Any type of transaction in which the recipient is the new account will do. The sender needs to specify the new account public key as the "recipientPublicKey" parameter for the transaction API or using the wallet "Recipient Public Key" field. Most exchanges which support Bitswift token markets, already supports this public key announcement function.

Finding your public key:

To find your account public key, simply login to your account using your passphrase (not using your Bitswift address). If the account is not registered on the blockchain yet, the public key will be displayed on the dashboard.

For registered accounts you can find the public key by clicking on the "Account Balance" tile from the dashboard.