The Timelock Function - It was written - We want it, Proposing to implement it!

in #steem-security6 years ago

08922036543.jpg

Securing STEEM Accounts with an extra timelock was written by @picokernel here: https://github.com/steemit/steem/tree/htlc-operation. I want to shine some light on this because I see a need for extra security in order to negotiate a better insuranse policy for my company and its cryptocurrency holdings.

Making STEEM more secure then it is now!

SteemPower which in itself is a great function, but in addition we seek the functionality to enter an extra password when logged out of our devices so that changes like delegating/undelegating, withdraw/power up/down will be delayed by for example 12 hours or years unless the extra password is entered.

a 2FA for your brain - Your capital account is now running in SAFE MODE - Go on Vacation!

This extra password can be an easy to remember password, a 2FA for the brain, you log in or out like normal - but if you are going to do any activ/owner key related this timelock will give the legit owner extra security in order to cancel a transaction and undo everything a malicious attacker has done.

We are also feeling HF20 is overdue, still missing functions from HF19, 18 and even 17

Thank you for reading, please take time to analyze and comment below. For 24/7 Voice and Text chat about STEEM development, come to http://STEEMspeak.com - STEEM will be 2 Years in 2 Months - Vote for @fyrst-witness and as always, steem on and have fun :)

unnamed.png

Sort:  

If the feature is ready why not roll it?

In general last half a year I see steemit.inc pursuing piece of buzztech called SMT having completely forgotten about all the rest. If you so much like big RnD projects then build a separate team to run them. Now the platform needs are lost, community socially deteriorates and steemit.inc just build another level on their ivory tower.

This aprroach is fundamentally wrong.

SMTs are important too, but securing capital accounts better on the blockchhain level is even more important. If we are to hold major amounts of money on this network, then this timelock security is a solution there are many issues for and I agree, why not roll it. Just do in.. @ned, got some time for a friendly steemspeak talk tonight?

@fyrstikken - thanks for your reply but..

  • We need to think the scaling problem out. Time is short
  • We need far better frontend
  • Bandwith issues starting to affect minnows left, right and center
  • We have voting bots on a loose which break the whole content ranging system
  • SBD unpegged from dollar and doors to real commerce on STEEM platform is shut.

And these are only the worst problems. SMT will make things worse, not better.

are you not making money on all this?

I see potential far greater than any short-term gain if these problems would be solved.

Well, those problems can be solved. But with an SMT market that will require capital, a system to secure that capital is IMO needed so we dont end up like bitshares without liquidity because people prefer bittrex with 2FA locked in instead of holding coins on the internal marketplace which is only a lost active key away from being stolen...

It is recommended to use multisig wherever possible in SMT whitepaper.

Very good point. Even bitconnect has 2FA.

The program is interesting ... But I mostly trust the identification via the phone by SMS.But there is no such option on steemit.Good post @fyrstikken !Good luck to you!

олло.png

Cell phone security warning. Be careful with cell phones and SMS.

Open authenticator like former gauth would be far better.
Don't know why we hadn't blockchain project working on it.

Agreed no cell phone security don’t do it Authenticator seems to be good

I like your post if you have time to visit my bog because I am newcomer in steemit

I agree. For instance, the apps have a bit too much permissions even with the posting key. There is a need for a more layered security model and a password could be a start!

Timelock makes sense. Steemit.Inc and witnesses where talking about it on @aggroed's Steem growth forum on @msp-waves Radio in December.

yes, much talk, much github work, but also delaying releases that could be implemented while other github issues are being worked out... Feeling no sense of progress at the moment.

Perhaps a regular forum WITH Steemit.Inc on the panel would help instilling more confidence and most importantly: Set expectations.
cc: @aggroed

@globocop Yes, it would be good to hear from and ask @ned some questions and have some of them answered, @aggroed.

You cant have too much security,, there should simply at least be an option for the extra security.

pocketsend:100@fyrstikken, thanks!

Successful Send of 100
Sending Account: bachone
Receiving Account: fyrstikken
New sending account balance: 1000749
New receiving account balance: 198
Fee: 1
Steem trxid: f40bcf5956e2ace7991059e4ab3feed0950c750f
Thanks for using POCKET! I am running this confirmer code.

I like this idea and I respect that you're thinking about security @fyrstikken, as many platforms and users are not thinking about this. You are right that this will become more of a concern. If people do not feel that they can secure anything on these platforms, will anything else matter?

Some users on this platform may be similar to btc-holders who are willing to keep what they have locked. I think adding an option to set a lock for a period of time also may be beneficial, such as a person selecting no power downs for 10 years, which restricts the account in case of compromise.

Nice to see you again, @fyrstikken .

You've certainly touched on an unanticipated problem. Now that Steem's market cap is ~$1.5 billion, a whale-sized account represents a lot of money. I'm only a small orca, but the market value of my account is five times the market value of a 1 kilogram gold bar.

[Fun Fact: While I was verifying the above, I found out that APMEX now accepts Bitcoin...]

That's a wee bit scary when ya think about it. If I owned the equivalent in gold, I'd prolly store it in a safety deposit box or vault.

Even if a randomly-generated password is strong, it still represents a point of vulnerability. Like a key to a safety-deposit box, passwords can be stolen. Your suggestion certainly has merit.

Thank you friend, for the opportunity to comment on the issue of long-promised, overdue Steemit functions.

"We are also feeling HF20 is overdue, still missing functions from HF19, 18 and even 17"

I have written about a feature that was long ago promised to be in HF17, that is the ability for content creators to edit any of their older posts, without limit.

Instead of giving us that, our ability to edit was reduced from 30 days to only 7 days... :(

I have written about this again, and again, and again...

I'm still waiting!

Good luck, @fyrstikken, in getting your Timelock Function implemented... :(

😄😇😄

@creatr

With the increasing value of our cryptocurrencies, I think it is very important to have more security of our securities deposited in our accounts, never is an extra password, we know that hakers are at the forefront and expectations to operate.
excellent initiative dear friend, many successes in Timelock implementation
I wish you a great day dear friend @fyrstikken

steemit is growing even people are trying to have an account to join. as the number of users is certainly very useful what you have developed. comfort is needed here. maybe i will keep finding out about this. many people still lay in this, let alone in my area. I really need more instructions. I have also joined your channel on discord. thanks for information sir. i always like you ..

this seems to me a very good discourse. I am very happy to hear this. I have never felt HF20. I hear it is very beneficial to the users. thanks for information sir. i like you

Coin Marketplace

STEEM 0.37
TRX 0.12
JST 0.040
BTC 70162.45
ETH 3540.43
USDT 1.00
SBD 4.79