You are viewing a single comment's thread:
RE: HiveSigner is INSECURE? - discussion and deep dive
I remember hearing talk about making it that at the blockchain level hive nodes will reject transactions that use of keys far above the permissions required. like using owner to sign active key transactions, I'm not sure if it's already in effect though.
One reason HiveSigner asks for the master password is it is a quick way to import all keys since all keys are derived from said password but still I wouldnt even do that. I'd rather take the time to import each one.
Now here's a question.. How does one clear your keys from your local storage if you previously used hivesigner?
Since I hardly use it I'd prefur to not have my keys sitting there potentially insecure.
I'm a Hive Witness supporting the blockchain, please consider voting for me. - find out more here!
So I can go to manage site data in this browser, and it allows me to delete it.
The one thing I didn't test is, if I "save and encrypt", can I still clear it from my local cache? If not, where does it "go"?
I've noticed something, when not logged into hivesigner, the keys are not in local storage, I assume they are elsewhere encrypted with the password you set up on hivesigner. It's only if you are logged in to hivesigner are they exposed.
So as long as you haven't logged in on a compromised device or browser you 'should' be fine. But this does beg the question I think all extensions can access local storage data if enabled so there is also potential for malicious action there too.
I generally have my browser extensions restricted to certain sites so I'm fine there.
There also is no way to actually sign out of hive-signer except by probably closing the complete browser.
Donno if the local storage is ever accessible besides the site being open in a tab.
You can actually remove accounts from hivesigner via hivesigner which is the best way to go about it I think.
I'm a Hive Witness supporting the blockchain, please consider voting for me. - find out more here!
View more