Wallet Security Q's

[Digi-Sol]

Hi Mista Phi,

I was wondering if you could give us a summary of the layers of security, the technology behind the wallets etc.

I have been asked about this in my community and this article below was produced. Not sure it has any relationship in our context but I would like to get it from the horses mouth, as it would be. Thanks in advance.

https://www.fireblocks.com/blog/bitforg ... providers/

[mistaPhi]

Hi Mista Phi,

I was wondering if you could give us a summary of the layers of security, the technology behind the wallets etc.

I have been asked about this in my community and this article below was produced. Not sure it has any relationship in our context but I would like to get it from the horses mouth, as it would be. Thanks in advance.

https://www.fireblocks.com/blog/bitforg ... providers/

Hi Digi-Sol... Fair question.

I'll say that none of these standard MPC protocols were considered, but security was a top focus in the design of the wallets; and the wallets were designed with numerous levels of security.

At the top level, there are the interfacing websites (like sovereignbitforge.com). As with any website of interest, hackers will inevitably try to hack their way in, capture sensitive data, or crash the website itself. And to date, our wallets have encountered and remained unscathed from numerous attacks (including DDOS attacks, brute force attacks, and various client-side attacks). So there has been a bit of battle testing over the course of 18 months and where the initial DDOS attacks caused some temporary disruptions to the service, this was quickly mitigated and all repeated attacks have failed. The front end was designed to inherently prevent brute force attacks by restricting the number of failed login attempts and blocking access when excessive amounts of failed login attempts have occurred. Furthermore, absolutely no sensitive data is stored on the front-end websites.

At the next level, we have back-end processes that perform a slew of verification checks and authentication measures. Security implemented at this level completely restricts unauthorized access and not only prevents client-side attacks, but also logs and reports such attacks so they can be analyzed. Such visibility allows me to be proactive to maintaining or implementing additional security measures as needed.

At the base level are several Bitcoin nodes running our custom-designed interfacing software and they are as secure as running the Bitcoin core software itself. Those that run Bitcoin nodes understand that the only way that funds can be sent from passphrase-enabled wallets is if that unique passphrase is satisfied. The same applies to the interfacing software that is running on these nodes. And as an added security measure, none of the external applications for the wallets have access to or initiate connections with our Bitcoin nodes. The software running on the nodes establishes connections with our back-end applications, allowing the nodes to remain isolated and free from any inbound connections that are associated with our Bitcoin wallets.

Ultimately, you guys aren't dealing with a fly by night developer here... I've worked as a programmer, business analyst, IT manager, and business owner; and I've developed a number of solutions and financial products in the past (end-to-end). So I understand full well the importance of security and I'm quite satisfied with the security features that have been designed in our wallets.

Should anyone have a concern, I'd certainly recommend that they submit the site to the Bitforge Status Checker or any other testing process and see what comes up. And if something comes up, let me know by all means so I can take the necessary steps to further secure the platform.

[Digi-Sol]

Perfect! Thank you for taking the time and enlightening us on the setup. Its reassuring to know the kinds of measures you have implemented. This will be a valuable post for any newcomers coming into the system. Appreciate it!