(translated from this post)
MUST READ BEFORE CREATING A Ğ1 ACCOUNT (v3)
Security Recommendations for Your Ğ1 Accounts
You are responsible for the security of your Ğ1 member account, if someone hacks your key, not only will you lose all your currency, but in addition this person will be able to pretend (s)he is you and discredit you in the eyes of the whole community.
The security of your member key is extremely important, at least as important as the keys to your home or car if not more!
The same applies to all your Ğ1 non-member accounts.
For each of your Ğ1 accounts you must choose:
A protection phrase also called Secret Identifier
Choose a Diceware Protection Phrase
Diceware is a protocol designed to allow you to randomly generate a very solid and easy to remember protection phrase.
Everything is explained on the diceware webpage.
Do not choose your protection phrase yourself! Today some behaviorists perform miracles by gathering a lot of information about you, and a government agency will find your protection phrase if it really wishes to.
The risk may also be around your loved ones, in whom you trust, one of them may very well guess your protection phrase and betray you one day, you will never even know who it is.
To generate a truly random protection phrase, you will need a real dice. If you do not have one, you can borrow one. And if you do not have friends, a five-dice game will cost you only 2.5 debt-currency units in supermarkets, it’s a worthwhile investment!
Then choose the number of words of your protection phrase, depending on the level of security you want:
- four words can be broken by a hundred PCs,
- five words can only be broken by an organization with a large budget,
- six words seem to be unbreakable in the near future, but could be within reach of a big country’s government,
- seven words are unbreakable with current technologies,
- eight words should be safe for the times to come.
And preferably enter your protection phrase on a virtual keyboard, (I use florence), especially if you are on Windows, many applications can log your keyboard inputs without you knowing it. I suspect mycrosoft is doing it, we also know that some antiviruses do.
However, recording the video stream of your screen while you enter your protection phrase would use a lot of material resources, and would not go unnoticed.
Everything is on the diceware webpage, it won’t take you more than 10 minutes.
Practice typing your protective phrase a dozen times or so so that it sticks into your memory, then destroy the paper on which you wrote it down, burn it if you can.
Secure your password
For each of your Ğ1 accounts, you also need a password in addition to your Protection Phrase.
As a security measure, your sensitive passwords should never be displayed on the screen, nor entered on the keyboard.
And the password for your Ğ1 account IS sensitive.
I recommend that you manage the password of your Ğ1 account, as well as all your other passwords for that matter, with a free and secure software like KeepassX.
It will allow you to randomly generate passwords that you will never know, because you will only copy and paste them without ever displaying them or entering them.
Your KeePassX database must obviously be protected by a very strong master key, so it is best to use a DiceWare protection phrase as the master key.
You can safely use the same protection phrase for your Ğ1 account as a KeePassX master key, but in this case I recommend at least six words and at least a special character to make it truly unbreakable.
Personally, I use a seven words protection phrase including a special character, so I could keep it for my whole life, at least until the advent of quantum computers!
A video tutorial on KeepassX >> https://youtu.be/oPRqO8b3n1w
Immediately download your Revocation Document
As soon as you have created your account, do not wait to become a member, immediately download your revocation document. Here is the procedure to do this on Cesium then on Sakia :
- On the page « My Account », click on the « OPTIONS » button
- Click on the option with a lock « Sign in and Security »
- Click on « Revocation »
- Click on « Save a revocation file… »
See the following screenshots :
This is very easy to do on Sakia, you just have to right click on your identity and click on « Save revokation document » (see screenshot below).
Next, save your revocation document onto two different external media (usb keys or / and memory cards).
Keep one of the devices always with you, in your wallet for example, and hide the second device at home.
How can I modify my Ğ1 Key?
Modifying your Ğ1 key, provided that you still have access to your current key, has not yet been integrated into Duniter, but this is planned: slight_smile:
On the other hand, it is not possible to reset your key in case you lose your protection phrase or password.
Your Ğ1 key is currently generated by the asymmetric algorithm ed25519.
You can completely change the key by keeping the same DiceWare protection phrase, just enter a different password.
(This part will be updated as soon as the functionality is available).
I have lost/forgotten my protection phrase and/or my password
You must immediately revoke your account with the revocation document you are supposed to have downloaded when creating your account. You will not be able to recover the money that was in your account, it is lost forever.
In addition, you must recreate an account from scratch and request new certifications to become a member again. You will not create any Universal Dividend until you regain your member status.
To revoke your account in Sakia, click on the three-bar menu at the top right of the window and click on « Publish a revocation document »:
Daily Protection of your Member Account
You should always be careful in the way you use your secret id and password.
Consider especially that smartphones, computers of friends or relatives as well as business computers (this list is by no means exhaustive) may be compromised. That is why you should never use your « member account » to connect using one of those.
In all such cases, consider that anytime you can create one or several « non-member » accounts that will be called here « wallets ». (1 Wallet = 1 secret ID + 1 password = 1 public key). Those are called « simple wallet » in some clients. Money can be sent to one of those and be used in poor security contexts.
Please consider the following:
- Do not try to publish an identity using those wallets. This would be interpreted as an attack against the Web of Trust.
- Whenever you create a simple wallet, use the same rules and precautions than when creating your member account.
- Generate the secret id and password offline, on a liveusb system. The very best is to generate EWIF paperwallets.
- Never use a single wallet to store all your money. The poorer the security on the wallet, the less money it should hold.
- You should ask people to send you money on simple wallets rather than on your member account.
- There is no reason to send back money from a simple wallet to your member account.
- Once used on a low-security environment, consider your wallet as compromised. Immediately send any remaining balance to another wallet and don’t use this one anymore.
- Always keep your wallets ids in a safe place (even if you consider you will not use them anymore).
- If a wallet balance gets under 1 Ğ1, money will be destroyed and the account balance will be 0 at the end of the transaction.
All operations on the Ğ1 network are public. However, unlike member accounts, simple wallet are not publicly associated to owners. Therefore, by using them you can gain partial anonymity.
However, one could guess with some confidence a simple wallet owner through graph operations studies, social engineering and calculations. That’s why it is recommended to:
- Never use a wallet for more than one transaction.
- Never send money back to your member account. Prefer sending it to another wallet you may use to pay.
- Never give sensitive information in the comment field. If you need to do so, use an encrypted message (some clients may offer this functionality natively in the future).
Someone may be sniffing network traffic on duniter nodes. In such a case, transaction sender IPs may be recognised. To prevent this, you may use TOR to send your operation instructions (french link : https://librelois.fr/2017/05/08/utiliser-g1-anonymement-via-tor/)
You want more security?
For maximum security, you can protect your KeePassX database with a double authentication: master passphrase + keyfile.
The goal is that if someone extorts your passphrase using coercion, they will not be able to do anything because they will also need your key file.
In order for this to work, your key file must not be on the same medium as your database, here’s how I proceed:
My KeePassX BDD is stored on an encrypted nextcloud synchronized with all my devices. So I have a copy of my keepassx database on all my devices (via the newcloud-client).
My key file is not on any of my devices. It is only located on external media (3 different micro SD cards).
One is carefully hidden in my home, it is the one I use every time I want to open my KeePassX BDD. And the other two, which contain an AES encrypted copy (by a DiceWare passphrase), at two trustful friends who do not know each other and who have no knowledge of the object of this card. The only role of these redundant copies is to allow me to always have access to my KeePassX BDD if my main card does not work any more, or if I lose it or if it gets stolen, or if my apartment burns, that’s it…
You may be as cautious as possible, zero risk does not exist.
Following these recommendations does not give you any guarantee, this greatly decreases the probability of your passwords to get stolen or hacked, that’s all.