Security Recommendations: READ THIS BEFORE CREATING YOUR Ğ1 ACCOUNT

(translated from this post)

MUST READ BEFORE CREATING A Ğ1 ACCOUNT (v3)

Security Recommendations for Your Ğ1 Accounts

You are responsible for the security of your Ğ1 member account, if someone hacks your key, not only will you lose all your currency, but in addition this person will be able to pretend (s)he is you and discredit you in the eyes of the whole community.
The security of your member key is extremely important, at least as important as the keys to your home or car if not more!
The same applies to all your Ğ1 wallet accounts.

For each of your Ğ1 accounts you must choose:
A protection phrase also called Secret Identifier
A password.

Choose a Diceware Protection Phrase

Diceware is a protocol designed to allow you to randomly generate a very solid and easy to remember protection phrase.
Everything is explained on the diceware webpage.

Do not choose your protection phrase yourself! Today some behaviorists perform miracles by gathering a lot of information about you, and a government agency will find your protection phrase if it really wishes to.
The risk may also be around your loved ones, in whom you trust, one of them may very well guess your protection phrase and betray you one day, you will never even know who it is.

To generate a truly random protection phrase, you will need a real dice. If you do not have one, you can borrow one. And if you do not have friends, a five-dice game will cost you only 2.5 debt-currency units in supermarkets, it’s a worthwhile investment!

Then choose the number of words of your protection phrase, depending on the level of security you want:

  • four words can be broken by a hundred PCs,
  • five words can only be broken by an organization with a large budget,
  • six words seem to be unbreakable in the near future, but could be within reach of a big country’s government,
  • seven words are unbreakable with current technologies,
  • eight words should be safe for the times to come.

And preferably enter your protection phrase on a virtual keyboard, (I use florence), especially if you are on Windows, many applications can log your keyboard inputs without you knowing it. I suspect Microsoft is doing it, we also know that some antiviruses do.
However, recording the video stream of your screen while you enter your protection phrase would use a lot of material resources, and would not go unnoticed.

Everything is on the diceware webpage, it won’t take you more than 10 minutes.

Practice typing your protective phrase a dozen times or so so that it sticks into your memory, then destroy the paper on which you wrote it down, burn it if you can.

Secure your password

For each of your Ğ1 accounts, you also need a password in addition to your Protection Phrase.
As a security measure, your sensitive passwords should never be displayed on the screen, nor entered on the keyboard.
And the password for your Ğ1 account IS sensitive.
I recommend that you manage the password of your Ğ1 account, as well as all your other passwords for that matter, with a free and secure software like KeepassX.
It will allow you to randomly generate passwords that you will never know, because you will only copy and paste them without ever displaying them or entering them.
Your KeePassX database must obviously be protected by a very strong master key, so it is best to use a DiceWare protection phrase as the master key.
You can safely use the same protection phrase for your Ğ1 account as a KeePassX master key, but in this case I recommend at least six words and at least a special character to make it truly unbreakable.

Personally, I use a seven words protection phrase including a special character, so I could keep it for my whole life, at least until the advent of quantum computers!

A video tutorial on KeepassX >> https://youtu.be/oPRqO8b3n1w

Immediately download your Revocation Document

As soon as you have created your account, do not wait to become a member, immediately download your revocation document. Here is the procedure to do this on Cesium then on Sakia :

Cesium

  1. On the page “My Account”, click on the “OPTIONS” button
  2. Click on the option with a lock “Sign in and Security”
  3. Click on “Revocation”
  4. Click on “Save a revocation file…”

See the following screenshots :
https://forum.duniter.org/uploads/default/original/2X/a/aae20f656dfa0cade5955095210d9196d595201f.png

https://forum.duniter.org/uploads/default/original/2X/4/4eb56446e0b791f0aacc6848cbbfa8450e7e0fb2.png

https://forum.duniter.org/uploads/default/original/2X/0/0caf27a5b5c64672d631d96bb2ce718e4bd5152a.png

Sakia

This is very easy to do on Sakia, you just have to right click on your identity and click on “Save revokation document” (see screenshot below).
Next, save your revocation document onto two different external media (usb keys or / and memory cards).
Keep one of the devices always with you, in your wallet for example, and hide the second device at home.

How can I modify my Ğ1 Key?

Modifying your Ğ1 key, provided that you still have access to your current key, has not yet been integrated into Duniter, but this is planned: slight_smile:
On the other hand, it is not possible to reset your key in case you lose your protection phrase or password.
Your Ğ1 key is currently generated by the asymmetric algorithm ed25519.
You can completely change the key by keeping the same DiceWare protection phrase, just enter a different password.
(This part will be updated as soon as the functionality is available).

I have lost/forgotten my protection phrase and/or my password

You must immediately revoke your account with the revocation document you are supposed to have downloaded when creating your account. You will not be able to recover the money that was in your account, it is lost forever.

In addition, you must recreate an account from scratch and request new certifications to become a member again. You will not create any Universal Dividend until you regain your member status.

To revoke your account in Sakia, click on the three-bar menu at the top right of the window and click on “Publish a revocation document”:


A Tutorial for Cesium will be written later

Daily Protection of your Member Account

You should always be careful in the way you use your secret id and password.

Consider especially that smartphones, computers of friends or relatives as well as business computers (this list is by no means exhaustive) may be compromised. That is why you should never use your “member account” to connect using one of those.

In all such cases, consider that anytime you can create one or several “non-member” accounts that will be called here “wallets”. (1 Wallet = 1 secret ID + 1 password = 1 public key). Those are called “simple wallet” in some clients. Money can be sent to one of those and be used in poor security contexts.

Please consider the following:

  • Do not try to publish an identity using those wallets. This would be interpreted as an attack against the Web of Trust.
  • Whenever you create a simple wallet, use the same rules and precautions than when creating your member account.
  • Generate the secret id and password offline, on a liveusb system. The very best is to generate EWIF paperwallets.
  • Never use a single wallet to store all your money. The poorer the security on the wallet, the less money it should hold.
  • You should ask people to send you money on simple wallets rather than on your member account.
  • There is no reason to send back money from a simple wallet to your member account.
  • Once used on a low-security environment, consider your wallet as compromised. Immediately send any remaining balance to another wallet and don’t use this one anymore.
  • Always keep your wallets ids in a safe place (even if you consider you will not use them anymore).
  • If a wallet balance gets under 1 Ğ1, money will be destroyed and the account balance will be 0 at the end of the transaction.

Remain anonymous

All operations on the Ğ1 network are public. However, unlike member accounts, simple wallet are not publicly associated to owners. Therefore, by using them you can gain partial anonymity.
However, one could guess with some confidence a simple wallet owner through graph operations studies, social engineering and calculations. That’s why it is recommended to:

  1. Never use a wallet for more than one transaction.
  2. Never send money back to your member account. Prefer sending it to another wallet you may use to pay.
  3. Never give sensitive information in the comment field. If you need to do so, use an encrypted message (some clients may offer this functionality natively in the future).

Someone may be sniffing network traffic on Duniter nodes. In such a case, transaction sender IPs may be recognised. To prevent this, you may use TOR to send your operation instructions (french link : https://librelois.fr/2017/05/08/utiliser-g1-anonymement-via-tor/)

You want more security?

For maximum security, you can protect your KeePassX database with a double authentication: master passphrase + keyfile.
The goal is that if someone extorts your passphrase using coercion, they will not be able to do anything because they will also need your key file.
In order for this to work, your key file must not be on the same medium as your database, here’s how I proceed:
My KeePassX BDD is stored on an encrypted nextcloud synchronized with all my devices. So I have a copy of my keepassx database on all my devices (via the nextcloud-client).
My key file is not on any of my devices. It is only located on external media (3 different micro SD cards).
One is carefully hidden in my home, it is the one I use every time I want to open my KeePassX BDD. And the other two, which contain an AES encrypted copy (by a DiceWare passphrase), at two trustful friends who do not know each other and who have no knowledge of the object of this card. The only role of these redundant copies is to allow me to always have access to my KeePassX BDD if my main card does not work any more, or if I lose it or if it gets stolen, or if my apartment burns, that’s it…

You may be as cautious as possible, zero risk does not exist.
Following these recommendations does not give you any guarantee, this greatly decreases the probability of your passwords to get stolen or hacked, that’s all.

4 Likes

Edited to add procedure to save revocation document from cesium.

1 Like

Added the v3 version from the French post - thanks to @florck for the initial translation :slight_smile:

2 Likes

I will add a quick addendum here for those who use the diceware method, since (too) many people have lost their ids recently.

A memorization technique that works really well with this type of word lists is the method of loci. Combine this with spaced repetition (without entering your ids in the software, you just need recurrent and spaced reminders, besides you can still write the ids somewhere safe until you are sure you memorized them in your long term memory :wink: ), even if you generally complain about having poor memory, you will never forget your ids, trust me!

Little personal side note: I believe that those two memorization techniques should be taught at school starting at early ages (along with others such as the Major System) but it is currently not the case (it is interesting to see why the first was abandoned officially, quite ludicrous!). It’s just as if our leaders didn’t want us to memorize things…

2 Likes

Hi, thank you for the detailed post!

Question about one point though:

Never use a wallet for more than one transaction

Assuming you only earn money from your member account through DU, to do a transaction you’ll first need to send money to your “payment” wallet. After that, it doesn’t matter if you use it multiple times or once: it is obviously linked to your member account and anyone will see this. Basically my question is: how does using it only once improve security?

1 Like

If you’re a spy, a journalist or a rebel, you need to be anonymous and this recommandation can make sense.

But If you just want to use your accounts securely, you can have two accounts, the member account, and the account for everyday use with only few money in it. And you make transactions between the member account to refill the other as needed. You only use the other account password everywhere. If it is compromise, you loose not much and you create another everyday account…

1 Like

Yeah I probably read this a bit too quickly, but after a second read it’s better. I couldn’t understand how using short lived would help if you use funds from your member wallet, and that’s exactly what you should not do, as per the post.
To have anonymity, use wallets that do not transact with your member wallet. Post says to not send back, but sending to is an issue as well, so you’d be better off earning money differently on these wallets.

Anyway, it’s clearer now :smiley:

1 Like

To anonymize transactions you can look at the project Ğmixer in this forum :

2 Likes

Very interesting read, thank you!