New App to Secure Your Steem Account

in #steem8 years ago (edited)

In the wake of the recent XSS attack on Steemit.com, which compromised many users' accounts and funds, I am excited to introduce Steem Pressure, an app which secures your Steem account by changing your keys so that the Steemit.com website no longer controls them. In the following video, I explain exactly how Steem Pressure secures your account, and how to use it.

[Edit] Much love to @keepdoodling who made this awesome pic for me. It'll make a fine thumbnail for the streem. Be sure and upvote his comment below!

Steem Pressure is currently in beta! I do not yet recommend trusting it solely with your private keys -- it would be wise to keep at least the owner key backed up separately (or based on a secure key recovery phrase you can remember).

Also, Steem Pressure is a very raw app at this point. I have not dedicated much time to adding features or making it look better or finding and fixing all the bugs; right now I am more interested in whether anyone other than me will find this app useful. I welcome feedback and feature requests. Some features I am considering adding in the future include:

  • Multisig support; having more than one key (or even other accounts!) control an account
  • Forgotten password recovery
  • Encrypted messaging
  • Mobile apps

Eventually, I would like to provide binaries for Windows and Mac, but for now I can only provide Mac binaries as, after many days of failed attempts, I am still unable to build Steem on Windows. If anyone can provide me with some insight as to how to make Visual Studio compile standards-compliant C++, I would be grateful.

Until then, the source code is available on Github and Mac binaries are available in the releases section.

[Edit] I forgot to mention, it builds and runs on Linux fine too, but it's so easy on Linux that it seems silly to make binaries. If there's a lot of demand for Linux binaries, though, I can do that too!

Want to Earn Some Steem Dollars?

I will pay SBD for any contributions I utilize, be they pull requests, documentation, better UI/UX designs, a killer icon for the app, or anything else you can think of. All contributions must be open source/copyleft for consideration.

Please make issues on Github for feature requests :)

Sort:  

I don't get all the tech stuff yet, but I should definitely try this app just because of your beard! Respect, man. Growing one of my own right now :)

I don't really have much voting power to make any change, so I made you this doodle instead :)

image-1470756270086.png

@Dev @Dan
#Dev #Dan

  • Limit the input characters
    The first thing to do is limit the characters that a user can enter in the fields
    text. For example, if we have a field to enter the user's name, we will not leave it open
    so that they can enter any number of characters, but we will limit such
    20 or 30 characters. to limit the number of characters, we can use the variable "maxlength" that
    It provides the HTML standard.

  • Sanitize data
    When we talk about cleaning up the data, we are referring to stay only with the information
    we are interested in removing the HTML tags that can be included in a text box.by
    example, if you are storing the name of a person, little good is that the user enter
    bold, because all we want is his name.
    To achieve this cleaning, we can use the "strip_tags" function

  • Escaping data
    To protect data and display as the user entered them, should "escape" the data to
    present them to the user. That is, characters to be represented by HTML entities if desired
    preserve its meaning (eg double quotes must transform & quot; which is as
    It represents HTML).with this we prevent the browser to execute and evaluate the code.
    To accomplish this, we can use the "htmlspecialchars" function

Still trying to figure all the tech details - writing, politics, homeschooling, business - my forte. I am trying out STEEMIT due to Jeff Berwick's advice however when I read tech posts, it is like I am back in 2nd grade. Nonetheless thank you for the information and I will continue to try figuring everything out here.

This is great, thanks! I made this the thumbnail for the post.

Wow! Really glad you like it! :)

Thanks @modprobe for making this important tool and @keepdoodling for the clever doodle :)

Yeah agree with you..... I will see and try this app :)

Thanks~👍
Great!!!!!

Wisdom has tackled something that is feared
As usual this wisdom comes from a guy with a beard
He is coding on steempressure and coding it fast
Making these security issues a thing of the past

Give him your up vote and give him a yell
Then run to the streets and find others to tell
Bring them here to this wonderful steem
And swim in this freedom, and monetary stream

lol.. i see what you did there.... :)

I have some concerns.

So let me get this right.

  1. You want me to launch an application on my system, which has i not been verified by a trusted 3rd party and is not open source with a completed throughough peer review, and create a password which will encrypt/protect/block access to my keys.
  2. While the untrusted app is running, you want me to cut/paste or type in my Private key, which controls all my steem/steemit accounts and then input them in your tool
  3. Alternatively you want me to input my Private key active password and my account name to your tool.
  4. Your tool is online and connected to the Internet

Okay, call me paranoid, but here is the deal (no offense, just apply some common sense)

  1. I don't know you, therefore I don't trust you. If I don't trust you, I also don't trust your software. Why would I run un-trusted software on my system? It can be malicious in nature. You could be using this to conduct surveillance, reconnaissance, harvesting data, opening connections, outright theft, and basically screwing up my system or purposefully stealing my identity.
  2. If you are benign (which we would all like to think, me included) we still don't know that your code cannot be compromised by a 3rd party, contain vulnerabilities, catastrophic bugs, or be infected with a trojan, thus introducing malware to my system again.
  3. Why in the world would I provide my Private key AND Password to any 3rd party app? I barely trust Steemit, much less some unapproved, untested, and unsponsored code writer (again no offense, you seem very talented. but this is about trust). Giving you access to the Private key and Password basically means I trust you with all my Steem accounts now and forever! You could steal everything, impersonate me, and even change all my passwords where I would have no recourse!
  4. The fact this application must be online as I am volunteering to give you the keys to my Steem kingdom, there is no guarantee data leakage is not occurring and all this information is being sent back to you or another 3rd party.

This might be the greatest volunteer effort which makes Steemit safer or the biggest scam which will harvest all the valuables for everyone who uses it. (or somewhere in-between).

So my advice to EVERYONE is to beware. Think critically. Understand if you launch an application, you are exposing your system and data. If you give your Private key you are granting your permissions and identity. If you give you Password, you are relinquishing all control, potentially now and forever! Think before you act.

All respect @modprobe. Nothing personal. Just concerned about security as well.

Regarding the first item on your list, the DAO code was audited by very famous and respectable company and what is the result? I think the fact that it is open-source is enough, just because you can check it by yourself and decide to use it or not.

You want me to launch an application on my system [...]

Nope, I don't. I don't care if you use my app. I made this app because it would be useful to me, and I figured it would be useful to others as well (and the beta announcement got a $7k valuation, which is a nice incentive as well). I make no promises that it won't lose your keys, send your keys to Voldemort, steal your money, or set your cat on fire. I don't think it will do those things, but you've got to decide for yourself whether you want to accept that risk. And frankly, it makes little difference to me.

Best wishes! :)

Fair enough!

But would you consider opening up your code for a security and vulnerability review, having the Steemit devs (attn: @dantheman @pharesim @xeroc @theroetical) inspect it for potential inclusion into the overarching feature toolset, or at the very least have them sanction this tools as secure and recommended for the Steem community?

Certainly! The code is on Github, and there's a link to the repo in the OP. Anyone, including the Steemit devs, are welcome to review the code. I doubt they'll stake their reputation on it being secure, as I won't even do that yet (see the OP, which clearly states it's a beta and shouldn't be trusted too much yet), but I welcome comments from the developers you mentioned or any others who would like to commentate on my work or my reputation.

Outstanding! You have my support to get the Devs to review and endorse if it meets their criteria.

Great job. There are a few things I would love to see in the future for an application like this.

I think the application should also be able to generate a 256-bit entropy password as well (like steemit.com does) so that the user can use that password to derive multiple keys rather than only generated single keys that are isolated from one another. That way, a user can generate a single key for the owner authority, and generate a single password which they then use to derive the active and posting authorities as well as the memo key, for example. I suppose they could already use the randomly generated public key as a passphrase, but that could quickly get confusing for the user since their passphrase would look like a public key. The UI could also be streamlined for it so that they don't need to copy and paste the randomly generated password into another field in order to update their account to use the derived keys; they would just click the button to randomly generate the passphrase and then click checkboxes to determine which of the authorities/keys (owner, active, posting, memo) of the account should be derived from that randomly generated password.

Also, I think the UI should put less emphasis on the ability to derive keys using a user-chosen password. That could be a hidden away advanced feature. Most users cannot be trusted to choose a safe enough passphrase that won't be bruteforced.

I think it is important to have a GUI that allows the user to choose the server and port of the steemd websocket to connect to, since right now it is hardcoded to Steemit's websocket.

Finally, I don't know if this would be in your intended usage for Steem Pressure, but what I would really love to see in an app like this is an offline mode. This ecosystem desperately needs some offline transaction signing tools, at the very least for just the limited operations that require owner authority authorization (which so far means either changing the owner authority of the account, changing its recovery account, or proving owner authority).

Under normal operation, the application could generate the transaction to be signed during online mode and write it out to disk. It could also be run in offline mode which would allow the user to: select the serialized unsigned (or partially signed) transaction from disk; see the transaction visualized in the app so that they know what exactly they are signing; input the appropriate private key or passphrase that derives the appropriate key to sign the transaction; and then finally write the new signed (or partially signed) transaction back out to disk. Users could then use flashdrives with a live Linux OS and this app to do offline signing on an air-gapped computer.

Great points all around. Thanks! I'd love to add support for offline signing, multisig, air-gap, etc. at some point. Sadly, there are many other things I want to add as well, and I have limited time to work on the app.

What I need is a way to prioritize new features. :P

Very interesting modprobe.. i am not sure of all the technical stuff behind what the hell you just did there, but it sounds pretty damn cool to me. My stupid question may be; does this stop Steemit.com from assisting us in recovering our account if we are hacked? thanks for your time ....

I would appreciate comment from @dantheman on this, but I don't think it will block that. Note that when you first change keys, Steemit.com will warn you that someone might have hacked your account because your keys changed. Just ignore that, since you did it yourself.

I do not change the recovery account, so I see no reason Steemit.com's recovery service would no longer work.

Would you mind adding that (recovery account change)? It would fit well within your app imo.

Ideally I would add support for the full recovery process -- setting the recoverer, requesting recovery and rejecting/fulfilling recovery. That's not a small change, but it's the kind of thing I'd like to support eventually. :)

You are the man! Well aside from @dantheman....

Thanks for your response... i would feel safe using this and changing my own keys if they will verify that for us. I think this is a breakthrough app for the security of my keys. Thank you for your time you put into this app.

Not a stupid question - this is a very good question. I am also curious.

In case anyone has problems compiling it under Linux/Ubuntu, I had some problems too and solved them.
I posted an issue about that on GitHub: https://github.com/nathanhourt/SteemPressure/issues/1
I try make an push of some changes later - but I am not sure if I can integrate them well, maybe @modprobe is better in adjusting that.

Ahh, yes, unfortunately my pull requests are not getting integrated: https://github.com/cryptonomex/fc/pull/50 Applying that ought to have your fc installing properly, which should resolve most of your issues. I'll also update the README to note that up-to-date versions of the dependencies are required (silly Ubuntu). :)

Well done, though! I'm flattered at the amount of effort you put into getting the project building. :)

Congrats Nathan, wonderful app and I like your roadmap...

How about even creating new accounts maybe?
Or you could built this out into a wallet even for transferring monies?

Thanks for this little piece of greatness. Checking out your code how you did it...

Ps. I've added you to the SteemTools.com overview with this project and @keepdoodling 's image ;)

Great, thanks! Yes, I can absolutely extend this for creating new accounts. And I've been thinking about adding some basic wallet functionality as well, particularly a "send tip to the developer" feature. =D

Will using the app make ny beard grow? Then I definitely will use it. No seriously, thank you for providing us security options

Good Idea and nice work! And I must figure out first, but think I can help with UI/UX, at least with initial icon and splash graphics.

So, here is a quick draft of overall possible look. The inner design can be changed too — card design will looks pretty cool here. So, what ya think?

App Icon (overall)
Loading Splash Screen
Possible Main Screen layout

And a little update with desktop icon variant:

App Icon (closeup)
App Icon (closeup)
App Icon (closeup)
App Icon (closeup)

All this looks great! I never mentioned it, but the name "Pressure" is based on the idea of a pressure cooker, keeping your Steem locked inside. I'd like the iconography to reflect that if possible, but I'm not sure how difficult that is.

Genius idea! Is this your invention? You are a genius @modprobe! I need this right now!

Idk about "invention," since there's nothing novel about the idea, but the app is (so far) completely my work.

sounds great...we are so much inclined to the lock system that we keep ourselves locked up.

Dude! Awesome! Commenting for later use.

Nice to see people producing open source apps to make a world a better place, specialy websites :) !upvote

Upvoting post: Admin command

It's so nice to see so many good people getting involved in the steem project. Well done, @modprobe. It's really important to make user-friendly things like this, because that's the only way to make steemit reach a broader audience.

@modprobe Thanks a lot for creating this! It seems like a really great idea to keep our accounts more secure.

It makes sense that for the most part I will only need the permissions of the Posting key in order to use the site day to day.

This is fantastic. Eagerly awaiting the binaries. Another little evidence to show how powerful the Steem platform is.

Brilliant, I'm not techy enough to be able to understand what the source code means. Definitely keeping an eye on this. Thanks for developing.

This looks awesome! After the recent spate of high profile hacks in the crypto world, I'm feeling rather paranoid about account security so will happily give this a try.

Encrypted wallet file might be nice feature. Users could save their private keys in there and safely store them on USB-sticks etc.

Ah, yes. I forgot to list that in the future features: backups. Currently the app encrypts everything it knows, but it's not strictly easy to import/export backups.

Could it use the same wallet format as Steem cli_wallet?

It's possible, but I can't see that being a highly requested feature. The whole point of this app was to give people an out-of-browser option for key management other than the cli_wallet. It's pretty easy to manually move keys back and forth between SP and CW.

Yeah, mostly I was just thinking that there will be probably many programs like this. It might be best if the whole ecosystem would use same wallet format so that it's easy to migrate from one to another.

So are you telling me that we are all a steemit.com website hack away from getting our wallets drained? If so that's a crazy single point of failure.

You are. I keep my owner and active keys in SteemPressure, so I'm not. ;)

Scary, can you assure us that you will not be the next single point of failure?

Sure. This is a locally installed, native app. It can't be a single point of failure, as attacking it requires attacking every user individually. Unless someone attacks Github and uploads malicious binaries. I'll have to look into some code signing to deal with that...

Any thought on how your software can deal with key loggers? I am thinking 2FA. Also is my steem power save ?

If you've gone and gotten yourself a keylogger, there's very little I can do to help you. Any 2FA solution would mean you require my server to access your private keys, and I cannot subject my users to that kind of uncertainty.

No, the 2FA would only carry a random code. This will eliminate the hacker from using the wallet to execute any action.

I have all my value locked up into steem power, is this safe? Does your wallet solution only deal with steem and steem dollars?

Either the 2FA is enforced solely by code in Steem Pressure, in which case it's a placebo which adds no security at all (but is a lot of work to implement), or it requires a secret on my server, which is even less secure. :P

As to Steem Power, it's as safe as your account is. If someone stole your owner key, you'd be sunk, but at least it would take them 2 years to sell it all. :P

Awesome stuff Nathan!

I was watching the video and thinking "this is really neat", until the end where you actually updated the keys from inside the app and my impression went to "this is freaking awesome!!" :D

Brilliant! keep us updated on updates, and when its fully ready in your opinion.

It is great if some dev can create things like bitaddress.org for Steemit, where addresses can be generated offline. Steem & Steem Dollar can be sent and safely stored in those offline Steem addresses.

Steem (the blockchain) doesn't yet support anonymous addresses, though it's on the roadmap. Once it's supported, I'm sure the requisite tools will be created. If not, I may create them myself. :)

Steem (the blockchain) doesn't yet support anonymous addresses

Oops... how the addresses are non-anonymous? Are not they some random string in Steem?

As of now, there are no addresses in Steem, there are only account names. All assets on the network are publicly owned by an account name. If you click on my name, click it again in the little bubble that comes up, and click on the Wallet tab, you'll see my assets and my history. It's that way with all assets and accounts on the network.

Thanks @modprobe ...I get it now. Actually, being from bitcoin background, Steem sometimes appear to be confusing. I have another question, which is off-topic in this context but I could not make out from the Whitepaper. As u appear to be knowledgeable about Steem, I'm asking it here...

How the money is allocated to a post when an upvote is made? Right now, I have 3.567 STEEM Power and 0.817 STEEM Dollar in wallet. But, when I upvote a post, nothing goes to that post! As I just checked, you have 24,659.516 STEEM Power and 6,057.959 STEEM Dollar in wallet. So, when you upvote, how much goes to that post and does that exact amount get deducted from your wallet? I mean, what is the formula?

Sure. Nothing is deducted from your wallet at all; posting rewards are paid through dilution, and the blockchain does not charge transaction fees.

The formulas for determining how much an upvote increases the post valuation are quite complex, and only reading the code will tell you exactly what they are, but the Steem Power of the voter is the biggest factor. Other things come into play as well, including how much stake has already upvoted the post, how much voting power the voter has left (the more you vote, the less each vote is worth), and probably others I'm not thinking of just now.

Very useful tool, people need to remember that STEEMIT is still beta, it could have some bugs, which is not a reason to lose our accounts. Hopefully people like you sir are helping us with great tools like this.

Awesome Nathan, really happy to see you involved in security. I learn a lot from you. Great job on the security in BitShares and Steemit too. You had a lot to do with the design we have now. Your a big part of the reason the hack was contained as well was it was.

Please consider supporting good Open Source Operating Systems a priority too!! Open Source needs to extend beyond the app and into any OS and hardware used to run it.. We will get there..

Derp, I should definitely mention that it's completely cross-platform and works fine on Linux. Thanks!

Great app bro! ;)

wow, this is a very good contribution for the whole community. it is expected as it grow, that hack threats also will.
Keep us posted for the new versions

GREAT STUFF THANK YOU

Very cool will explore it and give feedback later today thankyou modprobe - follow for you

👍great post @modprobe

Great work! This is what I love about this community...so many talented members adding so much value to Steemit. The great thing is that we ALL benefit. Upvoted with much respect and pleasure!

@Dev @Dan
#Dev #Dan

  1. Limit the input characters

The first thing to do is limit the characters that a user can enter in the fields
text. For example, if we have a field to enter the user's name, we will not leave it open
so that they can enter any number of characters, but we will limit such
20 or 30 characters. to limit the number of characters, we can use the variable "maxlength" that
It provides the HTML standard.

  1. Sanitize data

When we talk about cleaning up the data, we are referring to stay only with the information
we are interested in removing the HTML tags that can be included in a text box.by
example, if you are storing the name of a person, little good is that the user enter
bold, because all we want is his name.
To achieve this cleaning, we can use the "strip_tags" function

  1. Escaping data

To protect data and display as the user entered them, should "escape" the data to
present them to the user. That is, characters to be represented by HTML entities if desired
preserve its meaning (eg double quotes must transform & quot; which is as
It represents HTML).with this we prevent the browser to execute and evaluate the code.
To accomplish this, we can use the "htmlspecialchars" function

Is this comment in any way relevant to the post?

Great work , All the terms sound too techie for me but I will give the app a go. Any form of security is better than no security. One question though. When I registered for an account with steemit, a very long, I mean Very Long alpha-numeric password was generated for me. How is it possible that the hackers are able to guess the password and hack into my account. within a short time frame ? And can't they hack into Steem Pressure too? Thanks.

No one is going to guess the password Steemit made for you; however, that password is stored in your web browser making it vulnerable to XSS attacks (like has already happened) and any other attack which compromises your browser. A browser is a huge attack surface. Also, if Steemit.com's servers get hacked, they can be corrupted to steal your password as well. Browser plugins/extensions could steal your password too, etc, etc.

Steem Pressure is not built using web technologies, and does not run in a browser, so it's a very, very small attack surface. I am also well trained in software exploitation, and I take care in all of my software to ensure that I use secure coding practices and handle data safely. That being said, I'm only human and I can and do make mistakes, so it is possible that Steem Pressure could be hacked despite my best efforts, but doing this would be even more difficult and time-consuming than hacking Steemit's servers.

Attacking Steem Pressure is also comparatively low-reward, since an attacker would have to start over from scratch for each user he attacked, whereas if he compromised Steemit.com he'd get all the users who keep their passwords in the browser at once.

Steem Pressure is not built using web technologies, and does not run in a browser, so it's a very, very small attack surface.

This implies that Steem Pressure is never going to be turned into a browser plugin, right? I guess this would be good in terms of UX but it will make Steem Pressure less secure. Do I understand it correctly?

I think you should load this on the kernel ;)

excellent, thank you both!

Hey great idea, of course I will try it! -followed


This is nothing compared to the power of the force. But it's pretty close.

thank you modprobe :0)

So is 'steemit pressure' more secure than steemit? I can't imagine so, and thus can see the potential for this app to be a back door or hacked.

It's odd to compare Steem Pressure to Steemit directly... This is something like comparing the wallet in your pocket to the safe in your bedroom closet. The safe is certainly more secure, but you wouldn't want to carry it around all the time. Steemit is like the wallet, it holds the key you need all the time. Steem Pressure is the safe; it's much more secure, but also somewhat less convenient.

Me gusta Mucho Lo que ha Publicado. Gracias

Thanks, I'm going to be switching over to this ASAP seems like a great way to keep my account secure.

I'm not sure I understand your problem. I can see that the account's keys were changed recently; did you not do that?