EmailTezos — Security Overview
An overview of the security layers behind EmailTezos
For starters, EmailTezos is an email-based non-custodial cryptocurrency wallet that brings together the best of two worlds — Internet (Email) & Blockchain (Tezos). EmailTezos allows anyone with an email address to interact directly with the Tezos blockchain. At the same time, users remain in control of their keys and funds. EmailTezos launched a month ago and the Tezos community digs the simplicity and user-friendliness of EmailTezos.
In the past few weeks, we significantly re-engineered the security model behind EmailTezos based on inputs from the Tezos community. Here is an overview.
Let’s take a deeper look.
A Strong Password
The first step in securing a product like this is to ensure that users set strong passwords. Annoying rules like “passwords must contain three of {lower, upper, numbers, symbols}” — doesn’t necessarily result in strong passwords. In most cases, users make very predictable replacements like ’@’ for ‘a’. Most hackers are aware of these replacements and add them to their password crackers.
zxcvbn built by the dropbox team offers an alternative. It is a password strength estimator inspired by how password crackers think. We have integrated this library to make sure users pick strong passwords. One of the cool features that comes built-in with this library is a list of suggestions to improve a password’s strength. A long password with at least one or two words that only you might know works best in most cases.
A Secure Key
The strong password chosen by the user and the randomly generated Wallet ID (emailed only to the user) are used to derive a secure key. Even though the password and the walletId are tough to guess, given enough time someone can always crack them. We used scrypt — a password-based key derivation function (KDF) to make it costly for hackers to perform large-scale attacks. We have configured scrypt in a way that it can take up to 2 seconds for every attempt, which significantly slows down the attack.
scrypt n: 2^16 r: 8 p: 1This Secure Key is used to encrypt and decrypt user data on the client side and it is never sent over the network directly. The Secure Key is hashed once again before it is sent to the server and hashed once more on the server-side before storing it in the database for authenticating later.
A mnemonic phrase that can be unlocked only by the user
When users create a new EmailTezos wallet, a unique mnemonic phrase is generated in their browser. The mnemonic phrase is used to generate the key pairs that are needed to sign their transactions and it is encrypted with the above Secure Key before being sent to the server for backup. A very hard-to-guess mnemonic phrase encrypted with a very hard-to-crack Secure Key creates a very secure payload that can be sent over the network to be saved in the database for later recovery.
The encrypted mnemonic phrase is treated as sensitive data. Whenever a user tries to access their wallet, they prove to the server that they have the Secure Key used to encrypt the mnemonic phrase. Once the user enters the password, the Secure Key is generated on the client-side and hashed before it is sent to the server for authentication. The server hashes it again before comparing it with the hash in the database.
This process ensures that even if the database is hacked, the stored secure key hash and the encrypted mnemonics are practically useless for anyone without the actual password that can generate the Secure Key in the first place.
Here are some more Frequently Asked Questions
What happens when someone hacks into my email?
In the event a hacker gets access to your email, they can find your unique Wallet URL that contains your Wallet Id. But without your password, they can’t unlock your wallet. We strongly recommend users not to set the same password for both their email accounts and their EmailTezos Wallet.
What happens if I forget my password?
At the moment, there is no way to recover a wallet if you forget your password other than with the mnemonic phrase. We recommend users write down their mnemonic phrase as soon as their address is added to the blockchain.
Is it safe to use the wallet in an unsafe network?
Yes! Everything on the wallet is encrypted on the client-side and sent over TLS/SSL. We encourage users to stay cautious and use their judgement.
Is it safe to use the wallet in an unsafe device?
No! Key loggers could be installed on any device, revealing your raw password to anyone watching. We also encourage users to regularly check their private devices for malware and key loggers to ensure that their devices are safe.
Special Thanks to
- Klassare (Creator of Kukai.app) for testing, pointing out the weak areas, and collaborating with us to strengthen the security model.
- Tezos Community for testing the wallet and giving us valuable feedback.
Please feel free to drop your comments below or reach out to me directly at siva@clovecrypto.com if you have questions, concerns, or feedback.
Thank you for taking the time to learn about EmailTezos. If you haven’t tried EmailTezos already, please give it a shot @ https://emailtezos.com
Created with ❤️ at Clove Crypto
