Lunie: Create separate process to display/capture seed words.

Created on 26 Sep 2018  路  8Comments  路  Source: luniehq/lunie

The seed words are the highest-value asset in Voyager. See the threat model.

voyager processes

Create a new temporary process separate from the Renderer for temporarily opening a window to display or capture the seed words and send them to Gaia-Lite:

three processes

The new process should:

  • depend on no modules (including Vue, etc.)
  • employ hand-written HTML, CSS, and JavaScript
  • be small so that it can be audited easily
security
Source
picture NodeGuy

Most helpful comment

we are going to display a new window to the user that will only contain their seed words. can this window contain a logo / image too?

should be OK. in doubt we can inline the images as base64

we will need to alter the design of the sign up session modal

yes

will the user / process be able to access the clipboard?

better not. this is just attack surface.

will the user be able to access this window again? or is this a one time thing?

one time thing

we will need to alter the design of the recover-with-seed modal?

I guess we will need to have the same process for seed recovery, yes.

picture faboweb on 10 Oct 2018
👍2

All 8 comments

depend on no modules

does this exclude the module for actually generating the seeds / random words?

HTML, CSS

sounds dreamy 馃樃

jbibla picture jbibla on 26 Sep 2018

The seed is generated by Gaia-Lite, not a module.

NodeGuy picture NodeGuy on 27 Sep 2018
👍1

Sounds like a good idea. :)

faboweb picture faboweb on 28 Sep 2018

to clarify:

  • we are going to display a new window to the user that will _only_ contain their seed words. can this window contain a logo / image too?
  • we will need to alter the design of the sign up session modal

questions:

  • will the user / process be able to access the clipboard?
  • will the user be able to access this window again? or is this a one time thing?
  • we will need to alter the design of the recover-with-seed modal?
jbibla picture jbibla on 10 Oct 2018

we are going to display a new window to the user that will only contain their seed words. can this window contain a logo / image too?

should be OK. in doubt we can inline the images as base64

we will need to alter the design of the sign up session modal

yes

will the user / process be able to access the clipboard?

better not. this is just attack surface.

will the user be able to access this window again? or is this a one time thing?

one time thing

we will need to alter the design of the recover-with-seed modal?

I guess we will need to have the same process for seed recovery, yes.

faboweb picture faboweb on 10 Oct 2018
👍2

Let's spike this first.

NodeGuy picture NodeGuy on 15 Oct 2018

I'm going to use the existing CSS from Voyager because otherwise this would be too much work.

NodeGuy picture NodeGuy on 16 Nov 2018

we're not going to implement this in the browser for the foreseeable future. will close for now.

jbibla picture jbibla on 20 Feb 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cwgoes picture cwgoes  路  4Comments
faboweb picture faboweb  路  3Comments
faboweb picture faboweb  路  3Comments
nylira picture nylira  路  3Comments
NodeGuy picture NodeGuy  路  4Comments