Is there a potential user base for a new wallet?

With regards to this, have a look at the following Github rep from @bwbush [1]. It is a tool for extracting more info from chain using the node directly (like watching an address or calculating certain derivatives of cryptographic structures). Note that this still stores the complete database but it is better than using bash scripts plus the Cardano client.

1 Like

I look forward to a better and faster wallet than Daedalus. It is written in javascript which I think is a bad choice since it is single threaded. That means it simply can’t implement a better way to download the blocks. You really want to download the blocks in essentially random order and from where you get the best connection speed. You also want to abandon a downlpad midway if the connection speed goes down and continue from there. I think my donload speed is really slow in spite of the fact that my internet connection is really fast.

1 Like

actually Daedalus is just UI wrapper around cardano-wallet, which is written in Haskell, so I don’t think that performance is so bad, but it’s a huge memory hog.

What I want to create is a light wallet, where the cardano-node would be hosted by SPO relays who want to participate in this. So the model would be same as Yoroi but would be 100% community based and decentralized.

1 Like

Ah, I didn’t know that. But I still wonder why the download speed is so slow.

I found an ”interesting” thing that can be done in javascript. It can intercept a copy command and replace the text woth something different. Admittedly, I have never done anything in this language but since it isn’t compiled, I suspect it’s not too hard to ”add” this particular snippet. So that a hacker can alter the receive address.
I sure hope widows will show a warning if a signed exe has been altered assuming that the signature hasn’t been removed.

I’m not worried myself, I check that what I paste does match with what I see. Still, hackers will use this trick in this wallet or elsewhere. So, if you are worried, you can try to start it as an admin and make sure it is signed. But you shouldnt run it as an admin, just press cancel.

Below is a link to the article I found.

that’s very usual hack in crypto world, that’s why you should use a hardware wallet, where you see on display target address you want to send to and verify it’s correct.

I was thinking for my wallet to allow people who don’t want to buy hardware wallet to create one using old computer - basically you would create a cold PC disconnected from internet, and my wallet would just prepare the raw unsigned TX for you, which you would transfer to cold PC and sign there, then moved back to hot PC. CLI can already do that, but I’d like to make a graphical UI for this. I even wanted to use my old raspberry for this with CLI, but it’s armv6 and cardano binaries are not compiled for it and GHC doesn’t even support this platform as a target, I think it supports only latest raspberries. If I could port this code to C++ I would easily be able to compile it there.

For “why download speed is slow” - it’s not download speed that’s problem but blockchain verifying. Every block that is downloaded is cryptographically verified, you can see your CPU is probably going to be pretty used up in first startup of Daedalus. Also for each wallet Daedalus creates 20 derived private keys for first 20 addresses, and scans whole chains for transactions made by these 20 addresses, which transaction history is then compiled from. That is also very slow and necessary every time you add a new wallet. More wallets = more CPU.

1 Like

Interesting example, really, but this is done at the source, where things are copied from. People could hack an exchange and make people copy the wrong address if they want to cash out or something like that.

All desktop programming languages could also intercept copy and pasting quite easily. That’s not a speciality of Javascript, there. (It is a speciality on websites, where you would normally not expect such things.)

But then: If you consider an attack vector, where the attacker has write access to your Daedalus installation, all kinds of really, really bad things could happen. They would also have read access to secrets stored on disk (if no hardware wallet is used). And it’s not specific to Daedalus. Every wallet can be toast if you are not sure that you can get an unmodified installation and protect it.

I suppose it’s mostly Yoroi that is attacked, because of the number of installations, because the secrets can be found in relatively standardised locations (in the browser profiles), because there are a lot of different platforms that can be targeted (iOS, Android, Chrome, Firefox), but in principle, as soon as your machine is hacked, desktop wallets – Javascript or not – will not be much safer.

They wouldn’t have access to your secrets in Daedalus until you enter the spending password. All private keys are encrypted using that password.

Okay, yes, but: If they are on the machine, they could keygrab the spending password. If the spending password is weak, they could brute-force it.

If I consider attackers having machine access, my only protections are hardware wallets or air-gapped machines (not installed from the compromised machine) or simply the fact that there are easier targets out there.

HW wallet is probably best solution. Its only drawbacks are:

  • cost - you need to buy additional gadget
  • Ledger is proprietary SW, you can’t verify or audit it, I heard Trezor is open source
  • support for HW wallets is still poor even for Cardano.
    • Yoroi has fatal bug that prevents HW wallets from being used
    • Daedalus has also bug, which has a workaround, but it compromises the security a little bit
  • Not all wallets support them, especially not sure about mobile phones
1 Like

I have used a Ledger Nano S with Daedalus on Desktop, Adalite in Firefox and Yoroi on Android without any problems or workarounds. I remember a problem with sending transactions in Yoroi on Firefox, where the proposed solution was Yoroi on Chrome, but other than that it works. Are there more problems on Windows than on Linux?

Yoroi has cross platform issue, but probably not affecting mobile phones:

yoroi bug - extension completely broken for HW wallets (ledger) - indefinite syncing due to GenericApiError · Issue #2448 · Emurgo/yoroi-frontend · GitHub
daedalus bug (might be windows only) - [DDW-722] Hardware wallet Ledger Nano S - Windows pairing issue by tomislavhoracek · Pull Request #2698 · input-output-hk/daedalus · GitHub

Absolutely, you are 100% correct. I have written malware as a hobby and I have learned a lot in the process. Strictly for learning. This is why I’m interested in better wallets for all legitimate cryptocurrencies. I also worry about scammers which I think is a major hindrance before mass adoption can be achieved. A rogue setup program can do everything you describe because such a program would want to run with admin privilege. If so, it can do all of the things you mention

Using yoroi, without a hardware wallet, is really scary. As far as I can see, you can’t sign it. There’s no way to know if yoroi has been replaced by something fake. I guess this is what has happened to those yoroi users that have lost ada.

I really, really want everyone to use hardware wallets. First buy a hardware wallet, then buy cryptocurrency.

1 Like

Here’s a really scary article. Not related to javascript

My guess is that the seedphrase used on Metamask was the same as on the ledger device. The malware managed to take a screenshot of it and send it to the scammers. If so, the theft was done from a different computer, someone simply reconstructed the wallet and transferred all the coins.

You can disable printscreen via Group Policy and that is something I will do.

This made me realise that something can be done to protect software wallets and it’s actually easy.

In addition to the extension, there should be a signed exe that can be started from the yoroi menu. It should be run with admin privilege. If it is indeed signed by iohk, the exe should disable printscreen and also verify the browser extension. I guess it could do other things as well in order to make sure there’s no foul play.

I remember a debugging tool that could act as a real user. It would record everything in a script and then replay everything. Very useful but If memory serves, such tools must be cross signed by microsoft. That makes it difficult to steal coins directly from the user’s computer by simulating mouse clicks and keyboard inputs.

Interesting idea.

I’d also make a forum poll to see if SPOs would be interested in participating. Saying as we can see how each SPOs is trying to optimize the server resources to the maximum in order to be performant and to not miss a block.
Having thousands of concurrent wallet users could affect the performance of participating SPOs servers which would yield additional costs to IT infrastructure. Also, there is a security aspect of opening more ports and allowing public access, that needs to be thought through.

I’m not sure how Yoroi operates and who covers their IT infrastructure costs?

Yes it would absolutely put some strain on the servers, but it would also work as a form of promotion for them. Seeing how many of them were eager to be a Sundae Scoopers, I don’t see why many of them wouldn’t want to become part of backbone of community light wallet.

Also many SPO use more than 1 relay, which is useless from technical perspective, so they could easily run this on one of their extra relays and keep 1 relay dedicated only to the PN itself.

btw it doesn’t even have be an SPO participating in this, it would be anyone who runs cardano-node (full node), ideally with high availability and public IP. It’s just that SPO already have to run high-available full node, so they are ideal for this role.

Yes, there is always potential for new wallets and people keep creating them.
Personally I also have mine, it is a desktop wallet. You do need the full node, but then use the Emacs text editor to wrap the cardano-cli and interact with the node.

In further self advertisement. I think it is great and aside from the full node, extremely lightweight. Yet you are limited to the UTxO set. I have tried to wrap cardano-address and it works, you get access to HD keys. Also I experimented wraping cardano-wallet, which keeps a new service to track your funds, you get full transaction history. That one starts being a overkill from my point of view.

One extra advantage of having Emacs assist you to wrap the CLI is that you can easily port it to an airgapped machine for singing your transactions.

My project is on GitHub - Titan-C/cardano.el

1 Like

I absolutely love this idea! I have been thinking about yoroi security in this thread; Export/duplicate key's from yoroi - #12 by HeptaSean

I’ll read this thread more closely later, time’s up for me for today…

1 Like

Right now status of my project is that I have basic skeleton written in C++, a cross platform desktop app that starts in less than a second (it’s Qt, visually similar to NavCash), is able to create new wallet using randomly generated seed phrase, generating of all key sets for staking address and for first 20 payment addresses takes about 2 seconds, but that’s because right now I am still heavily depending on cardano-address binary shipped with Daedalus and do most of this address logic through that.

I will implement this logic in C++ later, but that would really just lower dependencies, simplify the potential packaging process and eventually give some extra performance, so it’s low priority now.

What I am dealing with now is the actual communication with Cardano network. I decided to go with lots of abstraction here so that user has multiple options, I want to implement classes for:

  • local cardano-wallet instance (same functions as daedalus, basically a full node client, with heavy overhead as cardano-node needs to be running on local machine, just interface is going to be different, probably a bit more advanced)
  • blockfrost - I don’t like it so much because it’s centralized and requires registration / subscription, but their APIs are very rich and easy to use, probably most trivial implementation of light wallet.
  • ogmios - I am still exploring that
  • remote - this is something that requires lots of coding, basically either re-implementation of ogmios or some wrapper around it that would provide some rate limits, basically the idea here is that various SPOs who wanted to be part of this project, would host instance of node / ogmios relay (with some rate limiting to avoid DDoS) and the light wallet would use these relays simultaneously to query ledger data, obtain transaction history and submit transactions.

I will keep posting updates as I progress, I will upload code to github later, when it’s more mature

2 Likes

This is exciting. I look forward to read about your updates.