What does "provably secure" mean in simple, practical terms

daedalus

#1

Hi. So this question is really eating at the back of my brain. What does provably secure really mean? And what is the scope of provably secure? Is it the entire Cardano eco-system? I have read up on it but I don’t quite understand the limitations and scope of provably secure when it comes to Cardano, cardano nodes, Ada, and the Deadaulus wallet. I have done some reading, watched videos etc… and I understand the Wiki https://en.wikipedia.org/wiki/Provable_security

What I am really interested in is how secure is the Daedalus wallet? Can a hacker get into my private key?

So here is the scenario:
Let’s say I practice good computer security with a virus scanner always on and I don’t click on strange links. I don’t open emails which I don’t know the sender. But computers can still get viruses like keystroke loggers and screen captures, and into the file system.

If a hacker never gets to my private key or my 12 word seed, how can a hacker break into the wallet or steal coins? I am not talking about exchanges here, just the wallet. I never type my private key, and I never type my seed when I use Daedalus. Are there weaknesses? Can hackers use online identities to punch a hole in the Daedalus wallet on my home computer? Can a hacker steal the private key from the file system?

Thanks for any insight!


#2

I only spent like a month in Computer science classes, but if the hacker never gets a hold of your key or 12 word seed you should be good, this is the front running technology in cryptography that is subject to review of the most knowledgeable in the space, if for whatever reason they gained access to a key logging virus that had your key’s than you should be worried.
For me I have only as much Cardano that I could stomach losing - I understand that I am running my own bank in a sense and protect it with that in mind.
The Wallet i secure unless you make a mistake on your end.

*is


#3

When you say provably secure, one means the proof of stake consensus algorithm. That means the block generation is mathematically proven to be secure and tamper resistent. It has nothing to do with your good computer security practices and the daedalus wallet.


#4

@Gabor_Peto or @Haskell-plus do you or any one else know that if a hacker were to gain access to a file system on a computer, can they gain access to the private key? Or is it encrypted or secured in such a manner that only the Daedalus wallet in which it is installed can decipher it’s contents?


#5

“provably secure” means that the programming language Cardano is built on can be proven to be secure.

The language is Haskell, which you can think of something like mathematical formulas. This way, they can prove with eg. X + Y that Z is the outcome. In like, the simplest of terms :smiley:

For your private security reasons: as long as you use good virus scans, don’t click bad links, don’t open bad e-mails and most importantly use links instead of search machines as often as possible. Example given if you are looking for the website of IOHK, do not use google but type in iohk.io

This is obviously not important when you use websites like iohk.io , but when using websites like binance.com! There have been phising sites using ‘ẹ’ instead of ‘e’, which you will probably not notice until it is too late :slight_smile:

Greetings.

Edit: there’s one more thing I wanted to add. There have been new attack vectors in the crypto-space, something called copy-paste-virus. It basically checks if you copied a BTC/ETH/whatever public key and if so, switches it to the hacker‘s public key. Because of that, make sure that what you have copied is what you have pasted!


#6

@rickymac That’s out of my scope. I think the team will be able to answer that.


#7

I hold onto an old PC Tower from way back, hoping to look into when I have some time cause I believe that a forensic analysis of the hard drive could return some passwords to me that could increase my wealth based off of my keystrokes i made after certain actions, we have our own bank with Daedalus and really we should run it on its own Computer if it holds a significant amount of wealth, I do not know of forensic technology via remote but if they had your hard drive than maybe they could find the key - just being honest about the possibilities here.
And I concur with @block-t when navigating the web.