An Interest In:
Web News this Week
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
Some of Our Sources
- Simplebits
- Spoon Graphics
- Creative Curio
- Web Designer Depot
- FanExtra - PSD
- Reencoded
- 24 Ways
- Design Modo
- Codrops
- Dev To
Help Webnuz
Referal links:
Improving security & cryptography in popular cryptocurrency wallets
Lots of people apply the idea that blockchain is secure by default to every project that has blockchain in its description. But in tech, you know its not so simple.
From a security perspective, we often see weak points requiring special attention in cryptocurrency ecosystems and their wallets (read our blog post Crypto wallets security as seen by security engineers to deep dive into the topic). When working with large blockchain foundations, we ensure that their ecosystem (wallets, backends, APIs, protocols) are secure.
Have a look at a real-life example.
Say, theres a blockchain foundation with a non-custodial cryptocurrency wallet available for millions of users as mobile applications and a web extension.
The users, regulators, investors, etc. expect that the cryptocurrency wallet gives the same level of security guarantees as modern financial or banking apps.
Since this is a non-custodial cryptocurrency wallet, special attention should be paid to protecting data on the client side and its communication with a blockchain.
This comes with the requests for:
advanced level of protection,
encryption for data at rest (non-custodial wallets store private keys and mnemonics),
platform-specific security controls for all the supported platforms,
building app security into UX.
Now this looks like a job for us.
So, we roll up our sleeves and, using the superpower :) of our mobile apps security, security and cryptography engineering services, and a cryptographic library Themis, we:
assess risks and do threat modelling for the apps and backend ecosystem.
conduct a deep cryptography audit of the wallet: web extension (Chrome, Firefox, Chromium) and mobile apps (iOS, Android).
provide cryptographic enhancements and dozens of application security improvements aligned with the defense in depth approach.
analyze the development process and advise SSDLC improvements (from further automation in CI/CD pipeline to formalizing a security roadmap).
Read the detail behind every stage in our case study Filling cryptography and security gaps in cryptocurrency wallets to learn how these efforts resulted in web extension and mobile apps synced in their security guarantees and providing defence in depth protection for the users data.
cossacklabs / themis
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
Themis provides strong, usable cryptography for busy people
General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), Android (Java, Kotlin), React Native (iOS, Android), desktop Java, /++, Node.js, Python, Ruby, PHP, Go, Rust, WASM.
Perfect fit for multi-platform apps. Hides cryptographic details. Made by cryptographers for developers
What Themis is
Themis is an open-source high-level cryptographic services library for securing data during authentication, storage, messaging, network exchange, etc. Themis solves 90% of typical data protection use cases that are common for most apps.
Themis helps to build both simple and complex cryptographic features easily, quickly, and securely. Themis allows developers to focus on the main thing: developing their applications.
Use cases that Themis solves
Encrypt stored secrets in your apps and backend: API keys, session tokens, files.
Encrypt sensitive data fields before storing in database ("application-side field-level encryption").
Support searchable encryption, data tokenisation
Original Link: https://dev.to/cossacklabs/improving-security-cryptography-in-popular-cryptocurrency-wallets-3li7
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To