LumenVault.com - Securely manage your Stellar wallet online

Ttoddlv · Feb 25, 2018

rbates If you don't mind, I'd love to have you take a look at our latest release. ?

We still have the setup with two keys just like we had before, but now we give you the option to store your key with us, and encrypt it with a PIN of your choosing. You can still download your signing key to your computer and even skip the PIN if you don't want to store your key with us. Using the PIN makes things much more convenient and allows you to use your wallet on desktop/mobile/tablet without having to copy/paste your key everywhere. You will just want to go back through the key issuing process to set up the new PIN.

From our previous real bank example, it's like the bank now has a box (with a keypad) inside the bank where you can store your key if you'd like, but it's not necessary if you want to hold onto your key.

Let me know if you run into any issues there and I'd love to hear your feedback. I really appreciate it!

rbates · Feb 26, 2018

toddlv Hey there, nice update! I like this approach much better. The setup was smooth, although I had to create and fund a new account. I received a message about my other account having keys that the site didn't recognize.

Fundamentally I like how this works. I understand there is always a balance between security and convenience, to me personally this is a step in the right direction.

During the PIN setup process I can tell you spent time trying to really explain everything in detail. I get it, you're trying to build trust. On the flip side I think you could be over-explaining things to the point of diluting the value of your service. This is what I'm referring to:

"Entering a PIN encrypts your new signing key in your browser (using the PIN) and sends it to Lumen Vault for storage so that you can use your wallet on any device without having to remember your long signing key or copy/paste it everywhere.

The PIN is not saved in Lumen Vault. Instead, your PIN will be used to decrypt your signing key any time you need it to sign a transaction.

If you don't want your encrypted signing key to be sent to Lumen Vault and would rather enter your signing key every time, save this signing key on your computer and click Skip Pin."

That first sentence is really wordy. Then it talks about decryption and signing transactions. Then it ends with, "also, you don't even have to use it." You're asking people to process a lot information here.

To me the value prop of the product should be as simple as this: send Lumens quickly from any browser using just your email account and a PIN. From a consumer standpoint the whole discussion about a second set of keys should just go out the window. As long as I know that the master key is my responsibility - and it's my way out if I should decide to leave the service - forget about making people try to decipher key weights, secondary keys, and encryption using a PIN. That's the value of your service, they don't have to think about it.

You're going to get pushback from some people saying there is no way they can trust you or this service, and you must open source your encryption code, my only comment would be this product shouldn't be targeted at them.

rbates · Feb 26, 2018

toddlv One more thing. I'm not saying to ditch things like the explanation your about page

https://lumenvault.com/#about

If there are people that want to dig deeper you should absolutely be transparent about the approach you're using.

Ttoddlv · Feb 26, 2018

rbates Thanks so much for taking a look and I completely agree!

I'll keep working on making things simpler, less confusing, and smoother.

Sorry to make you keep spending transaction fees testing things out. I'd love to reimburse you ? I created https://test.lumenvault.com which is completely separate from the production site and operates solely on the Stellar test network. You can fund new accounts automatically there with 10,000 XLM without having to worry about using your main account on the production stellar network. If anyone wants to just play around with the product with no risk, that's a good place to test.

I'll keep posting updates here.

Thanks again @rbates , you're the best!

Ttoddlv · Mar 7, 2018

Hi everyone! We've made lots of changes to Lumen Vault recently.

Removed our Inflation Pool in favor of using Lumenaut instead
Made it super easy to join an inflation pool of your choice while showing your estimated payout before joining
Added a PIN to use for any actions on your wallet instead of copy/pasting your signing key
Mobile first - Lumen Vault works great whether you log in on your phone, desktop, or tablet. No app needed and since we secure your account with 2 keys, it's super secure!

We still create a server-side key and a client-side key for your account to keep your lumens safe, the PIN just encrypts/decrypts your client-side key... so no more copy/pasting signing keys!

Thanks for using Lumen Vault and helping us make it better!

Mobile Dashboard Mobile PIN

matheusb-comp · Mar 8, 2018

Awesome work. After reading the comments here I got confused on something. Is the client-side signing key (encrypted with the PIN) also saved on your server?

Ttoddlv · Mar 8, 2018

Thanks! ?

Yes, when using a PIN, the client-side key is currently encrypted in your browser with the PIN and saved on our server (encrypted again with a much longer server side key).

If we only saved the encrypted client-side key in your browser, clearing browser data (like local storage) would delete your key. When dealing with the possibility of losing access to someone's lumens if they also didn't save their master key, we erred on the side of having the PIN be more convenient to use, while also allowing the advanced option of skipping the PIN and using the signing key directly.

If you skip entering a PIN and go the advanced route, then the client-side key is not saved anywhere and entering the client-side signing key each time is up to you copy/paste the key from your computer.

It would be pretty easy for us to add a checkbox so you can choose to only save the PIN-encrypted key locally or to save it on our server. Saving the PIN-encrypted key on our server also lets you access your account on any device so it has its trade-offs.

Great question and we'll add the ability to let you choose to only save it locally soon! Thanks for the feedback!

matheusb-comp · Mar 10, 2018

toddlv I do prefer the idea of saving the client-side key encrypted with the PIN locally on the computer/phone, instead of leaving it in your server (since the server already has server-side key).

However, my post was not exactly a suggestion, just a question about how it works.
Follow your vision of how the application should be ?

Ccryptobrant · Mar 11, 2018

Just tested your service. It’s very impressive.
I have one question: if, theoretically, your website got compromised and both keys were captured, would the double auth + email verification protect the user or is a total hack possible? Even a 0.000001% chance?
Thank you!

Edit: another question, it may seem stupid but for the moment 99.9% of my XLM transactions are done on SDEX. I guess i’ll always need to enter my master secret key to access an exchange like Interstellar, Stellarterm, Stellarport... ?

Ttoddlv · Mar 12, 2018

cryptobrant Thanks!! Theoretically, if someone got both of your keys then they could access your lumens by manually creating a transaction and signing it with both keys. That's why we encrypt everything on our server with strong keys and that's why your server-side key never leaves our server.

If you are using another service, then yes you'd need to enter your master key. We could offer a feature through Lumen Vault that would create a new, temporary wallet for you to use on other websites that need a master key. That way it only has access to the amount of XLM you intend to use on a different website. That would be safer than using your master wallet key directly. What are your thoughts on something like that?

Ccryptobrant · Mar 12, 2018

toddlv thanks for your answer. That’s my question actually: how unbreakable is the server-side encryption? I’m not an expert so I don’t know if it’s possible to hackers to theoretically gain access to the encryption keys. And, of course, if someone took control of the website/or you were dishonest, the accounts could be compromised, right? There is always a trusted party somewhere, so in theory we mitigate the risk of entering our master key anywhere but we still need to trust you, your person and your technology, at 100%? Sorry, I’m trying to be as paranoid as possible ?

The idea of creating a temporary wallet for exchange transactions is pretty interesting. There should be an option to merge accounts after use, with newly acquired assets and trustlines. But then, suppose I bought different assets with my temporary wallet (ETH, BTC, MOBI and RMT) and I merge the temporary wallet with the main wallet. Now a few days later I want to sell some RMT and BTC, would it be easy to create a new temporary wallet with my RMT and BTC assets? I’m afraid this could become a bit complex. What do you think?

Ttoddlv · Mar 12, 2018

cryptobrant We use AWS and their Key Management Service for very secure encryption on Lumen Vault. The only way for someone to get access to our encryption keys would be for someone to get into our production AWS account which is behind a long, random password and two-factor authentication.

You are correct that there is always a trusted party somewhere and being paranoid is a good thing! You could even do something like setting up a wallet just for use on Lumen Vault that contains a subset of your XLM/assets. Stellar makes it pretty easy to use as many wallets as you need.

If we set up a way to easily create temporary wallets, we'd definitely have a way to merge that account back into your main account through Lumen Vault after use. We'd want to make it very easy to set up a temporary wallet with the amount of assets you are looking to trade while also allowing a one-click merge back into your main account with no complexity on your end.