Position: Home page » Blockchain » NGK blockchain
NGK blockchain
Publish: 2021-03-27 16:42:20
1. A secure and reliable digital wallet should be designed from at least five dimensions:
1. Security risk of running environment
the core file of encrypted digital currency Wallet - private key / mnemonics is stored on the terminal device, whether it is PC or mobile terminal, if the terminal device appears unsafe phenomenon, There is a very high security risk for the private key / mnemonic
at the beginning of design, a secure digital wallet can avoid the possibility of private key / mnemonics being stolen e to the running environment. The security problems of the running environment on the terminal mainly include virus software, operating system vulnerabilities and hardware vulnerabilities
2. The security risk of network transmission
the security of network transmission is more reflected in the ability to resist man in the middle attack. Man in the middle attack means that the attacker creates independent contact with both ends of the communication and exchanges the data they receive, so that both ends of the communication think that they are talking directly with each other through a private connection, but in fact the whole conversation is completely controlled by the attacker
although most digital wallet applications use the HTTPS protocol to communicate with the server, the man in the middle attack method is to get the content of the HTTPS protocol by installing a digital certificate in the user terminal
a secure digital wallet needs to be able to scan the legality of all the digital certificates in the terminal, check the proxy settings in the network transmission process, and ensure the security of the basic network communication environment
in the development of digital wallet, whether to use two-way verification for communication verification at the network transmission level is also an important criterion to measure the security of a digital wallet application
3. The security risk of file storage mode
for the private key / mnemonics of digital wallet, the storage mode of terminal device also needs to be paid attention to in the security design. The access right of private key / mnemonic file directory, the form of private key / mnemonic file storage and the design of encryption algorithm all need to be strictly designed
when we analyze the security of several mainstream digital wallets, we find that even the well-known digital wallets are random in the storage of private key / mnemonic words. There are both plaintext storage and encrypted storage, but the decryption key is fixed in the code, which can not play any role in security defense
4. The security risk of the application itself
the security risk of the application itself mainly focuses on the security defense of the application installation package itself
whether the application installation package has the ability of anti tampering is a very core technical ability. In addition, memory security, anti debugging ability, life cycle management of private key / mnemonics, security of debugging log and security of development process also need to be enhanced
5. Security risk of data backup
if the mobile application can be backed up, it can use the machine with more powerful computing performance to brutally crack the private key / mnemonics. For example, if android:allowBackup Property is set to allow backup, then the backup mechanism of the system can be used to back up the application data files, and the private key / mnemonics of the encrypted digital currency will be backed up to the external media, which breaks the security boundary design of the operating system from another direction
for the majority of users, the security of digital wallet also means the security of wealth, so we must be careful when choosing digital wallet
I have used several wallets such as coin letter socoin and coinplus
in terms of personal experience, socoin and coinplus are very simple and easy to use. They are not only decentralized multi-functional cross chain digital currency wallets with social functions, but also integrate Multi Chain multi currency wallets, payment and settlement platform, currency trading platform, social groups, information market and other functions, which can meet almost all your needs for digital currency in one stop.
1. Security risk of running environment
the core file of encrypted digital currency Wallet - private key / mnemonics is stored on the terminal device, whether it is PC or mobile terminal, if the terminal device appears unsafe phenomenon, There is a very high security risk for the private key / mnemonic
at the beginning of design, a secure digital wallet can avoid the possibility of private key / mnemonics being stolen e to the running environment. The security problems of the running environment on the terminal mainly include virus software, operating system vulnerabilities and hardware vulnerabilities
2. The security risk of network transmission
the security of network transmission is more reflected in the ability to resist man in the middle attack. Man in the middle attack means that the attacker creates independent contact with both ends of the communication and exchanges the data they receive, so that both ends of the communication think that they are talking directly with each other through a private connection, but in fact the whole conversation is completely controlled by the attacker
although most digital wallet applications use the HTTPS protocol to communicate with the server, the man in the middle attack method is to get the content of the HTTPS protocol by installing a digital certificate in the user terminal
a secure digital wallet needs to be able to scan the legality of all the digital certificates in the terminal, check the proxy settings in the network transmission process, and ensure the security of the basic network communication environment
in the development of digital wallet, whether to use two-way verification for communication verification at the network transmission level is also an important criterion to measure the security of a digital wallet application
3. The security risk of file storage mode
for the private key / mnemonics of digital wallet, the storage mode of terminal device also needs to be paid attention to in the security design. The access right of private key / mnemonic file directory, the form of private key / mnemonic file storage and the design of encryption algorithm all need to be strictly designed
when we analyze the security of several mainstream digital wallets, we find that even the well-known digital wallets are random in the storage of private key / mnemonic words. There are both plaintext storage and encrypted storage, but the decryption key is fixed in the code, which can not play any role in security defense
4. The security risk of the application itself
the security risk of the application itself mainly focuses on the security defense of the application installation package itself
whether the application installation package has the ability of anti tampering is a very core technical ability. In addition, memory security, anti debugging ability, life cycle management of private key / mnemonics, security of debugging log and security of development process also need to be enhanced
5. Security risk of data backup
if the mobile application can be backed up, it can use the machine with more powerful computing performance to brutally crack the private key / mnemonics. For example, if android:allowBackup Property is set to allow backup, then the backup mechanism of the system can be used to back up the application data files, and the private key / mnemonics of the encrypted digital currency will be backed up to the external media, which breaks the security boundary design of the operating system from another direction
for the majority of users, the security of digital wallet also means the security of wealth, so we must be careful when choosing digital wallet
I have used several wallets such as coin letter socoin and coinplus
in terms of personal experience, socoin and coinplus are very simple and easy to use. They are not only decentralized multi-functional cross chain digital currency wallets with social functions, but also integrate Multi Chain multi currency wallets, payment and settlement platform, currency trading platform, social groups, information market and other functions, which can meet almost all your needs for digital currency in one stop.
2. Dcpro platform can ah, do not understand for customer service, will tell you, this platform has supervision.
3. No, it's just that they are headquartered in Silicon Valley in the United States, and now they are expected to be launched on a large scale
4. NGK is also a blockchain company in Silicon Valley
5. It was released by the top blockchain technology team in Silicon Valley
Hot content