Content
@
0 reply
0 recast
0 reaction
Henri Stern Ꙫ
@henri
1/ Seamless self-custody matters in crypto The ability for users to control their assets is one of crypto's superpowers, it protects users and devs alike! Wrote a quick piece on why this matters and how to balance the tradeoffs involved :) Check it out! https://www.privy.io/blog/importance-of-self-custody
3 replies
2 recasts
25 reactions
✳️ dcposch on daimo
@dcposch.eth
> No one but your user ever has access to their keys How does that work in the case of @utopialabs ? They're using Privy. I can log into my account with just SMS auth. That's only possible if the service has my keys.
1 reply
0 recast
3 reactions
Henri Stern Ꙫ
@henri
Great question. Check out https://www.privy.io/blog/cloud-based-wallet-recovery-launch: breaks down variations on how Privy helps you secure rec shares for your keys. In auto recovery share is enc with generated entropy tied to your login. arch rather than cryptographic safeguard. Pushing on tradeoffs here.
1 reply
0 recast
2 reactions
✳️ dcposch on daimo
@dcposch.eth
> In automatic recovery, the recovery share is cryptographically protected, and the entropy this depends on is secured by the system architecture It’s stored on servers Privy controls, right? If you had a breach, a hacker could drain all autorecovery wallets at once. That’s custodial in my view.
1 reply
0 recast
7 reactions
grin↑
@grin
I agree. Been asking this question for months and still no satisfying answer Btw it’s fine if this is how privy works. It’s a great model for many use cases. Just be honest and don’t call it non-custodial.
2 replies
0 recast
4 reactions
Henri Stern Ꙫ
@henri
Only the user can access their wallets in this system — the entropy is tied to their login. The user can also set their own password or use their cloud if they prefer. In all cases Privy can’t access it. At your disposal to chat threat models!
2 replies
0 recast
3 reactions
carter
@carter
been curious about this too. where is the entropy coming from to protect the user's wallet? it looks like Privy has the Auth share. and the (auto)Recovery share is stored in a KMS, but then the docs warn auto recovery = trusting Privy to secure the recovery share? echoing @grin that it's fine if that's how it works!
1 reply
0 recast
2 reactions
Henri Stern Ꙫ
@henri
Correct. The entropy is generated and stored using a kms. Insofar as this is powered by privy infra it implies more trust in it than eg generating the entropy yourself. With that said it is built such that only the user can access entropy (architectural guarantee vs cryptographic guarantees of other modes)
2 replies
0 recast
3 reactions
carter
@carter
ah okay the arch vs crypto guarantee framing makes a lot of sense, thanks! so access to the recovery key is gated in Privy infra -> it auths the user through gcloud/sms/apple/etc, then looks up the corresponding entry in KMS to retrieve the recovery share?
0 reply
0 recast
3 reactions
