Reid

@reid

40 Following

39 Followers

Reid pfp

Thanks man! Yes we fundraised after going through YC. Happy to share more. We basically are working on key management, trying to replace seed phrases with social sign in. We help with onboarding crypto noobs or recovery of lost private keys. Our API is flexible. Do you have any specific qs? Also feel free to DM me.

0 reply

0 recast

1 reaction

Reid pfp

Had to share some exciting news for me! Now I have to get Beepo on FC lol https://twitter.com/BeepoApp/status/1588106729216262148

1 reply

0 recast

0 reaction

Reid pfp

what are some tools y'all use for mock mobile app demos? I'm trying to quickly create an example mobile UX to put on a website (or maybe just a video for the website)

0 reply

0 recast

0 reaction

Reid pfp

Are you thinking magic.link or wallet sign-in because you need an encryption key per user? If so check us out at Bunkyr. We let users use social sign-in (Google/Apple) to generate an encryption key. Mostly we replace seed phrases, but its a general use API. Otherwise nvm lol

0 reply

0 recast

0 reaction

Reid pfp

I've always thought about it as: humans are special because we create + use tools. A hammer, wrench, and toaster are all tools built to do something. A computer is probably the most sophisticated, general purpose tool humanity has created. It's why I studied EE in college

1 reply

0 recast

0 reaction

Reid pfp

switching between FC and reading about asymmetric encryption

0 reply

0 recast

0 reaction

Reid pfp

I was talking with a friend about interesting symmetric ciphers: - Camellia - ChaCha - DES (predecessor to AES, now insecure) - RC4 (used in TLS but sucks) - Blowfish got me wondering, has anyone ever actually used anything other than AES for symmetric encryption?

0 reply

0 recast

0 reaction

Reid pfp

bird app has "threads"; can we have "castcades"? sorry I had to, open to other puns too

0 reply

0 recast

0 reaction

Reid pfp

Closest thing to that I've seen is spiral (https://www.spiralapp.com/). We talked to them a few months back and I think it's more meant for updating friends/family rather than propagating to services.

1 reply

0 recast

0 reaction

Reid pfp

3 - Denver! ⛷️

0 reply

0 recast

0 reaction

Reid pfp

Exactly, one day everyone might be comfortable with seed phrases. But right now lots of folks want to sign in with Google and be done. Our API is an optional add on for that reason. Those who feel comfortable don't have to take the risk, or can remove our backup later

0 reply

0 recast

0 reaction

Reid pfp

right, mpc by definition means other people are involved. They can block you or hijack your wallet depending on implementation. Otherwise it's not really mpc but mpc in parallel to pure user key ownership gives you benefits of helpful recovery + full control

0 reply

0 recast

0 reaction

Reid pfp

I think that is fair. At least for us, we and the service provider can't team up against the user. The user (or a malicious actor who gets control of a user account and passes all checks) is required to contribute. I reckon if an attacker got that far, a user has bigger problems

1 reply

0 recast

0 reaction

Reid pfp

It's not perfect, and perhaps not as secure as just a seed phrase, but we are betting on the need for easier methods for onboarding that is still a relatively strong security posture. Still better than a lot of social engineering attacks for sure

1 reply

0 recast

0 reaction

Reid pfp

0 reply

0 recast

0 reaction

Reid pfp

You are not entirely wrong. We force the service provider to verify the user before they contribute their portion of the key (MFA, email, text). Then the attacker would have to have access to the user's account which represents contributes their 1/3 of the key.

2 replies

0 recast

0 reaction

Reid pfp

yes, we have 1/3 pieces of the recovery key. The service provider and the user are responsible for the other 2.

2 replies

0 recast

0 reaction

Reid pfp

At least for on-ramp it will be important. I have a hard time believing everyone will be comfortable with seed phrases to start. Maybe the true 100% self-custody will come later as people are comfortable.

0 reply

0 recast

0 reaction

Reid pfp

we are doing a form of MPC at Bunkyr and we position ourselves as recovery only. So users still have their copy of primary keys for everyday use (service provider can't block anything), but if they lose their copy then we can help them get it back.

1 reply

0 recast

0 reaction

Reid pfp

0 reply

0 recast

0 reaction