risitasApp login permissions
Hello everyone,
Today I would like to explain how does risitasApp deal with login, and to which degree does it ask for permissions to keychain.
To this day, Hive Keychain is the only login method available.
Why is POSTING auth important
It will minimize the impact or risks. In case of malicious app intentions, whenever you sign with posting key you are basically narrowing down your risks: No operation signed with posting authority can perform any irreversible action such as token or card transfer.
Using keychain browser extension
Keychain is a secured encrypted wallet for Hive. However Keychain can do more than just storing keys: it can also broadcast directly operations to the HIVE blockchain and sign transactions offchain.
First of all, I would like to clarify that risitasApp login mimics the login mechanics of the official UI.
The login mechanics consists of signing a string that consists of: hive account + timestamp
Then you take this string and sign it with your PrivateKey. We do this requesting Keychain to do the signing with requestSignBuffermethod. This method is available here: https://github.com/hive-keychain/hive-keychain-extension#requestsignbuffer
Once thesignatureis ready, it is sent to the backend for verification along with the unsigned string.
The verification takes place by checking the signature against the public key of the account. The last verification is checking that time timestamp is not older than 5 minutes.
Most importantly, the signature is requested with your POSTING key.
Electronic-terrorism, voice to skull and neuro monitoring on Hive and Steem. You can ignore this, but your going to wish you didnt soon. This is happening whether you believe it or not. https://ecency.com/fyrstikken/@fairandbalanced/i-am-the-only-motherfucker-on-the-internet-pointing-to-a-direct-source-for-voice-to-skull-electronic-terrorism
Electronic-terrorism, voice to skull and neuro monitoring on Hive and Steem. You can ignore this, but your going to wish you didnt soon. This is happening whether you believe it or not. https://ecency.com/fyrstikken/@fairandbalanced/i-am-the-only-motherfucker-on-the-internet-pointing-to-a-direct-source-for-voice-to-skull-electronic-terrorism
Electronic-terrorism, voice to skull and neuro monitoring on Hive and Steem. You can ignore this, but your going to wish you didnt soon. This is happening whether you believe it or not. https://ecency.com/fyrstikken/@fairandbalanced/i-am-the-only-motherfucker-on-the-internet-pointing-to-a-direct-source-for-voice-to-skull-electronic-terrorism
Congratulations @splinter.monster! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s):
Your next payout target is 100 HP.
The unit is Hive Power equivalent because post and comment rewards can be split into HP and HBD
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPCheck out the last post from @hivebuzz:
Support the HiveBuzz project. Vote for our proposal!