FAQ - GHcloud SALT & Security


#1

Common questions regarding the deterministic by default approach of the GHcloud platform.

  1. What does deterministic by default mean…?

Instead of relying and in-turn being controlled by the pseudorandomness of machines, where the storage of generated private keys is then required, we use deterministic algorithms to generate the keys at the moment they are needed - nullifying their need to be stored anywhere. This allows GHcloud to run entirely in JavaScript from the browser, without the need for a file-storage service, instead relying on LocalStorage which is merely used to store the publicly available information.

Private information is never stored anywhere.


  1. What are device salts…?

By default, the setup of GHcloud guides new users through the process of deterministically generating a device salt. GHcloud then uses compounding encryption through a modular method from within the browser that allows to deploy systems of varying levels of security dependent on the requirements or and the environment. By default, we then use the salt to generate secure deterministic private keys that are not stored anywhere but can be easily recreated inline at the moment they are required.


  1. What happens if I lose or fail to correctly re-create my salt…?

If you lose your device salt or the browser cache is refreshed, there is always the possibility you could re-create the salt, but if you are unable to remember the details that you used to create the salt, you will probably never be able to recover or re-use the account(s) created with that salt. If you did not make a backup of the private keys, you may lose everything, which is why it is very important you understand the risks.

Backup your SALT. backup your private key(s)!


  1. But is it safe…?

It is as safe as you make it.

Different use cases often require different forms of solutions. The most important question is really who has access to your private keys? In the case of many web-based services, the service provider is often in control of the private keys. In the case of most software solutions, the keys are usually stored on the corresponding device. Both scenarios involve your private keys being located in a single physical location and if you are lucky, will also be properly encrypted with a password.

GHcloud does not store private keys anywhere.

They are created with compounding encryption using a device salt that prevents random brute force leaving you just as susceptible to theft as your bank account or other personal accounts.

If you are prone to forgetting passwords or are unable or unwilling to manage the recovery functionality yourself, you may be best off with another service. However, please remember that if anyone is ever able to recover the keys for you it means that you do not really control the keys to start with.


  1. What is compounding encryption…?

Does anyone care?


#2

I’m not sure this is true. The SALT has a random component when it is created so re-creating the SALT is really not possible. That is why it is important to backup the SALT and also backup the private keys.


#3

Did you try? I did.

There is a “possibility” which is not a “guaranteed”. Making a backup of salt and private key(s) is still the essential part.


#4

Did it really work? I was under the impression that there was a random number generator incorporated in the SALT creation. Hmm must examine the code more closely then.


#5

SALT Chips and Vinegar… Goes well with a burger


#6

I was actually quite impressed when I tried it:
Opened a different browser from my regular browser, went to GHcloud and entered the same details to create the Salt as before. The first attempt I forgot to check the option to add the profile picture to the Salt, and I was slightly disappointed to end up with a completely empty account and a fresh BTC address.

The second attempt I did indeed enter exactly the same details, because all my coins and assets where present in the wallet! Mighty cool.

However, now I have two questions…

  1. Did you find out if there indeed is a random component that could prevent regeneration of the Salt?
  2. If a disaster happens and GHcloud disappears, can I retrieve my private keys myself from the wallet backup, or should I indeed save the private keys in a separate step now?

#7

Yes I found out that there is NO random component.

In that case I and the team will make sure the software is opened to the public. But to make sure you can still access them in the case you would not be able to use the software on your own I suggest making backups of your private keys.


#8

OK perfectly clear, thank you again :slight_smile:


#9

You should always backup the private keys of “any” wallet. private keys are more convenient to store / note down and are less likely to get corrupted opposed to a txt file or the traditional wallet.dat.