{{Header}}
{{Title|
title=Edge Security Model
}}
{{#seo:
|description=Edge App - Crypto Currency Wallet - Security Model
}}
{{intro|
Edge App - Crypto Currency Wallet - Security Model
}}
{{archived}}
'''UNFINISHED'''

Based on this [https://www.youtube.com/watch?v=7djc0E1ICjY video]. Not based on reviewing the source code.

= Untrusted Server Security Model =
== Summary ==
* The server does not have plaintext data.
* The server has only encrypted data.
* The phone has only encrypted data.
* The phone does not hold the (full) decryption key?
* The server rate limits login attempts.

== Basic Operation ==
How is it possible to use the same password for local encryption as well as for login to the remote server? Doesn't this mean that the server could learn the username and password to decrypt the local wallet? No. By using scrypt.

* username / password -> scrypt -> set of parameters "local-encryption" -> local encryption key on phone
* username / password -> scrypt -> set of parameters "server-login" -> authenticate with server

== Compromised Server Risk ==
* A compromised server can do nothing since it does not have data from the phone. It has only encrypted data and does not hold the decryption key.
* The server cannot link accounts to personal data (username, email, phone number, public address) since HMAC is used on the phone before sending to the server.

== Server Offline Risk ==
What happens if the server is offline?

* New users can sign up: no
* Existing users can access the wallet from an existing phone: yes
* Existing users can access the wallet from a new phone: no
* Receive funds: yes
* Spend funds: yes
* Can still log in using fingerprint or password, also called offline login

Could not log in without a data connection. Bug?

Could not reach auth server: /v2/login

Is this due to 2FA being enabled?

== Backup-less Two-factor Authentication (2FA) ==
* When another device wants to log in, an existing device needs to scan a QR code or provide an authentication code.
* No need to enter a 6-digit one-time password (OTP).
* 2FA backup code is optional.
* If there are no other devices available to validate 2FA, then 2FA can be requested to be disabled, which takes one week.
* Similar to Telegram / Signal network re-registration lock.

== Fingerprint Login ==
Optional. Phone security protects a key. That key is used to decrypt another key on the phone, which is then used to authenticate to the server. The server then sends the key to decrypt the data.

== PIN Login ==
Optional. PIN code + HMAC (on phone) -> server sends back a key which allows decryption of the data. The server can rate limit PIN entries. Users have to wait exponentially longer: 1 second, 2 seconds, 4 seconds, 8 seconds, etc.

PINs are more secure legally, since fingerprints can be compelled but PIN codes often cannot be compelled.

PIN login / fingerprint is just a shortcut to let the phone access the encrypted data, depending on phone security. It is a usability feature since typing the password every time is too tiresome.

== Email-based Password Recovery with Untrusted Server ==
* Email-based password recovery is optional. The user is not forced to set it up.
* The app will send the password recovery email from your email account to your email account.
* The password recovery email does not come from the server.
* The server will not send a password recovery email when the email address is forgotten.
* The only way is to set up email-based password recovery ahead of time, before forgetting the password.
* Half of the key is in the email link.
* Half of the key is on the phone and backed up on the server.
* Password recovery answers are sent to the server. These are hashed before sending, not the actual answers.
* If the password recovery answers are correct, the server will provide a key to decrypt local data.
* Risk: If an attacker gains access to the email (password recovery link) and also discovers the answers to the password recovery questions, they could access the funds. What could still prevent the attacker from accessing the funds is 2FA.

= Features =
* Buy bitcoin without KYC by using SEPA bank wire or credit card.
* Password reminder: a popup checks to verify the password. If wrong, the password can be reset.

= Usability Issues =
First letter is capitalized when typing username/password.

= Breaking Security Model =
* A malicious app update could upload the wallet seed to the server. But the same argument could be made against any phone wallet such as Electrum.

= Miscellaneous =
* scrypt takes half a second on the phone.

= Bug =
* I did not get the 2FA disabling request, even after re-login. How long does that take? Then later, after logging in from a new device, a notification about the 2FA request appeared.
* Could not log in without a data connection. Bug? "Could not reach auth server: /v2/login" Is this due to 2FA being enabled?

= Questions =
* The phone does not hold the (full) decryption key?
* What if using 2FA and the server goes out of business?
* Dump private key feature?
* Dump wallet seed feature?
* Said "data on phone is useless without data from server"?
* Server offline cannot log in by PIN?
* How much stronger do passwords get by use of scrypt?
* Port to argon2?
* Is username case-sensitive?

= Footnotes =
{{reflist|close=1}}

{{Footer}}

[[Category:Documentation]]