RE: Hive Keychain Independent Audit Proposal
You are viewing a single comment's thread:
Good proposal.
Some questions:
Does it include the mobile version? ( i don't use, but i expect some do).
Is the reference worth something? So can we tell it is reviewed and safu? Like the Defi protocols?
And IMO Keychain was simple in most parts ( from key storage). I think transactions and things like that can be easier manipulated. But keys should be safe because is open source and on the browser (local) pretty decentral.
If a website can access it, it must be also encrypted. I think the most easy scam is, you post something and the website sends a transfer massage. Missclick = lost funds (if active is in it).
And does it really help? I ask because of updates.
Today safe, it doesn't mean after someone accesses Mozilla or google account, it can not change.
Most Apps on those stores become problems ( from security) after the owner changes/updates.
Posted Using LeoFinance Beta
No, I don’t think it’s open source but not 100% sure. I also have no way of confirming what code is running on the device.
Ok,
I see the biggest risk in updates and not in the current code. Only manual no update installations are safu IMO.
But that is really unrealistic for everyone :)
The mobile version is 100% open source and can be found at https://github.com/stoodkev/hive-keychain-mobile
I suspected it may be, but I honestly didn't check as the user base is much smaller than the browser extension and there is no way to know for sure what version is running.