Can an online wallet be secure?
With evolution of internet and cryptographic algorithms holding your data in cloud becomes more secure than holding is on your personal computer.
It is hard to imagine the world without online messaging, personal and business emails, online banking, facebook or other cloud services that you use daily to make your life easy.
There are examples of bad security practices used by seemingly trustworthy companies, but those are human mistakes and errors. Modern security, if implemented correctly, makes data practically impenetrable. Even if your cloud data is leaked it is encrypted by your password, so only way to get any useful information from leaked data is knowing your password.
At SkyWallet, we use technology to make your wallet secure. I want to use this article to explain how exactly we manage to do that.
Most hacker attacks on wallets (in the internet as well as offline on your computer) try to steal your so-called private keys. If you have the private keys of a wallet, you can take it over and send the money to another wallet, never to be seen again. Wallets are anonymous. This is the great advantage but also threat of cryptowallets.
However, there are good ways to secure your wallet. We do not directly store your private keys in our database. We scramble them together with your password and use a so-called hash function. So even in the worst case – if a hacker steals our database – he cannot get hold of your private key without knowing your password.
Even our technical team that has access to database will not be able to use your keys without password. We are not controling your money like banks do – we simply enable you to comfortably access your cryptowallets through our application.
You may ask, how do we manage to do that without knowing your private keys? We use a technology called “hashing“. It’s very common in modern encryption. It means that you use a plain input text, feed it to an algorithm that turns it into a so-called “hashed text”.
This is a one way function. There is no way to ever get the plain text back from the hashed text. It’s mathematically impossible.
You can use a password or a private key as plain text, run it through a hash function and get a hashed text. If you do it again with the same password, you get the same hash. This means that you can check if a password is correct, but you can never get the password based on the hashed text.
We use this method, but we enhance it. Before we use the hash function, we scramble your password and your private keys together. Then we use that as input. This means that we do not need to store either your password or your private keys, but can still determine if they are correct.
This means that only you have access to your wallet, even if it’s in the cloud. It also means that you must set a secure password. If someone can guess your password, your coins are in danger. It is essential that you pick a strong password for all your online accounts. This website helps you pick a strong password.