How to Securely Backup a Seed Phrase

photo 1523348837708 15d4a09cfac2

Many newcomers to the Bitcoin and cryptocurrency space seem interested in holding their own private keys. As we know, not your keys not your coins. Dangers In order to spend Bitcoins, a user must have access to their wallet or to the seed phrase that was created alongside the wallet. Likewise, an attacker only needs … Read more

Qvault’s Offline Mode in Electron

videoblocks hand plugging connecting unplugging and disconnecting ethernet cable wire cord from white wifi router top down shot hstu1hrvv thumbnail full01

We recently added “Offline Mode” to Qvault as a new feature. This was in preparation to also add Bitcoin and cryptocurrency key generation. There is now a toggle switch at the top of the app that, when switched off, ensures that the app will make no network requests. You have always been able to use … Read more

Security in Dependencies

photo 1495145910046 717b12bffcf7

Choosing the right dependencies is a difficult task. Assuming the developer of an application is the best programmer in the world, the “best” thing to do would be to write the entire codebase alone. This would eliminate the bugs, vulnerabilities, and malicious intrusions of inferior developers. The trouble is that we like to move quickly … Read more

Creating and Remembering a Strong Passphrase

photo 1509822929063 6b6cfc9b42f2

We all have hundreds of online accounts. Ideally, as many of those accounts as possible have unique passwords. Unique passwords however present a difficult problem: No one can remember hundreds of strong passwords. To fix this problem, we created password managers. Now, all of our passwords are neatly stored in one place, encrypted by one … Read more

BIP 32 Watch-Only Wallets

https://dissolve.com/video/Key-ring-frozen-ice-royalty-free-stock-video-footage/001-D617-9-730

Bitcoin improvement proposal 32 is, in my opinion, one of the most important BIPs we have. (Thanks Peter Wuille!) BIP 32 gave us Hierarchical Deterministic Wallets. That is, the ability to create a tree of keys from a single seed. In the early days of Bitcoin, each time a user wanted to receive new coins, … Read more

Trustworthy vs Trustless Apps

https://whyy.org/episodes/in-science-we-trust/

In the wake of the hearings about Facebook’s new Libra blockchain, it is more important than ever that we all understand the difference between trustworthy and trustless apps. A trustworthy app is an app whose developers are known and trusted by the community. The developer’s reputations and businesses are on the line, so it motivates … Read more

Snyk Security Review

snyk logo

We recently integrated Snyk into Qvault as a way to get more visibility into known vulnerabilities in Qvault’s codebase. Snyk has already patched a critical vulnerability in lodash for us. This allowed us to continue releasing new versions before the official fix for lodash was published a few days ago. We can’t speak to whether … Read more